This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/0sGzuUbpwHk-gTWE19LdNSa8hCA.roa
File:                     0sGzuUbpwHk-gTWE19LdNSa8hCA.roa (raw, json)
Hash identifier:          Uc9SjpHv9neMuUpGJ/PzOOSFL0wei8qez1EKlcWoBL4=
Subject key identifier:   D2:C1:B3:B9:46:E9:C0:79:3E:81:35:84:D7:D2:DD:35:26:BC:84:20
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       019B7D5D0AC4E1BF03E548B46AE2C3A8C52F
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/0sGzuUbpwHk-gTWE19LdNSa8hCA.roa
Signing time:             Fri 02 Jan 2026 06:20:08 +0000
ROA not before:           Fri 02 Jan 2026 06:20:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203685
IP address blocks:        157.25.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:0a:c4:e1:bf:03:e5:48:b4:6a:e2:c3:a8:c5:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  2 06:20:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d2c1b3b946e9c0793e813584d7d2dd3526bc8420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:45:91:09:19:4e:1e:bd:15:8b:5d:58:83:2a:
                    f2:cb:cf:0e:11:10:00:bd:c9:5d:d8:6b:c4:b9:04:
                    bd:bb:71:92:ae:85:2a:c1:d7:cc:73:58:a7:52:ed:
                    bb:0c:de:56:b6:f6:50:4d:59:71:4d:11:35:fb:e0:
                    5f:6d:e8:d0:10:9a:5b:51:65:bf:e8:cb:0e:f3:03:
                    6a:fc:9d:76:00:3a:a8:93:a9:12:de:fd:28:7b:1c:
                    0e:4a:0c:65:f9:b7:77:1e:35:5f:be:0b:97:61:1b:
                    dc:e9:de:03:73:eb:6c:14:79:80:5d:ea:82:27:63:
                    e1:e8:61:bf:a5:4f:27:c6:61:72:4e:62:55:72:80:
                    4e:7c:ab:41:3b:9d:21:a6:1c:30:8b:04:19:75:d9:
                    3c:02:d3:a7:e7:19:0e:53:43:f5:c0:91:15:c7:90:
                    09:4d:20:46:f8:54:fd:01:57:e3:cf:00:40:48:7c:
                    b6:3e:eb:af:77:ca:94:4c:af:c9:6a:61:44:6a:63:
                    bc:ff:e1:fc:b4:6c:bc:d3:b6:fd:2c:58:da:d4:a2:
                    16:9c:3f:87:10:f8:78:be:fb:52:e2:dc:77:94:43:
                    c4:a8:ad:0a:dd:5f:03:05:bc:8f:56:6e:5f:e0:f0:
                    65:7c:36:11:99:0d:c3:91:61:96:25:7b:fb:ac:3a:
                    c6:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:C1:B3:B9:46:E9:C0:79:3E:81:35:84:D7:D2:DD:35:26:BC:84:20
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/0sGzuUbpwHk-gTWE19LdNSa8hCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.25.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:1a:2e:a1:3d:0b:17:aa:23:44:d2:43:9a:dc:6f:af:a7:cd:
         43:cd:4c:d3:bb:c1:61:05:a6:65:3e:8e:b8:09:a5:ef:b5:a3:
         39:b1:fc:24:a2:0c:ba:ce:b7:b7:fc:70:d3:c9:0c:e3:fd:86:
         d4:f3:54:eb:7e:38:ca:ff:7a:52:9f:55:d7:c1:be:29:e9:e1:
         39:f0:94:f0:59:df:e9:e2:9f:ba:28:e9:98:fd:5b:61:eb:55:
         4e:60:57:f8:0b:57:8f:39:dd:1b:b9:ca:19:40:9d:a9:3a:01:
         74:df:66:f4:c0:e9:ad:f6:bf:5f:db:62:a3:29:31:33:77:43:
         7c:8e:b6:0a:cb:30:a8:fb:1b:a2:c3:1a:b0:50:8e:8f:a8:02:
         c2:4b:3d:62:75:99:50:ca:33:23:5c:43:f3:53:0a:f0:b8:71:
         50:ab:9e:b1:5c:78:6f:58:6c:6e:1f:dc:f2:d5:e6:94:fc:b9:
         b8:d2:d5:f2:9f:fa:80:4e:92:fc:7d:85:50:aa:03:35:77:47:
         b9:26:3c:a1:47:72:40:ad:53:8f:f6:10:70:a2:bc:2e:42:2e:
         61:57:0b:9b:25:7f:c5:7f:bc:be:98:72:18:38:62:3f:ef:6f:
         43:c9:94:7a:63:05:33:a3:83:95:2f:a7:92:dd:18:21:e0:1a:
         f4:9d:2a:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XQrE4b8D5Ui0auLDqMUvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjYwMTAyMDYyMDA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmMxYjNiOTQ2ZTljMDc5M2U4MTM1ODRkN2QyZGQzNTI2YmM4NDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEWRCRlOHr0Vi11Ygyryy88OERAA
vcld2GvEuQS9u3GSroUqwdfMc1inUu27DN5WtvZQTVlxTRE1++BfbejQEJpbUWW/
6MsO8wNq/J12ADqok6kS3v0oexwOSgxl+bd3HjVfvguXYRvc6d4Dc+tsFHmAXeqC
J2Ph6GG/pU8nxmFyTmJVcoBOfKtBO50hphwwiwQZddk8AtOn5xkOU0P1wJEVx5AJ
TSBG+FT9AVfjzwBASHy2Puuvd8qUTK/JamFEamO8/+H8tGy807b9LFja1KIWnD+H
EPh4vvtS4tx3lEPEqK0K3V8DBbyPVm5f4PBlfDYRmQ3DkWGWJXv7rDrGqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNLBs7lG6cB5PoE1hNfS3TUmvIQgMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvMHNHenVVYnB3SGstZ1RXRTE5TGROU2E4aENBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnRmEMA0G
CSqGSIb3DQEBCwUAA4IBAQA6Gi6hPQsXqiNE0kOa3G+vp81DzUzTu8FhBaZlPo64
CaXvtaM5sfwkogy6zre3/HDTyQzj/YbU81TrfjjK/3pSn1XXwb4p6eE58JTwWd/p
4p+6KOmY/Vth61VOYFf4C1ePOd0bucoZQJ2pOgF032b0wOmt9r9f22KjKTEzd0N8
jrYKyzCo+xuiwxqwUI6PqALCSz1idZlQyjMjXEPzUwrwuHFQq56xXHhvWGxuH9zy
1eaU/Lm40tXyn/qATpL8fYVQqgM1d0e5JjyhR3JArVOP9hBworwuQi5hVwubJX/F
f7y+mHIYOGI/729DyZR6YwUzo4OVL6eS3Rgh4Br0nSpw
-----END CERTIFICATE-----