This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/aQcnco1DK_GfnLn_GCHmmLiDFxA.roa
File:                     aQcnco1DK_GfnLn_GCHmmLiDFxA.roa (raw, json)
Hash identifier:          B80ZPTzIGwV9+my3fhqXffGxXbgNGOE0atAKnuYs65k=
Subject key identifier:   69:07:27:72:8D:43:2B:F1:9F:9C:B9:FF:18:21:E6:98:B8:83:17:10
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       019B1636D214C691CD924DBA58DB66108320
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/aQcnco1DK_GfnLn_GCHmmLiDFxA.roa
Signing time:             Sat 13 Dec 2025 05:37:29 +0000
ROA not before:           Sat 13 Dec 2025 05:37:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209710
IP address blocks:        185.238.241.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Dec 2025 10:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:16:36:d2:14:c6:91:cd:92:4d:ba:58:db:66:10:83:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Dec 13 05:37:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=690727728d432bf19f9cb9ff1821e698b8831710
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:31:c5:1a:dc:04:3c:be:4d:6e:59:0b:64:40:
                    9f:3b:c7:a4:79:15:5e:ff:37:fc:29:fe:fd:94:75:
                    8f:07:cb:fc:73:92:32:fa:a4:c9:eb:72:e9:0f:45:
                    86:cd:50:ce:bf:88:37:09:69:d6:cd:09:24:3d:fd:
                    6f:7c:e3:c9:51:a1:ed:22:b6:4e:96:7c:0b:d1:49:
                    d5:58:b7:24:47:48:dd:cb:22:1f:f7:98:f9:82:8e:
                    6e:1d:6f:79:67:73:1b:dd:15:2f:36:d2:8c:89:2a:
                    9c:3c:2a:84:2e:88:ca:ee:5d:be:7e:ae:cf:ff:08:
                    18:7f:77:a3:18:06:4a:42:a5:41:ad:4f:c2:4f:55:
                    d9:21:86:79:9d:cc:65:59:5b:c2:08:5e:43:92:3f:
                    25:6d:59:2d:bf:b5:4b:f4:45:de:cf:49:e2:74:23:
                    f6:73:00:f8:9c:67:57:e6:3a:bb:ef:ca:ee:02:21:
                    2a:3b:79:d6:76:f2:bd:e2:e7:5e:7e:05:b8:d2:66:
                    a0:cf:d0:63:91:8e:04:a8:5e:00:cf:d6:84:b6:23:
                    82:b9:a6:8c:46:04:c6:05:8c:37:ab:db:7e:12:f4:
                    c1:f9:90:32:5c:02:81:fe:b5:96:a1:c3:e6:87:fe:
                    53:49:87:59:1f:6c:26:a8:2e:84:aa:98:d4:28:67:
                    68:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:07:27:72:8D:43:2B:F1:9F:9C:B9:FF:18:21:E6:98:B8:83:17:10
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/aQcnco1DK_GfnLn_GCHmmLiDFxA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:dd:61:99:65:c0:b4:58:91:13:df:6b:c5:4b:e7:b2:5d:a5:
         d1:ea:45:b2:b5:10:af:77:77:c6:00:0a:19:85:53:08:e7:f8:
         4c:2e:56:17:73:ff:50:fb:c5:a2:6e:13:31:95:0d:ef:6a:e2:
         00:8d:8f:e8:dd:9a:5e:c0:0c:82:51:66:f5:ea:c0:d7:15:6a:
         64:59:c5:05:e6:47:bf:2f:7a:f7:e7:b3:c7:d3:b6:70:06:cb:
         c4:ba:a9:d4:c4:b4:a7:b5:6e:75:56:2d:9f:d0:77:e0:cd:6d:
         32:d4:ca:83:30:82:62:88:5d:3d:c0:d0:63:5a:ee:fb:e7:3b:
         4e:05:ad:28:1a:3c:3e:38:67:7f:26:ff:bc:e6:13:1e:33:4e:
         2a:76:67:30:09:79:ef:02:0c:09:c5:3b:a5:b0:9d:4d:24:9b:
         65:86:5c:4a:81:af:3a:9e:12:35:5d:8e:b6:59:c8:2b:77:1c:
         43:59:29:6c:66:bb:09:90:0f:fe:a4:75:55:db:14:49:68:7c:
         d3:8d:12:8a:62:26:40:54:95:bc:dd:89:ee:c8:35:6b:11:ac:
         fd:5e:f1:90:12:e6:b7:73:3a:98:4b:ee:1d:c3:e3:07:fe:ed:
         12:d8:18:e9:fa:3f:9f:37:ab:b0:1c:b5:b9:93:23:a4:75:e4:
         2c:b3:e4:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsWNtIUxpHNkk26WNtmEIMgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUxMjEzMDUzNzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTA3Mjc3MjhkNDMyYmYxOWY5Y2I5ZmYxODIxZTY5OGI4ODMxNzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDHFGtwEPL5NblkLZECfO8ekeRVe
/zf8Kf79lHWPB8v8c5Iy+qTJ63LpD0WGzVDOv4g3CWnWzQkkPf1vfOPJUaHtIrZO
lnwL0UnVWLckR0jdyyIf95j5go5uHW95Z3Mb3RUvNtKMiSqcPCqELojK7l2+fq7P
/wgYf3ejGAZKQqVBrU/CT1XZIYZ5ncxlWVvCCF5Dkj8lbVktv7VL9EXez0nidCP2
cwD4nGdX5jq778ruAiEqO3nWdvK94udefgW40magz9BjkY4EqF4Az9aEtiOCuaaM
RgTGBYw3q9t+EvTB+ZAyXAKB/rWWocPmh/5TSYdZH2wmqC6EqpjUKGdoYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGkHJ3KNQyvxn5y5/xgh5pi4gxcQMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvYVFjbmNvMURLX0dmbkxuX0dDSG1tTGlERnhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue7xMA0G
CSqGSIb3DQEBCwUAA4IBAQCD3WGZZcC0WJET32vFS+eyXaXR6kWytRCvd3fGAAoZ
hVMI5/hMLlYXc/9Q+8WibhMxlQ3vauIAjY/o3ZpewAyCUWb16sDXFWpkWcUF5ke/
L3r357PH07ZwBsvEuqnUxLSntW51Vi2f0HfgzW0y1MqDMIJiiF09wNBjWu775ztO
Ba0oGjw+OGd/Jv+85hMeM04qdmcwCXnvAgwJxTulsJ1NJJtlhlxKga86nhI1XY62
WcgrdxxDWSlsZrsJkA/+pHVV2xRJaHzTjRKKYiZAVJW83YnuyDVrEaz9XvGQEua3
czqYS+4dw+MH/u0S2Bjp+j+fN6uwHLW5kyOkdeQss+Sg
-----END CERTIFICATE-----