This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/aD0lsDcoNGKfxZpDG-OdR_bzMnU.roa
File:                     aD0lsDcoNGKfxZpDG-OdR_bzMnU.roa (raw, json)
Hash identifier:          bvoZBbd9QoLZ+N5I+xfKDL3PeYR6CygFLOwHX1oAOxI=
Subject key identifier:   68:3D:25:B0:37:28:34:62:9F:C5:9A:43:1B:E3:9D:47:F6:F3:32:75
Certificate issuer:       /CN=743d850cd12a363ddcdb0dc273e1dfc863b705f7
Certificate serial:       019B7B368C570C0B42BDDCF119BBF820CC5C
Authority key identifier: 74:3D:85:0C:D1:2A:36:3D:DC:DB:0D:C2:73:E1:DF:C8:63:B7:05:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/aD0lsDcoNGKfxZpDG-OdR_bzMnU.roa
Signing time:             Thu 01 Jan 2026 20:18:50 +0000
ROA not before:           Thu 01 Jan 2026 20:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42415
IP address blocks:        194.6.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:8c:57:0c:0b:42:bd:dc:f1:19:bb:f8:20:cc:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743d850cd12a363ddcdb0dc273e1dfc863b705f7
        Validity
            Not Before: Jan  1 20:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=683d25b0372834629fc59a431be39d47f6f33275
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f3:50:db:41:87:8c:17:df:e8:6c:3f:39:e0:
                    c8:e6:57:75:f7:3f:a6:22:62:89:84:20:c7:f8:c9:
                    1e:9d:19:79:20:3e:9a:0a:c7:7e:97:ec:4d:98:4f:
                    43:f0:f7:92:f9:16:d7:9b:da:e7:ab:6d:a6:57:ef:
                    c8:6b:a3:ba:40:86:8c:b0:09:18:33:b8:df:a6:2d:
                    2b:41:a0:10:60:d9:97:90:29:ea:fc:8e:6d:96:21:
                    2d:e8:7d:d4:d4:c8:c9:1f:e3:4f:03:2c:32:f4:6d:
                    71:bc:bd:74:bb:26:ef:a9:50:39:13:ff:29:b3:f2:
                    12:ea:7b:19:c4:36:1f:f0:69:76:cc:2b:a5:bc:1f:
                    14:31:60:25:d0:d3:5a:90:4f:f0:77:02:8b:b1:ab:
                    de:e1:13:21:87:c6:eb:ac:a0:43:5d:85:39:b2:c2:
                    4b:ee:7b:d4:17:e5:71:8c:00:d9:42:1a:a3:e4:9f:
                    cb:23:ca:b9:34:fd:31:44:8d:90:43:a9:cb:da:1c:
                    02:b3:c9:77:76:e6:dd:70:9d:fc:e1:7a:2a:f9:7d:
                    af:b8:93:f4:99:a1:0b:31:c0:84:2f:50:f3:f9:97:
                    9d:43:bb:92:d7:54:c0:98:ba:dc:d7:42:1a:3f:c9:
                    ed:65:71:72:d0:17:e4:65:88:ac:8b:d6:64:65:3a:
                    87:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:3D:25:B0:37:28:34:62:9F:C5:9A:43:1B:E3:9D:47:F6:F3:32:75
            X509v3 Authority Key Identifier:
                keyid:74:3D:85:0C:D1:2A:36:3D:DC:DB:0D:C2:73:E1:DF:C8:63:B7:05:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/aD0lsDcoNGKfxZpDG-OdR_bzMnU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.6.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:c6:34:69:a3:e3:83:6d:83:3f:51:24:a3:89:9e:ea:b1:7d:
         4d:35:6a:cf:ab:a0:2c:3b:77:05:37:77:ac:4e:65:f3:c4:60:
         2d:ff:68:85:89:87:ab:53:8a:07:55:b5:f2:73:c5:85:e6:99:
         3a:da:32:9f:23:87:a6:e8:7f:fc:bc:67:d6:37:6a:d0:b1:03:
         3c:e1:c8:af:37:3f:eb:f2:0e:05:70:d0:b1:c5:c2:01:69:47:
         47:d8:05:df:15:43:52:bb:05:5e:a9:16:a1:ae:92:94:64:ea:
         ae:9f:dd:b2:3d:d8:6f:3b:f2:a1:c3:6d:ea:d9:6d:54:99:a7:
         f5:ab:9f:c3:1f:50:4b:fe:2f:2a:67:fa:37:01:5a:16:02:98:
         ab:09:ce:b4:27:c3:f1:a3:c3:4d:77:b4:01:ea:ed:f8:53:91:
         64:88:31:38:bb:c9:65:c0:65:28:9a:c9:f7:f0:95:42:a9:9c:
         3d:66:de:5f:1a:52:6b:92:dc:da:5d:cf:38:89:1a:5d:42:69:
         91:d5:82:d7:8f:4f:46:45:73:b2:40:2e:61:73:20:68:6e:6d:
         dd:5e:03:c6:97:8c:da:07:87:4c:58:f5:01:aa:76:9c:b7:13:
         7c:c3:b6:75:79:8b:2e:d5:7a:7d:9d:6f:47:15:4c:b9:91:a3:
         2f:6b:cd:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NoxXDAtCvdzxGbv4IMxcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2Q4NTBjZDEyYTM2M2RkY2RiMGRjMjczZTFkZmM4NjNi
NzA1ZjcwHhcNMjYwMTAxMjAxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODNkMjViMDM3MjgzNDYyOWZjNTlhNDMxYmUzOWQ0N2Y2ZjMzMjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvNQ20GHjBff6Gw/OeDI5ld19z+m
ImKJhCDH+MkenRl5ID6aCsd+l+xNmE9D8PeS+RbXm9rnq22mV+/Ia6O6QIaMsAkY
M7jfpi0rQaAQYNmXkCnq/I5tliEt6H3U1MjJH+NPAywy9G1xvL10uybvqVA5E/8p
s/IS6nsZxDYf8Gl2zCulvB8UMWAl0NNakE/wdwKLsave4RMhh8brrKBDXYU5ssJL
7nvUF+VxjADZQhqj5J/LI8q5NP0xRI2QQ6nL2hwCs8l3dubdcJ384Xoq+X2vuJP0
maELMcCEL1Dz+ZedQ7uS11TAmLrc10IaP8ntZXFy0BfkZYisi9ZkZTqHuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGg9JbA3KDRin8WaQxvjnUf28zJ1MB8GA1UdIwQY
MBaAFHQ9hQzRKjY93NsNwnPh38hjtwX3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQyRkRORXFOajNjMnczQ2MtSGZ5R08zQmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wODFlOTYtMTBlMS00Yzk3LWI5MzIt
MWRhZjgwYzUxOWQwLzEvYUQwbHNEY29OR0tmeFpwREctT2RSX2J6TW5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wODFlOTYtMTBlMS00Yzk3LWI5MzItMWRhZjgwYzUxOWQw
LzEvZEQyRkRORXFOajNjMnczQ2MtSGZ5R08zQmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgb/MA0G
CSqGSIb3DQEBCwUAA4IBAQBTxjRpo+ODbYM/USSjiZ7qsX1NNWrPq6AsO3cFN3es
TmXzxGAt/2iFiYerU4oHVbXyc8WF5pk62jKfI4em6H/8vGfWN2rQsQM84civNz/r
8g4FcNCxxcIBaUdH2AXfFUNSuwVeqRahrpKUZOqun92yPdhvO/Khw23q2W1Umaf1
q5/DH1BL/i8qZ/o3AVoWApirCc60J8Pxo8NNd7QB6u34U5FkiDE4u8llwGUomsn3
8JVCqZw9Zt5fGlJrktzaXc84iRpdQmmR1YLXj09GRXOyQC5hcyBobm3dXgPGl4za
B4dMWPUBqnactxN8w7Z1eYsu1Xp9nW9HFUy5kaMva82a
-----END CERTIFICATE-----