This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/C58HKVenwwmbh1jkwoeqIUWdglo.roa
File:                     C58HKVenwwmbh1jkwoeqIUWdglo.roa (raw, json)
Hash identifier:          dbM/VaOE1y6PqBg/KjdbXvgt9ovsuviuBnEC3nra0Jo=
Subject key identifier:   0B:9F:07:29:57:A7:C3:09:9B:87:58:E4:C2:87:AA:21:45:9D:82:5A
Certificate issuer:       /CN=25e4aed3ef72bee3141660d1149e16d079205f3c
Certificate serial:       019B7F83603053A2B35B59FD43600ACCE6D6
Authority key identifier: 25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/C58HKVenwwmbh1jkwoeqIUWdglo.roa
Signing time:             Fri 02 Jan 2026 16:21:14 +0000
ROA not before:           Fri 02 Jan 2026 16:21:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51558
IP address blocks:        2a03:2100:1a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:60:30:53:a2:b3:5b:59:fd:43:60:0a:cc:e6:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e4aed3ef72bee3141660d1149e16d079205f3c
        Validity
            Not Before: Jan  2 16:21:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b9f072957a7c3099b8758e4c287aa21459d825a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:b3:e1:41:55:db:1a:56:fc:17:c2:b1:36:b7:
                    a1:d5:57:ab:98:84:20:a8:e3:56:a1:43:67:8d:94:
                    15:9e:aa:f5:6c:ba:13:e9:b2:ff:f0:2d:e3:9f:be:
                    b9:d6:ab:7d:29:8c:84:3a:76:3f:03:11:dd:98:59:
                    89:f9:3e:2e:89:bd:54:c6:9e:86:09:61:5c:f7:e6:
                    49:2f:5a:5d:ba:7a:2f:a8:1f:22:93:1e:21:a7:3e:
                    32:55:3f:a8:2c:5e:ff:a8:af:a9:0f:5e:b8:48:0f:
                    39:66:c1:0c:f5:1b:c9:b9:44:3d:44:b6:54:a0:e7:
                    38:d6:9d:c4:a7:89:c7:ab:dc:a9:0d:55:5b:90:71:
                    8a:1a:16:ab:cb:f2:38:07:df:fa:05:ad:97:a3:0f:
                    c4:5c:c5:97:3f:12:c0:bf:1e:a1:65:b0:5f:aa:d2:
                    99:26:d3:ba:db:1b:51:81:cd:c1:38:f9:46:4e:85:
                    0c:d0:1b:82:34:b5:ac:18:3a:06:5d:70:fc:af:c0:
                    bd:14:e5:94:1b:76:52:d0:2b:50:87:3a:51:5c:5d:
                    fa:5a:59:87:8b:68:79:8d:3c:d6:8b:11:c1:e1:44:
                    21:7b:10:28:2e:27:d1:49:ec:f2:25:2d:b9:d7:92:
                    b0:a3:85:32:ef:26:89:65:ae:8f:28:44:df:ae:01:
                    80:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:9F:07:29:57:A7:C3:09:9B:87:58:E4:C2:87:AA:21:45:9D:82:5A
            X509v3 Authority Key Identifier:
                keyid:25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/C58HKVenwwmbh1jkwoeqIUWdglo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:2100:1a::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:a9:41:43:7b:21:70:86:a1:26:6b:08:05:dc:29:21:c7:4c:
         91:b4:24:b0:5d:5d:d0:ce:26:7c:ff:c1:10:f5:a9:2a:48:3d:
         18:e4:63:8a:ac:77:b6:df:5f:00:22:ca:dd:a1:81:fb:39:d0:
         c9:2e:90:57:fd:b8:d3:48:1f:d2:8c:c3:e3:48:78:8a:8d:ea:
         87:d9:8f:5f:ab:96:3b:ba:6a:35:b3:0e:b2:00:db:8f:be:0c:
         6b:7d:64:10:23:10:c9:0e:29:5c:3f:b2:8f:5a:80:0d:62:5e:
         bb:36:51:52:d4:6a:2d:ac:0a:61:4a:23:3a:b8:95:6e:1e:42:
         3d:5f:52:3f:a0:84:e9:0b:9c:24:7b:2b:27:a6:d0:ee:77:5f:
         6c:a2:27:d1:f3:a0:a6:bc:28:15:60:71:2f:f0:1a:6e:af:f4:
         9b:9e:f8:59:05:0c:0c:85:69:b8:ac:16:b3:53:77:78:68:78:
         6f:2b:db:b5:cf:92:24:99:ed:e2:d4:75:07:08:26:c3:10:8b:
         97:cc:45:b8:40:1d:3c:f6:d7:10:9c:10:6e:f4:c9:81:f5:8a:
         74:10:40:4b:c8:4f:90:c8:55:fb:a4:19:96:59:c9:be:e1:75:
         a2:84:18:cf:21:18:17:e4:f3:87:06:48:58:0f:b5:4d:fc:48:
         44:95:8a:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/g2AwU6KzW1n9Q2AKzObWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTRhZWQzZWY3MmJlZTMxNDE2NjBkMTE0OWUxNmQwNzky
MDVmM2MwHhcNMjYwMTAyMTYyMTE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjlmMDcyOTU3YTdjMzA5OWI4NzU4ZTRjMjg3YWEyMTQ1OWQ4MjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9bPhQVXbGlb8F8KxNreh1VermIQg
qONWoUNnjZQVnqr1bLoT6bL/8C3jn7651qt9KYyEOnY/AxHdmFmJ+T4uib1Uxp6G
CWFc9+ZJL1pdunovqB8ikx4hpz4yVT+oLF7/qK+pD164SA85ZsEM9RvJuUQ9RLZU
oOc41p3Ep4nHq9ypDVVbkHGKGhary/I4B9/6Ba2Xow/EXMWXPxLAvx6hZbBfqtKZ
JtO62xtRgc3BOPlGToUM0BuCNLWsGDoGXXD8r8C9FOWUG3ZS0CtQhzpRXF36WlmH
i2h5jTzWixHB4UQhexAoLifRSezyJS2515Kwo4Uy7yaJZa6PKETfrgGA6QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAufBylXp8MJm4dY5MKHqiFFnYJaMB8GA1UdIwQY
MBaAFCXkrtPvcr7jFBZg0RSeFtB5IF88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEt
ZWQzZTM4Zjk1NzdmLzEvQzU4SEtWZW53d21iaDFqa3dvZXFJVVdkZ2xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEtZWQzZTM4Zjk1Nzdm
LzEvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgMhAAAa
MA0GCSqGSIb3DQEBCwUAA4IBAQArqUFDeyFwhqEmawgF3Ckhx0yRtCSwXV3QziZ8
/8EQ9akqSD0Y5GOKrHe2318AIsrdoYH7OdDJLpBX/bjTSB/SjMPjSHiKjeqH2Y9f
q5Y7umo1sw6yANuPvgxrfWQQIxDJDilcP7KPWoANYl67NlFS1GotrAphSiM6uJVu
HkI9X1I/oITpC5wkeysnptDud19soifR86CmvCgVYHEv8Bpur/SbnvhZBQwMhWm4
rBazU3d4aHhvK9u1z5Ikme3i1HUHCCbDEIuXzEW4QB089tcQnBBu9MmB9Yp0EEBL
yE+QyFX7pBmWWcm+4XWihBjPIRgX5POHBkhYD7VN/EhElYql
-----END CERTIFICATE-----