This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/1LdSNQtPKGuFRCqVT7O_Fm0yv40.roa
File:                     1LdSNQtPKGuFRCqVT7O_Fm0yv40.roa (raw, json)
Hash identifier:          5g11W+WX3bmU8CryNIDPD2SicuCDU6UduQYdcWR73Uc=
Subject key identifier:   D4:B7:52:35:0B:4F:28:6B:85:44:2A:95:4F:B3:BF:16:6D:32:BF:8D
Certificate issuer:       /CN=b7e34f57d007166def4dd881d8f7d5b6ed95e656
Certificate serial:       019B76EB4FAD968C75D149B82B3EAA908932
Authority key identifier: B7:E3:4F:57:D0:07:16:6D:EF:4D:D8:81:D8:F7:D5:B6:ED:95:E6:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t-NPV9AHFm3vTdiB2PfVtu2V5lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/1LdSNQtPKGuFRCqVT7O_Fm0yv40.roa
Signing time:             Thu 01 Jan 2026 00:18:11 +0000
ROA not before:           Thu 01 Jan 2026 00:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61157
IP address blocks:        185.171.216.0/24 maxlen: 24
                          185.171.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/t-NPV9AHFm3vTdiB2PfVtu2V5lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/t-NPV9AHFm3vTdiB2PfVtu2V5lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t-NPV9AHFm3vTdiB2PfVtu2V5lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:4f:ad:96:8c:75:d1:49:b8:2b:3e:aa:90:89:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7e34f57d007166def4dd881d8f7d5b6ed95e656
        Validity
            Not Before: Jan  1 00:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d4b752350b4f286b85442a954fb3bf166d32bf8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:dc:6c:63:0d:10:f2:07:1e:e1:4b:bf:6c:08:
                    e8:20:50:89:15:31:7f:7d:be:3f:4b:83:38:34:15:
                    82:1a:26:8f:64:b7:2b:13:72:b9:2e:70:56:82:9a:
                    43:9f:64:32:68:a2:64:ad:ec:d9:4d:bf:93:c9:74:
                    7e:90:e9:a1:b4:ea:e6:eb:57:79:8b:80:75:f8:ff:
                    df:19:9a:b1:e2:e3:72:ea:66:22:a1:0a:42:20:43:
                    c3:86:34:c4:4e:7f:9a:31:88:f6:47:69:fa:a5:a7:
                    e3:a7:ac:d0:d2:fc:88:7b:62:55:a9:6a:9c:74:fd:
                    b6:d1:79:eb:6c:bb:b5:16:9c:40:df:0c:f6:fa:00:
                    9a:85:8c:ff:b6:04:38:19:a3:4c:b7:4b:52:80:e2:
                    99:c5:e4:7b:29:25:18:06:6b:83:5b:61:9d:7a:53:
                    25:91:21:14:83:40:16:c9:f7:cb:cc:f0:a9:f1:1a:
                    fb:f4:f8:0f:a1:d2:63:e9:ab:90:48:7c:ba:98:ed:
                    65:40:97:c3:13:96:84:64:5e:de:f1:8a:9a:ce:d4:
                    37:98:5a:85:9d:8a:53:82:da:5d:db:9c:1c:1f:09:
                    80:10:55:2e:85:f1:d3:5b:1c:82:4b:e2:bf:4c:0f:
                    cf:63:a1:bc:fb:3d:10:80:83:ca:4c:75:f3:0b:50:
                    b7:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:B7:52:35:0B:4F:28:6B:85:44:2A:95:4F:B3:BF:16:6D:32:BF:8D
            X509v3 Authority Key Identifier:
                keyid:B7:E3:4F:57:D0:07:16:6D:EF:4D:D8:81:D8:F7:D5:B6:ED:95:E6:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t-NPV9AHFm3vTdiB2PfVtu2V5lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/1LdSNQtPKGuFRCqVT7O_Fm0yv40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/t-NPV9AHFm3vTdiB2PfVtu2V5lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:e2:b0:0c:42:4c:e9:3d:63:93:5d:45:b7:b3:dc:38:75:29:
         b7:0d:0f:a1:49:ea:f2:c0:fb:9a:64:da:d8:95:1e:c1:29:a4:
         a2:3a:81:73:3b:d1:91:ee:14:95:8a:64:78:ca:4f:c0:ab:4a:
         69:8a:6a:a0:40:1e:7f:cb:6b:c1:12:9c:ea:97:ec:65:c6:b9:
         73:14:b8:9b:a1:8e:af:14:d6:ae:6f:0d:19:b3:bf:71:a4:7e:
         59:48:74:62:4c:6a:8e:85:8b:df:d8:a3:fe:8b:7c:6d:bb:30:
         e2:04:dd:55:ab:de:1d:db:43:35:d6:78:94:a2:f8:49:94:00:
         4b:8c:ed:4d:dc:4c:9b:4b:b1:64:59:47:5f:d5:2f:b4:6a:70:
         31:6f:ad:4b:79:23:e1:ab:b2:56:d2:c0:1a:1d:0e:f1:74:15:
         3c:03:c7:fd:ff:9a:a5:d8:fb:fd:55:1f:2b:24:f6:45:27:fd:
         df:90:ff:c8:a4:2c:88:3f:ba:ec:a0:3b:1d:37:03:9c:df:73:
         dc:a0:09:f0:c9:83:1c:55:fb:0c:d6:e9:36:e3:4f:7f:7b:7b:
         15:5c:41:56:33:6d:29:9f:78:e6:85:ff:b0:a0:28:6c:fc:82:
         0f:04:4d:6d:9a:62:44:c9:37:0b:ea:ad:d1:15:02:ff:7c:72:
         7f:c2:6c:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt260+tlox10Um4Kz6qkIkyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3ZTM0ZjU3ZDAwNzE2NmRlZjRkZDg4MWQ4ZjdkNWI2ZWQ5
NWU2NTYwHhcNMjYwMTAxMDAxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGI3NTIzNTBiNGYyODZiODU0NDJhOTU0ZmIzYmYxNjZkMzJiZjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NxsYw0Q8gce4Uu/bAjoIFCJFTF/
fb4/S4M4NBWCGiaPZLcrE3K5LnBWgppDn2QyaKJkrezZTb+TyXR+kOmhtOrm61d5
i4B1+P/fGZqx4uNy6mYioQpCIEPDhjTETn+aMYj2R2n6pafjp6zQ0vyIe2JVqWqc
dP220XnrbLu1FpxA3wz2+gCahYz/tgQ4GaNMt0tSgOKZxeR7KSUYBmuDW2GdelMl
kSEUg0AWyffLzPCp8Rr79PgPodJj6auQSHy6mO1lQJfDE5aEZF7e8YqaztQ3mFqF
nYpTgtpd25wcHwmAEFUuhfHTWxyCS+K/TA/PY6G8+z0QgIPKTHXzC1C3gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNS3UjULTyhrhUQqlU+zvxZtMr+NMB8GA1UdIwQY
MBaAFLfjT1fQBxZt703Ygdj31bbtleZWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdC1OUFY5QUhGbTN2VGRpQjJQZlZ0dTJWNWxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lNWQ1ODAtZWVlOC00NjNlLTg0YTgt
ZWFjY2I4YjQyZGM5LzEvMUxkU05RdFBLR3VGUkNxVlQ3T19GbTB5djQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lNWQ1ODAtZWVlOC00NjNlLTg0YTgtZWFjY2I4YjQyZGM5
LzEvdC1OUFY5QUhGbTN2VGRpQjJQZlZ0dTJWNWxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuavYMA0G
CSqGSIb3DQEBCwUAA4IBAQAb4rAMQkzpPWOTXUW3s9w4dSm3DQ+hSerywPuaZNrY
lR7BKaSiOoFzO9GR7hSVimR4yk/Aq0ppimqgQB5/y2vBEpzql+xlxrlzFLiboY6v
FNaubw0Zs79xpH5ZSHRiTGqOhYvf2KP+i3xtuzDiBN1Vq94d20M11niUovhJlABL
jO1N3EybS7FkWUdf1S+0anAxb61LeSPhq7JW0sAaHQ7xdBU8A8f9/5ql2Pv9VR8r
JPZFJ/3fkP/IpCyIP7rsoDsdNwOc33PcoAnwyYMcVfsM1uk2409/e3sVXEFWM20p
n3jmhf+woChs/IIPBE1tmmJEyTcL6q3RFQL/fHJ/wmzr
-----END CERTIFICATE-----