This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/cH5VUqUcKkt9HSVAYge0hus4RzQ.roa
File:                     cH5VUqUcKkt9HSVAYge0hus4RzQ.roa (raw, json)
Hash identifier:          wbhN9oe6hbcxDEr+Ij32oivB3HfT5mVhEID8dWUc5rw=
Subject key identifier:   70:7E:55:52:A5:1C:2A:4B:7D:1D:25:40:62:07:B4:86:EB:38:47:34
Certificate issuer:       /CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
Certificate serial:       019B7910885E45AB38CAE7A660C3CD7E4BDA
Authority key identifier: B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/cH5VUqUcKkt9HSVAYge0hus4RzQ.roa
Signing time:             Thu 01 Jan 2026 10:18:05 +0000
ROA not before:           Thu 01 Jan 2026 10:18:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206659
IP address blocks:        185.168.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:88:5e:45:ab:38:ca:e7:a6:60:c3:cd:7e:4b:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
        Validity
            Not Before: Jan  1 10:18:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=707e5552a51c2a4b7d1d25406207b486eb384734
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e0:5c:2f:4a:0a:09:d7:52:4a:48:b1:5d:48:
                    ca:84:8c:d5:91:0e:0b:2f:3f:43:c7:92:e3:4a:43:
                    52:17:94:05:b0:de:b0:5f:24:4c:72:ea:b2:29:56:
                    c1:83:ef:17:e1:7e:b3:43:d2:80:9f:ad:30:b8:19:
                    42:cd:32:f7:63:f3:6f:6e:ea:88:4d:b5:59:73:f3:
                    aa:30:5c:9a:fe:66:8e:5f:ab:dc:9e:54:9d:ec:4e:
                    f0:44:01:6f:fd:6d:d9:6a:5e:b1:b2:50:12:b5:be:
                    2a:b0:b6:ad:c7:aa:75:c0:27:6a:f2:bf:bf:a9:26:
                    17:15:65:6a:b2:54:3b:f2:44:60:8f:a8:02:47:63:
                    ea:39:4a:b2:fb:ca:ac:e1:bc:00:c6:38:c4:a2:2d:
                    85:19:89:42:d7:03:15:90:a2:b2:66:aa:94:b9:0b:
                    3a:05:9d:78:56:b4:d2:03:36:cd:f4:28:16:29:a6:
                    1b:4a:3a:f6:77:95:9f:0e:b0:ce:85:95:19:30:a6:
                    81:ca:e8:58:50:95:c4:34:37:47:a4:cf:c5:e8:40:
                    71:28:03:df:80:bf:70:6f:56:42:11:fb:67:7b:c5:
                    af:ff:80:fa:b2:4e:8b:9e:7e:55:c9:1f:fa:06:2c:
                    f6:bc:e6:d5:ea:a6:fc:89:ee:03:1f:9f:1a:12:69:
                    54:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:7E:55:52:A5:1C:2A:4B:7D:1D:25:40:62:07:B4:86:EB:38:47:34
            X509v3 Authority Key Identifier:
                keyid:B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/cH5VUqUcKkt9HSVAYge0hus4RzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:20:c8:4b:cf:8f:71:23:6f:e4:27:e7:dd:43:c5:40:c7:1b:
         68:a5:e4:c0:5e:70:03:f9:a5:46:41:f4:be:d8:c2:3e:4c:2f:
         98:25:2b:9b:f1:8d:66:6d:df:b6:10:cf:0f:3d:fd:da:1b:25:
         9d:1c:c2:e9:24:66:bc:1e:6f:31:0b:e4:61:f6:b9:0a:b1:7d:
         3b:e1:98:6a:a3:91:00:8b:43:bd:be:d8:69:63:8d:d2:cd:d4:
         1b:9f:76:de:fd:b6:18:95:62:a0:88:0a:ea:92:cc:87:5a:dc:
         57:71:e3:4b:84:a7:e7:6e:c0:77:af:f6:63:1a:5a:3a:94:75:
         71:1c:08:18:c8:15:cf:b0:64:d4:8e:58:44:ed:78:a4:7a:e0:
         17:c7:a5:18:2d:e5:b9:aa:c1:a9:cc:17:66:1d:3e:95:8b:21:
         9d:eb:eb:84:a6:9a:32:71:8e:2e:33:47:f3:4d:48:bd:5f:20:
         cb:6a:a0:c8:30:08:ad:eb:80:26:a4:e6:6f:27:ad:ba:26:eb:
         53:42:a5:fc:c0:52:62:94:88:24:82:89:fd:d8:cf:1a:2e:76:
         4d:ac:2f:18:c0:7d:9e:4d:95:c4:6d:9b:ec:03:8d:13:ba:7f:
         13:ba:0d:14:60:64:29:0f:20:ca:8b:65:7d:d7:90:3d:a3:1d:
         9d:a7:fb:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EIheRas4yuemYMPNfkvaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYzUxYjBjMDYzY2ZjMTY5NDNmYzlhNDdlMmM4MDU5OTBm
NmVhYWUwHhcNMjYwMTAxMTAxODA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDdlNTU1MmE1MWMyYTRiN2QxZDI1NDA2MjA3YjQ4NmViMzg0NzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOBcL0oKCddSSkixXUjKhIzVkQ4L
Lz9Dx5LjSkNSF5QFsN6wXyRMcuqyKVbBg+8X4X6zQ9KAn60wuBlCzTL3Y/NvbuqI
TbVZc/OqMFya/maOX6vcnlSd7E7wRAFv/W3Zal6xslAStb4qsLatx6p1wCdq8r+/
qSYXFWVqslQ78kRgj6gCR2PqOUqy+8qs4bwAxjjEoi2FGYlC1wMVkKKyZqqUuQs6
BZ14VrTSAzbN9CgWKaYbSjr2d5WfDrDOhZUZMKaByuhYUJXENDdHpM/F6EBxKAPf
gL9wb1ZCEftne8Wv/4D6sk6Lnn5VyR/6Biz2vObV6qb8ie4DH58aEmlUtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHB+VVKlHCpLfR0lQGIHtIbrOEc0MB8GA1UdIwQY
MBaAFLPFGwwGPPwWlD/JpH4sgFmQ9uquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEt
ZmY1ZjFhZDY5MjY2LzEvY0g1VlVxVWNLa3Q5SFNWQVlnZTBodXM0UnpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEtZmY1ZjFhZDY5MjY2
LzEvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaglMA0G
CSqGSIb3DQEBCwUAA4IBAQCUIMhLz49xI2/kJ+fdQ8VAxxtopeTAXnAD+aVGQfS+
2MI+TC+YJSub8Y1mbd+2EM8PPf3aGyWdHMLpJGa8Hm8xC+Rh9rkKsX074Zhqo5EA
i0O9vthpY43SzdQbn3be/bYYlWKgiArqksyHWtxXceNLhKfnbsB3r/ZjGlo6lHVx
HAgYyBXPsGTUjlhE7XikeuAXx6UYLeW5qsGpzBdmHT6ViyGd6+uEppoycY4uM0fz
TUi9XyDLaqDIMAit64AmpOZvJ626JutTQqX8wFJilIgkgon92M8aLnZNrC8YwH2e
TZXEbZvsA40Tun8Tug0UYGQpDyDKi2V915A9ox2dp/tl
-----END CERTIFICATE-----