This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/izBEqB-PNNJgRoLyWPChI_yKYok.roa
File:                     izBEqB-PNNJgRoLyWPChI_yKYok.roa (raw, json)
Hash identifier:          Zf4HQBOePyu6y1PfOzURUaEjEzCAcUCk3e7WbSfxvsE=
Subject key identifier:   8B:30:44:A8:1F:8F:34:D2:60:46:82:F2:58:F0:A1:23:FC:8A:62:89
Certificate issuer:       /CN=de12eb9c75d359d25137b5ef4e176f5eeb6c4342
Certificate serial:       019BD25E605D00F04C5DB0CEB1E15B6CF45E
Authority key identifier: DE:12:EB:9C:75:D3:59:D2:51:37:B5:EF:4E:17:6F:5E:EB:6C:43:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3hLrnHXTWdJRN7XvThdvXutsQ0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/izBEqB-PNNJgRoLyWPChI_yKYok.roa
Signing time:             Sun 18 Jan 2026 18:29:18 +0000
ROA not before:           Sun 18 Jan 2026 18:29:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51396
IP address blocks:        192.109.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/3hLrnHXTWdJRN7XvThdvXutsQ0I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/3hLrnHXTWdJRN7XvThdvXutsQ0I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3hLrnHXTWdJRN7XvThdvXutsQ0I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:d2:5e:60:5d:00:f0:4c:5d:b0:ce:b1:e1:5b:6c:f4:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de12eb9c75d359d25137b5ef4e176f5eeb6c4342
        Validity
            Not Before: Jan 18 18:29:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8b3044a81f8f34d2604682f258f0a123fc8a6289
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:9f:d5:2d:d5:67:59:30:a8:fc:2a:44:c5:24:
                    01:6e:4a:5e:88:08:aa:a4:0e:d0:9a:ff:3f:12:0d:
                    c9:8d:42:3a:a9:2a:4c:95:a8:61:0b:db:4c:29:1a:
                    08:cc:43:ef:32:07:77:6f:53:ba:03:a4:d9:7f:e9:
                    06:5f:69:a2:c3:b9:f2:c6:bb:3d:cd:f0:9b:c2:98:
                    da:2a:83:0d:d2:b5:c1:8e:33:0a:35:dd:7c:14:6a:
                    b3:71:bf:24:92:8e:dd:b9:96:d7:42:3f:f6:44:ff:
                    67:b9:53:19:67:50:36:53:eb:1e:64:f8:37:ba:6f:
                    1c:a0:6c:f9:6b:38:c5:5b:34:6c:ba:9b:67:cc:15:
                    b2:71:2e:b8:10:b0:0c:d4:ce:80:08:62:ed:24:42:
                    6f:ab:ba:56:79:db:5a:89:c0:d8:b9:fc:37:54:fb:
                    2b:8f:44:1f:0f:a8:f9:17:35:d3:05:94:b6:ee:1f:
                    9d:77:37:d7:31:05:79:74:4c:de:25:38:bf:b2:07:
                    be:72:fe:f2:9e:84:e2:71:8f:23:d2:d3:01:fc:1b:
                    26:b3:03:8d:92:6a:20:52:f9:e6:b9:fd:e8:db:19:
                    26:aa:05:b9:3e:4e:a8:45:b1:03:0f:c8:fe:81:69:
                    01:78:79:69:b3:9b:05:bc:dc:94:eb:7b:6a:26:a4:
                    6e:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:30:44:A8:1F:8F:34:D2:60:46:82:F2:58:F0:A1:23:FC:8A:62:89
            X509v3 Authority Key Identifier:
                keyid:DE:12:EB:9C:75:D3:59:D2:51:37:B5:EF:4E:17:6F:5E:EB:6C:43:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3hLrnHXTWdJRN7XvThdvXutsQ0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/izBEqB-PNNJgRoLyWPChI_yKYok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/269a04-77b4-4ee7-b164-c16787272049/1/3hLrnHXTWdJRN7XvThdvXutsQ0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:a0:dc:79:de:75:bf:7f:3b:13:b5:39:61:50:b1:28:55:bd:
         23:0c:e7:9b:7c:d8:db:1a:f6:23:16:4e:57:30:78:6d:c6:e3:
         71:57:b4:fe:ef:56:3b:bb:4a:a0:b9:72:6c:0f:f3:8a:8e:48:
         e2:b8:4d:62:8e:f9:91:ee:ad:f0:17:4a:24:32:a1:d1:da:1c:
         dc:c8:81:2a:78:21:99:b9:4d:ce:eb:07:41:ab:8f:75:95:99:
         c8:62:af:fb:99:26:63:f9:4f:6e:b8:8f:c7:e7:30:ec:b6:92:
         bc:aa:58:6c:1b:73:82:1f:f0:66:e1:e9:85:2d:18:b7:64:f8:
         ac:e7:d2:e5:9e:2b:5d:79:1e:42:e9:92:ad:e4:1b:61:8d:87:
         f3:d1:16:d0:ce:f9:7a:1d:cf:93:ff:28:56:d7:7a:79:0a:7d:
         56:9a:ce:8b:26:ac:96:98:f3:a1:67:e4:ac:b0:d8:46:cd:ae:
         0e:dc:a7:5f:2b:e8:96:45:c8:f4:23:27:65:2f:14:c5:66:75:
         57:54:80:4d:7c:5d:da:cc:07:16:8e:9a:c3:34:c3:e4:50:92:
         34:36:4c:84:8b:21:4b:06:7d:30:af:60:61:a7:eb:22:0f:9c:
         74:44:58:87:29:4c:58:85:68:c0:f3:b8:d1:fb:1d:c3:19:b8:
         06:53:f9:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvSXmBdAPBMXbDOseFbbPReMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMTJlYjljNzVkMzU5ZDI1MTM3YjVlZjRlMTc2ZjVlZWI2
YzQzNDIwHhcNMjYwMTE4MTgyOTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjMwNDRhODFmOGYzNGQyNjA0NjgyZjI1OGYwYTEyM2ZjOGE2Mjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5/VLdVnWTCo/CpExSQBbkpeiAiq
pA7Qmv8/Eg3JjUI6qSpMlahhC9tMKRoIzEPvMgd3b1O6A6TZf+kGX2miw7nyxrs9
zfCbwpjaKoMN0rXBjjMKNd18FGqzcb8kko7duZbXQj/2RP9nuVMZZ1A2U+seZPg3
um8coGz5azjFWzRsuptnzBWycS64ELAM1M6ACGLtJEJvq7pWedtaicDYufw3VPsr
j0QfD6j5FzXTBZS27h+ddzfXMQV5dEzeJTi/sge+cv7ynoTicY8j0tMB/BsmswON
kmogUvnmuf3o2xkmqgW5Pk6oRbEDD8j+gWkBeHlps5sFvNyU63tqJqRu9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIswRKgfjzTSYEaC8ljwoSP8imKJMB8GA1UdIwQY
MBaAFN4S65x101nSUTe1704Xb17rbENCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2hMcm5IWFRXZEpSTjdYdlRoZHZYdXRzUTBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8yNjlhMDQtNzdiNC00ZWU3LWIxNjQt
YzE2Nzg3MjcyMDQ5LzEvaXpCRXFCLVBOTkpnUm9MeVdQQ2hJX3lLWW9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8yNjlhMDQtNzdiNC00ZWU3LWIxNjQtYzE2Nzg3MjcyMDQ5
LzEvM2hMcm5IWFRXZEpSTjdYdlRoZHZYdXRzUTBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG3IMA0G
CSqGSIb3DQEBCwUAA4IBAQAnoNx53nW/fzsTtTlhULEoVb0jDOebfNjbGvYjFk5X
MHhtxuNxV7T+71Y7u0qguXJsD/OKjkjiuE1ijvmR7q3wF0okMqHR2hzcyIEqeCGZ
uU3O6wdBq491lZnIYq/7mSZj+U9uuI/H5zDstpK8qlhsG3OCH/Bm4emFLRi3ZPis
59LlnitdeR5C6ZKt5BthjYfz0RbQzvl6Hc+T/yhW13p5Cn1Wms6LJqyWmPOhZ+Ss
sNhGza4O3KdfK+iWRcj0IydlLxTFZnVXVIBNfF3azAcWjprDNMPkUJI0NkyEiyFL
Bn0wr2Bhp+siD5x0RFiHKUxYhWjA87jR+x3DGbgGU/mB
-----END CERTIFICATE-----