This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/08e57c-d716-4705-9561-03adfbc68c91/1/0kDLFicUYCSnk5qezsAnlqD_YsQ.roa
File:                     0kDLFicUYCSnk5qezsAnlqD_YsQ.roa (raw, json)
Hash identifier:          nPUI+tPRgC8/2WDdTR0OhIepUfEAFxE9m9YTijKjEm8=
Subject key identifier:   D2:40:CB:16:27:14:60:24:A7:93:9A:9E:CE:C0:27:96:A0:FF:62:C4
Certificate issuer:       /CN=037f532fa262f5c6bd9615bcd79d6edd43f2e075
Certificate serial:       019C2DD88E758F18C64498B6D68407D6F20F
Authority key identifier: 03:7F:53:2F:A2:62:F5:C6:BD:96:15:BC:D7:9D:6E:DD:43:F2:E0:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A39TL6Ji9ca9lhW8151u3UPy4HU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/08e57c-d716-4705-9561-03adfbc68c91/1/0kDLFicUYCSnk5qezsAnlqD_YsQ.roa
Signing time:             Thu 05 Feb 2026 12:48:12 +0000
ROA not before:           Thu 05 Feb 2026 12:48:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        185.186.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/08e57c-d716-4705-9561-03adfbc68c91/1/A39TL6Ji9ca9lhW8151u3UPy4HU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/08e57c-d716-4705-9561-03adfbc68c91/1/A39TL6Ji9ca9lhW8151u3UPy4HU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A39TL6Ji9ca9lhW8151u3UPy4HU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Feb 2026 23:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:2d:d8:8e:75:8f:18:c6:44:98:b6:d6:84:07:d6:f2:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=037f532fa262f5c6bd9615bcd79d6edd43f2e075
        Validity
            Not Before: Feb  5 12:48:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d240cb1627146024a7939a9ecec02796a0ff62c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:70:9c:56:2f:c3:8b:cc:70:30:28:30:99:45:
                    96:91:83:9b:06:1d:1d:b2:de:e7:85:67:de:e7:ea:
                    73:10:dd:44:f4:93:99:ab:2f:1b:2d:b6:27:7c:cc:
                    8e:97:c5:33:e9:28:e9:2c:df:b7:99:19:df:6d:31:
                    f3:4c:11:ca:43:50:dc:c5:fe:97:24:de:d0:29:0e:
                    44:8a:f1:95:dd:30:9a:fe:95:2f:8e:39:70:fe:c4:
                    72:1f:41:ad:03:6b:ef:42:23:52:01:1a:04:e4:c0:
                    1f:d8:53:5a:e4:05:8c:0e:df:0f:0e:79:63:95:fe:
                    b8:10:02:c9:e2:5c:b5:ba:77:65:7e:07:64:79:42:
                    28:a3:92:56:ab:e8:a9:81:29:fb:31:a1:73:06:42:
                    a0:7a:0f:7a:60:a1:e1:15:0e:89:93:e3:ec:6a:ab:
                    ba:36:11:92:9f:ed:e6:1e:83:2e:25:fd:b3:02:71:
                    a1:0f:4b:c4:fc:03:e3:2a:7a:12:a2:51:31:f5:fc:
                    7c:fd:10:d3:68:ba:b2:7e:78:e0:1d:96:dd:cd:9d:
                    54:03:22:90:a7:67:b0:6d:50:30:bf:b1:6b:e2:5a:
                    6c:84:99:a3:75:08:da:49:4c:bc:53:b5:29:a7:9f:
                    bb:68:68:3c:a8:6b:f1:9d:e4:68:1d:95:e0:8d:b0:
                    df:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:40:CB:16:27:14:60:24:A7:93:9A:9E:CE:C0:27:96:A0:FF:62:C4
            X509v3 Authority Key Identifier:
                keyid:03:7F:53:2F:A2:62:F5:C6:BD:96:15:BC:D7:9D:6E:DD:43:F2:E0:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A39TL6Ji9ca9lhW8151u3UPy4HU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/08e57c-d716-4705-9561-03adfbc68c91/1/0kDLFicUYCSnk5qezsAnlqD_YsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/08e57c-d716-4705-9561-03adfbc68c91/1/A39TL6Ji9ca9lhW8151u3UPy4HU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:60:7e:9f:6e:91:ca:2d:e7:88:44:82:5b:79:b1:2c:6e:65:
         10:d5:dd:99:08:7f:ec:33:93:94:a2:39:9a:ac:17:02:02:fb:
         34:b4:43:53:50:6c:a2:2a:8d:2f:14:0c:5c:82:af:e6:d4:39:
         90:c3:27:cf:a2:04:3f:3e:21:f7:42:51:99:9b:48:72:dc:75:
         ff:e1:b6:38:85:0b:03:96:55:63:5c:cc:ea:7a:60:72:31:83:
         b8:ab:51:fb:f2:04:2a:35:3b:54:1e:88:91:15:e6:d7:53:53:
         08:f1:39:75:7a:f5:df:84:79:56:86:d4:a4:2b:e9:0d:bc:34:
         66:81:31:c2:fa:fb:3b:6d:9d:3a:37:17:0f:99:01:5a:72:ac:
         36:d9:0f:7f:a5:8f:43:ce:1d:60:2d:ef:6f:b6:1f:4c:dc:5d:
         ca:90:72:f7:f8:99:02:95:15:9b:1c:b5:d7:ea:27:1f:99:62:
         d6:8f:19:40:b1:a7:5d:08:76:e6:cd:ba:2b:9f:1b:78:06:d5:
         85:bc:32:71:4d:c7:2c:28:cd:8d:30:b2:86:93:5d:11:a7:65:
         c0:fe:ff:2f:6f:5b:40:1e:e3:56:6c:e6:e8:74:a5:22:f5:a3:
         29:47:86:3f:c1:42:41:8d:f5:b3:34:15:3c:b6:43:ce:c8:ea:
         58:4c:be:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwt2I51jxjGRJi21oQH1vIPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzN2Y1MzJmYTI2MmY1YzZiZDk2MTViY2Q3OWQ2ZWRkNDNm
MmUwNzUwHhcNMjYwMjA1MTI0ODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjQwY2IxNjI3MTQ2MDI0YTc5MzlhOWVjZWMwMjc5NmEwZmY2MmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA53CcVi/Di8xwMCgwmUWWkYObBh0d
st7nhWfe5+pzEN1E9JOZqy8bLbYnfMyOl8Uz6SjpLN+3mRnfbTHzTBHKQ1Dcxf6X
JN7QKQ5EivGV3TCa/pUvjjlw/sRyH0GtA2vvQiNSARoE5MAf2FNa5AWMDt8PDnlj
lf64EALJ4ly1undlfgdkeUIoo5JWq+ipgSn7MaFzBkKgeg96YKHhFQ6Jk+Psaqu6
NhGSn+3mHoMuJf2zAnGhD0vE/APjKnoSolEx9fx8/RDTaLqyfnjgHZbdzZ1UAyKQ
p2ewbVAwv7Fr4lpshJmjdQjaSUy8U7Upp5+7aGg8qGvxneRoHZXgjbDfiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJAyxYnFGAkp5Oans7AJ5ag/2LEMB8GA1UdIwQY
MBaAFAN/Uy+iYvXGvZYVvNedbt1D8uB1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTM5VEw2Smk5Y2E5bGhXODE1MXUzVVB5NEhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8wOGU1N2MtZDcxNi00NzA1LTk1NjEt
MDNhZGZiYzY4YzkxLzEvMGtETEZpY1VZQ1NuazVxZXpzQW5scURfWXNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8wOGU1N2MtZDcxNi00NzA1LTk1NjEtMDNhZGZiYzY4Yzkx
LzEvQTM5VEw2Smk5Y2E5bGhXODE1MXUzVVB5NEhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubpvMA0G
CSqGSIb3DQEBCwUAA4IBAQCCYH6fbpHKLeeIRIJbebEsbmUQ1d2ZCH/sM5OUojma
rBcCAvs0tENTUGyiKo0vFAxcgq/m1DmQwyfPogQ/PiH3QlGZm0hy3HX/4bY4hQsD
llVjXMzqemByMYO4q1H78gQqNTtUHoiRFebXU1MI8Tl1evXfhHlWhtSkK+kNvDRm
gTHC+vs7bZ06NxcPmQFacqw22Q9/pY9Dzh1gLe9vth9M3F3KkHL3+JkClRWbHLXX
6icfmWLWjxlAsaddCHbmzbornxt4BtWFvDJxTccsKM2NMLKGk10Rp2XA/v8vb1tA
HuNWbObodKUi9aMpR4Y/wUJBjfWzNBU8tkPOyOpYTL7j
-----END CERTIFICATE-----