This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/ehqv0V2Mxbz4tpd2nZ-H0adSaEo.roa
File:                     ehqv0V2Mxbz4tpd2nZ-H0adSaEo.roa (raw, json)
Hash identifier:          02XO0vXOdnlzhqYHTi75uxwmBCYXsERvvoqfOYq0+7M=
Subject key identifier:   7A:1A:AF:D1:5D:8C:C5:BC:F8:B6:97:76:9D:9F:87:D1:A7:52:68:4A
Certificate issuer:       /CN=f3b2805d8776eedeb7aa4cbe5af568cdb2629fc2
Certificate serial:       019B7759542DE835A680CE05F94833025C2B
Authority key identifier: F3:B2:80:5D:87:76:EE:DE:B7:AA:4C:BE:5A:F5:68:CD:B2:62:9F:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/87KAXYd27t63qky-WvVozbJin8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/ehqv0V2Mxbz4tpd2nZ-H0adSaEo.roa
Signing time:             Thu 01 Jan 2026 02:18:21 +0000
ROA not before:           Thu 01 Jan 2026 02:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     53107
IP address blocks:        178.255.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/87KAXYd27t63qky-WvVozbJin8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/87KAXYd27t63qky-WvVozbJin8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/87KAXYd27t63qky-WvVozbJin8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:54:2d:e8:35:a6:80:ce:05:f9:48:33:02:5c:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3b2805d8776eedeb7aa4cbe5af568cdb2629fc2
        Validity
            Not Before: Jan  1 02:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7a1aafd15d8cc5bcf8b697769d9f87d1a752684a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:aa:09:68:e5:28:5e:63:5e:2f:97:af:8e:f8:
                    ad:2b:74:b6:8f:b6:6c:bd:4c:e6:aa:fd:a4:e3:62:
                    f5:91:a9:be:20:aa:ed:4a:26:e6:f2:69:02:93:e8:
                    e5:a2:08:7e:a8:c1:96:d0:ca:fe:93:19:a9:94:3e:
                    8c:96:68:49:9c:93:21:d6:00:30:17:16:62:59:a3:
                    be:af:1d:c7:74:5b:80:73:b3:f0:40:b2:9d:44:79:
                    75:36:8f:e0:bc:a1:0f:fe:0a:b0:ad:b4:a2:e3:65:
                    2f:99:8d:ff:14:de:63:07:5c:eb:d5:c7:53:bc:61:
                    db:02:4c:4d:53:64:df:fc:a0:62:db:67:55:6b:a1:
                    cc:80:52:d8:3d:83:d5:04:da:0e:f9:ce:87:ce:5c:
                    a4:57:a2:9f:70:1c:c6:6b:a3:10:8a:15:89:be:3d:
                    8c:7e:51:6c:d3:d3:3c:63:ac:21:4d:c8:70:4e:c2:
                    45:36:9d:63:cc:59:da:e6:e6:58:37:46:e6:2c:83:
                    b1:d8:8f:fa:fd:d3:6b:2d:c4:87:77:a0:8b:9c:c2:
                    5d:59:8e:fc:24:1f:91:dc:24:18:ba:13:43:36:d9:
                    5b:66:b4:89:0f:e8:76:23:e5:f1:05:16:a6:72:2d:
                    6c:dc:50:69:3d:5b:1f:76:a8:cc:c2:7e:27:ea:22:
                    b7:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:1A:AF:D1:5D:8C:C5:BC:F8:B6:97:76:9D:9F:87:D1:A7:52:68:4A
            X509v3 Authority Key Identifier:
                keyid:F3:B2:80:5D:87:76:EE:DE:B7:AA:4C:BE:5A:F5:68:CD:B2:62:9F:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/87KAXYd27t63qky-WvVozbJin8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/ehqv0V2Mxbz4tpd2nZ-H0adSaEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/b862d3-6844-46f7-bd98-83bc797278e2/1/87KAXYd27t63qky-WvVozbJin8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.255.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:3e:b6:e5:01:0d:97:89:0b:2a:31:35:33:27:b7:2e:4e:e0:
         aa:95:26:08:2e:18:4d:9e:e6:0d:1a:d7:73:3f:48:87:36:a9:
         77:d3:3b:9b:02:b7:5e:fa:64:c1:7f:be:08:0e:38:ad:59:56:
         0a:8d:5b:e0:66:b9:4b:b6:78:3c:82:88:8b:ec:86:db:e7:e1:
         6a:2a:9d:a2:e0:a1:1e:70:a7:c6:22:27:2b:2b:22:33:b8:d7:
         9f:7d:3d:da:6e:71:ec:83:5b:f9:3f:cd:52:7e:5b:1a:36:d9:
         8b:57:93:41:f6:25:7a:c0:d0:c4:c3:73:40:37:19:6b:62:ae:
         f2:6f:6d:31:dc:8b:40:ee:f9:f6:39:2c:a4:76:a5:fa:ae:3e:
         b6:92:33:c1:7f:a6:f7:b7:21:a0:00:ba:17:de:1c:4a:b6:54:
         c5:40:e5:37:7b:05:84:45:c0:24:de:5f:71:d4:c6:c1:02:08:
         af:bb:90:a0:ea:14:0f:3a:ac:1f:98:9d:5f:9d:d4:78:22:de:
         7c:06:2e:03:b5:15:e3:75:66:30:33:ef:19:e2:bc:a3:22:d4:
         a0:66:62:66:c2:17:f9:b7:ab:71:3d:f4:a5:51:5e:c8:b2:7b:
         db:d5:e8:42:0d:5f:92:43:df:87:bb:ad:1d:92:5e:58:30:89:
         fc:6a:9d:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WVQt6DWmgM4F+UgzAlwrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYjI4MDVkODc3NmVlZGViN2FhNGNiZTVhZjU2OGNkYjI2
MjlmYzIwHhcNMjYwMTAxMDIxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTFhYWZkMTVkOGNjNWJjZjhiNjk3NzY5ZDlmODdkMWE3NTI2ODRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaoJaOUoXmNeL5evjvitK3S2j7Zs
vUzmqv2k42L1kam+IKrtSibm8mkCk+jlogh+qMGW0Mr+kxmplD6MlmhJnJMh1gAw
FxZiWaO+rx3HdFuAc7PwQLKdRHl1No/gvKEP/gqwrbSi42UvmY3/FN5jB1zr1cdT
vGHbAkxNU2Tf/KBi22dVa6HMgFLYPYPVBNoO+c6HzlykV6KfcBzGa6MQihWJvj2M
flFs09M8Y6whTchwTsJFNp1jzFna5uZYN0bmLIOx2I/6/dNrLcSHd6CLnMJdWY78
JB+R3CQYuhNDNtlbZrSJD+h2I+XxBRamci1s3FBpPVsfdqjMwn4n6iK3VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHoar9FdjMW8+LaXdp2fh9GnUmhKMB8GA1UdIwQY
MBaAFPOygF2Hdu7et6pMvlr1aM2yYp/CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODdLQVhZZDI3dDYzcWt5LVd2Vm96YkppbjhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9iODYyZDMtNjg0NC00NmY3LWJkOTgt
ODNiYzc5NzI3OGUyLzEvZWhxdjBWMk14Yno0dHBkMm5aLUgwYWRTYUVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9iODYyZDMtNjg0NC00NmY3LWJkOTgtODNiYzc5NzI3OGUy
LzEvODdLQVhZZDI3dDYzcWt5LVd2Vm96YkppbjhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv/bMA0G
CSqGSIb3DQEBCwUAA4IBAQBjPrblAQ2XiQsqMTUzJ7cuTuCqlSYILhhNnuYNGtdz
P0iHNql30zubArde+mTBf74IDjitWVYKjVvgZrlLtng8goiL7Ibb5+FqKp2i4KEe
cKfGIicrKyIzuNeffT3abnHsg1v5P81SflsaNtmLV5NB9iV6wNDEw3NANxlrYq7y
b20x3ItA7vn2OSykdqX6rj62kjPBf6b3tyGgALoX3hxKtlTFQOU3ewWERcAk3l9x
1MbBAgivu5Cg6hQPOqwfmJ1fndR4It58Bi4DtRXjdWYwM+8Z4ryjItSgZmJmwhf5
t6txPfSlUV7Isnvb1ehCDV+SQ9+Hu60dkl5YMIn8ap3m
-----END CERTIFICATE-----