This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/ehZg7NVKRiPcTGHWVyISklSxV_0.roa
File:                     ehZg7NVKRiPcTGHWVyISklSxV_0.roa (raw, json)
Hash identifier:          Dyhn6Vhbep1Q3HKDE2Bpn72ONwXFiRAQ/djQCOZfQXE=
Subject key identifier:   7A:16:60:EC:D5:4A:46:23:DC:4C:61:D6:57:22:12:92:54:B1:57:FD
Certificate issuer:       /CN=b6a1654dae96c532578ce1df1ebb8221dbb68145
Certificate serial:       019B7CEE6374341C1D4BAF2458040E0B088F
Authority key identifier: B6:A1:65:4D:AE:96:C5:32:57:8C:E1:DF:1E:BB:82:21:DB:B6:81:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tqFlTa6WxTJXjOHfHruCIdu2gUU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/ehZg7NVKRiPcTGHWVyISklSxV_0.roa
Signing time:             Fri 02 Jan 2026 04:19:16 +0000
ROA not before:           Fri 02 Jan 2026 04:19:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39351
IP address blocks:        85.208.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/tqFlTa6WxTJXjOHfHruCIdu2gUU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/tqFlTa6WxTJXjOHfHruCIdu2gUU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tqFlTa6WxTJXjOHfHruCIdu2gUU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:63:74:34:1c:1d:4b:af:24:58:04:0e:0b:08:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6a1654dae96c532578ce1df1ebb8221dbb68145
        Validity
            Not Before: Jan  2 04:19:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7a1660ecd54a4623dc4c61d65722129254b157fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:8d:ab:45:c1:3d:e1:ec:80:89:41:ff:d9:71:
                    35:ad:7f:36:ab:9e:b2:ea:53:3a:b9:2a:31:62:d8:
                    07:bd:f3:aa:4d:a8:f1:08:8c:59:1c:54:50:a1:bd:
                    f3:87:df:ee:70:0e:bc:06:f1:6e:37:17:b5:cc:d9:
                    ee:4f:c5:2c:e8:86:48:21:b6:4c:15:87:fc:45:53:
                    e7:6a:91:17:f0:53:4e:eb:ba:d9:7a:4a:a7:fa:a9:
                    45:17:b3:8f:1f:b6:65:b9:36:c5:99:8d:94:50:a1:
                    d7:57:bf:74:06:83:37:01:5e:a2:70:4c:be:ac:5b:
                    4b:63:67:eb:93:fa:56:b2:1c:7f:37:10:fa:15:07:
                    4a:d8:0d:94:f5:88:13:39:a8:7e:8d:27:85:e4:39:
                    43:55:22:a4:73:d0:37:75:81:2f:61:17:3c:9d:93:
                    ec:10:f1:66:05:56:13:05:23:08:68:8c:65:aa:c0:
                    bc:c3:d2:d0:f8:df:ec:09:2c:f4:42:77:43:b8:34:
                    76:21:12:ef:d4:03:2c:cb:a7:0b:38:2d:59:d2:9e:
                    85:51:31:d0:7e:20:90:c3:23:7f:0b:40:61:16:92:
                    36:ac:9e:7f:de:2c:1c:dd:60:8a:bd:aa:da:99:ed:
                    fc:1d:f2:ed:f2:4f:34:d2:be:97:29:9b:59:c2:6d:
                    75:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:16:60:EC:D5:4A:46:23:DC:4C:61:D6:57:22:12:92:54:B1:57:FD
            X509v3 Authority Key Identifier:
                keyid:B6:A1:65:4D:AE:96:C5:32:57:8C:E1:DF:1E:BB:82:21:DB:B6:81:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tqFlTa6WxTJXjOHfHruCIdu2gUU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/ehZg7NVKRiPcTGHWVyISklSxV_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/tqFlTa6WxTJXjOHfHruCIdu2gUU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:b4:bb:3c:65:aa:2c:d0:19:6c:b7:4e:60:96:a3:d6:9c:fa:
         0d:63:f1:86:c0:98:1d:24:d5:9f:d8:73:5a:4d:ef:24:c1:86:
         39:ea:23:67:7d:66:69:9e:d9:19:ef:51:ad:ef:07:f9:af:32:
         04:f2:57:9c:9a:ba:22:a9:b9:24:22:ed:ab:06:06:cd:2f:fb:
         0e:f1:04:36:7a:4a:f1:51:80:51:17:4e:32:1d:95:c6:57:17:
         13:cf:5c:6f:d0:dd:f1:31:5e:2f:1a:33:4a:9f:d6:32:da:a7:
         3d:33:47:ba:e1:c4:3e:4f:c3:64:f6:a4:69:68:5b:d4:c4:c7:
         eb:f6:18:a1:c9:41:63:10:e4:53:1d:b5:72:c2:68:40:c7:5e:
         e4:13:85:6c:47:58:38:c1:08:a4:df:a5:4b:f3:1a:d5:e2:1f:
         62:0e:dc:6b:bb:df:ae:3d:26:f6:ce:2b:25:40:9f:b5:f3:3b:
         a4:f4:b0:4d:f2:3f:e4:de:93:83:65:ae:e0:ff:b9:97:b4:2f:
         39:42:73:d7:17:57:0d:0a:e9:97:fa:02:a2:4d:c2:2e:7b:39:
         56:bf:78:0a:7f:7e:e3:ea:65:81:01:a2:40:3e:91:f1:f0:c0:
         e7:27:4c:a6:e7:e2:7f:3c:c7:e4:72:74:04:f7:f0:b2:8c:da:
         dd:8d:0b:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87mN0NBwdS68kWAQOCwiPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2YTE2NTRkYWU5NmM1MzI1NzhjZTFkZjFlYmI4MjIxZGJi
NjgxNDUwHhcNMjYwMTAyMDQxOTE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTE2NjBlY2Q1NGE0NjIzZGM0YzYxZDY1NzIyMTI5MjU0YjE1N2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvI2rRcE94eyAiUH/2XE1rX82q56y
6lM6uSoxYtgHvfOqTajxCIxZHFRQob3zh9/ucA68BvFuNxe1zNnuT8Us6IZIIbZM
FYf8RVPnapEX8FNO67rZekqn+qlFF7OPH7ZluTbFmY2UUKHXV790BoM3AV6icEy+
rFtLY2frk/pWshx/NxD6FQdK2A2U9YgTOah+jSeF5DlDVSKkc9A3dYEvYRc8nZPs
EPFmBVYTBSMIaIxlqsC8w9LQ+N/sCSz0QndDuDR2IRLv1AMsy6cLOC1Z0p6FUTHQ
fiCQwyN/C0BhFpI2rJ5/3iwc3WCKvarame38HfLt8k800r6XKZtZwm11BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHoWYOzVSkYj3Exh1lciEpJUsVf9MB8GA1UdIwQY
MBaAFLahZU2ulsUyV4zh3x67giHbtoFFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHFGbFRhNld4VEpYak9IZkhydUNJZHUyZ1VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9iMDExZDMtYmRiYS00NWNkLWE4YWMt
ZTBiZTg5YzRmMTY5LzEvZWhaZzdOVktSaVBjVEdIV1Z5SVNrbFN4Vl8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9iMDExZDMtYmRiYS00NWNkLWE4YWMtZTBiZTg5YzRmMTY5
LzEvdHFGbFRhNld4VEpYak9IZkhydUNJZHUyZ1VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdCkMA0G
CSqGSIb3DQEBCwUAA4IBAQB9tLs8Zaos0Blst05glqPWnPoNY/GGwJgdJNWf2HNa
Te8kwYY56iNnfWZpntkZ71Gt7wf5rzIE8lecmroiqbkkIu2rBgbNL/sO8QQ2ekrx
UYBRF04yHZXGVxcTz1xv0N3xMV4vGjNKn9Yy2qc9M0e64cQ+T8Nk9qRpaFvUxMfr
9hihyUFjEORTHbVywmhAx17kE4VsR1g4wQik36VL8xrV4h9iDtxru9+uPSb2zisl
QJ+18zuk9LBN8j/k3pODZa7g/7mXtC85QnPXF1cNCumX+gKiTcIuezlWv3gKf37j
6mWBAaJAPpHx8MDnJ0ym5+J/PMfkcnQE9/CyjNrdjQv2
-----END CERTIFICATE-----