This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/011ef2-7012-4a6e-8a1c-0e0e137e5591/1/nH0Hh8w_ST_dDNBSepPVoQ_0gWE.roa
File:                     nH0Hh8w_ST_dDNBSepPVoQ_0gWE.roa (raw, json)
Hash identifier:          MT6P6aS0mNYZsLOpJlpwlRKQU+QkEcXtxk2jipi1w/g=
Subject key identifier:   9C:7D:07:87:CC:3F:49:3F:DD:0C:D0:52:7A:93:D5:A1:0F:F4:81:61
Certificate issuer:       /CN=e520446f79ffc2d7c3a9ef340ce9de25723a719a
Certificate serial:       019B7CEE55E6BAB4F4A253D99673B065CAA8
Authority key identifier: E5:20:44:6F:79:FF:C2:D7:C3:A9:EF:34:0C:E9:DE:25:72:3A:71:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5SBEb3n_wtfDqe80DOneJXI6cZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/011ef2-7012-4a6e-8a1c-0e0e137e5591/1/nH0Hh8w_ST_dDNBSepPVoQ_0gWE.roa
Signing time:             Fri 02 Jan 2026 04:19:12 +0000
ROA not before:           Fri 02 Jan 2026 04:19:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211563
IP address blocks:        185.27.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/011ef2-7012-4a6e-8a1c-0e0e137e5591/1/5SBEb3n_wtfDqe80DOneJXI6cZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/011ef2-7012-4a6e-8a1c-0e0e137e5591/1/5SBEb3n_wtfDqe80DOneJXI6cZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5SBEb3n_wtfDqe80DOneJXI6cZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:55:e6:ba:b4:f4:a2:53:d9:96:73:b0:65:ca:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e520446f79ffc2d7c3a9ef340ce9de25723a719a
        Validity
            Not Before: Jan  2 04:19:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9c7d0787cc3f493fdd0cd0527a93d5a10ff48161
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:44:6d:3b:e6:05:3b:af:68:48:e4:6a:a3:de:
                    a6:11:42:d4:22:58:7f:f6:cf:55:7d:39:b3:52:d1:
                    8f:0a:12:c4:78:99:e5:27:5a:7f:4f:46:c9:6d:af:
                    dc:c6:5d:07:25:6b:79:f4:29:20:72:b8:fc:e9:38:
                    08:ef:d8:fb:83:b1:36:28:9a:0b:45:fe:c5:41:af:
                    63:50:ae:4a:a0:2b:4d:fb:d7:5b:f2:ed:63:97:e8:
                    37:d8:c4:0e:e6:d1:16:d0:03:83:ba:5b:6b:d4:56:
                    9d:a4:64:93:32:f4:a2:fc:f0:a7:ae:4f:a5:d1:2a:
                    c1:37:10:b2:da:53:ce:9b:2f:e3:85:bf:8c:38:52:
                    aa:4f:3b:66:ea:a7:52:b2:c0:06:31:49:f6:1a:15:
                    82:16:db:58:eb:d8:f2:66:7c:37:6c:34:f5:75:fe:
                    ef:4e:f9:83:44:2f:4b:07:a1:ed:09:1e:73:e0:9a:
                    22:4f:f6:e5:a1:9d:45:e5:01:ab:d1:67:fc:a2:aa:
                    17:05:2d:9d:0f:06:9a:d6:82:19:d0:7f:e6:01:94:
                    31:c7:af:79:4b:f9:6a:7f:bd:22:e1:22:55:19:cd:
                    52:e9:10:fc:e4:e6:42:4d:90:9c:c1:a3:e5:7c:c5:
                    df:a6:51:8a:c6:c9:52:c2:3d:f2:16:4b:c7:1c:e3:
                    bf:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:7D:07:87:CC:3F:49:3F:DD:0C:D0:52:7A:93:D5:A1:0F:F4:81:61
            X509v3 Authority Key Identifier:
                keyid:E5:20:44:6F:79:FF:C2:D7:C3:A9:EF:34:0C:E9:DE:25:72:3A:71:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5SBEb3n_wtfDqe80DOneJXI6cZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/011ef2-7012-4a6e-8a1c-0e0e137e5591/1/nH0Hh8w_ST_dDNBSepPVoQ_0gWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/011ef2-7012-4a6e-8a1c-0e0e137e5591/1/5SBEb3n_wtfDqe80DOneJXI6cZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:73:e3:55:07:5c:df:cf:6d:4e:05:fb:6a:5c:2a:49:b4:3c:
         04:09:6f:32:b1:04:76:51:31:92:8f:9d:c9:25:98:99:80:f1:
         c7:c7:f5:18:59:ea:49:70:0a:67:ca:39:43:4a:01:9c:1a:91:
         3c:6e:1b:4c:f3:de:2d:ce:30:29:9c:c3:f0:1d:4a:34:cb:96:
         03:c0:2b:b8:fa:02:02:cc:8e:26:2c:6a:48:40:91:b3:04:4a:
         81:16:54:58:62:4e:df:84:2d:15:4a:26:7d:76:f1:36:0a:4c:
         7c:0a:57:13:2f:2e:82:a7:17:64:95:14:a3:2e:ac:cf:eb:06:
         96:45:89:d9:e1:5a:45:fa:75:9d:24:d1:e3:ca:8e:dc:b8:fd:
         cd:c7:17:43:16:8a:7e:01:75:d8:08:3e:9a:5f:0a:71:95:03:
         03:ff:2a:ee:94:22:90:d4:b3:c5:75:86:ac:86:e8:b6:c0:c2:
         f8:9a:fa:1a:bc:73:cf:7d:fe:f5:3e:5a:c5:4c:f1:b8:6b:c9:
         0a:54:5e:bf:32:e9:f7:62:51:14:6f:bf:5b:16:78:e7:23:d5:
         b4:4d:d4:2d:a2:8d:d0:f0:d1:a8:13:97:82:4c:54:ba:9b:15:
         8a:d1:18:4e:6e:90:38:7a:7b:e1:e4:d1:7a:2d:28:7d:37:cb:
         9c:1f:8b:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87lXmurT0olPZlnOwZcqoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MjA0NDZmNzlmZmMyZDdjM2E5ZWYzNDBjZTlkZTI1NzIz
YTcxOWEwHhcNMjYwMTAyMDQxOTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzdkMDc4N2NjM2Y0OTNmZGQwY2QwNTI3YTkzZDVhMTBmZjQ4MTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA40RtO+YFO69oSORqo96mEULUIlh/
9s9VfTmzUtGPChLEeJnlJ1p/T0bJba/cxl0HJWt59Ckgcrj86TgI79j7g7E2KJoL
Rf7FQa9jUK5KoCtN+9db8u1jl+g32MQO5tEW0AODultr1FadpGSTMvSi/PCnrk+l
0SrBNxCy2lPOmy/jhb+MOFKqTztm6qdSssAGMUn2GhWCFttY69jyZnw3bDT1df7v
TvmDRC9LB6HtCR5z4JoiT/bloZ1F5QGr0Wf8oqoXBS2dDwaa1oIZ0H/mAZQxx695
S/lqf70i4SJVGc1S6RD85OZCTZCcwaPlfMXfplGKxslSwj3yFkvHHOO/RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJx9B4fMP0k/3QzQUnqT1aEP9IFhMB8GA1UdIwQY
MBaAFOUgRG95/8LXw6nvNAzp3iVyOnGaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVNCRWIzbl93dGZEcWU4MERPbmVKWEk2Y1pvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wMTFlZjItNzAxMi00YTZlLThhMWMt
MGUwZTEzN2U1NTkxLzEvbkgwSGg4d19TVF9kRE5CU2VwUFZvUV8wZ1dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wMTFlZjItNzAxMi00YTZlLThhMWMtMGUwZTEzN2U1NTkx
LzEvNVNCRWIzbl93dGZEcWU4MERPbmVKWEk2Y1pvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRtSMA0G
CSqGSIb3DQEBCwUAA4IBAQAOc+NVB1zfz21OBftqXCpJtDwECW8ysQR2UTGSj53J
JZiZgPHHx/UYWepJcApnyjlDSgGcGpE8bhtM894tzjApnMPwHUo0y5YDwCu4+gIC
zI4mLGpIQJGzBEqBFlRYYk7fhC0VSiZ9dvE2Ckx8ClcTLy6CpxdklRSjLqzP6waW
RYnZ4VpF+nWdJNHjyo7cuP3NxxdDFop+AXXYCD6aXwpxlQMD/yrulCKQ1LPFdYas
hui2wML4mvoavHPPff71PlrFTPG4a8kKVF6/Mun3YlEUb79bFnjnI9W0TdQtoo3Q
8NGoE5eCTFS6mxWK0RhObpA4envh5NF6LSh9N8ucH4sy
-----END CERTIFICATE-----