This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/fDvTCb65T0NBgfyYMw8klNFzoZc.roa
File:                     fDvTCb65T0NBgfyYMw8klNFzoZc.roa (raw, json)
Hash identifier:          iBd2cBxyy2dAUeAKty88sfgipeeadpR8WNmR7CuYLUc=
Subject key identifier:   7C:3B:D3:09:BE:B9:4F:43:41:81:FC:98:33:0F:24:94:D1:73:A1:97
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       019B7F160D2B51457DA8792037BF046D3DCD
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/fDvTCb65T0NBgfyYMw8klNFzoZc.roa
Signing time:             Fri 02 Jan 2026 14:21:49 +0000
ROA not before:           Fri 02 Jan 2026 14:21:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199760
IP address blocks:        85.239.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:16:0d:2b:51:45:7d:a8:79:20:37:bf:04:6d:3d:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Jan  2 14:21:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7c3bd309beb94f434181fc98330f2494d173a197
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:f7:5b:84:a1:31:db:3c:cc:81:01:1c:0b:2c:
                    65:c9:6b:5a:c7:97:70:8c:58:25:41:1c:15:c9:10:
                    03:39:42:ac:de:44:cc:2c:4b:04:35:1e:23:d5:9a:
                    14:c5:48:c6:cc:17:7b:d4:04:f5:de:11:d3:1a:ac:
                    0e:15:d3:1f:3b:3b:12:26:0c:c0:cd:2c:b2:98:b4:
                    8d:54:63:df:11:f7:9c:f8:9c:c8:3e:c9:51:67:18:
                    ed:0f:da:38:2a:da:9d:d0:65:ee:46:77:13:96:34:
                    44:88:d7:35:9f:cb:6f:dc:29:43:27:c9:ab:c8:92:
                    12:ae:cb:e7:3e:c1:2e:b9:75:0c:bf:9d:01:b5:b3:
                    6f:37:fc:c8:bc:93:a9:72:56:aa:49:8f:cc:a7:f7:
                    2d:a7:b1:55:ed:e6:1e:be:6e:ac:9b:82:dd:14:43:
                    ed:46:50:59:9c:23:26:c4:65:5f:44:1f:cf:e6:6b:
                    6d:7b:43:5e:06:6f:80:8f:8a:8f:fc:af:ee:07:69:
                    53:50:32:3a:b0:4f:4f:a1:6a:08:b3:b5:a7:68:eb:
                    51:cf:fa:cb:a7:68:d0:9e:6a:eb:89:ff:9c:8e:4f:
                    d2:43:a8:1a:c6:cc:fc:25:49:b3:b2:63:0b:11:70:
                    a4:e2:86:83:98:a2:90:5a:08:0b:54:e9:e4:27:7c:
                    96:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:3B:D3:09:BE:B9:4F:43:41:81:FC:98:33:0F:24:94:D1:73:A1:97
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/fDvTCb65T0NBgfyYMw8klNFzoZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:f2:fb:8e:de:9a:d7:b5:ed:5b:ae:b6:32:82:49:ac:63:e8:
         62:3d:1b:dd:fc:36:ae:50:d7:f9:f9:63:62:e0:00:c1:62:37:
         25:82:a1:a1:60:06:fd:54:88:f4:da:5c:4f:fd:b9:30:04:62:
         a3:c4:45:c7:85:fb:55:c4:c2:96:86:ff:98:ef:be:74:5a:d2:
         1c:fa:c6:b4:c7:c9:76:b1:04:6c:50:cf:dc:0a:4a:bd:28:4c:
         18:71:e5:ac:94:d3:ed:bc:d6:84:f0:cd:b1:15:02:8e:10:4d:
         2e:13:27:3c:14:3e:98:59:72:70:f4:fb:ac:33:4a:bb:0f:d5:
         4b:29:5f:4c:08:ae:3f:20:66:ec:85:15:c9:cb:2b:bc:76:3a:
         90:a3:ed:94:38:f4:79:b7:a9:05:06:2c:f8:34:1a:b4:bb:e3:
         8c:52:2f:6b:1e:fd:9f:bc:b5:d7:39:ac:9a:ff:60:75:9c:e9:
         74:21:56:77:df:0c:13:f4:41:21:28:58:d6:a5:97:89:78:52:
         2f:d5:53:6d:99:56:82:34:1e:0a:b5:b8:df:6c:bb:41:34:ec:
         b9:1f:e4:ca:45:3b:15:7c:ff:b1:d2:56:7a:c8:29:1b:b2:84:
         a3:8f:06:96:a6:e0:25:9b:09:ad:ab:c8:be:f7:97:ae:a0:fb:
         54:49:fa:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/Fg0rUUV9qHkgN78EbT3NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjYwMTAyMTQyMTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzNiZDMwOWJlYjk0ZjQzNDE4MWZjOTgzMzBmMjQ5NGQxNzNhMTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7fdbhKEx2zzMgQEcCyxlyWtax5dw
jFglQRwVyRADOUKs3kTMLEsENR4j1ZoUxUjGzBd71AT13hHTGqwOFdMfOzsSJgzA
zSyymLSNVGPfEfec+JzIPslRZxjtD9o4Ktqd0GXuRncTljREiNc1n8tv3ClDJ8mr
yJISrsvnPsEuuXUMv50BtbNvN/zIvJOpclaqSY/Mp/ctp7FV7eYevm6sm4LdFEPt
RlBZnCMmxGVfRB/P5mtte0NeBm+Aj4qP/K/uB2lTUDI6sE9PoWoIs7WnaOtRz/rL
p2jQnmrrif+cjk/SQ6gaxsz8JUmzsmMLEXCk4oaDmKKQWggLVOnkJ3yWlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHw70wm+uU9DQYH8mDMPJJTRc6GXMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvZkR2VENiNjVUME5CZ2Z5WU13OGtsTkZ6b1pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVe+eMA0G
CSqGSIb3DQEBCwUAA4IBAQBr8vuO3prXte1brrYygkmsY+hiPRvd/DauUNf5+WNi
4ADBYjclgqGhYAb9VIj02lxP/bkwBGKjxEXHhftVxMKWhv+Y7750WtIc+sa0x8l2
sQRsUM/cCkq9KEwYceWslNPtvNaE8M2xFQKOEE0uEyc8FD6YWXJw9PusM0q7D9VL
KV9MCK4/IGbshRXJyyu8djqQo+2UOPR5t6kFBiz4NBq0u+OMUi9rHv2fvLXXOaya
/2B1nOl0IVZ33wwT9EEhKFjWpZeJeFIv1VNtmVaCNB4KtbjfbLtBNOy5H+TKRTsV
fP+x0lZ6yCkbsoSjjwaWpuAlmwmtq8i+95euoPtUSfpf
-----END CERTIFICATE-----