This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/FGLrLKZULm0mhSDMTuKG_6HhyEA.roa
File:                     FGLrLKZULm0mhSDMTuKG_6HhyEA.roa (raw, json)
Hash identifier:          gghYFbteB4VfP78hKwnuTRHlZR7ah9jq0XQbq7TGOa4=
Subject key identifier:   14:62:EB:2C:A6:54:2E:6D:26:85:20:CC:4E:E2:86:FF:A1:E1:C8:40
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       019B7F844594C026CDBAA846F9D30DC53143
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/FGLrLKZULm0mhSDMTuKG_6HhyEA.roa
Signing time:             Fri 02 Jan 2026 16:22:13 +0000
ROA not before:           Fri 02 Jan 2026 16:22:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29802
IP address blocks:        194.39.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:24:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:45:94:c0:26:cd:ba:a8:46:f9:d3:0d:c5:31:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jan  2 16:22:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1462eb2ca6542e6d268520cc4ee286ffa1e1c840
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:de:32:2c:65:8e:91:e1:63:f7:25:4e:4e:29:
                    18:91:b2:47:b3:bd:8c:bf:53:d5:2b:ef:33:cc:24:
                    69:df:27:cf:2c:55:0f:f2:bb:64:b4:a4:d1:91:e8:
                    c0:4f:39:fb:c3:c5:6a:12:77:59:6c:e7:c8:c5:6c:
                    ff:1e:43:e1:47:b7:60:b8:46:38:6b:32:90:9b:a5:
                    5a:e3:1f:d6:29:7d:27:88:4a:9e:7f:69:c9:63:6f:
                    c2:42:7d:19:fa:58:7f:b8:ae:8f:0e:83:e7:bf:5c:
                    59:03:9a:ce:6b:95:c6:32:a1:95:14:47:d4:da:54:
                    b2:0f:a8:be:c9:19:b0:7e:a3:3a:ce:37:81:e6:18:
                    91:64:5e:29:b5:2a:d6:7b:23:22:b8:8a:be:6b:eb:
                    ea:26:2d:6e:4c:11:e7:cd:88:87:69:f9:38:ba:fc:
                    42:06:83:ef:b2:09:b2:0e:f4:90:26:50:c4:f1:02:
                    12:fe:01:a9:f2:70:1b:d7:41:ac:90:57:6d:5b:68:
                    6b:08:05:24:ee:92:5a:9c:8f:9c:1a:b3:de:22:45:
                    b2:49:95:ef:13:68:b4:c2:1f:f3:17:0f:56:62:42:
                    24:f4:01:04:bb:e8:c3:f2:1c:d1:b7:48:db:ab:f5:
                    99:d7:71:9c:ee:d6:1e:27:78:bc:49:94:02:e3:98:
                    01:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:62:EB:2C:A6:54:2E:6D:26:85:20:CC:4E:E2:86:FF:A1:E1:C8:40
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/FGLrLKZULm0mhSDMTuKG_6HhyEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:c3:10:8f:36:60:da:23:d2:63:ca:50:75:6c:8b:e2:4d:79:
         12:14:9e:f3:b1:2c:b2:a5:c9:40:81:7b:48:ab:84:95:41:a7:
         ba:2f:4f:54:84:f5:da:01:e1:03:ee:cc:bd:5a:91:e2:aa:19:
         6d:fe:91:79:89:cc:96:e2:5c:86:5d:e8:7e:34:57:73:6e:9d:
         a5:3a:6f:0c:15:9b:85:88:11:04:ec:3c:2a:27:a9:ed:ac:f2:
         6e:8f:18:02:e3:03:99:18:24:2c:be:bb:9c:cc:2a:55:cf:45:
         52:a5:cf:cc:f1:60:64:75:de:37:52:33:e3:27:07:de:3f:8e:
         da:eb:b3:4f:a7:66:7d:24:06:f0:0a:d8:12:4e:bc:e6:91:85:
         0b:5e:eb:1e:4e:ab:a2:7c:c4:76:76:77:55:63:d6:0b:98:66:
         7f:3b:9d:79:17:d9:8c:79:32:3c:27:17:2c:3b:28:46:16:90:
         a2:97:86:92:da:15:1a:4b:82:71:3c:92:bd:9f:ce:cd:9e:7b:
         c1:1a:d0:57:1e:d2:69:2a:73:22:d2:91:6b:58:36:64:f2:b8:
         5e:6a:76:10:97:29:19:8c:97:e6:70:ea:41:d1:cc:84:eb:1b:
         21:16:5e:a7:db:00:f1:b9:a5:fe:7d:8d:b8:27:87:59:9e:15:
         b3:ad:f1:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hEWUwCbNuqhG+dMNxTFDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjYwMTAyMTYyMjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDYyZWIyY2E2NTQyZTZkMjY4NTIwY2M0ZWUyODZmZmExZTFjODQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAst4yLGWOkeFj9yVOTikYkbJHs72M
v1PVK+8zzCRp3yfPLFUP8rtktKTRkejATzn7w8VqEndZbOfIxWz/HkPhR7dguEY4
azKQm6Va4x/WKX0niEqef2nJY2/CQn0Z+lh/uK6PDoPnv1xZA5rOa5XGMqGVFEfU
2lSyD6i+yRmwfqM6zjeB5hiRZF4ptSrWeyMiuIq+a+vqJi1uTBHnzYiHafk4uvxC
BoPvsgmyDvSQJlDE8QIS/gGp8nAb10GskFdtW2hrCAUk7pJanI+cGrPeIkWySZXv
E2i0wh/zFw9WYkIk9AEEu+jD8hzRt0jbq/WZ13Gc7tYeJ3i8SZQC45gBvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRi6yymVC5tJoUgzE7ihv+h4chAMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvRkdMckxLWlVMbTBtaFNETVR1S0dfNkhoeUVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwifYMA0G
CSqGSIb3DQEBCwUAA4IBAQCrwxCPNmDaI9JjylB1bIviTXkSFJ7zsSyypclAgXtI
q4SVQae6L09UhPXaAeED7sy9WpHiqhlt/pF5icyW4lyGXeh+NFdzbp2lOm8MFZuF
iBEE7DwqJ6ntrPJujxgC4wOZGCQsvruczCpVz0VSpc/M8WBkdd43UjPjJwfeP47a
67NPp2Z9JAbwCtgSTrzmkYULXuseTquifMR2dndVY9YLmGZ/O515F9mMeTI8Jxcs
OyhGFpCil4aS2hUaS4JxPJK9n87NnnvBGtBXHtJpKnMi0pFrWDZk8rheanYQlykZ
jJfmcOpB0cyE6xshFl6n2wDxuaX+fY24J4dZnhWzrfE8
-----END CERTIFICATE-----