This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/kDiYDHMztIHYvDXXzL3WVBFRgRQ.roa
File:                     kDiYDHMztIHYvDXXzL3WVBFRgRQ.roa (raw, json)
Hash identifier:          4/nnDK2ikVBeX90b+2r+JvM3VbUxHJhqZEDdUrk+hj8=
Subject key identifier:   90:38:98:0C:73:33:B4:81:D8:BC:35:D7:CC:BD:D6:54:11:51:81:14
Certificate issuer:       /CN=317b8147503ea19f581ca00d28dbee5e58cb8f48
Certificate serial:       019B79ED5E14896B17E777891EBD9B734892
Authority key identifier: 31:7B:81:47:50:3E:A1:9F:58:1C:A0:0D:28:DB:EE:5E:58:CB:8F:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MXuBR1A-oZ9YHKANKNvuXljLj0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/kDiYDHMztIHYvDXXzL3WVBFRgRQ.roa
Signing time:             Thu 01 Jan 2026 14:19:17 +0000
ROA not before:           Thu 01 Jan 2026 14:19:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47147
IP address blocks:        185.93.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/MXuBR1A-oZ9YHKANKNvuXljLj0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/MXuBR1A-oZ9YHKANKNvuXljLj0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MXuBR1A-oZ9YHKANKNvuXljLj0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 08:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:5e:14:89:6b:17:e7:77:89:1e:bd:9b:73:48:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=317b8147503ea19f581ca00d28dbee5e58cb8f48
        Validity
            Not Before: Jan  1 14:19:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9038980c7333b481d8bc35d7ccbdd65411518114
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:d2:1d:32:49:8b:d4:eb:91:a1:8d:b3:0c:c1:
                    8c:9f:b3:de:82:c3:f8:dd:8b:23:7c:f1:b3:35:33:
                    2e:b6:c3:e3:f7:80:76:1d:a2:3f:f1:62:67:38:f5:
                    13:ef:5b:cd:61:c2:90:86:eb:a6:6f:7c:a7:0f:e7:
                    45:a5:fe:6b:22:0c:4f:29:73:1e:6e:a5:cd:7c:3b:
                    d8:cd:67:28:0c:af:87:aa:f2:99:8f:8e:e3:92:dc:
                    61:a2:7d:fa:22:79:23:c6:bb:6d:40:9d:a2:cd:9d:
                    cf:52:70:1d:2f:d9:f1:b2:26:8f:b5:c3:89:8b:23:
                    d2:f5:a0:08:12:71:a5:79:22:54:45:d6:da:bd:a7:
                    da:38:89:13:9d:72:86:e8:bd:7a:53:2b:a9:c2:b8:
                    45:37:eb:4b:b0:f5:8b:82:dc:2b:eb:53:37:c4:8b:
                    16:79:c9:0d:84:dd:2b:e6:d8:58:5b:9c:31:08:11:
                    c6:dc:33:44:0b:08:cf:a7:ea:4a:7e:6b:0a:1c:39:
                    cb:7b:d2:0d:41:98:f6:7c:ae:00:82:f1:2f:d7:e6:
                    77:4c:e7:22:f1:63:12:5d:f7:c0:8b:cf:79:55:51:
                    16:1e:24:03:ad:1f:ba:4f:fd:8d:f9:16:fd:d5:01:
                    dd:53:74:8a:b6:23:92:f3:60:2c:ea:4f:4b:c3:ce:
                    5e:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:38:98:0C:73:33:B4:81:D8:BC:35:D7:CC:BD:D6:54:11:51:81:14
            X509v3 Authority Key Identifier:
                keyid:31:7B:81:47:50:3E:A1:9F:58:1C:A0:0D:28:DB:EE:5E:58:CB:8F:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MXuBR1A-oZ9YHKANKNvuXljLj0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/kDiYDHMztIHYvDXXzL3WVBFRgRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/MXuBR1A-oZ9YHKANKNvuXljLj0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:27:1e:4f:e0:bc:67:a8:a9:6b:67:5a:4b:2d:27:ce:14:f2:
         d1:21:c7:12:46:06:b4:f6:c3:59:5e:6c:3a:e2:ae:3a:89:1c:
         24:f1:37:75:71:dd:c6:87:b8:24:77:99:44:c6:de:cd:5b:6c:
         08:0f:90:6e:78:14:0d:5c:98:c0:0e:85:17:31:0c:1c:cf:6c:
         20:f7:70:8a:89:e2:52:d7:ea:4e:ab:e9:b0:a5:50:c4:a9:2a:
         47:84:18:ba:03:60:78:fa:cc:31:22:24:11:61:de:03:eb:38:
         5c:a6:16:8b:e9:6f:83:29:61:ec:3f:85:f6:b5:fc:b7:ec:da:
         5a:b1:3b:06:47:31:3a:98:ae:ff:e7:80:9a:6e:61:2f:dc:5d:
         29:a5:0d:ee:07:55:0c:aa:3c:2b:3c:5a:41:7a:2d:de:e1:c7:
         00:bc:27:81:78:c9:e9:3a:a2:62:77:a8:b2:f6:93:f8:b2:cd:
         e3:a3:f7:9b:5e:60:f5:82:ce:42:d7:3c:41:54:cc:b6:86:ce:
         e9:8e:49:c7:93:e0:e4:4c:e5:ba:cb:47:17:2f:3c:4a:1c:bd:
         fa:cf:fc:25:59:45:d8:58:f5:59:1f:21:4e:7d:e3:e4:b6:0f:
         fa:15:fe:1d:ac:95:1c:6c:c0:ff:39:07:fd:6f:ae:e3:c2:5f:
         f0:3c:b3:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57V4UiWsX53eJHr2bc0iSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxN2I4MTQ3NTAzZWExOWY1ODFjYTAwZDI4ZGJlZTVlNThj
YjhmNDgwHhcNMjYwMTAxMTQxOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDM4OTgwYzczMzNiNDgxZDhiYzM1ZDdjY2JkZDY1NDExNTE4MTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9IdMkmL1OuRoY2zDMGMn7PegsP4
3YsjfPGzNTMutsPj94B2HaI/8WJnOPUT71vNYcKQhuumb3ynD+dFpf5rIgxPKXMe
bqXNfDvYzWcoDK+HqvKZj47jktxhon36InkjxrttQJ2izZ3PUnAdL9nxsiaPtcOJ
iyPS9aAIEnGleSJURdbavafaOIkTnXKG6L16UyupwrhFN+tLsPWLgtwr61M3xIsW
eckNhN0r5thYW5wxCBHG3DNECwjPp+pKfmsKHDnLe9INQZj2fK4AgvEv1+Z3TOci
8WMSXffAi895VVEWHiQDrR+6T/2N+Rb91QHdU3SKtiOS82As6k9Lw85e0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJA4mAxzM7SB2Lw118y91lQRUYEUMB8GA1UdIwQY
MBaAFDF7gUdQPqGfWBygDSjb7l5Yy49IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVh1QlIxQS1vWjlZSEtBTktOdnVYbGpMajBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8yZTRlNTQtMDU0OC00ZDBjLTkzZjEt
NzU0NjFhYmJiNWE0LzEva0RpWURITXp0SUhZdkRYWHpMM1dWQkZSZ1JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8yZTRlNTQtMDU0OC00ZDBjLTkzZjEtNzU0NjFhYmJiNWE0
LzEvTVh1QlIxQS1vWjlZSEtBTktOdnVYbGpMajBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV3VMA0G
CSqGSIb3DQEBCwUAA4IBAQAEJx5P4LxnqKlrZ1pLLSfOFPLRIccSRga09sNZXmw6
4q46iRwk8Td1cd3Gh7gkd5lExt7NW2wID5BueBQNXJjADoUXMQwcz2wg93CKieJS
1+pOq+mwpVDEqSpHhBi6A2B4+swxIiQRYd4D6zhcphaL6W+DKWHsP4X2tfy37Npa
sTsGRzE6mK7/54CabmEv3F0ppQ3uB1UMqjwrPFpBei3e4ccAvCeBeMnpOqJid6iy
9pP4ss3jo/ebXmD1gs5C1zxBVMy2hs7pjknHk+DkTOW6y0cXLzxKHL36z/wlWUXY
WPVZHyFOfePktg/6Ff4drJUcbMD/OQf9b67jwl/wPLMj
-----END CERTIFICATE-----