This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/FH7isPAjoVT_FEedNvjxsmH6XSQ.roa
File:                     FH7isPAjoVT_FEedNvjxsmH6XSQ.roa (raw, json)
Hash identifier:          Cmz4lZ1xEnsBN9gcj0cDdKBMNQ2qKea6xJPGHQTRkEc=
Subject key identifier:   14:7E:E2:B0:F0:23:A1:54:FF:14:47:9D:36:F8:F1:B2:61:FA:5D:24
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       019B7AC7E208B8316C71891FC9FA981FC927
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/FH7isPAjoVT_FEedNvjxsmH6XSQ.roa
Signing time:             Thu 01 Jan 2026 18:17:58 +0000
ROA not before:           Thu 01 Jan 2026 18:17:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216464
IP address blocks:        159.148.182.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:55:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:e2:08:b8:31:6c:71:89:1f:c9:fa:98:1f:c9:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  1 18:17:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=147ee2b0f023a154ff14479d36f8f1b261fa5d24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:3c:39:1d:97:93:33:d7:d3:8e:22:cc:d3:47:
                    1d:a8:cf:63:ca:f8:c6:33:65:a3:91:f8:1a:40:71:
                    b1:6a:1d:07:7e:80:6f:64:a8:2f:85:a1:7b:c8:e6:
                    f9:6d:42:92:45:ec:17:89:82:4f:d6:9e:8a:b0:10:
                    dc:ce:2d:dc:53:86:24:26:df:ab:c5:5d:e9:e4:79:
                    af:91:8d:f9:37:a5:c6:68:ee:a2:ed:cb:c5:50:a1:
                    ca:43:8e:e7:c9:cf:65:09:5d:6e:b7:e4:1b:73:5c:
                    65:e7:c2:75:46:b0:e8:bb:19:00:e2:0b:f2:a8:f7:
                    9f:38:66:cc:f1:1a:59:b3:b4:21:33:fb:91:68:97:
                    ab:5e:be:9c:77:95:9c:96:d5:51:dc:d5:29:d0:9d:
                    c2:01:29:68:4f:c2:3d:bb:17:c7:18:3d:67:89:0d:
                    c9:ed:d3:4c:32:84:22:da:ed:6a:26:ef:d2:de:4e:
                    89:8f:27:ad:a4:d6:70:57:de:d7:72:cd:04:f0:55:
                    e4:1a:0b:80:e3:55:0d:07:7e:8d:86:da:44:29:96:
                    8b:f3:dd:8f:b8:39:7a:64:0c:e8:22:2b:9e:02:76:
                    23:2e:bc:04:ba:3b:e5:40:bc:aa:d0:47:7c:f4:8f:
                    95:c3:13:d8:ae:cb:dc:08:f5:cb:d0:98:fa:99:7f:
                    bc:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:7E:E2:B0:F0:23:A1:54:FF:14:47:9D:36:F8:F1:B2:61:FA:5D:24
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/FH7isPAjoVT_FEedNvjxsmH6XSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         aa:82:32:1e:c3:2d:5d:25:56:11:54:95:4b:74:55:b1:c0:58:
         fe:b7:0b:41:71:4b:75:93:48:ae:72:ba:4c:9d:26:b1:ca:fe:
         71:c3:16:64:20:7d:32:cd:cc:fe:9b:50:65:bc:f2:20:6a:00:
         8d:97:14:b4:8b:e4:39:0b:96:79:52:04:3d:5a:50:6a:9e:c1:
         f3:c6:77:5a:01:1f:50:27:48:d4:08:bf:82:45:0c:ea:a6:f7:
         bf:23:b2:7d:aa:03:2e:5f:dd:ee:2f:38:57:ac:1b:73:f1:78:
         1d:c0:cb:b8:74:53:12:6b:94:2a:20:59:79:bd:5d:51:06:ce:
         2c:cc:59:7f:f5:92:58:95:43:e0:79:73:3e:90:56:36:b8:b2:
         3e:10:db:79:f0:b7:31:b1:d4:02:16:82:53:ef:11:5c:27:8f:
         82:cd:a5:84:6e:fa:1b:99:ff:47:86:bf:62:66:49:7a:17:c4:
         44:2f:2c:7f:6c:a5:b8:46:13:71:53:cd:8c:eb:6b:9c:2b:7a:
         5c:b9:c4:1d:a1:db:59:96:62:33:76:45:63:5f:61:f2:0b:7d:
         b6:ef:d8:c2:4c:6d:14:1d:15:e9:c9:6b:d9:68:11:89:0a:fa:
         a8:e4:06:c7:39:ce:6c:8e:cf:81:87:13:f9:97:c4:e5:3b:4b:
         2d:44:c3:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x+IIuDFscYkfyfqYH8knMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjYwMTAxMTgxNzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDdlZTJiMGYwMjNhMTU0ZmYxNDQ3OWQzNmY4ZjFiMjYxZmE1ZDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Dw5HZeTM9fTjiLM00cdqM9jyvjG
M2WjkfgaQHGxah0HfoBvZKgvhaF7yOb5bUKSRewXiYJP1p6KsBDczi3cU4YkJt+r
xV3p5HmvkY35N6XGaO6i7cvFUKHKQ47nyc9lCV1ut+Qbc1xl58J1RrDouxkA4gvy
qPefOGbM8RpZs7QhM/uRaJerXr6cd5WcltVR3NUp0J3CASloT8I9uxfHGD1niQ3J
7dNMMoQi2u1qJu/S3k6JjyetpNZwV97Xcs0E8FXkGguA41UNB36NhtpEKZaL892P
uDl6ZAzoIiueAnYjLrwEujvlQLyq0Ed89I+VwxPYrsvcCPXL0Jj6mX+8hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBR+4rDwI6FU/xRHnTb48bJh+l0kMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvRkg3aXNQQWpvVlRfRkVlZE52anhzbUg2WFNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBn5S2MA0G
CSqGSIb3DQEBCwUAA4IBAQCqgjIewy1dJVYRVJVLdFWxwFj+twtBcUt1k0iucrpM
nSaxyv5xwxZkIH0yzcz+m1BlvPIgagCNlxS0i+Q5C5Z5UgQ9WlBqnsHzxndaAR9Q
J0jUCL+CRQzqpve/I7J9qgMuX93uLzhXrBtz8XgdwMu4dFMSa5QqIFl5vV1RBs4s
zFl/9ZJYlUPgeXM+kFY2uLI+ENt58LcxsdQCFoJT7xFcJ4+CzaWEbvobmf9Hhr9i
Zkl6F8RELyx/bKW4RhNxU82M62ucK3pcucQdodtZlmIzdkVjX2HyC32279jCTG0U
HRXpyWvZaBGJCvqo5AbHOc5sjs+BhxP5l8TlO0stRMOx
-----END CERTIFICATE-----