This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/bJ-s2NJ5eywWHFMovcD-LOMTmjU.roa
File:                     bJ-s2NJ5eywWHFMovcD-LOMTmjU.roa (raw, json)
Hash identifier:          xgxhhwvW3lfo02BHcwDD9zbM9SrnrImkop0rHRy8xrc=
Subject key identifier:   6C:9F:AC:D8:D2:79:7B:2C:16:1C:53:28:BD:C0:FE:2C:E3:13:9A:35
Certificate issuer:       /CN=e138ec242a43e9c9d4ceb25dc90e5453373d3f46
Certificate serial:       019B76EB9D3D7DB8AC971D6F2E1F11450B3D
Authority key identifier: E1:38:EC:24:2A:43:E9:C9:D4:CE:B2:5D:C9:0E:54:53:37:3D:3F:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/bJ-s2NJ5eywWHFMovcD-LOMTmjU.roa
Signing time:             Thu 01 Jan 2026 00:18:31 +0000
ROA not before:           Thu 01 Jan 2026 00:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        37.153.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:9d:3d:7d:b8:ac:97:1d:6f:2e:1f:11:45:0b:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e138ec242a43e9c9d4ceb25dc90e5453373d3f46
        Validity
            Not Before: Jan  1 00:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c9facd8d2797b2c161c5328bdc0fe2ce3139a35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0e:8e:14:e2:b1:47:f7:8a:f0:16:c3:68:ce:
                    58:26:51:66:49:58:e3:42:a9:da:d9:88:18:54:3b:
                    83:69:cc:cc:1b:3d:b7:9a:ad:b0:b4:d2:58:7b:04:
                    b4:a0:09:ae:c8:30:6d:de:08:7f:dc:37:b2:ca:06:
                    94:d7:a0:21:bd:aa:bd:22:43:4a:1a:3d:a1:eb:8d:
                    77:d4:7e:80:e5:f8:7d:6b:57:0a:5b:75:64:cf:18:
                    b6:6a:32:8f:3a:57:28:fe:64:f1:5c:fd:fd:c4:9b:
                    c5:eb:76:88:27:7b:7f:37:27:33:38:80:af:d0:20:
                    77:65:03:f7:e1:7e:2c:15:44:0e:4a:50:ba:d1:be:
                    1a:ad:2d:9a:96:6c:ae:15:ff:58:ca:8b:b1:21:55:
                    31:2f:44:24:c7:bd:b2:f6:0f:7e:fd:ee:b3:b3:38:
                    17:be:fb:0f:93:61:e0:5b:67:e2:41:f7:e2:51:15:
                    86:c3:75:2f:c1:ca:03:1c:fa:71:20:65:66:20:fc:
                    b6:a7:94:16:25:04:3c:18:2c:a4:f9:af:77:7e:19:
                    03:59:d6:92:40:28:3e:19:61:2a:a2:07:f2:d9:21:
                    74:fe:26:3d:54:0c:51:65:0a:38:99:bd:22:8b:2a:
                    26:42:34:e3:bd:65:11:96:67:4d:6b:be:44:49:96:
                    82:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:9F:AC:D8:D2:79:7B:2C:16:1C:53:28:BD:C0:FE:2C:E3:13:9A:35
            X509v3 Authority Key Identifier:
                keyid:E1:38:EC:24:2A:43:E9:C9:D4:CE:B2:5D:C9:0E:54:53:37:3D:3F:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/bJ-s2NJ5eywWHFMovcD-LOMTmjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:72:ae:b6:7e:ee:ab:25:18:04:8a:7e:43:cb:d6:8e:97:a4:
         2d:58:13:86:ba:01:eb:2c:8c:92:e2:2a:b6:b8:fd:7f:75:3a:
         8b:f2:95:bc:db:fa:b2:fb:ea:40:08:2e:65:a6:0b:09:69:df:
         e7:11:49:b9:78:6e:dc:b9:f0:f1:02:2a:87:db:cc:0f:c1:13:
         23:50:e5:73:37:2b:d2:93:4e:e9:45:78:61:7b:79:0c:62:ea:
         58:ae:9d:22:82:68:50:86:66:4a:01:c4:af:38:6a:e6:b0:85:
         c5:66:b1:e0:97:0c:4a:98:90:c0:07:28:35:d1:0a:00:70:d9:
         dd:29:b6:0a:be:20:a1:c1:e8:a4:54:2a:ab:01:8a:c5:c8:50:
         7e:50:44:04:25:ba:55:09:75:21:16:b2:99:9b:4b:8d:93:a0:
         eb:87:d8:bb:49:af:75:85:4d:dc:b7:01:df:50:b9:d0:1c:07:
         1b:65:90:85:2b:0f:1a:2d:ce:62:2b:25:90:0c:58:ab:7e:1c:
         ad:5f:41:77:67:0f:95:86:5a:6a:7f:5c:5b:0b:9b:4b:d8:d4:
         67:ce:d0:8a:27:d4:29:b4:03:53:46:15:56:0b:6a:62:66:f2:
         25:63:d5:b6:de:e8:c6:52:14:3f:7f:66:39:93:1f:c1:b5:ff:
         35:e6:78:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26509fbislx1vLh8RRQs9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMzhlYzI0MmE0M2U5YzlkNGNlYjI1ZGM5MGU1NDUzMzcz
ZDNmNDYwHhcNMjYwMTAxMDAxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzlmYWNkOGQyNzk3YjJjMTYxYzUzMjhiZGMwZmUyY2UzMTM5YTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArA6OFOKxR/eK8BbDaM5YJlFmSVjj
Qqna2YgYVDuDaczMGz23mq2wtNJYewS0oAmuyDBt3gh/3DeyygaU16Ahvaq9IkNK
Gj2h64131H6A5fh9a1cKW3Vkzxi2ajKPOlco/mTxXP39xJvF63aIJ3t/NyczOICv
0CB3ZQP34X4sFUQOSlC60b4arS2almyuFf9YyouxIVUxL0Qkx72y9g9+/e6zszgX
vvsPk2HgW2fiQffiURWGw3UvwcoDHPpxIGVmIPy2p5QWJQQ8GCyk+a93fhkDWdaS
QCg+GWEqogfy2SF0/iY9VAxRZQo4mb0iiyomQjTjvWURlmdNa75ESZaCVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGyfrNjSeXssFhxTKL3A/izjE5o1MB8GA1UdIwQY
MBaAFOE47CQqQ+nJ1M6yXckOVFM3PT9GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFRqc0pDcEQ2Y25VenJKZHlRNVVVemM5UDBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8wYjdmZDMtOTBmMC00NWQxLThhNTgt
Njc4NWNkNDU2ODcxLzEvYkotczJOSjVleXdXSEZNb3ZjRC1MT01UbWpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8wYjdmZDMtOTBmMC00NWQxLThhNTgtNjc4NWNkNDU2ODcx
LzEvNFRqc0pDcEQ2Y25VenJKZHlRNVVVemM5UDBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZmrMA0G
CSqGSIb3DQEBCwUAA4IBAQDAcq62fu6rJRgEin5Dy9aOl6QtWBOGugHrLIyS4iq2
uP1/dTqL8pW82/qy++pACC5lpgsJad/nEUm5eG7cufDxAiqH28wPwRMjUOVzNyvS
k07pRXhhe3kMYupYrp0igmhQhmZKAcSvOGrmsIXFZrHglwxKmJDAByg10QoAcNnd
KbYKviChweikVCqrAYrFyFB+UEQEJbpVCXUhFrKZm0uNk6Drh9i7Sa91hU3ctwHf
ULnQHAcbZZCFKw8aLc5iKyWQDFirfhytX0F3Zw+Vhlpqf1xbC5tL2NRnztCKJ9Qp
tANTRhVWC2piZvIlY9W23ujGUhQ/f2Y5kx/Btf815ni1
-----END CERTIFICATE-----