This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/P6dX7w5DhwlzNU979iFd9YDU0uI.roa
File:                     P6dX7w5DhwlzNU979iFd9YDU0uI.roa (raw, json)
Hash identifier:          UBskImMtpaHQaupcjp821thacxNepjpaa64/vY6YASM=
Subject key identifier:   3F:A7:57:EF:0E:43:87:09:73:35:4F:7B:F6:21:5D:F5:80:D4:D2:E2
Certificate issuer:       /CN=687726d38fcf2a7fbbb7bfc28d63fe3579ed211d
Certificate serial:       019B7E37F717DC61FD731DA84100DBC22B14
Authority key identifier: 68:77:26:D3:8F:CF:2A:7F:BB:B7:BF:C2:8D:63:FE:35:79:ED:21:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aHcm04_PKn-7t7_CjWP-NXntIR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/P6dX7w5DhwlzNU979iFd9YDU0uI.roa
Signing time:             Fri 02 Jan 2026 10:19:15 +0000
ROA not before:           Fri 02 Jan 2026 10:19:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396982
IP address blocks:        193.73.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/aHcm04_PKn-7t7_CjWP-NXntIR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/aHcm04_PKn-7t7_CjWP-NXntIR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aHcm04_PKn-7t7_CjWP-NXntIR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 21:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:f7:17:dc:61:fd:73:1d:a8:41:00:db:c2:2b:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=687726d38fcf2a7fbbb7bfc28d63fe3579ed211d
        Validity
            Not Before: Jan  2 10:19:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3fa757ef0e43870973354f7bf6215df580d4d2e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:86:5d:6c:f7:a5:f7:6d:78:ef:a6:7f:af:f4:
                    af:b5:a0:d4:39:76:6c:e5:b6:22:e5:d1:ea:13:43:
                    58:29:7c:aa:8c:1b:18:d4:21:01:83:1d:8d:41:8d:
                    da:f6:92:43:e9:81:d1:51:22:0f:8d:d3:aa:11:7f:
                    9e:bb:8a:74:a4:20:9c:e0:6b:c4:0f:53:04:f0:da:
                    36:ee:e2:70:74:18:51:d4:8d:1d:0f:98:34:66:c0:
                    56:ce:de:93:1f:25:d9:02:45:8a:b3:aa:d5:97:cc:
                    29:6f:64:3a:e4:0a:47:4a:5f:2e:6c:7f:41:93:f8:
                    dd:f5:62:ae:ad:28:0b:d5:9c:0f:39:4e:33:73:34:
                    e7:d7:50:e6:56:98:95:e3:5c:c2:b7:69:e7:1f:3c:
                    bd:11:1c:6b:93:3e:d8:ca:12:02:dd:d1:da:0e:91:
                    88:92:98:af:47:a0:0f:25:aa:79:ac:64:0c:35:94:
                    4b:14:ec:b5:19:32:b8:92:35:23:be:0b:9d:b4:42:
                    a4:7c:5b:7a:1d:72:23:13:96:fe:5a:9c:07:29:8a:
                    96:3b:f8:56:1a:6c:fc:62:c2:18:2d:7b:5c:73:db:
                    80:0b:ba:95:9a:51:e9:2a:ea:7f:91:0a:50:5c:53:
                    1e:4d:25:4c:c7:b2:40:73:02:c6:fb:02:8d:ee:f3:
                    a5:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:A7:57:EF:0E:43:87:09:73:35:4F:7B:F6:21:5D:F5:80:D4:D2:E2
            X509v3 Authority Key Identifier:
                keyid:68:77:26:D3:8F:CF:2A:7F:BB:B7:BF:C2:8D:63:FE:35:79:ED:21:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aHcm04_PKn-7t7_CjWP-NXntIR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/P6dX7w5DhwlzNU979iFd9YDU0uI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/e71e27-c687-4fd7-8180-4b2da197a7e6/1/aHcm04_PKn-7t7_CjWP-NXntIR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.73.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:8e:cf:5e:a7:04:ae:49:ca:a1:16:00:95:62:a7:fa:8a:f4:
         0c:f5:54:45:a1:e1:f5:9e:c4:e3:f4:76:d1:5a:fb:41:fb:f0:
         c2:70:a8:f1:9d:a2:7b:60:be:8b:1a:f9:fc:f5:b2:fa:60:70:
         d2:af:37:ed:b7:80:54:91:2a:96:e3:bf:eb:b7:5b:c1:6c:bd:
         f5:fd:1f:6d:6f:00:c6:fd:2d:00:65:6e:0c:36:f3:16:56:8d:
         2c:b6:b7:15:db:05:cf:9d:77:1f:e9:43:32:b2:bd:57:5c:7b:
         89:0f:9e:de:82:12:b2:ef:91:6d:57:16:74:df:86:38:2e:4f:
         53:db:65:ea:a7:bb:5b:cc:25:f0:3e:1b:ee:23:ee:23:69:b7:
         8e:0d:3b:68:6c:f8:da:d3:73:f1:09:86:97:bf:35:84:3b:90:
         59:d2:21:d0:fc:9c:48:ff:95:8b:15:93:9b:26:df:bd:f5:cd:
         d8:85:64:d2:78:e8:89:98:d2:de:42:dc:83:bf:a0:38:9e:05:
         e0:a5:b6:b1:36:b1:ce:41:81:a7:50:d7:91:54:f5:42:65:20:
         a2:b9:c0:cc:15:44:cb:fe:3e:7e:aa:16:81:5b:f7:b8:33:1c:
         39:f7:0f:c3:18:03:3c:91:8b:62:f9:70:a0:0f:5a:a5:b7:2f:
         a4:af:3e:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N/cX3GH9cx2oQQDbwisUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4NzcyNmQzOGZjZjJhN2ZiYmI3YmZjMjhkNjNmZTM1Nzll
ZDIxMWQwHhcNMjYwMTAyMTAxOTE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmE3NTdlZjBlNDM4NzA5NzMzNTRmN2JmNjIxNWRmNTgwZDRkMmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4ZdbPel921476Z/r/SvtaDUOXZs
5bYi5dHqE0NYKXyqjBsY1CEBgx2NQY3a9pJD6YHRUSIPjdOqEX+eu4p0pCCc4GvE
D1ME8No27uJwdBhR1I0dD5g0ZsBWzt6THyXZAkWKs6rVl8wpb2Q65ApHSl8ubH9B
k/jd9WKurSgL1ZwPOU4zczTn11DmVpiV41zCt2nnHzy9ERxrkz7YyhIC3dHaDpGI
kpivR6APJap5rGQMNZRLFOy1GTK4kjUjvgudtEKkfFt6HXIjE5b+WpwHKYqWO/hW
Gmz8YsIYLXtcc9uAC7qVmlHpKup/kQpQXFMeTSVMx7JAcwLG+wKN7vOlCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+nV+8OQ4cJczVPe/YhXfWA1NLiMB8GA1UdIwQY
MBaAFGh3JtOPzyp/u7e/wo1j/jV57SEdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUhjbTA0X1BLbi03dDdfQ2pXUC1OWG50SVIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9lNzFlMjctYzY4Ny00ZmQ3LTgxODAt
NGIyZGExOTdhN2U2LzEvUDZkWDd3NURod2x6TlU5NzlpRmQ5WURVMHVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9lNzFlMjctYzY4Ny00ZmQ3LTgxODAtNGIyZGExOTdhN2U2
LzEvYUhjbTA0X1BLbi03dDdfQ2pXUC1OWG50SVIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwUnQMA0G
CSqGSIb3DQEBCwUAA4IBAQBSjs9epwSuScqhFgCVYqf6ivQM9VRFoeH1nsTj9HbR
WvtB+/DCcKjxnaJ7YL6LGvn89bL6YHDSrzftt4BUkSqW47/rt1vBbL31/R9tbwDG
/S0AZW4MNvMWVo0strcV2wXPnXcf6UMysr1XXHuJD57eghKy75FtVxZ034Y4Lk9T
22Xqp7tbzCXwPhvuI+4jabeODTtobPja03PxCYaXvzWEO5BZ0iHQ/JxI/5WLFZOb
Jt+99c3YhWTSeOiJmNLeQtyDv6A4ngXgpbaxNrHOQYGnUNeRVPVCZSCiucDMFUTL
/j5+qhaBW/e4Mxw59w/DGAM8kYti+XCgD1qlty+krz6j
-----END CERTIFICATE-----