This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/bf3eca-171f-401c-9b5d-ccc4f1e00990/1/oPn9BEZzljIPQPQ_eYJw4GgcX3c.roa
File:                     oPn9BEZzljIPQPQ_eYJw4GgcX3c.roa (raw, json)
Hash identifier:          MFu3RUWuCmBoIzCATrSbU+RcXXRsfsL7FD0RBKZyeXU=
Subject key identifier:   A0:F9:FD:04:46:73:96:32:0F:40:F4:3F:79:82:70:E0:68:1C:5F:77
Certificate issuer:       /CN=2c727d09fbb19a7f985d751a20311c1bad4b071f
Certificate serial:       019B77C6B3885A192EF656C7C3EE3D94C11A
Authority key identifier: 2C:72:7D:09:FB:B1:9A:7F:98:5D:75:1A:20:31:1C:1B:AD:4B:07:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHJ9Cfuxmn-YXXUaIDEcG61LBx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/bf3eca-171f-401c-9b5d-ccc4f1e00990/1/oPn9BEZzljIPQPQ_eYJw4GgcX3c.roa
Signing time:             Thu 01 Jan 2026 04:17:49 +0000
ROA not before:           Thu 01 Jan 2026 04:17:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202598
IP address blocks:        185.156.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/bf3eca-171f-401c-9b5d-ccc4f1e00990/1/LHJ9Cfuxmn-YXXUaIDEcG61LBx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/bf3eca-171f-401c-9b5d-ccc4f1e00990/1/LHJ9Cfuxmn-YXXUaIDEcG61LBx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHJ9Cfuxmn-YXXUaIDEcG61LBx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:b3:88:5a:19:2e:f6:56:c7:c3:ee:3d:94:c1:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c727d09fbb19a7f985d751a20311c1bad4b071f
        Validity
            Not Before: Jan  1 04:17:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a0f9fd04467396320f40f43f798270e0681c5f77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:5f:5f:f0:51:77:b2:96:34:ab:89:58:ba:cf:
                    30:ec:66:d2:aa:ce:8d:a6:4e:2a:8e:58:7d:5a:2e:
                    75:f1:b5:ec:e6:93:3a:62:a8:25:10:2c:55:8f:47:
                    68:1a:72:6f:b3:e4:75:b7:ae:97:e9:aa:e8:ee:d1:
                    31:4a:cf:1e:3c:18:de:d7:1d:4a:26:72:4f:25:64:
                    0a:ed:84:51:b8:07:aa:1f:48:67:c7:81:9d:f9:c0:
                    81:fc:eb:c9:7e:50:bf:77:05:1e:64:7d:ca:a3:97:
                    f2:d7:6e:c7:2e:a7:53:fc:a9:1f:b7:4c:92:45:0d:
                    2f:9f:b0:78:a9:35:67:31:7b:b8:c8:1e:28:7b:f7:
                    7c:8b:a2:43:3d:0d:e0:4a:f3:55:34:59:88:ca:46:
                    3d:36:4a:81:c9:0e:64:6e:58:0b:40:fb:23:a1:3d:
                    7b:20:8b:19:9f:d8:36:7f:d7:00:6e:2c:f9:a3:2b:
                    6e:e4:d0:c3:24:cd:a1:03:78:ae:f1:da:f5:66:81:
                    38:2a:c2:d2:84:3d:e8:bd:2d:b6:6e:4f:65:58:9f:
                    d1:39:df:20:ff:79:5e:03:6f:4e:49:98:93:91:00:
                    95:fd:ab:db:ec:4e:ea:3d:4e:75:e0:1f:31:99:86:
                    76:79:cb:bf:42:1e:1f:45:0f:1e:05:5f:63:d4:68:
                    82:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:F9:FD:04:46:73:96:32:0F:40:F4:3F:79:82:70:E0:68:1C:5F:77
            X509v3 Authority Key Identifier:
                keyid:2C:72:7D:09:FB:B1:9A:7F:98:5D:75:1A:20:31:1C:1B:AD:4B:07:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHJ9Cfuxmn-YXXUaIDEcG61LBx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/bf3eca-171f-401c-9b5d-ccc4f1e00990/1/oPn9BEZzljIPQPQ_eYJw4GgcX3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/bf3eca-171f-401c-9b5d-ccc4f1e00990/1/LHJ9Cfuxmn-YXXUaIDEcG61LBx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:3a:21:33:43:3e:ea:c9:d6:21:5b:56:0a:8c:9a:9a:bb:d6:
         7d:d0:e0:70:45:cc:da:2b:0f:60:66:d2:f6:65:fa:0a:bf:c7:
         10:5c:e0:f2:13:65:77:f4:08:ca:15:44:da:1e:e5:8e:68:e4:
         2a:e8:33:5c:f0:6f:b3:f7:8d:51:88:92:8e:75:06:e4:1a:5b:
         7e:26:b4:ca:b3:10:97:a9:1f:8f:b7:20:05:04:54:22:59:56:
         fc:55:b9:f1:75:db:67:de:1d:49:0a:9f:45:f8:43:66:a4:ec:
         21:82:1d:cb:92:f1:e5:37:31:51:09:42:7b:d7:4a:d1:1a:cb:
         16:8f:30:b6:f6:6a:03:19:02:c2:d1:84:04:41:c7:81:65:7f:
         2b:92:52:4a:86:a5:c6:17:c8:74:7d:2f:64:a1:52:6e:af:13:
         81:b2:23:71:d6:5e:ef:8b:dd:58:fe:ce:d0:08:0c:db:56:50:
         3a:1c:c6:3c:1e:a9:9b:ee:9a:7a:c3:6d:06:05:51:a6:c7:89:
         cd:63:ec:09:8f:cc:b3:9b:d4:7b:70:80:5d:c5:4b:e3:cf:a2:
         10:35:28:b5:24:dc:a8:9d:8e:4b:ef:4f:e0:60:48:32:9c:b4:
         aa:3d:a6:5b:3f:5f:7c:54:50:a9:2f:f0:c6:93:98:ac:ae:3b:
         a0:d5:b3:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xrOIWhku9lbHw+49lMEaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzI3ZDA5ZmJiMTlhN2Y5ODVkNzUxYTIwMzExYzFiYWQ0
YjA3MWYwHhcNMjYwMTAxMDQxNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGY5ZmQwNDQ2NzM5NjMyMGY0MGY0M2Y3OTgyNzBlMDY4MWM1Zjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuF9f8FF3spY0q4lYus8w7GbSqs6N
pk4qjlh9Wi518bXs5pM6YqglECxVj0doGnJvs+R1t66X6aro7tExSs8ePBje1x1K
JnJPJWQK7YRRuAeqH0hnx4Gd+cCB/OvJflC/dwUeZH3Ko5fy127HLqdT/Kkft0yS
RQ0vn7B4qTVnMXu4yB4oe/d8i6JDPQ3gSvNVNFmIykY9NkqByQ5kblgLQPsjoT17
IIsZn9g2f9cAbiz5oytu5NDDJM2hA3iu8dr1ZoE4KsLShD3ovS22bk9lWJ/ROd8g
/3leA29OSZiTkQCV/avb7E7qPU514B8xmYZ2ecu/Qh4fRQ8eBV9j1GiCsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKD5/QRGc5YyD0D0P3mCcOBoHF93MB8GA1UdIwQY
MBaAFCxyfQn7sZp/mF11GiAxHButSwcfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhKOUNmdXhtbi1ZWFhVYUlERWNHNjFMQng4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy9iZjNlY2EtMTcxZi00MDFjLTliNWQt
Y2NjNGYxZTAwOTkwLzEvb1BuOUJFWnpsaklQUVBRX2VZSnc0R2djWDNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy9iZjNlY2EtMTcxZi00MDFjLTliNWQtY2NjNGYxZTAwOTkw
LzEvTEhKOUNmdXhtbi1ZWFhVYUlERWNHNjFMQng4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZw4MA0G
CSqGSIb3DQEBCwUAA4IBAQBpOiEzQz7qydYhW1YKjJqau9Z90OBwRczaKw9gZtL2
ZfoKv8cQXODyE2V39AjKFUTaHuWOaOQq6DNc8G+z941RiJKOdQbkGlt+JrTKsxCX
qR+PtyAFBFQiWVb8Vbnxddtn3h1JCp9F+ENmpOwhgh3LkvHlNzFRCUJ710rRGssW
jzC29moDGQLC0YQEQceBZX8rklJKhqXGF8h0fS9koVJurxOBsiNx1l7vi91Y/s7Q
CAzbVlA6HMY8Hqmb7pp6w20GBVGmx4nNY+wJj8yzm9R7cIBdxUvjz6IQNSi1JNyo
nY5L70/gYEgynLSqPaZbP198VFCpL/DGk5isrjug1bNL
-----END CERTIFICATE-----