This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/ec4b80-46ed-43b5-9cfa-9b807de60902/1/ROpNx89soFP8JE-okJDCTVHVXDs.roa
File:                     ROpNx89soFP8JE-okJDCTVHVXDs.roa (raw, json)
Hash identifier:          5HtcGDIbCLb9z7TZql7Z+rs2Xx1sglk4pFTRwXa2X+g=
Subject key identifier:   44:EA:4D:C7:CF:6C:A0:53:FC:24:4F:A8:90:90:C2:4D:51:D5:5C:3B
Certificate issuer:       /CN=70464efe473741ea4e6ccf6c3c5a37c66f3da179
Certificate serial:       019BF9C893ECAD650AA93762597CF8B245A6
Authority key identifier: 70:46:4E:FE:47:37:41:EA:4E:6C:CF:6C:3C:5A:37:C6:6F:3D:A1:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cEZO_kc3QepObM9sPFo3xm89oXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/ec4b80-46ed-43b5-9cfa-9b807de60902/1/ROpNx89soFP8JE-okJDCTVHVXDs.roa
Signing time:             Mon 26 Jan 2026 10:10:30 +0000
ROA not before:           Mon 26 Jan 2026 10:10:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3209
IP address blocks:        194.169.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/ec4b80-46ed-43b5-9cfa-9b807de60902/1/cEZO_kc3QepObM9sPFo3xm89oXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/ec4b80-46ed-43b5-9cfa-9b807de60902/1/cEZO_kc3QepObM9sPFo3xm89oXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cEZO_kc3QepObM9sPFo3xm89oXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:f9:c8:93:ec:ad:65:0a:a9:37:62:59:7c:f8:b2:45:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70464efe473741ea4e6ccf6c3c5a37c66f3da179
        Validity
            Not Before: Jan 26 10:10:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=44ea4dc7cf6ca053fc244fa89090c24d51d55c3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:18:51:f5:93:b7:38:d1:ee:9a:f8:59:ce:45:
                    43:d3:38:cd:83:cf:8e:88:5e:9d:0b:28:05:3e:b1:
                    3c:18:a3:86:dc:2b:4e:88:a8:67:e2:9d:a0:06:d0:
                    c6:f6:7b:1a:78:26:cd:d9:2e:de:ae:47:d5:e2:99:
                    5d:10:eb:13:84:24:cf:87:cc:9e:10:91:6c:be:96:
                    e6:9e:d0:35:8a:5a:50:7b:e6:d0:31:80:05:21:03:
                    e2:24:e4:d4:9f:de:09:94:e0:6e:28:b5:ed:9e:f8:
                    35:96:09:60:1a:0e:0c:df:1d:79:31:1e:e8:36:a5:
                    8a:1c:f3:cf:aa:98:08:08:64:33:48:a9:42:49:42:
                    c2:f5:90:d7:c4:91:be:9a:da:b2:7d:16:7d:fb:3a:
                    af:4f:2f:86:b3:b5:79:16:dc:1a:41:c7:be:25:95:
                    32:17:65:47:32:fc:24:7c:5d:fb:00:77:a1:9d:5d:
                    c0:e3:69:f6:e9:27:ad:56:7b:cf:eb:69:15:1f:4c:
                    44:15:e0:66:cf:9c:f9:c6:e9:81:78:7f:b6:59:44:
                    a4:ab:5b:c4:6e:08:0b:83:5f:2e:8c:53:91:30:da:
                    c2:70:34:72:fe:4b:0a:21:cb:32:48:9e:05:14:5d:
                    3f:c4:e9:ce:23:53:02:eb:49:23:07:73:bc:c2:c3:
                    cd:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:EA:4D:C7:CF:6C:A0:53:FC:24:4F:A8:90:90:C2:4D:51:D5:5C:3B
            X509v3 Authority Key Identifier:
                keyid:70:46:4E:FE:47:37:41:EA:4E:6C:CF:6C:3C:5A:37:C6:6F:3D:A1:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cEZO_kc3QepObM9sPFo3xm89oXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/ec4b80-46ed-43b5-9cfa-9b807de60902/1/ROpNx89soFP8JE-okJDCTVHVXDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/ec4b80-46ed-43b5-9cfa-9b807de60902/1/cEZO_kc3QepObM9sPFo3xm89oXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:15:62:0b:32:2e:3f:7d:3c:98:99:9d:7e:e7:55:ef:18:60:
         2d:9f:56:a6:bc:28:d7:43:e3:0e:1b:54:f6:7c:07:75:6c:e2:
         8a:39:6a:33:fc:cb:1a:c6:04:f3:fe:84:a3:9b:83:82:f1:2a:
         4f:e4:9e:fc:d9:18:08:65:1b:af:f8:08:b2:e0:49:b8:0e:12:
         ed:b2:fc:99:84:b8:dd:5d:d8:54:66:2e:ea:e9:19:89:1b:53:
         50:6a:22:6b:cb:17:6e:24:2e:b0:83:18:91:6f:cf:f4:0d:9a:
         dc:5d:b4:d6:93:d0:01:09:12:83:29:54:89:5e:20:12:a7:8b:
         00:b1:32:fa:a8:56:b2:ae:ca:90:e6:fa:35:da:a6:8e:5f:cd:
         d6:8c:35:d4:ee:f2:09:cb:03:91:9a:07:8d:3c:d4:4b:2e:5c:
         1f:00:c1:59:4c:1c:30:ca:b5:a7:95:e7:1c:62:30:00:c4:08:
         42:95:0a:de:09:33:cc:95:3c:f7:fe:96:05:d8:16:79:f0:eb:
         07:22:9d:20:8e:53:57:39:11:e2:b9:b2:e3:bd:ee:7f:fd:39:
         71:e5:32:5a:c6:67:55:a2:fd:f3:ee:08:49:78:3b:07:d9:35:
         25:0c:87:a0:f6:bb:7a:2a:19:27:81:99:fb:8c:ea:68:a5:1e:
         04:0b:09:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZv5yJPsrWUKqTdiWXz4skWmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNDY0ZWZlNDczNzQxZWE0ZTZjY2Y2YzNjNWEzN2M2NmYz
ZGExNzkwHhcNMjYwMTI2MTAxMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGVhNGRjN2NmNmNhMDUzZmMyNDRmYTg5MDkwYzI0ZDUxZDU1YzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhhR9ZO3ONHumvhZzkVD0zjNg8+O
iF6dCygFPrE8GKOG3CtOiKhn4p2gBtDG9nsaeCbN2S7erkfV4pldEOsThCTPh8ye
EJFsvpbmntA1ilpQe+bQMYAFIQPiJOTUn94JlOBuKLXtnvg1lglgGg4M3x15MR7o
NqWKHPPPqpgICGQzSKlCSULC9ZDXxJG+mtqyfRZ9+zqvTy+Gs7V5FtwaQce+JZUy
F2VHMvwkfF37AHehnV3A42n26SetVnvP62kVH0xEFeBmz5z5xumBeH+2WUSkq1vE
bggLg18ujFORMNrCcDRy/ksKIcsySJ4FFF0/xOnOI1MC60kjB3O8wsPNUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFETqTcfPbKBT/CRPqJCQwk1R1Vw7MB8GA1UdIwQY
MBaAFHBGTv5HN0HqTmzPbDxaN8ZvPaF5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0VaT19rYzNRZXBPYk05c1BGbzN4bTg5b1hrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy9lYzRiODAtNDZlZC00M2I1LTljZmEt
OWI4MDdkZTYwOTAyLzEvUk9wTng4OXNvRlA4SkUtb2tKRENUVkhWWERzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy9lYzRiODAtNDZlZC00M2I1LTljZmEtOWI4MDdkZTYwOTAy
LzEvY0VaT19rYzNRZXBPYk05c1BGbzN4bTg5b1hrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqnvMA0G
CSqGSIb3DQEBCwUAA4IBAQCvFWILMi4/fTyYmZ1+51XvGGAtn1amvCjXQ+MOG1T2
fAd1bOKKOWoz/MsaxgTz/oSjm4OC8SpP5J782RgIZRuv+Aiy4Em4DhLtsvyZhLjd
XdhUZi7q6RmJG1NQaiJryxduJC6wgxiRb8/0DZrcXbTWk9ABCRKDKVSJXiASp4sA
sTL6qFayrsqQ5vo12qaOX83WjDXU7vIJywORmgeNPNRLLlwfAMFZTBwwyrWnlecc
YjAAxAhClQreCTPMlTz3/pYF2BZ58OsHIp0gjlNXORHiubLjve5//Tlx5TJaxmdV
ov3z7ghJeDsH2TUlDIeg9rt6KhkngZn7jOpopR4ECwnO
-----END CERTIFICATE-----