This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/u4dfVgTBlyOwWNQ0P6NKkpYOUUQ.roa
File:                     u4dfVgTBlyOwWNQ0P6NKkpYOUUQ.roa (raw, json)
Hash identifier:          w4779kW3IR6Ef4OLAy8K23RNH+GshDoVigRrQzkg78w=
Subject key identifier:   BB:87:5F:56:04:C1:97:23:B0:58:D4:34:3F:A3:4A:92:96:0E:51:44
Certificate issuer:       /CN=e2e8f56bc1f5010291681bc2d8c02f9acbf714a0
Certificate serial:       019B7FF20271BA0148FB68E6AF7B12E2509B
Authority key identifier: E2:E8:F5:6B:C1:F5:01:02:91:68:1B:C2:D8:C0:2F:9A:CB:F7:14:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4uj1a8H1AQKRaBvC2MAvmsv3FKA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/u4dfVgTBlyOwWNQ0P6NKkpYOUUQ.roa
Signing time:             Fri 02 Jan 2026 18:22:05 +0000
ROA not before:           Fri 02 Jan 2026 18:22:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48208
IP address blocks:        46.238.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/4uj1a8H1AQKRaBvC2MAvmsv3FKA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/4uj1a8H1AQKRaBvC2MAvmsv3FKA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4uj1a8H1AQKRaBvC2MAvmsv3FKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:02:71:ba:01:48:fb:68:e6:af:7b:12:e2:50:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2e8f56bc1f5010291681bc2d8c02f9acbf714a0
        Validity
            Not Before: Jan  2 18:22:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bb875f5604c19723b058d4343fa34a92960e5144
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f3:10:69:39:17:6d:58:9c:b0:1a:89:bb:3f:
                    2a:74:27:5e:dd:49:63:16:3d:a4:50:ba:ed:90:dd:
                    14:21:83:74:27:7c:4c:6b:91:06:ad:f5:c0:b8:9c:
                    47:cc:33:b7:ec:13:11:14:75:67:12:01:69:fc:fa:
                    cb:6a:18:55:f1:54:2a:d0:55:5b:68:18:49:a2:0a:
                    cc:c7:e2:ea:c5:e1:a6:cc:ca:b3:83:eb:8c:bc:5a:
                    e3:98:bc:55:ab:3f:f6:cc:e0:f2:01:8f:d4:9b:e1:
                    c2:93:74:98:4e:af:83:0c:cd:bf:bb:1d:2f:a0:b8:
                    e2:00:d1:a0:5e:45:f4:cc:ac:64:1d:2e:ce:a8:a5:
                    84:50:d1:03:73:d5:53:6e:83:46:4c:ac:c5:6c:0d:
                    f9:d8:2a:5d:01:37:6f:b5:67:1b:70:00:ab:82:61:
                    09:6d:5d:52:39:19:c0:ab:3b:eb:cd:3a:54:84:20:
                    6a:2a:e0:f4:de:9e:cd:f7:e8:b1:8b:20:fa:f2:25:
                    d3:5c:23:72:a6:79:3f:45:ef:2e:95:3c:c6:3d:cb:
                    bf:91:c5:80:43:e1:86:25:3f:17:f9:8d:4c:d1:10:
                    d9:40:51:5e:42:73:ca:8a:92:6f:b1:6f:30:e5:ab:
                    87:3d:f2:e1:0a:1b:58:62:f7:5f:2f:da:d9:28:fc:
                    60:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:87:5F:56:04:C1:97:23:B0:58:D4:34:3F:A3:4A:92:96:0E:51:44
            X509v3 Authority Key Identifier:
                keyid:E2:E8:F5:6B:C1:F5:01:02:91:68:1B:C2:D8:C0:2F:9A:CB:F7:14:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4uj1a8H1AQKRaBvC2MAvmsv3FKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/u4dfVgTBlyOwWNQ0P6NKkpYOUUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/8042bf-71ba-4fbd-9e17-447edc4f9af6/1/4uj1a8H1AQKRaBvC2MAvmsv3FKA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.238.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:70:2a:4f:32:b7:1d:bd:73:46:19:85:ef:84:d7:1a:56:1e:
         72:e4:27:9f:81:3d:75:28:69:bd:ec:24:e1:f8:f6:79:a4:7c:
         e5:8b:6d:65:04:91:ce:1b:df:4e:99:42:f7:47:69:ec:3d:74:
         3c:f8:37:b4:cb:6d:b3:77:45:ac:f4:da:69:98:1a:ae:ce:9c:
         81:ee:79:68:71:ec:47:11:1b:44:16:76:b9:82:a2:9d:77:a1:
         f6:8c:d7:c9:ac:a7:2e:a1:3a:ed:f2:e2:19:a7:dd:16:81:66:
         6d:22:ae:57:2c:de:14:4d:d9:63:49:76:b3:be:0a:ac:34:9f:
         16:f2:fa:22:99:3b:7b:5e:0e:c4:a0:61:b5:32:78:e5:a8:8a:
         b2:b7:dc:75:1d:e8:0c:53:3a:af:70:77:51:8a:04:89:bb:55:
         06:bc:71:f8:b1:5a:60:50:4a:8a:27:a0:54:a6:25:be:14:58:
         e4:ed:cd:67:27:34:1e:c0:d4:39:16:3b:f0:c0:77:c0:fc:01:
         db:f1:c5:2a:37:1b:9d:06:34:17:46:17:7d:82:b0:16:f1:cb:
         b2:e7:a9:30:fe:e0:42:ab:91:56:31:39:ad:b5:d2:7b:a8:95:
         2f:03:75:9b:d5:d5:9a:4e:b4:36:0b:60:1a:d0:ed:b7:36:ff:
         7a:e9:be:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8gJxugFI+2jmr3sS4lCbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZThmNTZiYzFmNTAxMDI5MTY4MWJjMmQ4YzAyZjlhY2Jm
NzE0YTAwHhcNMjYwMTAyMTgyMjA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjg3NWY1NjA0YzE5NzIzYjA1OGQ0MzQzZmEzNGE5Mjk2MGU1MTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvMQaTkXbVicsBqJuz8qdCde3Ulj
Fj2kULrtkN0UIYN0J3xMa5EGrfXAuJxHzDO37BMRFHVnEgFp/PrLahhV8VQq0FVb
aBhJogrMx+LqxeGmzMqzg+uMvFrjmLxVqz/2zODyAY/Um+HCk3SYTq+DDM2/ux0v
oLjiANGgXkX0zKxkHS7OqKWEUNEDc9VTboNGTKzFbA352CpdATdvtWcbcACrgmEJ
bV1SORnAqzvrzTpUhCBqKuD03p7N9+ixiyD68iXTXCNypnk/Re8ulTzGPcu/kcWA
Q+GGJT8X+Y1M0RDZQFFeQnPKipJvsW8w5auHPfLhChtYYvdfL9rZKPxgGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLuHX1YEwZcjsFjUND+jSpKWDlFEMB8GA1UdIwQY
MBaAFOLo9WvB9QECkWgbwtjAL5rL9xSgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHVqMWE4SDFBUUtSYUJ2QzJNQXZtc3YzRktBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC84MDQyYmYtNzFiYS00ZmJkLTllMTct
NDQ3ZWRjNGY5YWY2LzEvdTRkZlZnVEJseU93V05RMFA2TktrcFlPVVVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC84MDQyYmYtNzFiYS00ZmJkLTllMTctNDQ3ZWRjNGY5YWY2
LzEvNHVqMWE4SDFBUUtSYUJ2QzJNQXZtc3YzRktBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALu7pMA0G
CSqGSIb3DQEBCwUAA4IBAQCVcCpPMrcdvXNGGYXvhNcaVh5y5CefgT11KGm97CTh
+PZ5pHzli21lBJHOG99OmUL3R2nsPXQ8+De0y22zd0Ws9NppmBquzpyB7nlocexH
ERtEFna5gqKdd6H2jNfJrKcuoTrt8uIZp90WgWZtIq5XLN4UTdljSXazvgqsNJ8W
8voimTt7Xg7EoGG1MnjlqIqyt9x1HegMUzqvcHdRigSJu1UGvHH4sVpgUEqKJ6BU
piW+FFjk7c1nJzQewNQ5FjvwwHfA/AHb8cUqNxudBjQXRhd9grAW8cuy56kw/uBC
q5FWMTmttdJ7qJUvA3Wb1dWaTrQ2C2Aa0O23Nv966b5t
-----END CERTIFICATE-----