This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/efbed8-9ff0-4455-a07e-3cad37067405/1/ThOvdREQc5Dq7nLy40rE03SGSUk.roa
File:                     ThOvdREQc5Dq7nLy40rE03SGSUk.roa (raw, json)
Hash identifier:          mxho8agLJ4KhkMlElJuYDwOZPCukgtCw4yY9P1+N/rA=
Subject key identifier:   4E:13:AF:75:11:10:73:90:EA:EE:72:F2:E3:4A:C4:D3:74:86:49:49
Certificate issuer:       /CN=da0ffdbc933178d7a1bbf99608e3a95d4dee8ae6
Certificate serial:       019B7EA543BC481D5D4642CF1A977023A78E
Authority key identifier: DA:0F:FD:BC:93:31:78:D7:A1:BB:F9:96:08:E3:A9:5D:4D:EE:8A:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2g_9vJMxeNehu_mWCOOpXU3uiuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/efbed8-9ff0-4455-a07e-3cad37067405/1/ThOvdREQc5Dq7nLy40rE03SGSUk.roa
Signing time:             Fri 02 Jan 2026 12:18:38 +0000
ROA not before:           Fri 02 Jan 2026 12:18:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47803
IP address blocks:        185.130.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/efbed8-9ff0-4455-a07e-3cad37067405/1/2g_9vJMxeNehu_mWCOOpXU3uiuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/efbed8-9ff0-4455-a07e-3cad37067405/1/2g_9vJMxeNehu_mWCOOpXU3uiuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2g_9vJMxeNehu_mWCOOpXU3uiuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 12:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:43:bc:48:1d:5d:46:42:cf:1a:97:70:23:a7:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da0ffdbc933178d7a1bbf99608e3a95d4dee8ae6
        Validity
            Not Before: Jan  2 12:18:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4e13af7511107390eaee72f2e34ac4d374864949
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:40:63:ba:97:80:c7:c4:88:8a:af:72:11:f6:
                    c3:66:e2:46:a0:eb:cf:40:ae:28:01:66:2b:4b:b8:
                    92:b2:45:be:b7:aa:c6:0c:63:30:2e:f6:28:40:01:
                    93:06:7b:00:37:11:e5:aa:ce:d9:2d:71:b2:b2:c9:
                    f9:41:a2:b0:da:b6:75:33:0a:3e:5c:57:ec:02:42:
                    0c:c1:8d:c8:32:83:c2:8b:2d:89:fc:00:af:93:eb:
                    24:d5:10:55:6e:d7:9d:2b:e1:92:a0:0f:53:6c:f5:
                    8e:ca:69:3c:3f:00:f2:0d:b2:4d:31:a1:5b:1c:de:
                    f3:46:41:7e:70:f6:af:2f:e6:ad:65:a7:1e:e9:9c:
                    1e:d1:0e:8b:86:7a:2e:df:af:c4:f8:a5:10:7e:f5:
                    1d:a0:81:b2:c3:64:95:b1:0c:cf:32:5c:cf:33:2f:
                    49:21:8e:d1:38:31:24:0b:b8:d8:f3:71:a6:57:5c:
                    da:1d:f6:0f:18:e2:95:2a:47:dd:87:6b:59:ec:95:
                    dd:a7:a9:2f:e8:46:86:80:6b:d8:73:f1:a0:cf:51:
                    bf:ec:2a:26:1f:f0:43:0e:25:fe:a6:5b:80:83:6b:
                    36:1b:de:de:3c:d2:93:90:db:45:79:f0:9e:76:71:
                    e9:75:58:e2:a7:12:cb:ab:ab:55:b3:52:fb:84:34:
                    8e:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:13:AF:75:11:10:73:90:EA:EE:72:F2:E3:4A:C4:D3:74:86:49:49
            X509v3 Authority Key Identifier:
                keyid:DA:0F:FD:BC:93:31:78:D7:A1:BB:F9:96:08:E3:A9:5D:4D:EE:8A:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2g_9vJMxeNehu_mWCOOpXU3uiuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/efbed8-9ff0-4455-a07e-3cad37067405/1/ThOvdREQc5Dq7nLy40rE03SGSUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/efbed8-9ff0-4455-a07e-3cad37067405/1/2g_9vJMxeNehu_mWCOOpXU3uiuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:99:87:e5:1b:9a:c2:6c:de:9f:b4:2e:39:88:23:57:df:cd:
         7d:61:1f:e4:fb:86:ec:01:c2:7a:6a:03:f4:e1:a9:ab:76:8f:
         dc:7b:0c:54:3b:79:c5:b8:8b:1a:cb:31:ce:d0:57:96:bb:c5:
         26:f0:4a:9c:10:c6:05:06:01:1c:55:2f:2d:ed:2f:40:f7:59:
         23:2d:17:73:6d:2a:04:90:21:8f:8a:42:34:ab:02:f0:65:9b:
         61:f8:f4:fd:03:b8:c7:fa:01:a6:e0:4b:24:23:83:8d:38:fd:
         8e:a3:02:2f:c2:a5:f9:f8:f2:c6:6d:de:7c:2e:d1:06:db:e4:
         1d:e0:b8:6f:69:19:70:75:68:c2:44:3c:91:9e:d7:0e:02:fc:
         54:ca:0f:fe:e3:e6:7a:42:07:59:f5:22:d0:5e:59:8e:2c:07:
         e0:13:0c:6c:8b:2c:9e:3a:87:cc:c1:18:31:39:a0:a7:ea:f5:
         ab:37:e1:42:22:96:00:e2:8c:f0:f8:2f:fe:23:5a:fb:75:ba:
         82:1f:44:6b:04:ce:c4:f0:09:e2:ac:9a:3f:ae:bb:8a:f5:1f:
         7a:0d:44:97:7f:de:98:50:65:6a:7f:ae:06:98:e6:18:ee:49:
         e4:a3:89:aa:36:f0:d0:77:f4:7e:c2:7e:11:ee:c1:af:df:26:
         dc:6b:ae:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pUO8SB1dRkLPGpdwI6eOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMGZmZGJjOTMzMTc4ZDdhMWJiZjk5NjA4ZTNhOTVkNGRl
ZThhZTYwHhcNMjYwMTAyMTIxODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTEzYWY3NTExMTA3MzkwZWFlZTcyZjJlMzRhYzRkMzc0ODY0OTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokBjupeAx8SIiq9yEfbDZuJGoOvP
QK4oAWYrS7iSskW+t6rGDGMwLvYoQAGTBnsANxHlqs7ZLXGyssn5QaKw2rZ1Mwo+
XFfsAkIMwY3IMoPCiy2J/ACvk+sk1RBVbtedK+GSoA9TbPWOymk8PwDyDbJNMaFb
HN7zRkF+cPavL+atZace6Zwe0Q6Lhnou36/E+KUQfvUdoIGyw2SVsQzPMlzPMy9J
IY7RODEkC7jY83GmV1zaHfYPGOKVKkfdh2tZ7JXdp6kv6EaGgGvYc/Ggz1G/7Com
H/BDDiX+pluAg2s2G97ePNKTkNtFefCednHpdVjipxLLq6tVs1L7hDSOGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE4Tr3UREHOQ6u5y8uNKxNN0hklJMB8GA1UdIwQY
MBaAFNoP/byTMXjXobv5lgjjqV1N7ormMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdfOXZKTXhlTmVodV9tV0NPT3BYVTN1aXVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lZmJlZDgtOWZmMC00NDU1LWEwN2Ut
M2NhZDM3MDY3NDA1LzEvVGhPdmRSRVFjNURxN25MeTQwckUwM1NHU1VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lZmJlZDgtOWZmMC00NDU1LWEwN2UtM2NhZDM3MDY3NDA1
LzEvMmdfOXZKTXhlTmVodV9tV0NPT3BYVTN1aXVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYLAMA0G
CSqGSIb3DQEBCwUAA4IBAQAAmYflG5rCbN6ftC45iCNX3819YR/k+4bsAcJ6agP0
4amrdo/cewxUO3nFuIsayzHO0FeWu8Um8EqcEMYFBgEcVS8t7S9A91kjLRdzbSoE
kCGPikI0qwLwZZth+PT9A7jH+gGm4EskI4ONOP2OowIvwqX5+PLGbd58LtEG2+Qd
4LhvaRlwdWjCRDyRntcOAvxUyg/+4+Z6QgdZ9SLQXlmOLAfgEwxsiyyeOofMwRgx
OaCn6vWrN+FCIpYA4ozw+C/+I1r7dbqCH0RrBM7E8AnirJo/rruK9R96DUSXf96Y
UGVqf64GmOYY7knko4mqNvDQd/R+wn4R7sGv3ybca652
-----END CERTIFICATE-----