This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/c39XLxbuf04BBQGWyZ8HrunasNs.roa
File:                     c39XLxbuf04BBQGWyZ8HrunasNs.roa (raw, json)
Hash identifier:          qIVoFOvsadu807fb8uoOZyhJ816nDFPiWTVq0YiWMP4=
Subject key identifier:   73:7F:57:2F:16:EE:7F:4E:01:05:01:96:C9:9F:07:AE:E9:DA:B0:DB
Certificate issuer:       /CN=8b82433ffe94bf3536fec327543d396158202072
Certificate serial:       019B7F15F4E6332483551FA97E204FA1266C
Authority key identifier: 8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/c39XLxbuf04BBQGWyZ8HrunasNs.roa
Signing time:             Fri 02 Jan 2026 14:21:43 +0000
ROA not before:           Fri 02 Jan 2026 14:21:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49988
IP address blocks:        85.198.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:f4:e6:33:24:83:55:1f:a9:7e:20:4f:a1:26:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b82433ffe94bf3536fec327543d396158202072
        Validity
            Not Before: Jan  2 14:21:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=737f572f16ee7f4e01050196c99f07aee9dab0db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:83:90:91:2e:41:75:d1:1d:05:3e:bb:a9:15:
                    f4:d1:bb:e1:28:ce:78:f3:43:8f:0a:12:b3:75:40:
                    ae:85:60:35:ca:97:cd:fe:d6:b9:c7:1a:e7:b8:94:
                    e8:a0:06:c9:70:02:0f:12:85:95:85:5c:ff:c4:07:
                    c0:c4:c4:18:34:db:ca:81:20:1d:ee:aa:9d:ef:71:
                    e6:ee:d4:3a:6e:45:5c:92:26:bf:60:0e:f3:64:c6:
                    cf:4d:4a:36:78:47:7d:84:76:39:01:10:a7:91:04:
                    61:f0:15:03:62:21:d6:68:9e:28:60:9c:2a:2f:66:
                    8f:e0:e9:9a:06:b2:69:2b:5a:7a:74:a0:26:57:a0:
                    a5:af:2c:a7:81:4f:8f:9d:c6:80:f7:25:99:b2:6e:
                    f7:c0:ea:ba:a4:b6:a9:fc:32:4b:81:6a:0c:4f:4c:
                    8a:18:b2:ac:10:22:6f:13:d7:dd:b4:99:b4:fe:65:
                    3d:ec:1c:f9:9d:32:70:e7:3f:7f:a1:8a:7f:f2:c6:
                    98:ce:bd:ba:56:d0:85:d2:00:e0:0b:e4:cc:b3:19:
                    74:ef:0d:52:b1:fe:02:01:6e:2e:99:b3:17:fc:43:
                    d0:fa:91:2c:12:35:80:52:3b:4b:30:0e:35:e0:82:
                    91:a3:ce:1b:bf:a7:e3:0a:4a:5e:c6:e0:2c:0f:e3:
                    ef:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:7F:57:2F:16:EE:7F:4E:01:05:01:96:C9:9F:07:AE:E9:DA:B0:DB
            X509v3 Authority Key Identifier:
                keyid:8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/c39XLxbuf04BBQGWyZ8HrunasNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.198.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:41:20:cc:04:df:6c:c0:8b:f6:54:b5:0c:4c:3c:83:10:a6:
         bf:f3:f2:20:d9:81:d8:5e:d5:26:4a:ed:6f:85:94:df:7c:ae:
         4f:8f:5b:bb:c1:d7:36:6f:8a:57:ea:75:07:7e:f0:69:ff:10:
         80:5a:c2:5a:86:37:81:fe:28:d5:10:05:ec:15:dd:8d:83:26:
         99:14:ca:eb:77:bf:e4:d6:b7:48:69:6a:72:5b:5d:08:f2:9f:
         fa:9f:03:cb:21:25:48:d1:5c:8b:c2:dc:02:d4:02:fe:a5:27:
         23:9e:85:18:60:bc:72:d2:0d:cd:5b:9d:7a:36:50:2e:ef:e9:
         69:41:f7:34:23:38:fc:a7:c6:2d:61:71:a8:f3:37:4c:16:7f:
         0b:fe:17:26:71:39:35:ea:3e:41:f4:45:fb:09:f4:9f:dd:c6:
         d6:78:37:4b:a8:81:93:8c:2f:b5:18:6b:c1:68:47:e9:df:77:
         24:f1:5d:ec:32:cb:7f:fd:66:72:8f:ce:ca:bd:07:7e:18:31:
         58:c4:96:c3:2b:e5:b0:84:4e:c9:b6:f4:8f:46:75:ea:b0:c4:
         43:9d:b3:0b:48:c6:46:a7:08:ac:7a:99:8f:cb:73:87:36:d7:
         45:05:4c:40:4f:9b:e7:97:26:28:7a:a5:cc:a2:df:2e:7a:5c:
         b0:f0:f4:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FfTmMySDVR+pfiBPoSZsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiODI0MzNmZmU5NGJmMzUzNmZlYzMyNzU0M2QzOTYxNTgy
MDIwNzIwHhcNMjYwMTAyMTQyMTQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzdmNTcyZjE2ZWU3ZjRlMDEwNTAxOTZjOTlmMDdhZWU5ZGFiMGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0oOQkS5BddEdBT67qRX00bvhKM54
80OPChKzdUCuhWA1ypfN/ta5xxrnuJTooAbJcAIPEoWVhVz/xAfAxMQYNNvKgSAd
7qqd73Hm7tQ6bkVckia/YA7zZMbPTUo2eEd9hHY5ARCnkQRh8BUDYiHWaJ4oYJwq
L2aP4OmaBrJpK1p6dKAmV6ClryyngU+PncaA9yWZsm73wOq6pLap/DJLgWoMT0yK
GLKsECJvE9fdtJm0/mU97Bz5nTJw5z9/oYp/8saYzr26VtCF0gDgC+TMsxl07w1S
sf4CAW4umbMX/EPQ+pEsEjWAUjtLMA414IKRo84bv6fjCkpexuAsD+PvswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHN/Vy8W7n9OAQUBlsmfB67p2rDbMB8GA1UdIwQY
MBaAFIuCQz/+lL81Nv7DJ1Q9OWFYICByMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYt
MmRkNzg5MGRjNjg5LzEvYzM5WEx4YnVmMDRCQlFHV3laOEhydW5hc05zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYtMmRkNzg5MGRjNjg5
LzEvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcZrMA0G
CSqGSIb3DQEBCwUAA4IBAQCBQSDMBN9swIv2VLUMTDyDEKa/8/Ig2YHYXtUmSu1v
hZTffK5Pj1u7wdc2b4pX6nUHfvBp/xCAWsJahjeB/ijVEAXsFd2NgyaZFMrrd7/k
1rdIaWpyW10I8p/6nwPLISVI0VyLwtwC1AL+pScjnoUYYLxy0g3NW516NlAu7+lp
Qfc0Izj8p8YtYXGo8zdMFn8L/hcmcTk16j5B9EX7CfSf3cbWeDdLqIGTjC+1GGvB
aEfp33ck8V3sMst//WZyj87KvQd+GDFYxJbDK+WwhE7JtvSPRnXqsMRDnbMLSMZG
pwisepmPy3OHNtdFBUxAT5vnlyYoeqXMot8uelyw8PTR
-----END CERTIFICATE-----