This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/cb51f5-a843-49c4-9f19-10eb8adfea7e/1/U38H1DqbOLfyhC9vUlS7CE-eqkY.roa
File:                     U38H1DqbOLfyhC9vUlS7CE-eqkY.roa (raw, json)
Hash identifier:          hih9v2/80+GAK3ew382sMvVyZE3RudyzOvC7wWTs/S4=
Subject key identifier:   53:7F:07:D4:3A:9B:38:B7:F2:84:2F:6F:52:54:BB:08:4F:9E:AA:46
Certificate issuer:       /CN=e3d0a84bab3def41d6aaa9028de7a475d32d12bd
Certificate serial:       019B7D5CB04EC0DEEA5D913821FDA0E73EBE
Authority key identifier: E3:D0:A8:4B:AB:3D:EF:41:D6:AA:A9:02:8D:E7:A4:75:D3:2D:12:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49CoS6s970HWqqkCjeekddMtEr0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/cb51f5-a843-49c4-9f19-10eb8adfea7e/1/U38H1DqbOLfyhC9vUlS7CE-eqkY.roa
Signing time:             Fri 02 Jan 2026 06:19:45 +0000
ROA not before:           Fri 02 Jan 2026 06:19:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212965
IP address blocks:        185.238.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/cb51f5-a843-49c4-9f19-10eb8adfea7e/1/49CoS6s970HWqqkCjeekddMtEr0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/cb51f5-a843-49c4-9f19-10eb8adfea7e/1/49CoS6s970HWqqkCjeekddMtEr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49CoS6s970HWqqkCjeekddMtEr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:b0:4e:c0:de:ea:5d:91:38:21:fd:a0:e7:3e:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d0a84bab3def41d6aaa9028de7a475d32d12bd
        Validity
            Not Before: Jan  2 06:19:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=537f07d43a9b38b7f2842f6f5254bb084f9eaa46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:6c:af:42:f2:a7:02:aa:03:81:b7:6e:0b:57:
                    56:45:a0:bc:2e:7a:61:fa:b2:3c:23:ae:a5:e6:ef:
                    42:cf:93:e1:28:64:04:53:34:56:ab:d0:fd:f1:5c:
                    2d:fe:bc:52:40:a8:a9:3e:4f:ba:62:61:15:23:7e:
                    02:00:58:a8:fe:a1:83:a2:21:8f:a6:9c:e6:45:37:
                    ad:e6:64:ca:5e:b6:a9:1d:af:f2:c2:8e:a5:de:c4:
                    93:92:16:d3:b9:73:d3:b3:c4:45:9e:35:e0:d0:11:
                    e1:32:e7:e8:bf:6e:46:89:94:49:0c:05:b6:55:31:
                    b8:2d:89:7e:29:cb:69:31:79:a3:c2:f9:9d:93:1b:
                    0d:01:97:f7:fd:a2:02:5d:1d:00:dd:1c:3a:1a:09:
                    c1:e2:51:38:a3:b4:46:c9:a8:1b:e8:a1:8c:bd:bd:
                    10:c6:25:3d:87:ed:51:b5:54:8e:dc:46:7f:a3:4e:
                    49:b1:3b:1e:5c:56:7d:a5:76:bf:7c:38:43:ae:79:
                    b9:9f:f4:ea:35:b3:2c:49:5e:cd:ca:ef:7c:2c:8c:
                    15:a4:2c:eb:b1:0b:84:d5:0d:9c:bd:69:23:83:0a:
                    68:7c:4f:43:2b:9d:ee:93:40:8d:59:b4:0b:9a:61:
                    23:19:5a:d7:f8:96:2c:9a:73:b8:46:70:77:4e:99:
                    30:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:7F:07:D4:3A:9B:38:B7:F2:84:2F:6F:52:54:BB:08:4F:9E:AA:46
            X509v3 Authority Key Identifier:
                keyid:E3:D0:A8:4B:AB:3D:EF:41:D6:AA:A9:02:8D:E7:A4:75:D3:2D:12:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49CoS6s970HWqqkCjeekddMtEr0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/cb51f5-a843-49c4-9f19-10eb8adfea7e/1/U38H1DqbOLfyhC9vUlS7CE-eqkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/cb51f5-a843-49c4-9f19-10eb8adfea7e/1/49CoS6s970HWqqkCjeekddMtEr0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:7e:aa:23:9a:bc:6c:59:dc:af:05:2a:78:4d:cb:1c:a7:20:
         37:20:8f:c2:cd:4d:a7:67:bd:81:39:0f:c9:8f:bb:fe:28:e1:
         a5:9e:b4:91:a8:5e:8a:68:55:bf:08:89:bf:bd:65:1f:02:6e:
         3f:6e:21:f7:c9:3f:1c:d1:b3:97:02:b7:44:4e:ce:47:47:9e:
         92:a4:e1:fd:05:a4:0b:80:b6:99:83:06:ca:43:c9:23:31:2f:
         5f:7f:20:1e:c0:7c:e6:71:e1:ef:3f:06:df:21:0d:5e:0d:4d:
         4d:ca:b4:4e:f7:65:ef:01:cd:59:3d:a7:79:e7:65:ed:4a:4f:
         e1:3c:d0:27:c1:b9:e8:98:1f:a9:04:0e:29:ee:d4:cf:5d:76:
         8b:e1:7b:6a:f4:65:36:c0:60:c5:3b:0d:c4:35:83:27:5c:db:
         ae:9a:e3:7a:14:c4:82:a3:b9:37:61:c6:79:27:ef:44:57:12:
         a9:5f:c3:bb:56:76:00:94:8e:75:04:20:a8:09:13:45:c3:ab:
         ec:95:66:71:cd:30:32:be:7a:bf:a6:d7:7a:62:a6:fe:45:e4:
         a6:16:9c:5c:ba:21:0c:5e:7a:21:db:53:f9:77:6b:af:f2:c8:
         f0:fd:8e:88:b9:7f:7e:a1:3e:87:9e:e1:c3:e0:e1:29:a0:e0:
         ba:48:33:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XLBOwN7qXZE4If2g5z6+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDBhODRiYWIzZGVmNDFkNmFhYTkwMjhkZTdhNDc1ZDMy
ZDEyYmQwHhcNMjYwMTAyMDYxOTQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzdmMDdkNDNhOWIzOGI3ZjI4NDJmNmY1MjU0YmIwODRmOWVhYTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WyvQvKnAqoDgbduC1dWRaC8Lnph
+rI8I66l5u9Cz5PhKGQEUzRWq9D98Vwt/rxSQKipPk+6YmEVI34CAFio/qGDoiGP
ppzmRTet5mTKXrapHa/ywo6l3sSTkhbTuXPTs8RFnjXg0BHhMufov25GiZRJDAW2
VTG4LYl+KctpMXmjwvmdkxsNAZf3/aICXR0A3Rw6GgnB4lE4o7RGyagb6KGMvb0Q
xiU9h+1RtVSO3EZ/o05JsTseXFZ9pXa/fDhDrnm5n/TqNbMsSV7Nyu98LIwVpCzr
sQuE1Q2cvWkjgwpofE9DK53uk0CNWbQLmmEjGVrX+JYsmnO4RnB3TpkwJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFN/B9Q6mzi38oQvb1JUuwhPnqpGMB8GA1UdIwQY
MBaAFOPQqEurPe9B1qqpAo3npHXTLRK9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlDb1M2czk3MEhXcXFrQ2plZWtkZE10RXIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jYjUxZjUtYTg0My00OWM0LTlmMTkt
MTBlYjhhZGZlYTdlLzEvVTM4SDFEcWJPTGZ5aEM5dlVsUzdDRS1lcWtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jYjUxZjUtYTg0My00OWM0LTlmMTktMTBlYjhhZGZlYTdl
LzEvNDlDb1M2czk3MEhXcXFrQ2plZWtkZE10RXIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue6NMA0G
CSqGSIb3DQEBCwUAA4IBAQB5fqojmrxsWdyvBSp4TcscpyA3II/CzU2nZ72BOQ/J
j7v+KOGlnrSRqF6KaFW/CIm/vWUfAm4/biH3yT8c0bOXArdETs5HR56SpOH9BaQL
gLaZgwbKQ8kjMS9ffyAewHzmceHvPwbfIQ1eDU1NyrRO92XvAc1ZPad552XtSk/h
PNAnwbnomB+pBA4p7tTPXXaL4Xtq9GU2wGDFOw3ENYMnXNuumuN6FMSCo7k3YcZ5
J+9EVxKpX8O7VnYAlI51BCCoCRNFw6vslWZxzTAyvnq/ptd6Yqb+ReSmFpxcuiEM
Xnoh21P5d2uv8sjw/Y6IuX9+oT6HnuHD4OEpoOC6SDOY
-----END CERTIFICATE-----