This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/dea149-4fb8-4978-a46b-33985db8047a/1/eibg4ZEnhDAF0BIGFxRMgi-8alw.roa
File:                     eibg4ZEnhDAF0BIGFxRMgi-8alw.roa (raw, json)
Hash identifier:          K0SZCBFUjjQRjunsDhj0Z17K3KIWoaFscZhyHqRSICA=
Subject key identifier:   7A:26:E0:E1:91:27:84:30:05:D0:12:06:17:14:4C:82:2F:BC:6A:5C
Certificate issuer:       /CN=a24cf90329c47ba343a66cd65d38833a357b5955
Certificate serial:       019B797EB92D8BB59A573623156D5AEAB984
Authority key identifier: A2:4C:F9:03:29:C4:7B:A3:43:A6:6C:D6:5D:38:83:3A:35:7B:59:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/okz5AynEe6NDpmzWXTiDOjV7WVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/dea149-4fb8-4978-a46b-33985db8047a/1/eibg4ZEnhDAF0BIGFxRMgi-8alw.roa
Signing time:             Thu 01 Jan 2026 12:18:26 +0000
ROA not before:           Thu 01 Jan 2026 12:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198949
IP address blocks:        185.217.28.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/dea149-4fb8-4978-a46b-33985db8047a/1/okz5AynEe6NDpmzWXTiDOjV7WVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/dea149-4fb8-4978-a46b-33985db8047a/1/okz5AynEe6NDpmzWXTiDOjV7WVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/okz5AynEe6NDpmzWXTiDOjV7WVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 12:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:b9:2d:8b:b5:9a:57:36:23:15:6d:5a:ea:b9:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a24cf90329c47ba343a66cd65d38833a357b5955
        Validity
            Not Before: Jan  1 12:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7a26e0e19127843005d0120617144c822fbc6a5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:36:e9:f5:ec:da:30:3e:70:95:ae:0e:d1:e6:
                    6d:06:e8:60:c5:c8:11:7c:f6:8b:6c:78:2b:4e:ab:
                    49:7e:41:41:53:10:f9:dd:c9:0e:bf:75:d2:a9:c1:
                    6c:ae:12:dc:5c:74:8d:7a:21:5a:59:c9:79:ff:11:
                    d7:fb:ef:70:1e:93:8c:e9:38:64:0e:ad:37:64:2c:
                    bb:ce:62:9c:54:f7:d3:3f:ac:39:c1:c6:73:29:e2:
                    9f:10:51:be:f4:2c:52:2a:80:69:e4:71:3d:0a:af:
                    ed:82:d0:8c:dc:e2:7b:3c:93:ba:45:a5:7b:ce:61:
                    9b:a5:a5:88:22:2f:d7:84:94:27:c3:8a:5f:cd:d4:
                    7f:f8:f1:60:2a:0b:7a:16:9d:ac:36:88:3d:e4:19:
                    86:4b:67:5b:5c:0c:83:45:21:83:1f:bc:5d:97:56:
                    fd:3b:45:c9:2e:d4:d0:d7:6e:27:09:3c:bf:96:29:
                    a0:75:3e:d5:52:33:56:60:a5:36:0a:25:33:80:91:
                    2c:50:18:e2:bb:e8:1d:db:70:5e:12:56:d2:b2:27:
                    f4:51:57:aa:52:02:e0:85:22:f4:38:e5:11:21:b5:
                    5d:ee:20:2a:a3:97:e4:09:6b:25:81:0f:f0:bd:24:
                    9b:ac:88:d6:79:6d:96:1f:08:a8:21:11:8f:f8:eb:
                    ad:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:26:E0:E1:91:27:84:30:05:D0:12:06:17:14:4C:82:2F:BC:6A:5C
            X509v3 Authority Key Identifier:
                keyid:A2:4C:F9:03:29:C4:7B:A3:43:A6:6C:D6:5D:38:83:3A:35:7B:59:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/okz5AynEe6NDpmzWXTiDOjV7WVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/dea149-4fb8-4978-a46b-33985db8047a/1/eibg4ZEnhDAF0BIGFxRMgi-8alw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/dea149-4fb8-4978-a46b-33985db8047a/1/okz5AynEe6NDpmzWXTiDOjV7WVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:3d:f8:db:6d:80:e8:30:88:86:64:4d:01:fd:b9:90:f8:af:
         0d:87:67:1b:e5:59:53:f9:3d:0a:9c:18:7c:84:35:4a:d9:cb:
         03:b9:aa:66:ad:43:3d:08:65:e1:cc:2c:57:83:1f:3b:b2:42:
         cf:8e:95:77:1f:8b:24:17:cd:40:1b:0e:19:bd:57:cf:02:2a:
         7f:4c:98:f4:d6:1d:e6:d0:fe:e4:a2:2e:33:b1:50:9b:96:97:
         21:e3:94:bf:df:42:ef:69:ec:12:fe:f6:2f:53:9c:33:3a:a7:
         a6:df:16:29:a6:18:bd:58:be:da:17:88:31:d9:8d:ef:01:dc:
         d2:05:a9:c7:82:ce:f3:31:5b:64:85:31:bb:41:ab:f5:85:97:
         a6:48:f6:13:b1:f6:cf:4d:9b:27:d1:3e:a1:a6:5e:33:93:66:
         e3:2d:dc:9b:5d:fa:86:76:0f:37:fe:3e:47:46:bc:43:5f:70:
         49:ec:44:23:a6:32:e3:ea:08:90:ef:ce:05:17:72:81:93:96:
         c7:05:1a:7c:ef:67:a7:76:d3:3d:b6:47:3a:2c:81:7e:a5:ff:
         85:0b:c8:12:c2:1b:61:c9:2f:c2:0a:75:30:5d:d1:6e:9e:6e:
         fa:b0:d2:83:1b:45:52:7a:de:0c:84:4f:f2:02:1e:f2:de:46:
         42:5d:dc:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5frkti7WaVzYjFW1a6rmEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNGNmOTAzMjljNDdiYTM0M2E2NmNkNjVkMzg4MzNhMzU3
YjU5NTUwHhcNMjYwMTAxMTIxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTI2ZTBlMTkxMjc4NDMwMDVkMDEyMDYxNzE0NGM4MjJmYmM2YTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDbp9ezaMD5wla4O0eZtBuhgxcgR
fPaLbHgrTqtJfkFBUxD53ckOv3XSqcFsrhLcXHSNeiFaWcl5/xHX++9wHpOM6Thk
Dq03ZCy7zmKcVPfTP6w5wcZzKeKfEFG+9CxSKoBp5HE9Cq/tgtCM3OJ7PJO6RaV7
zmGbpaWIIi/XhJQnw4pfzdR/+PFgKgt6Fp2sNog95BmGS2dbXAyDRSGDH7xdl1b9
O0XJLtTQ124nCTy/limgdT7VUjNWYKU2CiUzgJEsUBjiu+gd23BeElbSsif0UVeq
UgLghSL0OOURIbVd7iAqo5fkCWslgQ/wvSSbrIjWeW2WHwioIRGP+OutrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHom4OGRJ4QwBdASBhcUTIIvvGpcMB8GA1UdIwQY
MBaAFKJM+QMpxHujQ6Zs1l04gzo1e1lVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2t6NUF5bkVlNk5EcG16V1hUaURPalY3V1ZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9kZWExNDktNGZiOC00OTc4LWE0NmIt
MzM5ODVkYjgwNDdhLzEvZWliZzRaRW5oREFGMEJJR0Z4Uk1naS04YWx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9kZWExNDktNGZiOC00OTc4LWE0NmItMzM5ODVkYjgwNDdh
LzEvb2t6NUF5bkVlNk5EcG16V1hUaURPalY3V1ZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudkcMA0G
CSqGSIb3DQEBCwUAA4IBAQCTPfjbbYDoMIiGZE0B/bmQ+K8Nh2cb5VlT+T0KnBh8
hDVK2csDuapmrUM9CGXhzCxXgx87skLPjpV3H4skF81AGw4ZvVfPAip/TJj01h3m
0P7koi4zsVCblpch45S/30LvaewS/vYvU5wzOqem3xYpphi9WL7aF4gx2Y3vAdzS
BanHgs7zMVtkhTG7Qav1hZemSPYTsfbPTZsn0T6hpl4zk2bjLdybXfqGdg83/j5H
RrxDX3BJ7EQjpjLj6giQ784FF3KBk5bHBRp872endtM9tkc6LIF+pf+FC8gSwhth
yS/CCnUwXdFunm76sNKDG0VSet4MhE/yAh7y3kZCXdyT
-----END CERTIFICATE-----