This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/hPMxlQhgzUjNrkZYsRYINEoQo7k.roa
File:                     hPMxlQhgzUjNrkZYsRYINEoQo7k.roa (raw, json)
Hash identifier:          qt6sWFPQw7IPNXKvgqtKr0sbTGWCAhpURnM2de3HOik=
Subject key identifier:   84:F3:31:95:08:60:CD:48:CD:AE:46:58:B1:16:08:34:4A:10:A3:B9
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       019B7BA49245878C2EEC1FA33B0410085623
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/hPMxlQhgzUjNrkZYsRYINEoQo7k.roa
Signing time:             Thu 01 Jan 2026 22:19:01 +0000
ROA not before:           Thu 01 Jan 2026 22:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44066
IP address blocks:        185.210.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:92:45:87:8c:2e:ec:1f:a3:3b:04:10:08:56:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 22:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=84f331950860cd48cdae4658b11608344a10a3b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:32:6f:4e:61:50:2c:dc:2d:1a:b5:ee:d7:64:
                    e6:ee:b6:75:36:20:cc:1e:bb:57:19:8c:ea:03:a4:
                    f2:f7:1c:d8:86:bc:b4:18:51:16:cc:f3:dd:00:7b:
                    91:06:f0:bd:0b:05:52:d5:23:5c:cc:3a:1a:e3:33:
                    8f:41:d5:fe:0c:fb:eb:15:c3:49:69:79:d5:8c:77:
                    81:5f:3e:af:1f:74:8c:22:21:76:60:f5:18:30:a2:
                    15:f2:60:1d:ea:ab:2c:ab:64:77:ec:23:cf:33:ef:
                    6b:77:99:1e:d2:48:fc:5f:ef:68:fe:a4:d2:cb:af:
                    91:ae:8a:5a:04:a1:65:08:b2:11:c0:ed:82:53:97:
                    7a:fd:3a:de:c4:70:5f:a3:19:c9:db:33:3d:8d:83:
                    64:21:ff:7e:79:42:68:1c:21:cd:ec:24:15:7a:c7:
                    33:b3:bb:ac:13:79:25:dd:dd:43:cc:fb:c5:95:86:
                    0d:35:22:77:78:7b:d2:1d:e3:ea:1b:c3:7b:7d:4b:
                    eb:e6:92:d9:56:f7:01:0d:a4:81:88:a8:28:01:79:
                    4a:b4:92:ed:5a:07:57:08:16:81:54:84:e3:42:4a:
                    9f:19:00:62:17:61:09:5c:42:dc:19:8e:17:7b:13:
                    d9:f8:16:7c:03:fc:72:00:2a:68:08:20:52:8c:29:
                    52:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:F3:31:95:08:60:CD:48:CD:AE:46:58:B1:16:08:34:4A:10:A3:B9
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/hPMxlQhgzUjNrkZYsRYINEoQo7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:fe:db:47:dc:d0:cc:97:d2:6e:64:3b:c9:6b:74:85:48:a7:
         93:9e:ab:2a:8b:f8:e0:bc:be:24:f0:97:e2:48:4c:d2:6c:f9:
         a4:b4:8c:1f:c4:6a:39:c6:57:73:f5:c7:13:1b:a3:4f:e1:d3:
         ea:24:9d:c5:8e:15:be:18:3a:32:ab:99:ad:76:af:0f:da:27:
         8a:d9:fd:d2:e4:58:b4:74:80:48:8d:30:5d:16:c7:f8:cf:eb:
         ad:3c:78:0b:61:56:f7:d7:65:14:74:32:36:3e:5c:11:8c:87:
         12:d4:4f:08:8e:a4:35:51:39:a1:ca:dc:a6:fe:a9:bb:b5:bf:
         63:2f:13:70:a7:2b:51:b4:e9:f3:75:9f:21:08:ce:46:be:f0:
         7d:4d:94:ef:b5:a6:5c:44:30:76:b7:2c:cf:a1:5f:02:94:80:
         c3:a1:f5:dd:e1:69:d1:c9:d6:27:36:a8:9c:83:c3:af:ea:fc:
         86:1a:3e:b5:63:05:d3:0f:a4:f1:79:c7:9b:5c:0f:61:c3:a3:
         60:b0:d6:23:00:84:db:dc:03:ee:4d:e0:64:01:13:fa:20:7c:
         1a:fa:be:f0:53:06:30:33:c0:28:8c:26:54:d4:81:2b:04:7d:
         92:86:5d:dc:77:58:20:45:0e:0e:f6:58:4e:82:6a:79:99:b2:
         25:ec:03:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pJJFh4wu7B+jOwQQCFYjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjYwMTAxMjIxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGYzMzE5NTA4NjBjZDQ4Y2RhZTQ2NThiMTE2MDgzNDRhMTBhM2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjJvTmFQLNwtGrXu12Tm7rZ1NiDM
HrtXGYzqA6Ty9xzYhry0GFEWzPPdAHuRBvC9CwVS1SNczDoa4zOPQdX+DPvrFcNJ
aXnVjHeBXz6vH3SMIiF2YPUYMKIV8mAd6qssq2R37CPPM+9rd5ke0kj8X+9o/qTS
y6+RropaBKFlCLIRwO2CU5d6/TrexHBfoxnJ2zM9jYNkIf9+eUJoHCHN7CQVescz
s7usE3kl3d1DzPvFlYYNNSJ3eHvSHePqG8N7fUvr5pLZVvcBDaSBiKgoAXlKtJLt
WgdXCBaBVITjQkqfGQBiF2EJXELcGY4XexPZ+BZ8A/xyACpoCCBSjClS5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFITzMZUIYM1Iza5GWLEWCDRKEKO5MB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvaFBNeGxRaGd6VWpOcmtaWXNSWUlORW9RbzdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudKJMA0G
CSqGSIb3DQEBCwUAA4IBAQA3/ttH3NDMl9JuZDvJa3SFSKeTnqsqi/jgvL4k8Jfi
SEzSbPmktIwfxGo5xldz9ccTG6NP4dPqJJ3FjhW+GDoyq5mtdq8P2ieK2f3S5Fi0
dIBIjTBdFsf4z+utPHgLYVb312UUdDI2PlwRjIcS1E8IjqQ1UTmhytym/qm7tb9j
LxNwpytRtOnzdZ8hCM5GvvB9TZTvtaZcRDB2tyzPoV8ClIDDofXd4WnRydYnNqic
g8Ov6vyGGj61YwXTD6TxecebXA9hw6NgsNYjAITb3APuTeBkARP6IHwa+r7wUwYw
M8AojCZU1IErBH2Shl3cd1ggRQ4O9lhOgmp5mbIl7ANf
-----END CERTIFICATE-----