This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/isGGHy8n6Mx3Qxa6cma2mC5BgaM.roa
File:                     isGGHy8n6Mx3Qxa6cma2mC5BgaM.roa (raw, json)
Hash identifier:          JFab3suE2h2uiylZTGEMi/0a432UfINqK1XyzbarHl8=
Subject key identifier:   8A:C1:86:1F:2F:27:E8:CC:77:43:16:BA:72:66:B6:98:2E:41:81:A3
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019B7C13A6404A43683F9EA018D3987FDC77
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/isGGHy8n6Mx3Qxa6cma2mC5BgaM.roa
Signing time:             Fri 02 Jan 2026 00:20:21 +0000
ROA not before:           Fri 02 Jan 2026 00:20:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     272611
IP address blocks:        185.238.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 19:40:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:a6:40:4a:43:68:3f:9e:a0:18:d3:98:7f:dc:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 00:20:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8ac1861f2f27e8cc774316ba7266b6982e4181a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:83:1f:7e:6e:36:f7:80:78:c8:9a:77:3d:22:
                    15:b9:cc:14:1e:a2:c1:f3:cf:27:71:1b:4f:2e:d7:
                    36:0d:96:7c:42:8c:eb:d7:10:ac:b7:dd:16:ce:16:
                    b4:f7:8b:e0:45:e3:49:dd:37:81:4a:ba:b0:89:1f:
                    22:6a:47:12:00:35:1f:e2:d3:e9:83:da:87:a4:fb:
                    14:80:c8:70:88:13:19:7a:21:23:2b:a4:9e:a8:1d:
                    28:69:2a:5d:46:12:b6:cb:49:f9:8f:8d:b3:07:4e:
                    27:a9:c2:c3:a4:a6:0d:78:86:f5:2f:67:72:66:d3:
                    8b:a3:d2:83:b7:92:1d:35:7e:a6:a5:cf:1f:21:cb:
                    2e:2d:a6:f2:2f:2d:62:f6:81:fc:bf:d2:99:9b:50:
                    92:3d:b5:d9:d8:94:db:84:7c:49:33:56:68:ee:6b:
                    35:e1:08:2e:e6:da:42:a8:fc:49:1c:2c:64:77:34:
                    95:60:51:5f:b5:60:df:5a:e0:53:0b:19:e9:fe:63:
                    d9:41:03:d8:44:1e:0f:ac:8e:6a:25:4a:a0:96:2e:
                    3b:c4:af:0d:20:32:87:d3:96:ba:6f:ea:50:a5:14:
                    9d:85:d2:2d:da:59:c1:4d:9c:bc:c4:a9:b1:bf:8f:
                    c8:06:4e:bb:34:f6:b3:54:62:4c:b7:0e:98:ca:93:
                    c1:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:C1:86:1F:2F:27:E8:CC:77:43:16:BA:72:66:B6:98:2E:41:81:A3
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/isGGHy8n6Mx3Qxa6cma2mC5BgaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:fe:78:64:cb:39:c8:e3:05:dd:99:11:f2:f1:b9:cd:9a:8b:
         d0:05:3d:4f:93:d7:31:6c:a5:c9:cd:fa:e6:27:7b:02:86:ac:
         2b:a8:ce:38:e2:16:0a:cc:21:d9:be:6c:a7:03:a1:06:ab:c6:
         e1:b9:cc:b3:47:56:6b:0f:2f:91:9b:61:eb:c2:8b:d0:db:52:
         8c:c0:fc:93:7c:e7:bc:9d:47:11:49:f4:b2:ed:cd:5d:0e:1a:
         4c:0e:83:e0:3b:16:80:54:0d:bd:28:2a:e7:d8:c5:93:c1:7f:
         de:08:b8:c3:0c:10:24:b6:11:d9:ce:d1:cc:af:8f:57:e7:ff:
         05:14:3f:e4:a4:78:84:73:7e:ea:39:19:71:36:83:1e:c4:72:
         00:c6:9f:75:64:b0:ff:ca:80:7d:0e:40:f8:1a:f4:c0:8d:a2:
         ae:6b:4e:dd:7a:db:db:61:1a:03:84:04:cf:3c:30:30:a6:59:
         d8:cb:f1:27:33:92:cb:e6:d0:51:cb:56:40:66:30:e5:5f:df:
         65:b3:92:1f:29:57:31:a7:14:af:db:5e:45:5f:3a:65:79:48:
         31:a5:0f:c5:7f:95:4a:96:ca:f8:fe:ce:63:20:88:a1:73:8d:
         99:f2:32:da:70:7f:c7:ea:dc:f1:fb:e0:d6:75:08:da:e3:3f:
         52:a4:36:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E6ZASkNoP56gGNOYf9x3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMTAyMDAyMDIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWMxODYxZjJmMjdlOGNjNzc0MzE2YmE3MjY2YjY5ODJlNDE4MWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1YMffm4294B4yJp3PSIVucwUHqLB
888ncRtPLtc2DZZ8Qozr1xCst90Wzha094vgReNJ3TeBSrqwiR8iakcSADUf4tPp
g9qHpPsUgMhwiBMZeiEjK6SeqB0oaSpdRhK2y0n5j42zB04nqcLDpKYNeIb1L2dy
ZtOLo9KDt5IdNX6mpc8fIcsuLabyLy1i9oH8v9KZm1CSPbXZ2JTbhHxJM1Zo7ms1
4Qgu5tpCqPxJHCxkdzSVYFFftWDfWuBTCxnp/mPZQQPYRB4PrI5qJUqgli47xK8N
IDKH05a6b+pQpRSdhdIt2lnBTZy8xKmxv4/IBk67NPazVGJMtw6YypPBqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIrBhh8vJ+jMd0MWunJmtpguQYGjMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvaXNHR0h5OG42TXgzUXhhNmNtYTJtQzVCZ2FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue7mMA0G
CSqGSIb3DQEBCwUAA4IBAQAZ/nhkyznI4wXdmRHy8bnNmovQBT1Pk9cxbKXJzfrm
J3sChqwrqM444hYKzCHZvmynA6EGq8bhucyzR1ZrDy+Rm2HrwovQ21KMwPyTfOe8
nUcRSfSy7c1dDhpMDoPgOxaAVA29KCrn2MWTwX/eCLjDDBAkthHZztHMr49X5/8F
FD/kpHiEc37qORlxNoMexHIAxp91ZLD/yoB9DkD4GvTAjaKua07detvbYRoDhATP
PDAwplnYy/EnM5LL5tBRy1ZAZjDlX99ls5IfKVcxpxSv215FXzpleUgxpQ/Ff5VK
lsr4/s5jIIihc42Z8jLacH/H6tzx++DWdQja4z9SpDYM
-----END CERTIFICATE-----