This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/kDoooTn7_d9rJiLyXZVvZxYYDxY.roa
File:                     kDoooTn7_d9rJiLyXZVvZxYYDxY.roa (raw, json)
Hash identifier:          OFQHZn0JA/oknUFklltDGx8uk2qRQsfn+A1b0e8eT3g=
Subject key identifier:   90:3A:28:A1:39:FB:FD:DF:6B:26:22:F2:5D:95:6F:67:16:18:0F:16
Certificate issuer:       /CN=e9b1320fbc24d6f4366cb64fcf5ed2d7b1b6bdf7
Certificate serial:       019B7F8318A676B0FCB86B60905C48943E17
Authority key identifier: E9:B1:32:0F:BC:24:D6:F4:36:6C:B6:4F:CF:5E:D2:D7:B1:B6:BD:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6bEyD7wk1vQ2bLZPz17S17G2vfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/kDoooTn7_d9rJiLyXZVvZxYYDxY.roa
Signing time:             Fri 02 Jan 2026 16:20:56 +0000
ROA not before:           Fri 02 Jan 2026 16:20:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198371
IP address blocks:        185.47.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/6bEyD7wk1vQ2bLZPz17S17G2vfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/6bEyD7wk1vQ2bLZPz17S17G2vfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6bEyD7wk1vQ2bLZPz17S17G2vfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 22:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:18:a6:76:b0:fc:b8:6b:60:90:5c:48:94:3e:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9b1320fbc24d6f4366cb64fcf5ed2d7b1b6bdf7
        Validity
            Not Before: Jan  2 16:20:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=903a28a139fbfddf6b2622f25d956f6716180f16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:94:ea:99:63:f6:4c:07:75:fe:af:26:37:e7:
                    ee:38:fa:76:ae:ee:5a:eb:09:c5:48:e8:3c:98:a8:
                    3c:6e:a6:4c:2c:ed:9c:70:fe:d6:9f:51:f8:ba:85:
                    74:92:be:d2:d7:0a:52:8a:8e:c6:1d:4a:d8:b5:bb:
                    49:e1:81:57:7e:88:d0:82:4e:a4:ef:34:e2:67:53:
                    61:3b:26:f7:6b:00:5f:a9:f3:9b:67:4e:f4:72:ea:
                    ad:9d:ec:41:31:48:eb:b3:2d:90:bb:b2:1c:4d:95:
                    67:0f:4b:f9:d2:73:ef:25:28:4b:62:d1:2b:d4:89:
                    19:d9:38:95:bf:64:b6:83:06:11:21:d1:2c:5d:24:
                    89:20:88:3d:85:50:51:a0:4e:13:bf:de:37:42:15:
                    50:9d:11:b9:a4:10:aa:bb:3c:3d:41:6c:8e:f2:9e:
                    f5:38:6d:23:2b:0d:d8:33:ec:a6:5a:8b:7f:67:3f:
                    3f:db:ec:cb:71:92:e6:f4:1f:68:f7:9b:1b:ec:64:
                    e4:13:f9:e5:8e:a5:cf:5d:53:f9:26:fe:56:07:9f:
                    0a:8b:c6:06:0c:ae:df:ce:8d:11:6a:e7:70:09:d5:
                    93:3d:75:4c:76:21:bd:06:b5:88:55:01:a4:e2:01:
                    eb:a4:1e:7d:da:c1:99:47:4e:ba:b3:fc:aa:35:72:
                    56:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:3A:28:A1:39:FB:FD:DF:6B:26:22:F2:5D:95:6F:67:16:18:0F:16
            X509v3 Authority Key Identifier:
                keyid:E9:B1:32:0F:BC:24:D6:F4:36:6C:B6:4F:CF:5E:D2:D7:B1:B6:BD:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6bEyD7wk1vQ2bLZPz17S17G2vfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/kDoooTn7_d9rJiLyXZVvZxYYDxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/6bEyD7wk1vQ2bLZPz17S17G2vfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.47.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:8d:a6:0b:0c:b9:f3:b3:47:15:c1:69:68:06:78:6d:3d:56:
         40:15:6f:9e:54:0d:d0:04:8a:c0:5d:c7:45:1a:bc:7a:f5:45:
         b0:bd:5b:79:ab:a5:73:d4:bc:15:81:ba:68:55:97:6d:3f:97:
         c5:f2:a2:e6:28:9b:43:05:40:e2:bf:1f:be:ed:43:4f:f2:89:
         93:3e:5b:7c:ef:ab:92:e1:1a:8c:ad:1e:29:fa:41:3b:93:4e:
         ac:7f:98:d2:75:0d:d9:44:b9:6c:d5:d6:dd:fe:72:f7:ce:72:
         08:85:fa:46:74:42:ec:28:1b:ef:c9:1e:75:7e:12:24:ce:d3:
         e1:7b:db:56:70:ec:d5:18:78:ec:9e:8c:fc:b9:d7:bc:11:74:
         d7:46:cc:bb:8d:9b:21:3e:c9:c9:74:27:20:57:d0:ea:09:4c:
         3f:41:79:11:be:06:80:54:8b:f9:65:23:2f:c4:9f:f1:25:2e:
         39:d5:83:ce:19:67:67:46:ae:76:95:26:9f:0d:a0:23:3a:25:
         78:be:d2:2b:39:a3:f2:92:35:23:df:86:c5:05:26:65:90:1b:
         4d:41:ca:2b:49:3b:d2:9d:cb:d6:4c:c3:b3:84:b2:b5:f4:37:
         eb:47:cc:31:c5:0b:86:8a:af:f6:6e:8e:33:62:07:cd:a1:db:
         0a:ea:f1:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gximdrD8uGtgkFxIlD4XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YjEzMjBmYmMyNGQ2ZjQzNjZjYjY0ZmNmNWVkMmQ3YjFi
NmJkZjcwHhcNMjYwMTAyMTYyMDU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDNhMjhhMTM5ZmJmZGRmNmIyNjIyZjI1ZDk1NmY2NzE2MTgwZjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJTqmWP2TAd1/q8mN+fuOPp2ru5a
6wnFSOg8mKg8bqZMLO2ccP7Wn1H4uoV0kr7S1wpSio7GHUrYtbtJ4YFXfojQgk6k
7zTiZ1NhOyb3awBfqfObZ070cuqtnexBMUjrsy2Qu7IcTZVnD0v50nPvJShLYtEr
1IkZ2TiVv2S2gwYRIdEsXSSJIIg9hVBRoE4Tv943QhVQnRG5pBCquzw9QWyO8p71
OG0jKw3YM+ymWot/Zz8/2+zLcZLm9B9o95sb7GTkE/nljqXPXVP5Jv5WB58Ki8YG
DK7fzo0RaudwCdWTPXVMdiG9BrWIVQGk4gHrpB592sGZR066s/yqNXJWSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJA6KKE5+/3fayYi8l2Vb2cWGA8WMB8GA1UdIwQY
MBaAFOmxMg+8JNb0Nmy2T89e0textr33MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmJFeUQ3d2sxdlEyYkxaUHoxN1MxN0cydmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9kZjFjYjUtNWY0OC00NmEwLWE3NmUt
ZDNlMjgwMGJkNjQwLzEva0Rvb29UbjdfZDlySmlMeVhaVnZaeFlZRHhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9kZjFjYjUtNWY0OC00NmEwLWE3NmUtZDNlMjgwMGJkNjQw
LzEvNmJFeUQ3d2sxdlEyYkxaUHoxN1MxN0cydmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuS/TMA0G
CSqGSIb3DQEBCwUAA4IBAQBDjaYLDLnzs0cVwWloBnhtPVZAFW+eVA3QBIrAXcdF
Grx69UWwvVt5q6Vz1LwVgbpoVZdtP5fF8qLmKJtDBUDivx++7UNP8omTPlt876uS
4RqMrR4p+kE7k06sf5jSdQ3ZRLls1dbd/nL3znIIhfpGdELsKBvvyR51fhIkztPh
e9tWcOzVGHjsnoz8ude8EXTXRsy7jZshPsnJdCcgV9DqCUw/QXkRvgaAVIv5ZSMv
xJ/xJS451YPOGWdnRq52lSafDaAjOiV4vtIrOaPykjUj34bFBSZlkBtNQcorSTvS
ncvWTMOzhLK19DfrR8wxxQuGiq/2bo4zYgfNodsK6vGq
-----END CERTIFICATE-----