This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/9428c6-b576-41c3-985d-234e0d176325/1/6kFMzdPUiPyPGezO_LNVEuK0DIM.roa
File:                     6kFMzdPUiPyPGezO_LNVEuK0DIM.roa (raw, json)
Hash identifier:          WJQe2ZZPHaA7iIzboHAZGY2K/WcsjYy2+zN7bgpDUoI=
Subject key identifier:   EA:41:4C:CD:D3:D4:88:FC:8F:19:EC:CE:FC:B3:55:12:E2:B4:0C:83
Certificate issuer:       /CN=67cf3ba3002ed7e23a4bd2e978b3abac327fd0d8
Certificate serial:       019B7E38358D228517446C282779D258872D
Authority key identifier: 67:CF:3B:A3:00:2E:D7:E2:3A:4B:D2:E9:78:B3:AB:AC:32:7F:D0:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z887owAu1-I6S9LpeLOrrDJ_0Ng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/9428c6-b576-41c3-985d-234e0d176325/1/6kFMzdPUiPyPGezO_LNVEuK0DIM.roa
Signing time:             Fri 02 Jan 2026 10:19:31 +0000
ROA not before:           Fri 02 Jan 2026 10:19:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39704
IP address blocks:        194.69.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/9428c6-b576-41c3-985d-234e0d176325/1/Z887owAu1-I6S9LpeLOrrDJ_0Ng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/9428c6-b576-41c3-985d-234e0d176325/1/Z887owAu1-I6S9LpeLOrrDJ_0Ng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z887owAu1-I6S9LpeLOrrDJ_0Ng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:35:8d:22:85:17:44:6c:28:27:79:d2:58:87:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67cf3ba3002ed7e23a4bd2e978b3abac327fd0d8
        Validity
            Not Before: Jan  2 10:19:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ea414ccdd3d488fc8f19eccefcb35512e2b40c83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a9:cc:ff:7b:af:e6:35:24:c2:e7:77:8b:8b:
                    8f:37:53:a8:26:43:2a:49:e7:e6:b4:34:fe:b4:8d:
                    fd:da:15:61:3a:01:a1:81:9f:6e:db:ff:0f:94:64:
                    2c:d3:2f:54:eb:8a:5f:44:8c:bc:03:ea:be:cf:45:
                    9f:33:1e:77:d0:9c:58:22:75:1b:4f:89:7d:10:f7:
                    d7:e7:ec:6b:82:a7:75:16:8b:f6:4c:b1:17:19:6f:
                    c8:c4:0f:04:b7:98:66:0e:eb:1d:58:2f:d6:e0:88:
                    6d:75:e1:93:c4:5c:ab:b3:61:69:eb:fa:76:59:a1:
                    62:b2:fe:e7:4a:0e:4a:22:e0:a3:5f:94:b1:4f:ae:
                    1c:39:36:d9:c3:62:5f:54:73:91:56:f7:2d:5c:33:
                    0d:bb:69:71:ab:51:9b:c1:8c:fc:bd:66:30:bf:85:
                    2c:0c:99:c5:ff:ef:b2:f9:4d:a0:d9:a4:c3:c4:fb:
                    e4:7e:e2:9d:1c:32:a9:9c:89:71:e2:dd:9e:f7:99:
                    40:e0:63:25:67:d5:a6:9e:ad:24:a1:46:d6:f5:b8:
                    d2:40:7e:c0:0f:25:b4:d8:97:1f:bc:53:ef:c1:06:
                    02:f2:e0:50:b0:25:e5:05:e2:df:d5:d9:2a:b3:f4:
                    3b:4c:4d:e5:16:e2:93:b9:9a:0c:31:34:5c:21:ab:
                    7d:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:41:4C:CD:D3:D4:88:FC:8F:19:EC:CE:FC:B3:55:12:E2:B4:0C:83
            X509v3 Authority Key Identifier:
                keyid:67:CF:3B:A3:00:2E:D7:E2:3A:4B:D2:E9:78:B3:AB:AC:32:7F:D0:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z887owAu1-I6S9LpeLOrrDJ_0Ng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/9428c6-b576-41c3-985d-234e0d176325/1/6kFMzdPUiPyPGezO_LNVEuK0DIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/9428c6-b576-41c3-985d-234e0d176325/1/Z887owAu1-I6S9LpeLOrrDJ_0Ng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.69.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:a7:07:78:1d:9f:dc:45:92:53:85:c1:94:b7:cc:40:10:48:
         20:47:a3:0a:71:7d:c6:45:cf:8d:1a:54:f1:c7:8f:10:08:45:
         45:e2:39:c5:dc:7d:18:f7:be:4e:73:a6:9e:c1:5b:e8:7a:a4:
         83:5f:a4:90:7e:b5:b2:06:f1:d7:32:8a:bf:2d:23:79:34:e2:
         bb:a5:f5:27:c0:2f:88:3b:35:5f:5c:67:23:49:ce:a6:98:1e:
         0c:2f:8b:df:23:f6:59:ac:22:cb:f7:dd:ee:57:54:c4:1e:98:
         a6:98:e6:31:a7:09:9e:c8:cc:00:34:38:7f:c0:de:d9:93:1f:
         36:3d:51:0c:6a:7b:e8:35:67:fd:c3:13:0d:81:f7:1a:38:31:
         d1:36:4e:73:6d:c9:00:ff:f2:ba:65:34:a9:80:79:2f:68:69:
         6c:c9:b6:78:cc:15:dc:0d:10:28:68:ed:c4:e8:f6:fa:a5:51:
         54:a6:4e:c0:c0:47:6a:79:59:18:79:b8:7d:4b:e8:84:cc:f0:
         6b:c8:fe:3d:c7:1b:b8:52:5d:d5:66:24:e8:78:09:dd:3a:75:
         d9:07:54:c2:9c:0f:13:ec:3f:4d:f1:37:c9:2a:93:19:3d:b6:
         80:86:b8:ce:d1:5f:bb:0d:a6:d8:1c:b4:86:22:76:af:fc:6e:
         46:76:c3:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+ODWNIoUXRGwoJ3nSWIctMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3Y2YzYmEzMDAyZWQ3ZTIzYTRiZDJlOTc4YjNhYmFjMzI3
ZmQwZDgwHhcNMjYwMTAyMTAxOTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTQxNGNjZGQzZDQ4OGZjOGYxOWVjY2VmY2IzNTUxMmUyYjQwYzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqnM/3uv5jUkwud3i4uPN1OoJkMq
SefmtDT+tI392hVhOgGhgZ9u2/8PlGQs0y9U64pfRIy8A+q+z0WfMx530JxYInUb
T4l9EPfX5+xrgqd1Fov2TLEXGW/IxA8Et5hmDusdWC/W4IhtdeGTxFyrs2Fp6/p2
WaFisv7nSg5KIuCjX5SxT64cOTbZw2JfVHORVvctXDMNu2lxq1GbwYz8vWYwv4Us
DJnF/++y+U2g2aTDxPvkfuKdHDKpnIlx4t2e95lA4GMlZ9Wmnq0koUbW9bjSQH7A
DyW02JcfvFPvwQYC8uBQsCXlBeLf1dkqs/Q7TE3lFuKTuZoMMTRcIat9iQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOpBTM3T1Ij8jxnszvyzVRLitAyDMB8GA1UdIwQY
MBaAFGfPO6MALtfiOkvS6Xizq6wyf9DYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjg4N293QXUxLUk2UzlMcGVMT3JyREpfME5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy85NDI4YzYtYjU3Ni00MWMzLTk4NWQt
MjM0ZTBkMTc2MzI1LzEvNmtGTXpkUFVpUHlQR2V6T19MTlZFdUswRElNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy85NDI4YzYtYjU3Ni00MWMzLTk4NWQtMjM0ZTBkMTc2MzI1
LzEvWjg4N293QXUxLUk2UzlMcGVMT3JyREpfME5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkXMMA0G
CSqGSIb3DQEBCwUAA4IBAQAqpwd4HZ/cRZJThcGUt8xAEEggR6MKcX3GRc+NGlTx
x48QCEVF4jnF3H0Y975Oc6aewVvoeqSDX6SQfrWyBvHXMoq/LSN5NOK7pfUnwC+I
OzVfXGcjSc6mmB4ML4vfI/ZZrCLL993uV1TEHpimmOYxpwmeyMwANDh/wN7Zkx82
PVEManvoNWf9wxMNgfcaODHRNk5zbckA//K6ZTSpgHkvaGlsybZ4zBXcDRAoaO3E
6Pb6pVFUpk7AwEdqeVkYebh9S+iEzPBryP49xxu4Ul3VZiToeAndOnXZB1TCnA8T
7D9N8TfJKpMZPbaAhrjO0V+7DabYHLSGInav/G5GdsPo
-----END CERTIFICATE-----