This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/118e24-742b-4392-8dfa-071518e0573e/1/bNsvbdSJD0WI7Ewm9hgAe8yTIz4.roa
File:                     bNsvbdSJD0WI7Ewm9hgAe8yTIz4.roa (raw, json)
Hash identifier:          fjVFQSNrjHzCOHsMITQUOhjzFotcFBmj0QqIbMKaS7M=
Subject key identifier:   6C:DB:2F:6D:D4:89:0F:45:88:EC:4C:26:F6:18:00:7B:CC:93:23:3E
Certificate issuer:       /CN=69f7352d07135623e33f5a7e62925d4bab722fc6
Certificate serial:       019B77C66811E5EBE3B50C34D23CBE9EFA55
Authority key identifier: 69:F7:35:2D:07:13:56:23:E3:3F:5A:7E:62:92:5D:4B:AB:72:2F:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/afc1LQcTViPjP1p-YpJdS6tyL8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/118e24-742b-4392-8dfa-071518e0573e/1/bNsvbdSJD0WI7Ewm9hgAe8yTIz4.roa
Signing time:             Thu 01 Jan 2026 04:17:30 +0000
ROA not before:           Thu 01 Jan 2026 04:17:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8075
IP address blocks:        178.251.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/118e24-742b-4392-8dfa-071518e0573e/1/afc1LQcTViPjP1p-YpJdS6tyL8Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/118e24-742b-4392-8dfa-071518e0573e/1/afc1LQcTViPjP1p-YpJdS6tyL8Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/afc1LQcTViPjP1p-YpJdS6tyL8Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 16:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:68:11:e5:eb:e3:b5:0c:34:d2:3c:be:9e:fa:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69f7352d07135623e33f5a7e62925d4bab722fc6
        Validity
            Not Before: Jan  1 04:17:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6cdb2f6dd4890f4588ec4c26f618007bcc93233e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:4f:c0:b0:ab:90:25:b5:34:1d:8e:29:b0:c3:
                    7d:e1:0a:2f:bc:e8:af:51:8d:69:dd:0c:9e:0f:a9:
                    cc:5c:b7:94:bd:ec:fe:10:9a:9a:5b:db:8d:dd:b3:
                    71:77:d6:cb:50:25:08:21:b5:74:86:98:8c:d5:fe:
                    c4:11:19:55:85:af:b2:79:4e:ee:02:e5:82:7e:71:
                    0c:21:38:54:fb:8d:0d:c2:2e:e0:66:9f:fa:4b:82:
                    be:5c:a2:d5:52:1c:f4:bd:92:ff:ec:84:67:2e:d8:
                    4d:3a:56:a8:7a:d3:80:d5:64:99:96:c0:c3:f6:8f:
                    46:43:3c:ab:7a:73:d1:b5:66:2a:65:6e:ff:5d:b7:
                    c6:9a:ed:a8:52:65:82:89:a7:53:95:3e:8f:2b:37:
                    b0:f9:93:a1:37:2c:8b:4e:b7:a7:43:19:28:10:c6:
                    9c:44:ac:ed:ba:5e:c4:90:3c:fd:8b:f0:26:78:4a:
                    6b:60:06:8a:6b:c2:59:57:66:24:4a:02:43:43:0c:
                    af:c1:88:8a:9c:4d:58:3a:af:23:4d:c6:11:38:fb:
                    7c:38:a5:f7:9a:32:ef:f9:8a:82:4d:c1:55:65:97:
                    09:55:8b:40:c9:05:84:5e:a8:3a:52:45:ba:cb:97:
                    5b:7a:14:f8:05:b1:21:25:55:7f:90:5e:08:cd:ac:
                    17:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:DB:2F:6D:D4:89:0F:45:88:EC:4C:26:F6:18:00:7B:CC:93:23:3E
            X509v3 Authority Key Identifier:
                keyid:69:F7:35:2D:07:13:56:23:E3:3F:5A:7E:62:92:5D:4B:AB:72:2F:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/afc1LQcTViPjP1p-YpJdS6tyL8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/118e24-742b-4392-8dfa-071518e0573e/1/bNsvbdSJD0WI7Ewm9hgAe8yTIz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/118e24-742b-4392-8dfa-071518e0573e/1/afc1LQcTViPjP1p-YpJdS6tyL8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.251.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:e9:32:17:a0:da:29:d9:7a:94:07:ab:08:3c:4b:ed:7b:d3:
         28:d7:10:46:5a:4b:54:17:e4:d6:ad:d0:85:38:20:e6:50:35:
         f1:f7:fb:93:52:75:25:58:0d:78:bb:2b:57:ad:7b:90:7e:73:
         6f:ef:ee:64:3e:2b:03:cc:30:5f:48:27:6d:bc:74:90:f4:69:
         ef:3d:c0:0b:df:aa:d4:76:bd:8d:cd:f2:47:d7:86:38:81:05:
         58:23:6a:6f:75:c9:63:11:35:5a:fa:b1:9f:7c:cb:7b:40:f0:
         ed:fe:cb:c7:b6:67:81:db:f0:52:c8:5a:10:00:00:9c:a9:0c:
         9e:26:79:9c:7f:45:f0:30:ea:0d:86:89:e4:13:99:4a:42:d4:
         b3:df:b8:12:c7:f2:36:20:fe:1a:eb:9a:ad:64:08:b3:fd:fd:
         c5:07:ed:dc:0a:e0:b4:a2:60:7b:65:b7:63:91:4c:92:39:75:
         3c:37:56:df:6b:f9:90:17:de:9a:68:e5:82:ed:68:5d:f2:5c:
         f2:16:b5:33:74:47:fe:0a:65:73:2a:b2:31:ec:b7:78:92:8f:
         67:23:a9:50:0b:45:72:99:98:13:8f:73:3b:d0:f5:b8:80:ac:
         e1:4f:59:cf:2d:e0:85:f4:4a:57:7a:a8:fa:1f:c0:b0:7e:76:
         c0:ca:f6:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xmgR5evjtQw00jy+nvpVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZjczNTJkMDcxMzU2MjNlMzNmNWE3ZTYyOTI1ZDRiYWI3
MjJmYzYwHhcNMjYwMTAxMDQxNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2RiMmY2ZGQ0ODkwZjQ1ODhlYzRjMjZmNjE4MDA3YmNjOTMyMzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuU/AsKuQJbU0HY4psMN94QovvOiv
UY1p3QyeD6nMXLeUvez+EJqaW9uN3bNxd9bLUCUIIbV0hpiM1f7EERlVha+yeU7u
AuWCfnEMIThU+40Nwi7gZp/6S4K+XKLVUhz0vZL/7IRnLthNOlaoetOA1WSZlsDD
9o9GQzyrenPRtWYqZW7/XbfGmu2oUmWCiadTlT6PKzew+ZOhNyyLTrenQxkoEMac
RKztul7EkDz9i/AmeEprYAaKa8JZV2YkSgJDQwyvwYiKnE1YOq8jTcYROPt8OKX3
mjLv+YqCTcFVZZcJVYtAyQWEXqg6UkW6y5dbehT4BbEhJVV/kF4IzawXrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGzbL23UiQ9FiOxMJvYYAHvMkyM+MB8GA1UdIwQY
MBaAFGn3NS0HE1Yj4z9afmKSXUurci/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWZjMUxRY1RWaVBqUDFwLVlwSmRTNnR5TDhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8xMThlMjQtNzQyYi00MzkyLThkZmEt
MDcxNTE4ZTA1NzNlLzEvYk5zdmJkU0pEMFdJN0V3bTloZ0FlOHlUSXo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8xMThlMjQtNzQyYi00MzkyLThkZmEtMDcxNTE4ZTA1NzNl
LzEvYWZjMUxRY1RWaVBqUDFwLVlwSmRTNnR5TDhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsvsVMA0G
CSqGSIb3DQEBCwUAA4IBAQC/6TIXoNop2XqUB6sIPEvte9Mo1xBGWktUF+TWrdCF
OCDmUDXx9/uTUnUlWA14uytXrXuQfnNv7+5kPisDzDBfSCdtvHSQ9GnvPcAL36rU
dr2NzfJH14Y4gQVYI2pvdcljETVa+rGffMt7QPDt/svHtmeB2/BSyFoQAACcqQye
Jnmcf0XwMOoNhonkE5lKQtSz37gSx/I2IP4a65qtZAiz/f3FB+3cCuC0omB7Zbdj
kUySOXU8N1bfa/mQF96aaOWC7Whd8lzyFrUzdEf+CmVzKrIx7Ld4ko9nI6lQC0Vy
mZgTj3M70PW4gKzhT1nPLeCF9EpXeqj6H8CwfnbAyvaY
-----END CERTIFICATE-----