This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/RgoUywwrhOMkM9hkyyCCDYkOuhY.roa
File:                     RgoUywwrhOMkM9hkyyCCDYkOuhY.roa (raw, json)
Hash identifier:          9yeR+QdfmLK7AKDqL67h6s9SKy/1+FaoBCelpytKTuw=
Subject key identifier:   46:0A:14:CB:0C:2B:84:E3:24:33:D8:64:CB:20:82:0D:89:0E:BA:16
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019B21A3ED0355B809F2702874C59AE0A1FB
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/RgoUywwrhOMkM9hkyyCCDYkOuhY.roa
Signing time:             Mon 15 Dec 2025 10:52:29 +0000
ROA not before:           Mon 15 Dec 2025 10:52:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25369
IP address blocks:        138.249.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Dec 2025 04:02:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:21:a3:ed:03:55:b8:09:f2:70:28:74:c5:9a:e0:a1:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Dec 15 10:52:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=460a14cb0c2b84e32433d864cb20820d890eba16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:9a:82:2b:05:ac:17:d6:be:34:1c:de:5f:2b:
                    99:d6:94:67:21:01:07:2f:63:49:ef:c5:a3:2f:7e:
                    9a:9a:b1:0f:78:e2:57:a8:90:12:34:4b:d5:31:b4:
                    15:f3:d2:de:0e:ac:0f:93:fe:ce:0b:e9:b1:40:5b:
                    d5:db:25:33:b6:74:8f:10:0c:40:8d:11:4b:8a:57:
                    06:2d:16:d8:37:7c:e3:4c:10:9d:54:0d:8f:f7:ed:
                    90:23:21:e5:62:1e:42:e3:d8:20:56:73:a3:5e:bd:
                    e3:f8:cf:44:7a:2c:e1:07:1c:d1:bf:ad:74:97:c8:
                    46:9c:0e:a0:74:ed:2d:aa:82:42:4b:91:ae:d9:ea:
                    36:3a:c1:e6:04:93:ba:90:df:f8:85:97:af:29:bb:
                    d7:a2:a0:be:67:9a:79:fb:f8:cc:da:8a:5c:c6:e8:
                    c4:8e:3c:74:12:6a:af:9f:36:7f:79:11:38:ce:ad:
                    ca:69:4d:e9:29:0a:88:c9:70:0b:6c:68:e7:27:7e:
                    b9:4b:f5:bc:69:b1:55:99:40:8a:42:41:db:68:29:
                    90:c1:d0:4a:65:85:cf:01:6d:08:3f:82:cf:90:4e:
                    bb:ee:97:4f:c4:f3:84:d8:56:ad:39:de:86:f8:64:
                    7e:7f:ae:2d:a0:dc:cf:52:bb:e7:ac:3f:e9:51:ad:
                    e2:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:0A:14:CB:0C:2B:84:E3:24:33:D8:64:CB:20:82:0D:89:0E:BA:16
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/RgoUywwrhOMkM9hkyyCCDYkOuhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.249.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:49:29:1e:b9:69:f4:7a:ab:e4:48:29:d1:21:38:ea:d6:e9:
         70:35:71:ae:53:61:ea:f6:ed:4e:7a:db:82:34:07:85:c9:6f:
         e6:b8:eb:b2:be:fc:e4:1b:0b:66:c1:7e:98:f2:4a:ab:4f:f6:
         a0:e9:6e:31:69:03:5b:27:e1:4b:c9:9a:e9:9e:0f:5b:e2:92:
         eb:03:07:b0:d8:6e:05:1d:5a:42:7e:ea:a8:27:82:5c:1e:45:
         4a:70:a5:38:93:c8:01:fb:0b:ce:1b:76:e1:50:5e:c5:8a:79:
         62:f1:d2:bf:ae:57:0b:b4:3c:4d:9a:e1:a6:63:fa:44:11:12:
         5b:9d:6d:30:a9:e8:e6:12:51:62:e3:ab:32:3e:d8:96:3e:2c:
         3c:88:58:25:3e:e3:7f:2d:f0:2a:88:25:73:cb:b3:ce:4c:bf:
         dc:ae:40:90:a9:b9:05:d9:ec:b2:5c:06:d5:06:f8:25:70:8d:
         19:52:e3:54:9a:bc:5b:ce:93:5e:ea:1e:8f:53:e6:92:6f:99:
         1d:b4:fd:04:18:05:23:ba:13:bc:f3:55:27:e1:6a:48:75:75:
         c6:b4:d8:7a:b1:e0:a1:f5:ae:47:63:9f:e6:85:95:30:af:71:
         39:1a:d3:46:52:c6:a4:bc:f0:54:b4:0f:36:21:70:83:b8:2e:
         90:0d:08:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsho+0DVbgJ8nAodMWa4KH7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUxMjE1MTA1MjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjBhMTRjYjBjMmI4NGUzMjQzM2Q4NjRjYjIwODIwZDg5MGViYTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpqCKwWsF9a+NBzeXyuZ1pRnIQEH
L2NJ78WjL36amrEPeOJXqJASNEvVMbQV89LeDqwPk/7OC+mxQFvV2yUztnSPEAxA
jRFLilcGLRbYN3zjTBCdVA2P9+2QIyHlYh5C49ggVnOjXr3j+M9EeizhBxzRv610
l8hGnA6gdO0tqoJCS5Gu2eo2OsHmBJO6kN/4hZevKbvXoqC+Z5p5+/jM2opcxujE
jjx0EmqvnzZ/eRE4zq3KaU3pKQqIyXALbGjnJ365S/W8abFVmUCKQkHbaCmQwdBK
ZYXPAW0IP4LPkE677pdPxPOE2FatOd6G+GR+f64toNzPUrvnrD/pUa3igwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYKFMsMK4TjJDPYZMsggg2JDroWMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvUmdvVXl3d3JoT01rTTloa3l5Q0NEWWtPdWhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAivlyMA0G
CSqGSIb3DQEBCwUAA4IBAQCLSSkeuWn0eqvkSCnRITjq1ulwNXGuU2Hq9u1OetuC
NAeFyW/muOuyvvzkGwtmwX6Y8kqrT/ag6W4xaQNbJ+FLyZrpng9b4pLrAwew2G4F
HVpCfuqoJ4JcHkVKcKU4k8gB+wvOG3bhUF7Finli8dK/rlcLtDxNmuGmY/pEERJb
nW0wqejmElFi46syPtiWPiw8iFglPuN/LfAqiCVzy7POTL/crkCQqbkF2eyyXAbV
BvglcI0ZUuNUmrxbzpNe6h6PU+aSb5kdtP0EGAUjuhO881Un4WpIdXXGtNh6seCh
9a5HY5/mhZUwr3E5GtNGUsakvPBUtA82IXCDuC6QDQjD
-----END CERTIFICATE-----