This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/708b4d-a63f-439d-9cce-148abff919ad/1/bU_6jYeoULQ5cmwXMFiWLFBuBqw.roa
File:                     bU_6jYeoULQ5cmwXMFiWLFBuBqw.roa (raw, json)
Hash identifier:          RO8BXt2ZgZKfrDL72bFJWFqlC3jg76pa5ceJ9+7Pztg=
Subject key identifier:   6D:4F:FA:8D:87:A8:50:B4:39:72:6C:17:30:58:96:2C:50:6E:06:AC
Certificate issuer:       /CN=1bfc7738cd0fd0e0447f9d749ce6a39047fdcbac
Certificate serial:       019B791041F025EAB445574DAF6C28C52B81
Authority key identifier: 1B:FC:77:38:CD:0F:D0:E0:44:7F:9D:74:9C:E6:A3:90:47:FD:CB:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G_x3OM0P0OBEf510nOajkEf9y6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/708b4d-a63f-439d-9cce-148abff919ad/1/bU_6jYeoULQ5cmwXMFiWLFBuBqw.roa
Signing time:             Thu 01 Jan 2026 10:17:47 +0000
ROA not before:           Thu 01 Jan 2026 10:17:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204694
IP address blocks:        185.243.72.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/708b4d-a63f-439d-9cce-148abff919ad/1/G_x3OM0P0OBEf510nOajkEf9y6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/708b4d-a63f-439d-9cce-148abff919ad/1/G_x3OM0P0OBEf510nOajkEf9y6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G_x3OM0P0OBEf510nOajkEf9y6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 Jan 2026 10:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:41:f0:25:ea:b4:45:57:4d:af:6c:28:c5:2b:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bfc7738cd0fd0e0447f9d749ce6a39047fdcbac
        Validity
            Not Before: Jan  1 10:17:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6d4ffa8d87a850b439726c173058962c506e06ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:84:7e:42:2f:9c:f5:56:25:33:6b:fc:86:1a:
                    f7:ba:c2:b5:b9:73:e6:fb:06:91:23:09:4f:0e:cb:
                    8b:7e:b9:16:78:1f:df:fa:d4:f5:2b:1d:f9:cf:e2:
                    cd:72:dc:77:af:f8:c7:9c:55:e0:3b:55:48:75:08:
                    c3:55:15:f8:49:0b:89:e9:42:1b:8f:9b:1c:9a:29:
                    5c:7f:47:5f:3d:10:6c:3a:b8:f5:22:e4:8a:b0:2b:
                    64:80:27:dd:54:d8:20:24:cd:60:8d:00:14:2c:18:
                    dc:cb:17:4e:b9:46:d4:a6:07:50:5a:2d:c3:b8:9b:
                    d0:20:4d:fa:ab:06:5c:ac:28:64:67:40:61:90:b0:
                    72:cc:0d:7a:8d:43:bd:25:bb:1f:00:fd:40:42:3c:
                    14:73:1e:fa:1f:a5:13:f4:60:19:ca:bd:0e:2f:cc:
                    06:df:9a:f9:d7:6e:b7:e0:f5:f3:81:d7:c7:8d:d2:
                    f3:b5:08:07:3f:fb:50:a9:46:47:43:79:1e:5e:ad:
                    85:7c:b7:58:6f:95:f9:b0:e2:e2:d1:54:be:de:97:
                    f7:e9:5a:8f:2a:ca:1a:0a:cf:71:a4:cd:b1:9f:fb:
                    2e:1c:41:ad:cd:c2:4c:3a:c7:34:c2:47:5f:8f:38:
                    2f:9c:3b:91:b8:13:88:b9:e2:c0:48:6f:d9:65:17:
                    ba:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:4F:FA:8D:87:A8:50:B4:39:72:6C:17:30:58:96:2C:50:6E:06:AC
            X509v3 Authority Key Identifier:
                keyid:1B:FC:77:38:CD:0F:D0:E0:44:7F:9D:74:9C:E6:A3:90:47:FD:CB:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G_x3OM0P0OBEf510nOajkEf9y6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/708b4d-a63f-439d-9cce-148abff919ad/1/bU_6jYeoULQ5cmwXMFiWLFBuBqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/708b4d-a63f-439d-9cce-148abff919ad/1/G_x3OM0P0OBEf510nOajkEf9y6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:d4:86:e1:d2:0c:b8:c0:41:01:3c:82:83:0d:7f:a0:d7:8a:
         58:42:07:5e:d9:90:24:e8:ca:e6:8d:97:c9:33:e7:4e:b2:54:
         db:d8:23:4a:87:1e:8c:76:18:b6:11:6a:f4:55:01:40:fd:30:
         fb:03:98:2b:79:e5:d5:97:0b:d3:f8:a5:73:c2:01:2d:ce:c6:
         9f:0c:0f:39:d2:b4:f8:84:05:e5:5c:1c:af:15:b3:91:19:f8:
         bf:4a:89:50:2a:77:7f:4f:3f:12:f6:cf:c6:07:00:ab:37:7e:
         41:b1:75:42:f0:10:4a:cd:1f:cd:79:eb:e6:6f:34:be:58:10:
         5e:5e:2d:89:a5:39:b6:9d:a5:f8:74:83:99:da:fd:1e:9c:16:
         9c:af:3c:19:9c:c4:64:e3:ff:d4:73:16:ed:db:99:30:36:29:
         35:cd:c3:a2:00:f1:74:15:46:08:1d:3f:5e:dc:a6:2f:45:c1:
         40:a3:d5:8e:bc:4a:84:5e:6b:dd:60:2e:c2:62:e6:66:b8:b4:
         04:2c:2e:13:1b:17:dc:ec:23:17:ec:52:68:f3:1a:0c:5d:0e:
         1c:d3:2e:d6:14:ff:44:00:4e:5c:73:53:2f:b4:df:33:f0:48:
         c4:64:fa:66:cd:b3:b6:72:63:2f:1d:91:c6:b1:8a:f9:d1:52:
         ca:0b:d5:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EEHwJeq0RVdNr2woxSuBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZmM3NzM4Y2QwZmQwZTA0NDdmOWQ3NDljZTZhMzkwNDdm
ZGNiYWMwHhcNMjYwMTAxMTAxNzQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDRmZmE4ZDg3YTg1MGI0Mzk3MjZjMTczMDU4OTYyYzUwNmUwNmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4R+Qi+c9VYlM2v8hhr3usK1uXPm
+waRIwlPDsuLfrkWeB/f+tT1Kx35z+LNctx3r/jHnFXgO1VIdQjDVRX4SQuJ6UIb
j5scmilcf0dfPRBsOrj1IuSKsCtkgCfdVNggJM1gjQAULBjcyxdOuUbUpgdQWi3D
uJvQIE36qwZcrChkZ0BhkLByzA16jUO9JbsfAP1AQjwUcx76H6UT9GAZyr0OL8wG
35r512634PXzgdfHjdLztQgHP/tQqUZHQ3keXq2FfLdYb5X5sOLi0VS+3pf36VqP
KsoaCs9xpM2xn/suHEGtzcJMOsc0wkdfjzgvnDuRuBOIueLASG/ZZRe6WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG1P+o2HqFC0OXJsFzBYlixQbgasMB8GA1UdIwQY
MBaAFBv8dzjND9DgRH+ddJzmo5BH/cusMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR194M09NMFAwT0JFZjUxMG5PYWprRWY5eTZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS83MDhiNGQtYTYzZi00MzlkLTljY2Ut
MTQ4YWJmZjkxOWFkLzEvYlVfNmpZZW9VTFE1Y213WE1GaVdMRkJ1QnF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS83MDhiNGQtYTYzZi00MzlkLTljY2UtMTQ4YWJmZjkxOWFk
LzEvR194M09NMFAwT0JFZjUxMG5PYWprRWY5eTZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufNIMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ1Ibh0gy4wEEBPIKDDX+g14pYQgde2ZAk6MrmjZfJ
M+dOslTb2CNKhx6Mdhi2EWr0VQFA/TD7A5greeXVlwvT+KVzwgEtzsafDA850rT4
hAXlXByvFbORGfi/SolQKnd/Tz8S9s/GBwCrN35BsXVC8BBKzR/NeevmbzS+WBBe
Xi2JpTm2naX4dIOZ2v0enBacrzwZnMRk4//Ucxbt25kwNik1zcOiAPF0FUYIHT9e
3KYvRcFAo9WOvEqEXmvdYC7CYuZmuLQELC4TGxfc7CMX7FJo8xoMXQ4c0y7WFP9E
AE5cc1MvtN8z8EjEZPpmzbO2cmMvHZHGsYr50VLKC9XK
-----END CERTIFICATE-----