This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/2agacPd_HSeo5iWC2CnXaC2xZe8.roa
File:                     2agacPd_HSeo5iWC2CnXaC2xZe8.roa (raw, json)
Hash identifier:          YHI/nftFWmJRoE6pDGv7uv3rVMoTsI26akPX3i6AVgc=
Subject key identifier:   D9:A8:1A:70:F7:7F:1D:27:A8:E6:25:82:D8:29:D7:68:2D:B1:65:EF
Certificate issuer:       /CN=f19918ed219e7d3d922737ecdc731f0ca60a68b8
Certificate serial:       019B7F85115AC21E0DAAF500A71FCC1FFA7A
Authority key identifier: F1:99:18:ED:21:9E:7D:3D:92:27:37:EC:DC:73:1F:0C:A6:0A:68:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/2agacPd_HSeo5iWC2CnXaC2xZe8.roa
Signing time:             Fri 02 Jan 2026 16:23:05 +0000
ROA not before:           Fri 02 Jan 2026 16:23:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3360
IP address blocks:        195.66.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:11:5a:c2:1e:0d:aa:f5:00:a7:1f:cc:1f:fa:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f19918ed219e7d3d922737ecdc731f0ca60a68b8
        Validity
            Not Before: Jan  2 16:23:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d9a81a70f77f1d27a8e62582d829d7682db165ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:f3:0f:f5:3c:3c:23:0a:55:b1:25:bd:61:4f:
                    0b:28:21:61:95:62:65:28:ec:fe:b2:8c:2c:0a:59:
                    6c:2d:5c:4c:10:98:b9:7e:7a:7c:45:c8:4d:b5:a9:
                    56:b1:a8:f5:07:08:55:9a:80:43:3c:50:4f:ce:46:
                    13:be:5d:2e:f0:92:fc:d7:4d:98:55:a1:17:b3:da:
                    87:a9:68:b9:54:34:61:1f:cc:ca:bf:1a:4f:e0:96:
                    b4:7d:ac:13:5b:17:27:56:9f:77:ce:27:cf:ec:43:
                    c7:b1:9d:7e:7e:68:de:c7:26:dd:de:a4:3c:9d:f4:
                    18:45:43:70:ec:e3:fc:9a:55:ae:78:27:35:66:33:
                    83:79:29:19:d4:95:5f:24:ca:32:c2:ef:5c:20:79:
                    d8:f2:55:16:0d:15:bd:63:3a:e5:4b:1b:81:bd:62:
                    0f:9d:2a:cc:da:fb:0f:b8:2b:fe:73:2b:1e:35:3a:
                    ea:20:93:0a:a5:a0:b6:e0:31:3f:7f:27:c1:37:fe:
                    44:fc:2c:68:4f:ab:e4:bd:13:a5:7f:c3:56:24:94:
                    a8:27:dc:a8:7e:5d:9f:58:c4:4b:0d:fa:f0:dd:61:
                    e3:fd:21:0b:b2:77:81:7e:7a:ba:f0:77:7b:9b:0b:
                    6c:47:8e:3b:3e:ef:12:32:67:a1:71:07:0d:5b:b3:
                    d8:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:A8:1A:70:F7:7F:1D:27:A8:E6:25:82:D8:29:D7:68:2D:B1:65:EF
            X509v3 Authority Key Identifier:
                keyid:F1:99:18:ED:21:9E:7D:3D:92:27:37:EC:DC:73:1F:0C:A6:0A:68:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/2agacPd_HSeo5iWC2CnXaC2xZe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:5e:b9:c7:26:59:ab:8f:9a:1f:fd:dd:63:83:71:0c:60:4a:
         de:95:1a:45:a7:dc:2e:ce:e9:f6:06:a7:10:ae:75:0e:ad:5c:
         72:cf:0e:ea:8d:1f:68:f1:35:40:aa:57:bc:63:9a:aa:78:ba:
         1d:3f:bc:55:1c:5c:c2:09:f4:e7:2e:cd:80:42:94:bd:c8:7b:
         66:c9:f4:56:3b:43:f7:24:71:95:46:b3:4a:0c:54:14:ea:d2:
         03:5d:13:c4:4d:62:98:db:69:40:be:6c:05:e9:92:1d:f0:34:
         95:f7:19:2a:bb:35:07:53:4c:60:26:75:83:63:95:5c:7e:68:
         12:0b:72:2c:0e:a8:b2:32:1e:01:6e:d1:42:aa:d4:04:36:b5:
         a4:be:69:2d:fc:6a:54:be:3b:21:bc:b4:3e:81:a0:8d:52:54:
         f2:05:61:e5:65:13:ee:c0:1c:c4:04:73:e5:87:d4:45:e7:e6:
         27:4a:51:f2:44:92:00:bd:17:c4:c8:66:05:bb:0e:14:c3:ad:
         13:cc:7b:41:19:e2:32:bb:ca:2d:3e:c0:1c:b8:95:25:b6:ae:
         e6:42:b7:a7:f8:ae:02:7d:11:43:80:d9:7a:e2:65:fd:66:ec:
         ca:7f:24:f8:30:72:32:d4:c2:e4:6d:d8:b5:8f:88:66:fe:42:
         d5:e0:69:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hRFawh4NqvUApx/MH/p6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxOTkxOGVkMjE5ZTdkM2Q5MjI3MzdlY2RjNzMxZjBjYTYw
YTY4YjgwHhcNMjYwMTAyMTYyMzA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWE4MWE3MGY3N2YxZDI3YThlNjI1ODJkODI5ZDc2ODJkYjE2NWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6fMP9Tw8IwpVsSW9YU8LKCFhlWJl
KOz+sowsCllsLVxMEJi5fnp8RchNtalWsaj1BwhVmoBDPFBPzkYTvl0u8JL8102Y
VaEXs9qHqWi5VDRhH8zKvxpP4Ja0fawTWxcnVp93zifP7EPHsZ1+fmjexybd3qQ8
nfQYRUNw7OP8mlWueCc1ZjODeSkZ1JVfJMoywu9cIHnY8lUWDRW9YzrlSxuBvWIP
nSrM2vsPuCv+cyseNTrqIJMKpaC24DE/fyfBN/5E/CxoT6vkvROlf8NWJJSoJ9yo
fl2fWMRLDfrw3WHj/SELsneBfnq68Hd7mwtsR447Pu8SMmehcQcNW7PYfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNmoGnD3fx0nqOYlgtgp12gtsWXvMB8GA1UdIwQY
MBaAFPGZGO0hnn09kic37NxzHwymCmi4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFprWTdTR2VmVDJTSnpmczNITWZES1lLYUxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS82MmIwOTgtNTY4ZC00ODcyLWEwMzIt
MzEzZWZlYjBiMTlkLzEvMmFnYWNQZF9IU2VvNWlXQzJDblhhQzJ4WmU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS82MmIwOTgtNTY4ZC00ODcyLWEwMzItMzEzZWZlYjBiMTlk
LzEvOFprWTdTR2VmVDJTSnpmczNITWZES1lLYUxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0JrMA0G
CSqGSIb3DQEBCwUAA4IBAQAAXrnHJlmrj5of/d1jg3EMYErelRpFp9wuzun2BqcQ
rnUOrVxyzw7qjR9o8TVAqle8Y5qqeLodP7xVHFzCCfTnLs2AQpS9yHtmyfRWO0P3
JHGVRrNKDFQU6tIDXRPETWKY22lAvmwF6ZId8DSV9xkquzUHU0xgJnWDY5VcfmgS
C3IsDqiyMh4BbtFCqtQENrWkvmkt/GpUvjshvLQ+gaCNUlTyBWHlZRPuwBzEBHPl
h9RF5+YnSlHyRJIAvRfEyGYFuw4Uw60TzHtBGeIyu8otPsAcuJUltq7mQren+K4C
fRFDgNl64mX9ZuzKfyT4MHIy1MLkbdi1j4hm/kLV4GlR
-----END CERTIFICATE-----