This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/2_k_HZd8W3XpuxNJe50aSdmXyGk.roa
File:                     2_k_HZd8W3XpuxNJe50aSdmXyGk.roa (raw, json)
Hash identifier:          fblUX67x5XT5dcCCQ4gbZ0xddj2udVIWNnjAZBdQkUU=
Subject key identifier:   DB:F9:3F:1D:97:7C:5B:75:E9:BB:13:49:7B:9D:1A:49:D9:97:C8:69
Certificate issuer:       /CN=4beccc9d1a76e91469cb63b12bf725d7debafb1b
Certificate serial:       019B7AC7A9608AC308E4688D730F0A3DF3F2
Authority key identifier: 4B:EC:CC:9D:1A:76:E9:14:69:CB:63:B1:2B:F7:25:D7:DE:BA:FB:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/2_k_HZd8W3XpuxNJe50aSdmXyGk.roa
Signing time:             Thu 01 Jan 2026 18:17:43 +0000
ROA not before:           Thu 01 Jan 2026 18:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13097
IP address blocks:        185.208.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 18:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:a9:60:8a:c3:08:e4:68:8d:73:0f:0a:3d:f3:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4beccc9d1a76e91469cb63b12bf725d7debafb1b
        Validity
            Not Before: Jan  1 18:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dbf93f1d977c5b75e9bb13497b9d1a49d997c869
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:80:1b:b8:10:d9:56:a9:b6:da:d9:19:61:81:
                    ab:72:ed:99:68:fd:9c:d2:9d:77:e5:3e:4f:92:58:
                    95:d5:79:68:68:a2:9f:c3:84:d7:ea:7e:3f:c9:da:
                    7b:e2:9d:bd:d1:e3:b6:5d:b6:b0:b2:b0:a0:68:7b:
                    79:ad:99:73:66:1a:98:7f:f1:02:7d:f3:74:45:e6:
                    e1:28:c9:70:61:e2:fc:bc:22:20:05:4d:ac:d3:89:
                    11:50:42:6a:e1:61:83:1f:54:15:da:3e:38:48:ae:
                    d6:dd:45:8c:c8:ac:56:b7:74:9d:9d:4e:2f:e8:f6:
                    89:59:42:ea:ba:19:29:5e:87:b9:40:6b:ce:83:a2:
                    c6:5a:24:47:13:35:83:88:95:3a:6c:76:00:53:00:
                    b1:2f:b2:48:95:39:cb:f7:5b:73:8d:26:6d:96:4b:
                    13:85:27:af:7c:e0:88:82:76:0c:84:cd:fa:d7:04:
                    55:c9:25:20:64:cd:18:63:e5:32:15:ea:b5:fd:b2:
                    37:84:6a:56:73:52:53:e3:ba:de:69:33:80:8c:2c:
                    ed:27:9a:a8:f7:9c:8a:51:ee:83:fa:49:cd:73:db:
                    61:f2:cf:a3:69:4a:0e:6f:41:81:09:0b:f1:14:23:
                    fd:1b:39:a1:64:c9:ba:43:30:9d:e4:33:8b:10:ca:
                    40:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:F9:3F:1D:97:7C:5B:75:E9:BB:13:49:7B:9D:1A:49:D9:97:C8:69
            X509v3 Authority Key Identifier:
                keyid:4B:EC:CC:9D:1A:76:E9:14:69:CB:63:B1:2B:F7:25:D7:DE:BA:FB:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S-zMnRp26RRpy2OxK_cl1966-xs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/2_k_HZd8W3XpuxNJe50aSdmXyGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/768f14-a721-46f0-9199-4f4b994e0eb2/1/S-zMnRp26RRpy2OxK_cl1966-xs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:87:13:b5:71:a9:a7:5a:1e:75:63:75:92:49:20:51:b8:56:
         de:57:66:d9:2b:42:80:80:be:80:01:02:57:99:27:0e:ea:96:
         9a:5d:83:3c:a2:56:09:ff:0e:42:38:c4:8f:a4:25:fe:eb:67:
         41:43:77:0d:eb:89:7c:a1:f2:ce:cb:56:b3:22:ba:fe:6f:0d:
         21:40:0d:25:65:d2:24:4b:b5:3d:d1:9a:29:9d:ee:9c:e9:19:
         61:fa:c7:f0:17:bf:c2:c8:a2:2b:fd:2a:1d:f1:7e:2d:4e:f7:
         6a:02:fa:61:e4:d8:69:e8:8b:ea:50:1c:04:11:b3:f4:d5:ff:
         b4:60:d6:ac:d9:67:99:51:0d:6a:65:ad:8d:3f:ff:96:14:66:
         bd:a3:f7:ae:fa:74:6f:77:39:1f:41:af:9a:49:66:0b:75:4e:
         c2:94:c7:b3:ef:4b:d6:d3:62:9c:45:97:22:81:ab:6c:61:00:
         8f:47:78:a0:d5:21:10:c4:60:a1:d2:52:db:65:0b:0d:3b:55:
         63:7e:14:56:12:14:23:ca:e5:e8:48:36:b2:27:4d:bc:44:f0:
         dc:0a:86:d5:02:59:e9:ba:da:10:05:74:76:f8:b3:a9:24:e4:
         cc:0f:b1:aa:12:77:45:20:54:6f:a9:9b:e3:c7:bc:34:f0:61:
         42:5d:0d:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x6lgisMI5GiNcw8KPfPyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZWNjYzlkMWE3NmU5MTQ2OWNiNjNiMTJiZjcyNWQ3ZGVi
YWZiMWIwHhcNMjYwMTAxMTgxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmY5M2YxZDk3N2M1Yjc1ZTliYjEzNDk3YjlkMWE0OWQ5OTdjODY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoAbuBDZVqm22tkZYYGrcu2ZaP2c
0p135T5PkliV1XloaKKfw4TX6n4/ydp74p290eO2XbawsrCgaHt5rZlzZhqYf/EC
ffN0RebhKMlwYeL8vCIgBU2s04kRUEJq4WGDH1QV2j44SK7W3UWMyKxWt3SdnU4v
6PaJWULquhkpXoe5QGvOg6LGWiRHEzWDiJU6bHYAUwCxL7JIlTnL91tzjSZtlksT
hSevfOCIgnYMhM361wRVySUgZM0YY+UyFeq1/bI3hGpWc1JT47reaTOAjCztJ5qo
95yKUe6D+knNc9th8s+jaUoOb0GBCQvxFCP9GzmhZMm6QzCd5DOLEMpAgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNv5Px2XfFt16bsTSXudGknZl8hpMB8GA1UdIwQY
MBaAFEvszJ0adukUactjsSv3JdfeuvsbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUy16TW5ScDI2UlJweTJPeEtfY2wxOTY2LXhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NjhmMTQtYTcyMS00NmYwLTkxOTkt
NGY0Yjk5NGUwZWIyLzEvMl9rX0haZDhXM1hwdXhOSmU1MGFTZG1YeUdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NjhmMTQtYTcyMS00NmYwLTkxOTktNGY0Yjk5NGUwZWIy
LzEvUy16TW5ScDI2UlJweTJPeEtfY2wxOTY2LXhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudCKMA0G
CSqGSIb3DQEBCwUAA4IBAQBzhxO1camnWh51Y3WSSSBRuFbeV2bZK0KAgL6AAQJX
mScO6paaXYM8olYJ/w5COMSPpCX+62dBQ3cN64l8ofLOy1azIrr+bw0hQA0lZdIk
S7U90Zopne6c6Rlh+sfwF7/CyKIr/Sod8X4tTvdqAvph5Nhp6IvqUBwEEbP01f+0
YNas2WeZUQ1qZa2NP/+WFGa9o/eu+nRvdzkfQa+aSWYLdU7ClMez70vW02KcRZci
gatsYQCPR3ig1SEQxGCh0lLbZQsNO1VjfhRWEhQjyuXoSDayJ028RPDcCobVAlnp
utoQBXR2+LOpJOTMD7GqEndFIFRvqZvjx7w08GFCXQ3h
-----END CERTIFICATE-----