This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/2adc39-3630-425f-af29-fbb0d3c10423/1/0WZc2xB5hVDGIEXjZ-HhqIhObPU.roa
File:                     0WZc2xB5hVDGIEXjZ-HhqIhObPU.roa (raw, json)
Hash identifier:          yv7agGUqeUNNQCncCwHxi4NpbbYoTQ6AYByrG78CfM4=
Subject key identifier:   D1:66:5C:DB:10:79:85:50:C6:20:45:E3:67:E1:E1:A8:88:4E:6C:F5
Certificate issuer:       /CN=b16abdd9420f04ba9c1cd2c34dc7b352988af8d9
Certificate serial:       019B79ECD63B22F63065C0C3E9DABD417C35
Authority key identifier: B1:6A:BD:D9:42:0F:04:BA:9C:1C:D2:C3:4D:C7:B3:52:98:8A:F8:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sWq92UIPBLqcHNLDTcezUpiK-Nk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/2adc39-3630-425f-af29-fbb0d3c10423/1/0WZc2xB5hVDGIEXjZ-HhqIhObPU.roa
Signing time:             Thu 01 Jan 2026 14:18:43 +0000
ROA not before:           Thu 01 Jan 2026 14:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8315
IP address blocks:        2.56.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/2adc39-3630-425f-af29-fbb0d3c10423/1/sWq92UIPBLqcHNLDTcezUpiK-Nk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/2adc39-3630-425f-af29-fbb0d3c10423/1/sWq92UIPBLqcHNLDTcezUpiK-Nk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sWq92UIPBLqcHNLDTcezUpiK-Nk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:d6:3b:22:f6:30:65:c0:c3:e9:da:bd:41:7c:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b16abdd9420f04ba9c1cd2c34dc7b352988af8d9
        Validity
            Not Before: Jan  1 14:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d1665cdb10798550c62045e367e1e1a8884e6cf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:47:bb:e5:f1:33:a6:d4:5a:8e:e2:33:2d:32:
                    83:37:31:6e:82:ac:d2:78:9d:10:13:05:c4:24:f7:
                    8c:e8:cd:bb:bb:3d:a6:0d:d0:ce:dd:a8:41:5f:13:
                    7c:5c:c9:21:46:c1:55:bd:92:33:26:22:ec:89:da:
                    fc:dc:05:2c:3c:d2:27:d9:15:32:3d:61:83:8b:51:
                    e7:d7:7a:7f:27:82:06:30:80:7c:1c:7f:e2:6c:21:
                    cb:d9:e2:f3:07:76:19:55:05:5b:92:a8:2f:ac:cc:
                    cb:25:0b:28:0d:c8:e6:56:4b:e4:58:81:c6:db:15:
                    44:51:81:57:47:7f:d4:9f:8d:2f:13:28:62:03:ca:
                    2d:7b:26:10:39:f6:5b:40:61:1a:1d:d1:dd:84:5e:
                    55:a7:c1:c1:2b:60:72:72:d4:c9:4d:bf:1d:0d:cb:
                    02:55:67:fd:54:54:39:ff:ab:14:57:94:95:0b:f5:
                    5a:70:77:36:bc:94:bf:f5:63:76:bd:7d:05:0d:19:
                    c6:5f:93:09:bd:c0:2b:f4:5f:3c:28:58:43:3f:76:
                    fb:10:92:e3:ed:e4:b7:13:a4:54:9c:e0:d6:6c:e9:
                    68:de:8d:cc:f3:80:d3:cd:62:19:ce:f9:46:b4:05:
                    f1:c3:cf:1c:21:27:da:09:44:07:b9:1b:c7:e3:b8:
                    e5:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:66:5C:DB:10:79:85:50:C6:20:45:E3:67:E1:E1:A8:88:4E:6C:F5
            X509v3 Authority Key Identifier:
                keyid:B1:6A:BD:D9:42:0F:04:BA:9C:1C:D2:C3:4D:C7:B3:52:98:8A:F8:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sWq92UIPBLqcHNLDTcezUpiK-Nk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/2adc39-3630-425f-af29-fbb0d3c10423/1/0WZc2xB5hVDGIEXjZ-HhqIhObPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/2adc39-3630-425f-af29-fbb0d3c10423/1/sWq92UIPBLqcHNLDTcezUpiK-Nk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:06:c3:0c:28:87:d1:7e:19:6a:05:34:0f:1c:b3:8c:67:64:
         2a:90:69:77:e9:f3:2b:a5:75:68:d5:24:db:c8:ee:99:e4:67:
         db:92:a0:91:00:ee:fc:3b:21:ce:49:22:7e:7e:2c:20:44:fe:
         ff:23:be:ac:3a:1b:d6:fb:ba:c9:cb:5b:58:32:2f:82:77:a6:
         dc:6d:21:df:b8:3b:61:32:3b:1b:0b:8d:8a:02:d1:af:86:66:
         71:78:12:c6:78:b8:40:fa:11:01:ac:6f:7c:9b:94:cd:c6:1f:
         1c:f2:f5:b0:48:06:ac:59:5e:eb:77:28:08:9b:40:f3:0d:1f:
         e3:2b:49:cf:48:14:c8:d2:73:25:10:a3:14:6d:83:7d:51:e4:
         2a:c5:66:d2:ba:0b:bc:8b:43:07:8d:26:0f:bb:36:2d:2f:83:
         5c:e1:a6:44:65:b9:90:47:be:ba:88:7f:ea:14:b9:03:8f:16:
         97:a2:ca:4d:c0:c9:a0:5c:38:8e:66:be:8e:a4:b9:a7:08:05:
         5b:b0:f4:6a:e1:bf:5f:43:71:6d:e0:e2:98:56:42:8c:07:98:
         a1:54:20:9e:f4:9d:5b:1a:c1:20:ff:78:78:d2:45:60:4d:91:
         f5:e5:e9:d0:c2:1f:29:d5:76:83:9d:6e:60:0a:97:dc:f4:3c:
         b5:62:88:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57NY7IvYwZcDD6dq9QXw1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNmFiZGQ5NDIwZjA0YmE5YzFjZDJjMzRkYzdiMzUyOTg4
YWY4ZDkwHhcNMjYwMTAxMTQxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTY2NWNkYjEwNzk4NTUwYzYyMDQ1ZTM2N2UxZTFhODg4NGU2Y2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAske75fEzptRajuIzLTKDNzFugqzS
eJ0QEwXEJPeM6M27uz2mDdDO3ahBXxN8XMkhRsFVvZIzJiLsidr83AUsPNIn2RUy
PWGDi1Hn13p/J4IGMIB8HH/ibCHL2eLzB3YZVQVbkqgvrMzLJQsoDcjmVkvkWIHG
2xVEUYFXR3/Un40vEyhiA8oteyYQOfZbQGEaHdHdhF5Vp8HBK2ByctTJTb8dDcsC
VWf9VFQ5/6sUV5SVC/VacHc2vJS/9WN2vX0FDRnGX5MJvcAr9F88KFhDP3b7EJLj
7eS3E6RUnODWbOlo3o3M84DTzWIZzvlGtAXxw88cISfaCUQHuRvH47jl9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFmXNsQeYVQxiBF42fh4aiITmz1MB8GA1UdIwQY
MBaAFLFqvdlCDwS6nBzSw03Hs1KYivjZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1dxOTJVSVBCTHFjSE5MRFRjZXpVcGlLLU5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8yYWRjMzktMzYzMC00MjVmLWFmMjkt
ZmJiMGQzYzEwNDIzLzEvMFdaYzJ4QjVoVkRHSUVYalotSGhxSWhPYlBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8yYWRjMzktMzYzMC00MjVmLWFmMjktZmJiMGQzYzEwNDIz
LzEvc1dxOTJVSVBCTHFjSE5MRFRjZXpVcGlLLU5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjirMA0G
CSqGSIb3DQEBCwUAA4IBAQCoBsMMKIfRfhlqBTQPHLOMZ2QqkGl36fMrpXVo1STb
yO6Z5GfbkqCRAO78OyHOSSJ+fiwgRP7/I76sOhvW+7rJy1tYMi+Cd6bcbSHfuDth
MjsbC42KAtGvhmZxeBLGeLhA+hEBrG98m5TNxh8c8vWwSAasWV7rdygIm0DzDR/j
K0nPSBTI0nMlEKMUbYN9UeQqxWbSugu8i0MHjSYPuzYtL4Nc4aZEZbmQR766iH/q
FLkDjxaXospNwMmgXDiOZr6OpLmnCAVbsPRq4b9fQ3Ft4OKYVkKMB5ihVCCe9J1b
GsEg/3h40kVgTZH15enQwh8p1XaDnW5gCpfc9Dy1Yois
-----END CERTIFICATE-----