This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/2hbC2fRcwVVGLuxr3y8s9IdUqJ0.roa
File:                     2hbC2fRcwVVGLuxr3y8s9IdUqJ0.roa (raw, json)
Hash identifier:          WENyhbzOdCYh/WeleDC3Eb7ZL7vwxD85NmDsUD+Ca/o=
Subject key identifier:   DA:16:C2:D9:F4:5C:C1:55:46:2E:EC:6B:DF:2F:2C:F4:87:54:A8:9D
Certificate issuer:       /CN=c5a7c3f4b14693512202595a8a4f95b0d6b7a101
Certificate serial:       019B7A5A7FE723006E585B64E2E125D57B28
Authority key identifier: C5:A7:C3:F4:B1:46:93:51:22:02:59:5A:8A:4F:95:B0:D6:B7:A1:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xafD9LFGk1EiAllaik-VsNa3oQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/2hbC2fRcwVVGLuxr3y8s9IdUqJ0.roa
Signing time:             Thu 01 Jan 2026 16:18:29 +0000
ROA not before:           Thu 01 Jan 2026 16:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     789
IP address blocks:        134.158.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/xafD9LFGk1EiAllaik-VsNa3oQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/xafD9LFGk1EiAllaik-VsNa3oQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xafD9LFGk1EiAllaik-VsNa3oQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:7f:e7:23:00:6e:58:5b:64:e2:e1:25:d5:7b:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5a7c3f4b14693512202595a8a4f95b0d6b7a101
        Validity
            Not Before: Jan  1 16:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da16c2d9f45cc155462eec6bdf2f2cf48754a89d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ae:c6:87:69:9e:b4:4a:9a:55:fd:cb:45:6a:
                    d5:d6:b5:25:46:34:4a:9d:f3:de:b3:6d:bc:45:fd:
                    65:52:d0:ed:1e:c9:6d:47:d8:fe:60:5b:77:9a:cd:
                    46:33:bc:47:95:8a:77:29:29:a7:41:30:12:ff:5e:
                    bc:4b:39:cb:97:07:63:b0:03:cd:e7:4d:6e:9e:17:
                    15:8f:7e:7f:2c:f3:43:9d:09:22:71:61:03:24:d5:
                    e4:20:7e:fa:93:d0:22:59:83:dd:34:8c:d3:75:ea:
                    ec:f4:76:79:1f:92:28:ce:5d:f8:6f:3e:55:5c:a1:
                    f9:6a:06:23:df:eb:d9:ea:df:ed:bd:a7:46:bd:8b:
                    7e:52:80:0e:6b:51:56:53:73:69:b1:72:f2:2a:3a:
                    40:fa:33:61:d8:09:a9:83:5a:b7:3d:03:46:8e:cd:
                    b2:6c:34:01:d5:0b:19:24:9e:7f:a5:b9:3b:4c:35:
                    be:42:9d:09:27:3d:af:a3:34:74:cd:11:69:9c:bb:
                    3b:59:78:9d:71:19:78:8e:04:2a:c2:c9:f3:85:24:
                    18:ed:37:75:5d:7e:c5:d4:05:b7:e3:bb:69:c5:2f:
                    aa:12:98:b0:da:c2:ec:9e:51:74:b8:c5:35:d2:4c:
                    bf:e5:be:de:41:a2:14:40:1c:1c:6b:f1:e1:93:21:
                    ed:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:16:C2:D9:F4:5C:C1:55:46:2E:EC:6B:DF:2F:2C:F4:87:54:A8:9D
            X509v3 Authority Key Identifier:
                keyid:C5:A7:C3:F4:B1:46:93:51:22:02:59:5A:8A:4F:95:B0:D6:B7:A1:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xafD9LFGk1EiAllaik-VsNa3oQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/2hbC2fRcwVVGLuxr3y8s9IdUqJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/xafD9LFGk1EiAllaik-VsNa3oQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.158.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7c:c6:bb:d4:fe:5b:bd:c8:48:fd:96:7f:f1:e2:f1:15:f9:e1:
         b7:52:5a:1a:e8:db:7c:6e:f3:27:38:f3:f5:14:34:de:c0:cc:
         1e:75:20:5d:57:56:82:b6:41:14:a9:c6:9c:58:53:27:0d:62:
         5b:13:94:97:89:bf:78:96:6d:0f:c7:14:8e:b8:c3:b2:7d:8f:
         08:41:aa:97:d6:05:9b:60:9b:15:31:5a:9e:d3:b7:93:f3:7d:
         c7:a7:26:92:16:cd:52:11:e5:af:e2:ba:a5:6e:8d:c2:2b:82:
         c5:97:ea:6c:61:57:df:1d:c7:25:7e:6e:7a:56:28:54:fc:15:
         de:ec:ed:f6:22:46:41:24:6b:16:71:2e:1d:46:87:3b:63:fa:
         34:69:9c:8b:b7:71:ab:73:1c:79:ff:81:06:c1:26:b5:97:a1:
         59:60:f7:60:5d:2b:24:bb:df:d7:43:26:a8:0b:d3:82:b3:4f:
         6b:0f:49:4c:18:16:d5:b6:eb:be:3d:9b:77:63:ed:1d:b7:5a:
         92:d3:9a:10:7c:7f:9d:67:f8:1a:4c:44:8f:97:c0:dc:7d:7b:
         55:80:bc:9b:05:68:f4:81:66:07:af:4e:e2:b6:bc:04:18:36:
         aa:f0:c5:bb:02:4f:8b:1b:c1:08:41:58:19:62:f4:80:16:df:
         2d:19:03:d8
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt6Wn/nIwBuWFtk4uEl1XsoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1YTdjM2Y0YjE0NjkzNTEyMjAyNTk1YThhNGY5NWIwZDZi
N2ExMDEwHhcNMjYwMTAxMTYxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTE2YzJkOWY0NWNjMTU1NDYyZWVjNmJkZjJmMmNmNDg3NTRhODlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAua7Gh2metEqaVf3LRWrV1rUlRjRK
nfPes228Rf1lUtDtHsltR9j+YFt3ms1GM7xHlYp3KSmnQTAS/168SznLlwdjsAPN
501unhcVj35/LPNDnQkicWEDJNXkIH76k9AiWYPdNIzTders9HZ5H5Iozl34bz5V
XKH5agYj3+vZ6t/tvadGvYt+UoAOa1FWU3NpsXLyKjpA+jNh2Ampg1q3PQNGjs2y
bDQB1QsZJJ5/pbk7TDW+Qp0JJz2vozR0zRFpnLs7WXidcRl4jgQqwsnzhSQY7Td1
XX7F1AW347tpxS+qEpiw2sLsnlF0uMU10ky/5b7eQaIUQBwca/HhkyHtdQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFNoWwtn0XMFVRi7sa98vLPSHVKidMB8GA1UdIwQY
MBaAFMWnw/SxRpNRIgJZWopPlbDWt6EBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGFmRDlMRkdrMUVpQWxsYWlrLVZzTmEzb1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8zYTNiMmMtNzZiOS00OWI0LTgyMTgt
ZDEyZjFlMjQ1NmJhLzEvMmhiQzJmUmN3VlZHTHV4cjN5OHM5SWRVcUowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8zYTNiMmMtNzZiOS00OWI0LTgyMTgtZDEyZjFlMjQ1NmJh
LzEveGFmRDlMRkdrMUVpQWxsYWlrLVZzTmEzb1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhp4wDQYJ
KoZIhvcNAQELBQADggEBAHzGu9T+W73ISP2Wf/Hi8RX54bdSWhro23xu8yc48/UU
NN7AzB51IF1XVoK2QRSpxpxYUycNYlsTlJeJv3iWbQ/HFI64w7J9jwhBqpfWBZtg
mxUxWp7Tt5PzfcenJpIWzVIR5a/iuqVujcIrgsWX6mxhV98dxyV+bnpWKFT8Fd7s
7fYiRkEkaxZxLh1Ghztj+jRpnIu3catzHHn/gQbBJrWXoVlg92BdKyS739dDJqgL
04KzT2sPSUwYFtW26749m3dj7R23WpLTmhB8f51n+BpMRI+XwNx9e1WAvJsFaPSB
ZgevTuK2vAQYNqrwxbsCT4sbwQhBWBli9IAW3y0ZA9g=
-----END CERTIFICATE-----