This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/f9462b-3749-44bb-84ee-ecd8a2474a02/1/2mDBUtF183-0RSLjJBliu1rIQO8.roa
File:                     2mDBUtF183-0RSLjJBliu1rIQO8.roa (raw, json)
Hash identifier:          3lzqCQHb4j0yU8pcFwYiFLfqy0BLZUaM9oBjKILthJw=
Subject key identifier:   DA:60:C1:52:D1:75:F3:7F:B4:45:22:E3:24:19:62:BB:5A:C8:40:EF
Certificate issuer:       /CN=342e6536b2e74220ef4b092bc090cc4c250f3ed6
Certificate serial:       019B7C12E6E3E186146B973AC7C04B48C041
Authority key identifier: 34:2E:65:36:B2:E7:42:20:EF:4B:09:2B:C0:90:CC:4C:25:0F:3E:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NC5lNrLnQiDvSwkrwJDMTCUPPtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/f9462b-3749-44bb-84ee-ecd8a2474a02/1/2mDBUtF183-0RSLjJBliu1rIQO8.roa
Signing time:             Fri 02 Jan 2026 00:19:32 +0000
ROA not before:           Fri 02 Jan 2026 00:19:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215071
IP address blocks:        185.241.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/f9462b-3749-44bb-84ee-ecd8a2474a02/1/NC5lNrLnQiDvSwkrwJDMTCUPPtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/f9462b-3749-44bb-84ee-ecd8a2474a02/1/NC5lNrLnQiDvSwkrwJDMTCUPPtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NC5lNrLnQiDvSwkrwJDMTCUPPtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:e6:e3:e1:86:14:6b:97:3a:c7:c0:4b:48:c0:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=342e6536b2e74220ef4b092bc090cc4c250f3ed6
        Validity
            Not Before: Jan  2 00:19:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da60c152d175f37fb44522e3241962bb5ac840ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:0b:ef:5d:f1:ae:21:bf:c8:35:9d:52:ea:70:
                    80:34:f0:52:18:16:88:00:da:01:4b:db:a2:cb:2d:
                    0c:d4:ba:16:11:81:d4:2f:38:74:b9:e6:f7:13:87:
                    94:cc:e2:34:08:e8:e9:ef:ab:d8:a4:84:a5:4e:a4:
                    2e:fd:e8:50:0d:4a:06:1b:ea:c2:af:ef:25:d0:27:
                    3d:bb:35:57:4b:9c:29:14:07:c0:bd:25:99:c7:46:
                    4e:4d:ba:57:ac:a8:dc:96:59:8e:21:df:7b:3b:47:
                    8d:1e:09:9b:3c:99:2b:18:65:b7:cb:4c:01:9f:bc:
                    f4:a5:f0:9e:d0:35:2d:cf:f7:b0:17:99:2e:02:03:
                    dc:9b:b6:28:12:09:c4:e3:d5:a5:d9:b1:c3:0b:90:
                    54:c4:99:12:fd:08:73:ac:17:c8:57:a0:88:21:64:
                    e6:df:bc:08:8a:38:9c:36:9e:23:08:9e:7e:01:64:
                    f5:bb:39:73:5b:50:50:5d:05:06:7a:75:39:7a:26:
                    43:a8:b5:38:d1:41:e1:fc:f0:91:70:cb:dc:8f:7e:
                    c6:26:b1:48:a2:f7:ac:df:19:60:d7:f3:f7:f0:cf:
                    c8:a3:10:48:6d:03:c8:7c:9e:b2:ac:6e:5b:ea:b1:
                    90:11:d7:ca:66:c1:1e:72:f8:e9:7a:57:05:a2:b7:
                    7b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:60:C1:52:D1:75:F3:7F:B4:45:22:E3:24:19:62:BB:5A:C8:40:EF
            X509v3 Authority Key Identifier:
                keyid:34:2E:65:36:B2:E7:42:20:EF:4B:09:2B:C0:90:CC:4C:25:0F:3E:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NC5lNrLnQiDvSwkrwJDMTCUPPtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f9462b-3749-44bb-84ee-ecd8a2474a02/1/2mDBUtF183-0RSLjJBliu1rIQO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f9462b-3749-44bb-84ee-ecd8a2474a02/1/NC5lNrLnQiDvSwkrwJDMTCUPPtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:97:fe:3a:b7:27:fe:b1:d4:88:30:b9:fe:42:f5:7a:42:87:
         e7:6a:4c:00:b4:b5:bf:f1:f5:bb:01:d6:28:0a:d6:98:b8:f5:
         8d:5f:26:e5:74:f1:4e:c5:ec:3f:5f:f7:b4:99:d2:3e:01:4b:
         0d:0b:9b:f7:81:a0:a0:10:2f:de:8a:fa:fa:b8:83:b5:13:43:
         e6:19:0d:fd:52:d2:bd:48:24:05:e9:fc:06:37:53:d6:07:13:
         0c:de:af:6b:e2:3a:c6:02:99:b3:81:62:24:02:00:83:58:65:
         47:94:75:25:d4:c2:65:3e:9e:fc:b7:99:28:ae:9d:07:09:65:
         94:84:68:81:70:71:2e:04:d9:46:89:09:a8:0b:09:83:91:d9:
         ec:92:78:54:1a:c5:3b:1b:ce:36:61:6a:67:11:3a:fd:a8:06:
         2e:26:22:fe:d3:b3:ea:3a:dd:6e:7c:95:18:73:13:f2:2d:15:
         aa:dd:bd:ef:96:e0:91:57:65:6d:ef:e3:0a:84:0a:51:3b:d2:
         b4:37:fe:9b:3b:60:6c:b3:71:1b:5b:2c:ed:1b:14:08:e9:37:
         4e:20:e4:1b:f1:b5:47:41:50:20:48:a1:ea:03:36:5e:c9:11:
         79:26:4d:b5:eb:3a:67:8d:c1:65:ae:71:b8:b9:7a:9f:2f:9f:
         fc:f6:89:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Eubj4YYUa5c6x8BLSMBBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MmU2NTM2YjJlNzQyMjBlZjRiMDkyYmMwOTBjYzRjMjUw
ZjNlZDYwHhcNMjYwMTAyMDAxOTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTYwYzE1MmQxNzVmMzdmYjQ0NTIyZTMyNDE5NjJiYjVhYzg0MGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwvvXfGuIb/INZ1S6nCANPBSGBaI
ANoBS9uiyy0M1LoWEYHULzh0ueb3E4eUzOI0COjp76vYpISlTqQu/ehQDUoGG+rC
r+8l0Cc9uzVXS5wpFAfAvSWZx0ZOTbpXrKjcllmOId97O0eNHgmbPJkrGGW3y0wB
n7z0pfCe0DUtz/ewF5kuAgPcm7YoEgnE49Wl2bHDC5BUxJkS/QhzrBfIV6CIIWTm
37wIijicNp4jCJ5+AWT1uzlzW1BQXQUGenU5eiZDqLU40UHh/PCRcMvcj37GJrFI
oves3xlg1/P38M/IoxBIbQPIfJ6yrG5b6rGQEdfKZsEecvjpelcFord7KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNpgwVLRdfN/tEUi4yQZYrtayEDvMB8GA1UdIwQY
MBaAFDQuZTay50Ig70sJK8CQzEwlDz7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkM1bE5yTG5RaUR2U3drcndKRE1UQ1VQUHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9mOTQ2MmItMzc0OS00NGJiLTg0ZWUt
ZWNkOGEyNDc0YTAyLzEvMm1EQlV0RjE4My0wUlNMakpCbGl1MXJJUU84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9mOTQ2MmItMzc0OS00NGJiLTg0ZWUtZWNkOGEyNDc0YTAy
LzEvTkM1bE5yTG5RaUR2U3drcndKRE1UQ1VQUHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufEnMA0G
CSqGSIb3DQEBCwUAA4IBAQCGl/46tyf+sdSIMLn+QvV6QofnakwAtLW/8fW7AdYo
CtaYuPWNXybldPFOxew/X/e0mdI+AUsNC5v3gaCgEC/eivr6uIO1E0PmGQ39UtK9
SCQF6fwGN1PWBxMM3q9r4jrGApmzgWIkAgCDWGVHlHUl1MJlPp78t5korp0HCWWU
hGiBcHEuBNlGiQmoCwmDkdnsknhUGsU7G842YWpnETr9qAYuJiL+07PqOt1ufJUY
cxPyLRWq3b3vluCRV2Vt7+MKhApRO9K0N/6bO2Bss3EbWyztGxQI6TdOIOQb8bVH
QVAgSKHqAzZeyRF5Jk216zpnjcFlrnG4uXqfL5/89omO
-----END CERTIFICATE-----