This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/1e3eb4-5dcf-47d9-bc46-e3fc53791490/1/2qvSkbHTsb98tl7LYwqPesWPH0g.roa
File:                     2qvSkbHTsb98tl7LYwqPesWPH0g.roa (raw, json)
Hash identifier:          Y4264CBO/wnBYQA3v/iM8WdJyQ6sBIxNEIMB+ic9wcM=
Subject key identifier:   DA:AB:D2:91:B1:D3:B1:BF:7C:B6:5E:CB:63:0A:8F:7A:C5:8F:1F:48
Certificate issuer:       /CN=dfd8641e328aa5d19c960d4891cf8677ce1289e7
Certificate serial:       019B76EB47B42D65311A80231338F5F111AB
Authority key identifier: DF:D8:64:1E:32:8A:A5:D1:9C:96:0D:48:91:CF:86:77:CE:12:89:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/39hkHjKKpdGclg1Ikc-Gd84Siec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/1e3eb4-5dcf-47d9-bc46-e3fc53791490/1/2qvSkbHTsb98tl7LYwqPesWPH0g.roa
Signing time:             Thu 01 Jan 2026 00:18:09 +0000
ROA not before:           Thu 01 Jan 2026 00:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209873
IP address blocks:        176.118.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/1e3eb4-5dcf-47d9-bc46-e3fc53791490/1/39hkHjKKpdGclg1Ikc-Gd84Siec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/1e3eb4-5dcf-47d9-bc46-e3fc53791490/1/39hkHjKKpdGclg1Ikc-Gd84Siec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/39hkHjKKpdGclg1Ikc-Gd84Siec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:47:b4:2d:65:31:1a:80:23:13:38:f5:f1:11:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfd8641e328aa5d19c960d4891cf8677ce1289e7
        Validity
            Not Before: Jan  1 00:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=daabd291b1d3b1bf7cb65ecb630a8f7ac58f1f48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:55:2d:ca:7f:53:10:61:f7:6d:06:7a:94:0d:
                    ea:0a:8b:d6:4e:32:33:7d:a4:00:94:d0:b3:14:63:
                    e1:1c:d0:2e:b1:31:35:0d:86:ce:be:24:8e:e9:c5:
                    c5:cd:33:73:bc:2a:af:f9:0c:3e:97:c1:46:16:b5:
                    c0:f2:2b:b5:1e:71:44:b4:c7:21:71:b1:e5:02:8f:
                    18:22:c2:f1:d6:6a:61:a2:68:8e:b3:b1:c1:d9:25:
                    13:45:e3:c5:6f:8a:0e:ae:6d:20:c7:b3:e1:01:9e:
                    bc:e1:19:06:6d:7b:f9:7e:1d:7a:36:24:04:a4:69:
                    33:86:52:0a:d7:05:df:11:7b:ff:ea:4a:ae:f7:ff:
                    e1:53:e8:65:67:6a:00:60:dd:27:32:ca:85:31:7f:
                    f2:95:1d:9d:24:23:6d:97:33:ce:72:bc:5e:1a:24:
                    3d:7d:89:49:c2:1b:eb:33:21:fd:a9:5f:77:ae:5e:
                    d4:56:f5:7c:65:f6:30:44:87:a2:48:f9:55:e4:10:
                    26:a6:7e:b7:84:17:93:d5:52:fc:ab:cb:6b:62:96:
                    7d:6b:ff:5e:4d:3f:1f:99:3e:bd:8a:58:c7:1c:3f:
                    2c:81:40:3b:31:67:fe:c8:68:cb:2d:91:f5:8f:a5:
                    6d:0a:63:e7:36:25:a7:7b:d2:32:5c:61:15:d1:91:
                    40:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:AB:D2:91:B1:D3:B1:BF:7C:B6:5E:CB:63:0A:8F:7A:C5:8F:1F:48
            X509v3 Authority Key Identifier:
                keyid:DF:D8:64:1E:32:8A:A5:D1:9C:96:0D:48:91:CF:86:77:CE:12:89:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/39hkHjKKpdGclg1Ikc-Gd84Siec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/1e3eb4-5dcf-47d9-bc46-e3fc53791490/1/2qvSkbHTsb98tl7LYwqPesWPH0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/1e3eb4-5dcf-47d9-bc46-e3fc53791490/1/39hkHjKKpdGclg1Ikc-Gd84Siec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.118.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:3c:0e:8a:d0:46:57:0b:d2:39:92:b7:5e:24:d4:f6:05:cb:
         b1:fe:b2:01:94:c3:3e:ee:9b:20:ef:ff:e3:25:60:8a:48:9c:
         19:c3:14:9b:94:4b:7d:d8:b1:2c:e4:9b:81:29:15:d3:80:e8:
         c9:65:ab:f2:c1:69:c7:28:ea:63:96:c9:27:68:b5:7b:25:49:
         20:05:b5:0b:9e:57:e1:af:6f:4e:0c:9d:22:36:a0:65:df:00:
         8d:05:73:8c:a6:26:99:da:4f:f4:39:5a:6b:f4:4f:2a:dc:9d:
         31:78:6d:80:5c:0d:aa:2a:f4:69:bb:89:53:44:87:9b:52:f1:
         c8:a7:ed:7d:d5:64:dd:30:19:43:45:f4:75:64:82:d6:64:15:
         0e:ce:67:7d:09:cc:d7:d1:7b:1a:ac:52:5e:8b:5b:b3:08:73:
         cd:0d:0d:a2:54:48:75:98:af:df:d4:ba:e8:0e:2f:0e:cb:39:
         45:90:d7:59:9d:28:79:14:a7:da:80:34:df:b8:75:e0:e1:be:
         d6:14:4e:c1:96:a6:11:b7:a1:a7:5b:2d:28:f3:17:ef:48:15:
         50:a8:5a:fd:4c:c0:52:94:2e:9f:24:da:2e:57:c9:f1:53:23:
         8a:44:dc:2e:44:62:89:ee:f7:93:05:bb:e2:0c:76:88:73:32:
         31:3c:3d:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt260e0LWUxGoAjEzj18RGrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZDg2NDFlMzI4YWE1ZDE5Yzk2MGQ0ODkxY2Y4Njc3Y2Ux
Mjg5ZTcwHhcNMjYwMTAxMDAxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWFiZDI5MWIxZDNiMWJmN2NiNjVlY2I2MzBhOGY3YWM1OGYxZjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1Utyn9TEGH3bQZ6lA3qCovWTjIz
faQAlNCzFGPhHNAusTE1DYbOviSO6cXFzTNzvCqv+Qw+l8FGFrXA8iu1HnFEtMch
cbHlAo8YIsLx1mphomiOs7HB2SUTRePFb4oOrm0gx7PhAZ684RkGbXv5fh16NiQE
pGkzhlIK1wXfEXv/6kqu9//hU+hlZ2oAYN0nMsqFMX/ylR2dJCNtlzPOcrxeGiQ9
fYlJwhvrMyH9qV93rl7UVvV8ZfYwRIeiSPlV5BAmpn63hBeT1VL8q8trYpZ9a/9e
TT8fmT69iljHHD8sgUA7MWf+yGjLLZH1j6VtCmPnNiWne9IyXGEV0ZFAeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNqr0pGx07G/fLZey2MKj3rFjx9IMB8GA1UdIwQY
MBaAFN/YZB4yiqXRnJYNSJHPhnfOEonnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzloa0hqS0twZEdjbGcxSWtjLUdkODRTaWVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi8xZTNlYjQtNWRjZi00N2Q5LWJjNDYt
ZTNmYzUzNzkxNDkwLzEvMnF2U2tiSFRzYjk4dGw3TFl3cVBlc1dQSDBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi8xZTNlYjQtNWRjZi00N2Q5LWJjNDYtZTNmYzUzNzkxNDkw
LzEvMzloa0hqS0twZEdjbGcxSWtjLUdkODRTaWVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHbUMA0G
CSqGSIb3DQEBCwUAA4IBAQB0PA6K0EZXC9I5krdeJNT2Bcux/rIBlMM+7psg7//j
JWCKSJwZwxSblEt92LEs5JuBKRXTgOjJZavywWnHKOpjlsknaLV7JUkgBbULnlfh
r29ODJ0iNqBl3wCNBXOMpiaZ2k/0OVpr9E8q3J0xeG2AXA2qKvRpu4lTRIebUvHI
p+191WTdMBlDRfR1ZILWZBUOzmd9CczX0XsarFJei1uzCHPNDQ2iVEh1mK/f1Lro
Di8OyzlFkNdZnSh5FKfagDTfuHXg4b7WFE7BlqYRt6GnWy0o8xfvSBVQqFr9TMBS
lC6fJNouV8nxUyOKRNwuRGKJ7veTBbviDHaIczIxPD12
-----END CERTIFICATE-----