This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/K2LNv1z48hNFFlzRSYowSy0Ha38.roa
File:                     K2LNv1z48hNFFlzRSYowSy0Ha38.roa (raw, json)
Hash identifier:          rgP0qv2b0VyfQUIaOOjPzTbyBIqlmlW8gSl7h4qofNM=
Subject key identifier:   2B:62:CD:BF:5C:F8:F2:13:45:16:5C:D1:49:8A:30:4B:2D:07:6B:7F
Certificate issuer:       /CN=ec4fb061a9426e4fb2885d822867572a1b58a4c0
Certificate serial:       019B77C66F33AB6A6BB13B51F3FD96F0C401
Authority key identifier: EC:4F:B0:61:A9:42:6E:4F:B2:88:5D:82:28:67:57:2A:1B:58:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/K2LNv1z48hNFFlzRSYowSy0Ha38.roa
Signing time:             Thu 01 Jan 2026 04:17:31 +0000
ROA not before:           Thu 01 Jan 2026 04:17:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49870
IP address blocks:        185.224.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:6f:33:ab:6a:6b:b1:3b:51:f3:fd:96:f0:c4:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec4fb061a9426e4fb2885d822867572a1b58a4c0
        Validity
            Not Before: Jan  1 04:17:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b62cdbf5cf8f21345165cd1498a304b2d076b7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d5:f3:b3:a3:94:fe:9d:13:06:07:46:20:bc:
                    88:eb:67:dd:04:f5:57:dd:1a:d8:58:85:5b:18:d8:
                    5e:5a:d7:f4:12:fa:f3:83:82:5f:4f:d1:83:f0:83:
                    98:7e:c9:0b:90:fe:18:7b:dd:98:98:90:70:99:d7:
                    9b:0c:fe:8b:b9:4d:ea:4f:0d:14:7a:9e:3c:57:7b:
                    18:82:36:f2:56:5d:53:ae:f8:31:45:60:d5:52:7c:
                    3d:d1:81:ba:07:7b:a7:c4:cd:f8:48:4b:6b:af:31:
                    4a:1e:0a:ec:60:dd:32:36:5f:a6:b5:71:1c:8b:a8:
                    22:75:62:53:fb:67:dc:ed:6e:8f:8a:94:c2:9d:ba:
                    7e:c2:d9:18:88:9b:bb:00:88:8e:be:d7:2c:86:a4:
                    a9:dc:67:20:0d:c1:55:27:93:f3:7a:af:81:4a:14:
                    07:92:5a:1b:c7:a2:da:58:69:f1:2d:aa:bf:09:31:
                    c2:28:28:36:a4:64:56:d2:18:6b:02:a8:00:6f:63:
                    85:52:69:de:37:30:db:35:85:76:57:d0:18:ea:68:
                    9a:d2:9d:03:07:83:fe:7b:ef:1c:72:67:2d:8a:a2:
                    c1:90:30:34:ec:c5:52:e6:67:89:de:72:c4:30:7d:
                    2d:91:8d:ee:e8:66:f5:05:5b:83:c4:d4:46:0c:12:
                    b7:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:62:CD:BF:5C:F8:F2:13:45:16:5C:D1:49:8A:30:4B:2D:07:6B:7F
            X509v3 Authority Key Identifier:
                keyid:EC:4F:B0:61:A9:42:6E:4F:B2:88:5D:82:28:67:57:2A:1B:58:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/K2LNv1z48hNFFlzRSYowSy0Ha38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:d1:23:98:6c:d7:07:bf:a8:ff:7b:22:ac:45:26:71:42:c7:
         e2:1f:93:6f:69:47:1c:b1:64:fb:23:55:46:07:4a:ff:17:25:
         30:58:e5:c5:dc:fb:6e:cc:d0:f5:5b:ca:42:a2:24:87:43:6c:
         0f:65:5d:93:df:16:48:3a:d0:73:80:b6:ab:97:46:70:e5:d4:
         1c:6b:81:e0:b7:da:03:98:b5:ef:ab:28:96:4d:84:c3:b2:62:
         6a:6e:d3:92:67:1e:a9:32:18:7b:be:e0:0a:89:04:2a:13:b4:
         e2:ea:e6:ed:b7:68:b8:1e:d2:2d:fd:ad:ba:5d:8e:78:77:51:
         f0:4e:94:7b:8d:5f:db:41:9e:69:e4:34:71:82:dc:7f:99:3e:
         3b:94:e3:23:af:6a:80:88:81:21:3f:e8:6e:30:02:89:32:dd:
         e5:6d:4e:51:7c:c5:5c:1a:03:33:c7:54:83:d8:5b:fd:a6:a2:
         65:b9:04:09:c7:24:90:50:9e:b0:f3:6c:e0:e7:09:39:fc:e7:
         17:67:a3:ac:cb:ee:48:31:ff:9f:6e:90:f5:dc:2c:7b:52:3f:
         44:9a:c8:f3:fa:b4:da:16:7f:26:94:85:81:c7:bb:27:94:86:
         c9:07:52:fe:1e:94:88:08:80:ff:2e:16:7e:a0:87:22:2f:11:
         48:5d:e4:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xm8zq2prsTtR8/2W8MQBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNGZiMDYxYTk0MjZlNGZiMjg4NWQ4MjI4Njc1NzJhMWI1
OGE0YzAwHhcNMjYwMTAxMDQxNzMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjYyY2RiZjVjZjhmMjEzNDUxNjVjZDE0OThhMzA0YjJkMDc2YjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNXzs6OU/p0TBgdGILyI62fdBPVX
3RrYWIVbGNheWtf0Evrzg4JfT9GD8IOYfskLkP4Ye92YmJBwmdebDP6LuU3qTw0U
ep48V3sYgjbyVl1TrvgxRWDVUnw90YG6B3unxM34SEtrrzFKHgrsYN0yNl+mtXEc
i6gidWJT+2fc7W6PipTCnbp+wtkYiJu7AIiOvtcshqSp3GcgDcFVJ5Pzeq+BShQH
klobx6LaWGnxLaq/CTHCKCg2pGRW0hhrAqgAb2OFUmneNzDbNYV2V9AY6mia0p0D
B4P+e+8ccmctiqLBkDA07MVS5meJ3nLEMH0tkY3u6Gb1BVuDxNRGDBK3+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCtizb9c+PITRRZc0UmKMEstB2t/MB8GA1UdIwQY
MBaAFOxPsGGpQm5PsohdgihnVyobWKTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0Utd1lhbENiay15aUYyQ0tHZFhLaHRZcE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi83YmMzYWItZDliNi00YWU0LWJjZDEt
Y2U1NzE1MDY5NWE5LzEvSzJMTnYxejQ4aE5GRmx6UlNZb3dTeTBIYTM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi83YmMzYWItZDliNi00YWU0LWJjZDEtY2U1NzE1MDY5NWE5
LzEvN0Utd1lhbENiay15aUYyQ0tHZFhLaHRZcE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueCAMA0G
CSqGSIb3DQEBCwUAA4IBAQB80SOYbNcHv6j/eyKsRSZxQsfiH5NvaUccsWT7I1VG
B0r/FyUwWOXF3PtuzND1W8pCoiSHQ2wPZV2T3xZIOtBzgLarl0Zw5dQca4Hgt9oD
mLXvqyiWTYTDsmJqbtOSZx6pMhh7vuAKiQQqE7Ti6ubtt2i4HtIt/a26XY54d1Hw
TpR7jV/bQZ5p5DRxgtx/mT47lOMjr2qAiIEhP+huMAKJMt3lbU5RfMVcGgMzx1SD
2Fv9pqJluQQJxySQUJ6w82zg5wk5/OcXZ6Osy+5IMf+fbpD13Cx7Uj9Emsjz+rTa
Fn8mlIWBx7snlIbJB1L+HpSICID/LhZ+oIciLxFIXeQJ
-----END CERTIFICATE-----