This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/aG2Dj23_-RuByoi0aH4_J6DfnnA.roa
File:                     aG2Dj23_-RuByoi0aH4_J6DfnnA.roa (raw, json)
Hash identifier:          XzjEkrDvL0kHfNvxNR946YKw5dsAD72RXrWPCygekvQ=
Subject key identifier:   68:6D:83:8F:6D:FF:F9:1B:81:CA:88:B4:68:7E:3F:27:A0:DF:9E:70
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       019B790FFB5B1E82B25E94BB2084F8DD40D6
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/aG2Dj23_-RuByoi0aH4_J6DfnnA.roa
Signing time:             Thu 01 Jan 2026 10:17:29 +0000
ROA not before:           Thu 01 Jan 2026 10:17:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57270
IP address blocks:        185.242.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:0f:fb:5b:1e:82:b2:5e:94:bb:20:84:f8:dd:40:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  1 10:17:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=686d838f6dfff91b81ca88b4687e3f27a0df9e70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:84:24:6f:6f:e6:ea:0d:fa:73:d3:97:12:c9:
                    ad:15:88:cb:ee:dd:5b:f7:03:e0:70:f8:43:4e:c3:
                    8e:1c:3c:59:fb:15:86:b5:cf:49:cf:c3:46:f4:e7:
                    f1:47:27:98:77:a1:1f:f0:17:8f:68:b7:57:15:c6:
                    ab:1d:b7:dc:dc:d3:2b:0a:76:bf:06:9c:0c:28:54:
                    42:02:12:15:0f:1b:3b:76:cc:49:57:53:78:3f:5f:
                    e5:ef:78:21:75:88:0f:d1:c7:b3:c0:2b:7d:73:f9:
                    61:1a:63:4f:a0:6b:66:3e:b5:83:d5:b2:ef:d8:f3:
                    81:e5:6e:86:d4:01:24:fa:df:55:8a:b0:a1:7d:95:
                    8d:18:50:2f:45:71:9f:90:5e:d3:0e:3f:5e:5c:0b:
                    73:57:ca:40:b7:7e:96:d8:6e:92:6e:08:6b:db:a7:
                    a9:fd:3e:81:64:4d:2c:21:aa:39:de:69:44:da:91:
                    65:f3:f2:d6:d3:a3:af:77:74:dd:2d:55:1a:18:82:
                    7f:80:c1:e0:cd:66:87:43:e7:43:86:a7:54:af:fb:
                    c0:72:91:e0:05:39:93:77:0f:d1:e0:80:31:86:b7:
                    1d:ef:4e:04:16:6a:d2:ea:24:ce:0c:32:85:1f:df:
                    0c:99:62:f9:11:23:19:27:ac:0f:08:e1:c2:e5:d1:
                    a3:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:6D:83:8F:6D:FF:F9:1B:81:CA:88:B4:68:7E:3F:27:A0:DF:9E:70
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/aG2Dj23_-RuByoi0aH4_J6DfnnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:ff:15:18:1f:5e:bb:06:d8:ca:b5:55:7e:1f:9f:ff:4f:5c:
         f9:82:23:ac:80:41:43:2c:50:c8:03:af:48:58:fa:4d:44:16:
         96:e8:0a:af:0a:00:71:ae:8a:28:c8:b4:70:59:8a:9a:c2:70:
         a3:fb:79:24:31:d5:84:09:98:50:6b:40:05:7d:43:e1:41:81:
         ab:2b:9b:36:d1:6a:eb:74:46:71:a9:2f:48:4b:b7:78:a9:82:
         fa:25:05:df:7d:00:e2:0a:64:4a:e9:bf:dc:03:d8:1b:a6:2b:
         31:8f:48:80:a9:12:bf:98:6c:e8:45:e6:2b:a1:92:09:05:39:
         5b:1b:12:c2:29:aa:a2:b2:ab:91:ed:f0:ca:22:13:b8:f2:aa:
         0a:10:ce:d9:8a:a1:7c:2b:1a:4e:d7:94:2c:1b:01:01:a7:22:
         91:5a:46:53:a9:14:47:f2:ad:97:31:2b:29:fd:52:1c:cf:01:
         6e:88:ad:ea:f1:e1:80:61:6f:3b:18:4c:df:e2:79:a5:3a:4e:
         f2:cd:50:ac:3f:8b:bd:e4:55:bb:b1:14:08:f0:2d:50:cd:94:
         8a:4f:8e:b0:c5:ff:29:ae:69:6f:5e:d3:b8:ff:a2:d8:15:3b:
         1f:1c:47:fb:a9:00:59:5f:ba:ff:3a:4a:9a:55:c1:96:75:6a:
         cc:52:6c:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5D/tbHoKyXpS7IIT43UDWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjYwMTAxMTAxNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODZkODM4ZjZkZmZmOTFiODFjYTg4YjQ2ODdlM2YyN2EwZGY5ZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooQkb2/m6g36c9OXEsmtFYjL7t1b
9wPgcPhDTsOOHDxZ+xWGtc9Jz8NG9OfxRyeYd6Ef8BePaLdXFcarHbfc3NMrCna/
BpwMKFRCAhIVDxs7dsxJV1N4P1/l73ghdYgP0cezwCt9c/lhGmNPoGtmPrWD1bLv
2POB5W6G1AEk+t9VirChfZWNGFAvRXGfkF7TDj9eXAtzV8pAt36W2G6Sbghr26ep
/T6BZE0sIao53mlE2pFl8/LW06Ovd3TdLVUaGIJ/gMHgzWaHQ+dDhqdUr/vAcpHg
BTmTdw/R4IAxhrcd704EFmrS6iTODDKFH98MmWL5ESMZJ6wPCOHC5dGj/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhtg49t//kbgcqItGh+Pyeg355wMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvYUcyRGoyM18tUnVCeW9pMGFINF9KNkRmbm5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufIVMA0G
CSqGSIb3DQEBCwUAA4IBAQAa/xUYH167BtjKtVV+H5//T1z5giOsgEFDLFDIA69I
WPpNRBaW6AqvCgBxroooyLRwWYqawnCj+3kkMdWECZhQa0AFfUPhQYGrK5s20Wrr
dEZxqS9IS7d4qYL6JQXffQDiCmRK6b/cA9gbpisxj0iAqRK/mGzoReYroZIJBTlb
GxLCKaqisquR7fDKIhO48qoKEM7ZiqF8KxpO15QsGwEBpyKRWkZTqRRH8q2XMSsp
/VIczwFuiK3q8eGAYW87GEzf4nmlOk7yzVCsP4u95FW7sRQI8C1QzZSKT46wxf8p
rmlvXtO4/6LYFTsfHEf7qQBZX7r/OkqaVcGWdWrMUmxy
-----END CERTIFICATE-----