This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/2KQ5ZpfUylUAta7ExfQtvEHkS4E.roa
File:                     2KQ5ZpfUylUAta7ExfQtvEHkS4E.roa (raw, json)
Hash identifier:          /7rSc6G6wbTQgfr6iC9XwInfsvw0txiwcKpJmnw/K7U=
Subject key identifier:   D8:A4:39:66:97:D4:CA:55:00:B5:AE:C4:C5:F4:2D:BC:41:E4:4B:81
Certificate issuer:       /CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
Certificate serial:       019B7C12B0C199881CCDACD3B43C66D7B2F1
Authority key identifier: CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/2KQ5ZpfUylUAta7ExfQtvEHkS4E.roa
Signing time:             Fri 02 Jan 2026 00:19:18 +0000
ROA not before:           Fri 02 Jan 2026 00:19:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210447
IP address blocks:        45.144.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:b0:c1:99:88:1c:cd:ac:d3:b4:3c:66:d7:b2:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
        Validity
            Not Before: Jan  2 00:19:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d8a4396697d4ca5500b5aec4c5f42dbc41e44b81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:00:9d:53:9a:f9:6c:75:04:04:4e:27:c6:bc:
                    72:63:3b:cc:8d:2c:04:d2:7d:78:fe:11:a5:4d:b3:
                    9a:34:09:c1:58:ee:09:f8:dd:6f:e1:de:fe:74:de:
                    99:4f:42:37:bc:29:03:8a:15:d6:5a:3c:e3:aa:56:
                    6b:ea:8d:46:48:f7:e4:e2:46:b6:8d:bb:f7:9f:c6:
                    24:2e:e9:60:3a:37:2f:00:01:26:b0:c9:24:24:a3:
                    3f:61:a4:ae:76:73:25:33:14:67:d7:a3:18:f7:6e:
                    55:a8:b5:59:8c:12:f4:20:a6:57:40:66:6d:ab:78:
                    da:07:53:4c:36:99:92:77:2d:0a:e2:28:cf:85:62:
                    9d:76:8d:af:44:47:aa:16:d5:d0:d9:6c:ba:a9:5e:
                    8f:77:f0:53:f3:7d:57:a4:ba:27:e4:97:29:6f:4a:
                    de:6f:bb:8b:41:f5:85:c9:f2:03:a0:2b:9b:02:f6:
                    29:39:91:eb:42:8b:07:4a:3e:2b:19:39:e3:7b:c6:
                    20:7b:db:1d:3a:18:5b:58:69:f7:9c:f1:50:32:3d:
                    3a:c4:6b:ec:73:d2:db:31:e5:8e:d6:36:23:43:05:
                    ee:6a:09:d3:bf:07:a1:f3:bb:4a:65:ff:96:84:ad:
                    f1:7e:dd:3e:6f:36:c5:f7:ab:f2:88:07:d9:87:b0:
                    22:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:A4:39:66:97:D4:CA:55:00:B5:AE:C4:C5:F4:2D:BC:41:E4:4B:81
            X509v3 Authority Key Identifier:
                keyid:CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/2KQ5ZpfUylUAta7ExfQtvEHkS4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:b8:70:5a:c3:6f:2f:e8:83:35:cf:aa:d4:de:f6:d5:eb:f8:
         94:40:66:16:fb:77:5f:84:c2:a6:fc:65:c2:df:5e:3e:d8:f6:
         0b:88:8e:1c:35:e8:8d:f5:91:55:51:c9:f0:9b:73:db:36:b3:
         63:ab:25:b3:6a:4e:22:dd:97:fd:5d:5e:42:fa:50:53:ad:66:
         7e:7c:5a:af:88:5f:cd:e9:ee:c3:75:52:2f:41:a6:37:f1:31:
         be:10:ee:dd:89:69:de:c5:a6:87:98:72:68:e0:5b:ce:e9:34:
         1e:8c:d9:e8:51:6c:af:57:71:b4:09:7b:e5:2e:40:d5:48:a0:
         f1:8f:20:43:c2:29:d7:d4:69:f6:64:cb:d0:da:6e:b7:dd:23:
         fb:9c:e4:ab:12:64:43:0e:24:a7:49:0b:60:30:81:59:02:59:
         3d:4a:9d:a1:3b:c3:5c:53:f4:15:ab:cc:e3:03:34:66:df:93:
         a2:8b:0c:41:6b:de:23:fb:5c:44:2d:3b:43:53:d1:35:22:7a:
         67:2a:34:6c:94:a2:1a:b4:f0:be:13:3a:98:03:6f:f3:0e:1d:
         45:ab:cb:9d:53:0a:ca:2d:30:64:e5:ad:52:eb:54:9f:18:12:
         2b:ea:b8:58:4c:5a:92:91:f8:70:13:3d:45:e4:12:a5:67:ef:
         82:dd:18:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8ErDBmYgczazTtDxm17LxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2Q3M2Y4MmMyNjBkYTg3Mzg2ZGNmN2JlMjZkNWM1NDQ1
NTI2ZmEwHhcNMjYwMTAyMDAxOTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGE0Mzk2Njk3ZDRjYTU1MDBiNWFlYzRjNWY0MmRiYzQxZTQ0YjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwCdU5r5bHUEBE4nxrxyYzvMjSwE
0n14/hGlTbOaNAnBWO4J+N1v4d7+dN6ZT0I3vCkDihXWWjzjqlZr6o1GSPfk4ka2
jbv3n8YkLulgOjcvAAEmsMkkJKM/YaSudnMlMxRn16MY925VqLVZjBL0IKZXQGZt
q3jaB1NMNpmSdy0K4ijPhWKddo2vREeqFtXQ2Wy6qV6Pd/BT831XpLon5Jcpb0re
b7uLQfWFyfIDoCubAvYpOZHrQosHSj4rGTnje8Yge9sdOhhbWGn3nPFQMj06xGvs
c9LbMeWO1jYjQwXuagnTvweh87tKZf+WhK3xft0+bzbF96vyiAfZh7Ai6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNikOWaX1MpVALWuxMX0LbxB5EuBMB8GA1UdIwQY
MBaAFM/Nc/gsJg2oc4bc974m1cVEVSb6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTct
NmVkYzFiMjI1NjI1LzEvMktRNVpwZlV5bFVBdGE3RXhmUXR2RUhrUzRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTctNmVkYzFiMjI1NjI1
LzEvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZArMA0G
CSqGSIb3DQEBCwUAA4IBAQB7uHBaw28v6IM1z6rU3vbV6/iUQGYW+3dfhMKm/GXC
314+2PYLiI4cNeiN9ZFVUcnwm3PbNrNjqyWzak4i3Zf9XV5C+lBTrWZ+fFqviF/N
6e7DdVIvQaY38TG+EO7diWnexaaHmHJo4FvO6TQejNnoUWyvV3G0CXvlLkDVSKDx
jyBDwinX1Gn2ZMvQ2m633SP7nOSrEmRDDiSnSQtgMIFZAlk9Sp2hO8NcU/QVq8zj
AzRm35OiiwxBa94j+1xELTtDU9E1InpnKjRslKIatPC+EzqYA2/zDh1Fq8udUwrK
LTBk5a1S61SfGBIr6rhYTFqSkfhwEz1F5BKlZ++C3Riv
-----END CERTIFICATE-----