This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/BkI2fqSz1Z-B7JTGfER5sgZJw0g.roa
File:                     BkI2fqSz1Z-B7JTGfER5sgZJw0g.roa (raw, json)
Hash identifier:          U/pXYfDq5FlIWhoXhJrg1WEdVHjoMWTvfpnvFpHwiwI=
Subject key identifier:   06:42:36:7E:A4:B3:D5:9F:81:EC:94:C6:7C:44:79:B2:06:49:C3:48
Certificate issuer:       /CN=21e86ff9973c93abe6398f031966c29d75a3ba86
Certificate serial:       019B7910E57B1405FC923353FB3B963CDC44
Authority key identifier: 21:E8:6F:F9:97:3C:93:AB:E6:39:8F:03:19:66:C2:9D:75:A3:BA:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/BkI2fqSz1Z-B7JTGfER5sgZJw0g.roa
Signing time:             Thu 01 Jan 2026 10:18:28 +0000
ROA not before:           Thu 01 Jan 2026 10:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     55163
IP address blocks:        144.2.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:e5:7b:14:05:fc:92:33:53:fb:3b:96:3c:dc:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21e86ff9973c93abe6398f031966c29d75a3ba86
        Validity
            Not Before: Jan  1 10:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0642367ea4b3d59f81ec94c67c4479b20649c348
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:15:3c:da:89:73:84:41:a4:76:35:be:a2:5e:
                    de:6a:be:71:9f:6a:3e:37:e3:9e:7d:42:d0:88:0f:
                    1d:53:f9:7d:fe:35:76:32:ce:6b:df:a4:82:ab:a7:
                    85:1f:49:22:57:ae:ef:49:ee:3f:5f:75:77:91:c8:
                    2a:e1:ba:79:6e:e1:03:b2:55:e6:1e:d9:87:3e:c6:
                    89:5b:ed:82:5b:77:de:4d:5e:a4:2e:14:ad:5e:d1:
                    8c:d8:b2:ad:55:a5:4e:30:a3:a3:ae:f8:fd:e6:2e:
                    05:81:55:5f:c2:04:1a:83:cf:f1:b2:6f:7f:04:e1:
                    32:fd:96:69:c2:6f:d7:06:44:ae:f5:ca:32:6c:47:
                    23:9c:6f:cc:01:f8:18:d2:bf:b2:38:ad:af:ec:35:
                    97:0d:cb:c9:1e:c5:d5:7f:aa:f3:26:20:0c:f0:50:
                    df:2f:78:30:de:23:31:9c:5f:a0:30:31:25:0b:aa:
                    ed:d8:ca:01:ee:69:2d:b1:ac:67:7e:8d:5a:57:54:
                    a4:39:3a:ba:2c:01:a9:a2:30:27:c0:26:5b:8f:fb:
                    7b:30:ef:dd:ff:e0:09:9c:04:b4:99:4d:18:86:97:
                    9b:23:0a:4e:c8:d1:ca:ab:1a:09:c0:70:db:45:01:
                    9a:a9:45:af:45:10:04:7c:75:d9:15:9d:23:be:a9:
                    73:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:42:36:7E:A4:B3:D5:9F:81:EC:94:C6:7C:44:79:B2:06:49:C3:48
            X509v3 Authority Key Identifier:
                keyid:21:E8:6F:F9:97:3C:93:AB:E6:39:8F:03:19:66:C2:9D:75:A3:BA:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/BkI2fqSz1Z-B7JTGfER5sgZJw0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.2.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:49:5f:75:18:14:98:28:d1:c5:ef:2e:90:ee:bc:56:e8:99:
         6e:93:8f:cc:da:9b:76:bf:4b:36:d7:2b:8b:40:ce:20:47:72:
         09:41:d0:35:f2:7a:d4:80:80:a1:c5:77:ee:32:47:ad:b2:95:
         12:39:9f:86:49:39:cf:6f:15:68:22:30:2e:bf:7b:15:92:52:
         07:16:48:f1:ab:3f:33:e4:c9:c7:d7:ec:a6:7e:8b:0b:81:0b:
         cb:11:b8:85:19:4e:9a:a7:86:f0:b3:3e:90:72:10:bc:b2:cd:
         f1:00:4f:ea:de:cb:70:da:a2:3e:e0:d2:ea:71:76:f8:79:4c:
         2f:17:3b:2a:69:13:de:e8:25:fc:69:7b:c0:b9:12:fd:01:69:
         1e:8d:b4:65:2f:3b:92:ab:9d:25:08:22:1b:7a:86:f8:b1:7f:
         1b:86:ba:90:42:49:9d:e3:cd:b8:b6:47:c1:d1:03:de:ac:c4:
         36:4d:04:fe:69:27:e8:33:bd:15:3b:43:30:42:00:e1:f7:c0:
         32:f8:c9:81:0f:24:54:ee:53:47:af:32:e6:91:26:a1:4b:7c:
         17:42:05:fa:f0:97:4e:e0:b1:6a:a6:4e:b4:7d:17:f6:cc:3f:
         82:df:ff:83:68:c1:36:f3:7b:3f:f3:4a:a2:f3:c7:92:3c:7f:
         d8:33:ca:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EOV7FAX8kjNT+zuWPNxEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxZTg2ZmY5OTczYzkzYWJlNjM5OGYwMzE5NjZjMjlkNzVh
M2JhODYwHhcNMjYwMTAxMTAxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjQyMzY3ZWE0YjNkNTlmODFlYzk0YzY3YzQ0NzliMjA2NDljMzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyxU82olzhEGkdjW+ol7ear5xn2o+
N+OefULQiA8dU/l9/jV2Ms5r36SCq6eFH0kiV67vSe4/X3V3kcgq4bp5buEDslXm
HtmHPsaJW+2CW3feTV6kLhStXtGM2LKtVaVOMKOjrvj95i4FgVVfwgQag8/xsm9/
BOEy/ZZpwm/XBkSu9coybEcjnG/MAfgY0r+yOK2v7DWXDcvJHsXVf6rzJiAM8FDf
L3gw3iMxnF+gMDElC6rt2MoB7mktsaxnfo1aV1SkOTq6LAGpojAnwCZbj/t7MO/d
/+AJnAS0mU0YhpebIwpOyNHKqxoJwHDbRQGaqUWvRRAEfHXZFZ0jvqlzUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZCNn6ks9WfgeyUxnxEebIGScNIMB8GA1UdIwQY
MBaAFCHob/mXPJOr5jmPAxlmwp11o7qGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWVodi1aYzhrNnZtT1k4REdXYkNuWFdqdW9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8yZjZkZDAtYjc2Zi00N2Q1LWE0YWIt
MzJmZWViNTY2ZWU2LzEvQmtJMmZxU3oxWi1CN0pUR2ZFUjVzZ1pKdzBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8yZjZkZDAtYjc2Zi00N2Q1LWE0YWItMzJmZWViNTY2ZWU2
LzEvSWVodi1aYzhrNnZtT1k4REdXYkNuWFdqdW9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkAISMA0G
CSqGSIb3DQEBCwUAA4IBAQB8SV91GBSYKNHF7y6Q7rxW6Jluk4/M2pt2v0s21yuL
QM4gR3IJQdA18nrUgIChxXfuMketspUSOZ+GSTnPbxVoIjAuv3sVklIHFkjxqz8z
5MnH1+ymfosLgQvLEbiFGU6ap4bwsz6QchC8ss3xAE/q3stw2qI+4NLqcXb4eUwv
FzsqaRPe6CX8aXvAuRL9AWkejbRlLzuSq50lCCIbeob4sX8bhrqQQkmd4824tkfB
0QPerMQ2TQT+aSfoM70VO0MwQgDh98Ay+MmBDyRU7lNHrzLmkSahS3wXQgX68JdO
4LFqpk60fRf2zD+C3/+DaME283s/80qi88eSPH/YM8rQ
-----END CERTIFICATE-----