This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/fZGYXSekbTVSZPpMcboxBS2NZ7k.roa
File:                     fZGYXSekbTVSZPpMcboxBS2NZ7k.roa (raw, json)
Hash identifier:          66iWEZmHP0If1Bq1w2+shdZ1SJ7zwsXYFDBhoczAtsY=
Subject key identifier:   7D:91:98:5D:27:A4:6D:35:52:64:FA:4C:71:BA:31:05:2D:8D:67:B9
Certificate issuer:       /CN=21e86ff9973c93abe6398f031966c29d75a3ba86
Certificate serial:       019B7910E4A479C4A9E56A44171ABAB32D2F
Authority key identifier: 21:E8:6F:F9:97:3C:93:AB:E6:39:8F:03:19:66:C2:9D:75:A3:BA:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/fZGYXSekbTVSZPpMcboxBS2NZ7k.roa
Signing time:             Thu 01 Jan 2026 10:18:28 +0000
ROA not before:           Thu 01 Jan 2026 10:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40793
IP address blocks:        144.2.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:e4:a4:79:c4:a9:e5:6a:44:17:1a:ba:b3:2d:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21e86ff9973c93abe6398f031966c29d75a3ba86
        Validity
            Not Before: Jan  1 10:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7d91985d27a46d355264fa4c71ba31052d8d67b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a2:e7:d8:14:58:12:99:d6:bf:f0:0c:b2:b1:
                    68:21:dd:ca:91:97:31:0e:46:db:42:bc:90:5c:47:
                    7b:df:b0:80:e2:12:07:6f:24:c4:59:ab:ff:a9:12:
                    b1:d4:e0:6d:f8:d1:ce:b6:83:48:dc:cc:d2:f5:e1:
                    6a:41:c6:53:26:f6:3a:30:a5:65:57:df:8e:df:8c:
                    06:c1:50:3c:94:7b:c9:e4:e8:30:bb:54:47:b0:dd:
                    4b:18:6a:a4:28:f9:a9:5e:2f:ee:c6:60:07:5c:86:
                    f8:b9:a2:68:bb:23:62:23:b7:86:c6:5a:72:3b:fa:
                    10:01:92:94:b5:7b:b4:79:bd:51:9a:e0:6c:61:67:
                    db:12:e5:51:08:2a:22:03:dc:2d:67:31:e3:06:3a:
                    10:84:52:22:98:a9:90:27:c1:c7:0d:34:89:ce:a8:
                    d6:68:7d:2e:e4:2b:ab:46:8b:a7:ce:b4:3e:c9:a9:
                    6f:82:b5:6f:0c:5d:0c:fe:17:24:f7:db:1c:d2:68:
                    f3:3d:d4:80:74:af:0c:91:2f:44:e9:9c:67:d2:3d:
                    de:0e:6d:79:a9:da:b9:95:dc:92:e1:56:d6:09:09:
                    94:a6:b6:45:8f:b4:34:6a:d9:66:12:8b:9e:be:1a:
                    58:be:4f:f7:ba:0f:d4:46:01:69:ff:49:2d:5f:5e:
                    2f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:91:98:5D:27:A4:6D:35:52:64:FA:4C:71:BA:31:05:2D:8D:67:B9
            X509v3 Authority Key Identifier:
                keyid:21:E8:6F:F9:97:3C:93:AB:E6:39:8F:03:19:66:C2:9D:75:A3:BA:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/fZGYXSekbTVSZPpMcboxBS2NZ7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.2.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:ee:28:12:f9:0e:03:a5:bf:3b:8e:b5:bf:eb:a3:01:5f:00:
         34:04:94:4f:71:ce:64:e7:b3:c2:3e:2b:3c:fb:a1:9b:d6:9d:
         4d:0a:a3:08:11:ce:88:30:21:c1:50:79:83:12:62:e2:52:ce:
         fb:d8:29:61:f2:38:43:86:7f:ca:a6:77:74:b4:e3:17:c1:6f:
         bf:ee:18:5b:b4:25:3d:f4:e2:74:8e:c8:62:b3:9a:93:ac:05:
         49:a3:25:9c:4f:e5:8d:6d:26:da:a2:c2:2b:c9:89:fa:43:e3:
         48:b6:6d:ff:0f:c5:47:96:de:62:11:c9:7d:fc:89:76:9d:4c:
         2a:16:6b:c8:e3:c5:1c:ed:1d:03:d3:05:5d:9e:56:0c:95:76:
         57:d8:90:cb:40:91:60:35:a4:aa:87:7d:61:22:6b:2a:67:1b:
         04:79:e5:b2:8a:98:c0:8d:fa:c0:ed:76:88:83:d4:bb:ce:9e:
         4d:db:9d:5e:21:52:73:86:24:ac:81:33:08:b3:97:2a:02:f8:
         d6:05:6e:b7:23:3d:90:84:35:20:0c:2c:3c:96:27:0b:2d:0b:
         42:58:b3:8e:08:6d:6b:49:b2:5e:68:f9:23:43:cf:c1:0d:da:
         fa:69:d3:72:35:19:ff:62:b8:78:c2:a3:79:27:89:fa:aa:c2:
         21:d3:db:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EOSkecSp5WpEFxq6sy0vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxZTg2ZmY5OTczYzkzYWJlNjM5OGYwMzE5NjZjMjlkNzVh
M2JhODYwHhcNMjYwMTAxMTAxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDkxOTg1ZDI3YTQ2ZDM1NTI2NGZhNGM3MWJhMzEwNTJkOGQ2N2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqLn2BRYEpnWv/AMsrFoId3KkZcx
DkbbQryQXEd737CA4hIHbyTEWav/qRKx1OBt+NHOtoNI3MzS9eFqQcZTJvY6MKVl
V9+O34wGwVA8lHvJ5Ogwu1RHsN1LGGqkKPmpXi/uxmAHXIb4uaJouyNiI7eGxlpy
O/oQAZKUtXu0eb1RmuBsYWfbEuVRCCoiA9wtZzHjBjoQhFIimKmQJ8HHDTSJzqjW
aH0u5CurRounzrQ+yalvgrVvDF0M/hck99sc0mjzPdSAdK8MkS9E6Zxn0j3eDm15
qdq5ldyS4VbWCQmUprZFj7Q0atlmEouevhpYvk/3ug/URgFp/0ktX14v8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH2RmF0npG01UmT6THG6MQUtjWe5MB8GA1UdIwQY
MBaAFCHob/mXPJOr5jmPAxlmwp11o7qGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWVodi1aYzhrNnZtT1k4REdXYkNuWFdqdW9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8yZjZkZDAtYjc2Zi00N2Q1LWE0YWIt
MzJmZWViNTY2ZWU2LzEvZlpHWVhTZWtiVFZTWlBwTWNib3hCUzJOWjdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8yZjZkZDAtYjc2Zi00N2Q1LWE0YWItMzJmZWViNTY2ZWU2
LzEvSWVodi1aYzhrNnZtT1k4REdXYkNuWFdqdW9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkAITMA0G
CSqGSIb3DQEBCwUAA4IBAQBI7igS+Q4Dpb87jrW/66MBXwA0BJRPcc5k57PCPis8
+6Gb1p1NCqMIEc6IMCHBUHmDEmLiUs772Clh8jhDhn/Kpnd0tOMXwW+/7hhbtCU9
9OJ0jshis5qTrAVJoyWcT+WNbSbaosIryYn6Q+NItm3/D8VHlt5iEcl9/Il2nUwq
FmvI48Uc7R0D0wVdnlYMlXZX2JDLQJFgNaSqh31hImsqZxsEeeWyipjAjfrA7XaI
g9S7zp5N251eIVJzhiSsgTMIs5cqAvjWBW63Iz2QhDUgDCw8licLLQtCWLOOCG1r
SbJeaPkjQ8/BDdr6adNyNRn/Yrh4wqN5J4n6qsIh09uj
-----END CERTIFICATE-----