This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/d70dcf-95e7-4495-a411-3a5718b41f7b/1/2PBZm5m27zOYxpo3vU3uetvTaSA.roa
File:                     2PBZm5m27zOYxpo3vU3uetvTaSA.roa (raw, json)
Hash identifier:          8Z+XEbvRFLPua4FBbB/jYeJMqXASIsjIokhlmm1N9BI=
Subject key identifier:   D8:F0:59:9B:99:B6:EF:33:98:C6:9A:37:BD:4D:EE:7A:DB:D3:69:20
Certificate issuer:       /CN=07c18247a5326473abc96f5a1071d159c1eb7ecd
Certificate serial:       019B7F800EB2E54A14244C08ADF31181E0E3
Authority key identifier: 07:C1:82:47:A5:32:64:73:AB:C9:6F:5A:10:71:D1:59:C1:EB:7E:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B8GCR6UyZHOryW9aEHHRWcHrfs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/d70dcf-95e7-4495-a411-3a5718b41f7b/1/2PBZm5m27zOYxpo3vU3uetvTaSA.roa
Signing time:             Fri 02 Jan 2026 16:17:37 +0000
ROA not before:           Fri 02 Jan 2026 16:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31593
IP address blocks:        193.22.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/d70dcf-95e7-4495-a411-3a5718b41f7b/1/B8GCR6UyZHOryW9aEHHRWcHrfs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/d70dcf-95e7-4495-a411-3a5718b41f7b/1/B8GCR6UyZHOryW9aEHHRWcHrfs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B8GCR6UyZHOryW9aEHHRWcHrfs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:80:0e:b2:e5:4a:14:24:4c:08:ad:f3:11:81:e0:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07c18247a5326473abc96f5a1071d159c1eb7ecd
        Validity
            Not Before: Jan  2 16:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d8f0599b99b6ef3398c69a37bd4dee7adbd36920
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:1c:96:8b:8b:20:06:8c:63:6f:ab:06:1f:2f:
                    12:8a:7b:82:2b:eb:64:af:7e:2e:3d:78:6b:55:03:
                    f6:94:70:13:00:26:0b:ae:68:4d:02:87:a4:9a:5a:
                    08:55:65:15:df:dc:00:95:48:17:f0:a7:12:6f:af:
                    9f:fd:78:77:f2:be:7f:0e:b5:39:f8:8c:4d:d6:fa:
                    47:e0:6a:89:bb:d1:52:c5:fe:e3:19:fd:12:a6:93:
                    d7:fd:75:8c:e9:99:25:29:11:99:26:11:fb:70:86:
                    c2:e0:8d:bc:c3:98:82:ad:2c:85:91:04:56:26:d7:
                    87:d1:1a:a1:41:55:f0:f8:64:0e:2a:a7:07:2e:2f:
                    79:63:1e:20:04:be:75:e1:bf:be:65:76:de:80:f8:
                    a2:0b:ed:55:55:e6:d7:6c:d2:68:5b:50:55:44:9b:
                    4e:79:9f:42:af:f4:49:52:80:1e:72:18:b9:61:e4:
                    b0:41:e4:31:a8:ab:6b:79:96:f5:58:f8:71:1d:19:
                    1c:cc:07:c8:4b:46:b1:73:8d:16:ec:26:cf:a5:ae:
                    f0:b2:50:d0:0c:cd:bc:d3:0d:20:a4:fc:27:99:a1:
                    83:00:0d:4d:a4:84:17:19:10:86:97:fc:f9:a2:5e:
                    7d:53:62:f2:ff:73:c1:a5:af:e4:94:7e:42:c0:e7:
                    b4:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:F0:59:9B:99:B6:EF:33:98:C6:9A:37:BD:4D:EE:7A:DB:D3:69:20
            X509v3 Authority Key Identifier:
                keyid:07:C1:82:47:A5:32:64:73:AB:C9:6F:5A:10:71:D1:59:C1:EB:7E:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B8GCR6UyZHOryW9aEHHRWcHrfs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/d70dcf-95e7-4495-a411-3a5718b41f7b/1/2PBZm5m27zOYxpo3vU3uetvTaSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/d70dcf-95e7-4495-a411-3a5718b41f7b/1/B8GCR6UyZHOryW9aEHHRWcHrfs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:93:ed:47:ac:c3:ee:32:0f:ea:39:70:ac:1e:60:09:40:70:
         0e:fd:09:61:d5:7e:09:33:3a:ca:b5:cc:ac:79:6c:35:c2:3c:
         f5:11:4b:62:62:a8:9a:cf:6f:9f:fc:43:6a:0c:e7:32:21:f2:
         28:7c:74:5e:74:82:98:bc:4c:b3:de:b1:06:e4:71:f1:43:62:
         b9:75:fd:2f:b6:cf:c3:59:30:f3:f6:51:19:2b:15:5d:ed:1d:
         4e:68:93:82:7f:72:a0:6e:4b:e3:e8:c0:30:4c:8b:e3:33:5c:
         ab:3c:a9:8d:73:87:13:54:2b:90:2b:01:f6:67:a9:a7:fd:3c:
         fe:74:35:37:0e:b3:76:47:76:37:27:d0:dd:cc:ec:3c:49:ad:
         d3:cc:b6:c3:e1:e3:59:83:62:ed:41:c4:97:32:a3:9b:d9:77:
         d7:c4:e1:b7:0d:97:4d:11:22:53:4f:76:ba:29:14:75:22:f8:
         4a:65:4c:0f:63:96:3b:64:41:53:50:1d:20:fe:90:8e:12:f7:
         d2:51:35:93:31:71:f1:c7:17:9d:6a:a1:cc:50:e9:0c:cb:cb:
         bb:79:aa:b2:b4:dc:2d:43:d4:09:e2:d9:7c:d6:08:12:ea:25:
         ec:8b:b7:d9:44:92:18:97:df:35:83:dc:16:78:78:30:bd:d1:
         81:86:fc:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gA6y5UoUJEwIrfMRgeDjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YzE4MjQ3YTUzMjY0NzNhYmM5NmY1YTEwNzFkMTU5YzFl
YjdlY2QwHhcNMjYwMTAyMTYxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGYwNTk5Yjk5YjZlZjMzOThjNjlhMzdiZDRkZWU3YWRiZDM2OTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRyWi4sgBoxjb6sGHy8SinuCK+tk
r34uPXhrVQP2lHATACYLrmhNAoekmloIVWUV39wAlUgX8KcSb6+f/Xh38r5/DrU5
+IxN1vpH4GqJu9FSxf7jGf0SppPX/XWM6ZklKRGZJhH7cIbC4I28w5iCrSyFkQRW
JteH0RqhQVXw+GQOKqcHLi95Yx4gBL514b++ZXbegPiiC+1VVebXbNJoW1BVRJtO
eZ9Cr/RJUoAechi5YeSwQeQxqKtreZb1WPhxHRkczAfIS0axc40W7CbPpa7wslDQ
DM280w0gpPwnmaGDAA1NpIQXGRCGl/z5ol59U2Ly/3PBpa/klH5CwOe09QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNjwWZuZtu8zmMaaN71N7nrb02kgMB8GA1UdIwQY
MBaAFAfBgkelMmRzq8lvWhBx0VnB637NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjhHQ1I2VXlaSE9yeVc5YUVISFJXY0hyZnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9kNzBkY2YtOTVlNy00NDk1LWE0MTEt
M2E1NzE4YjQxZjdiLzEvMlBCWm01bTI3ek9ZeHBvM3ZVM3VldHZUYVNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9kNzBkY2YtOTVlNy00NDk1LWE0MTEtM2E1NzE4YjQxZjdi
LzEvQjhHQ1I2VXlaSE9yeVc5YUVISFJXY0hyZnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRZUMA0G
CSqGSIb3DQEBCwUAA4IBAQAik+1HrMPuMg/qOXCsHmAJQHAO/Qlh1X4JMzrKtcys
eWw1wjz1EUtiYqiaz2+f/ENqDOcyIfIofHRedIKYvEyz3rEG5HHxQ2K5df0vts/D
WTDz9lEZKxVd7R1OaJOCf3Kgbkvj6MAwTIvjM1yrPKmNc4cTVCuQKwH2Z6mn/Tz+
dDU3DrN2R3Y3J9DdzOw8Sa3TzLbD4eNZg2LtQcSXMqOb2XfXxOG3DZdNESJTT3a6
KRR1IvhKZUwPY5Y7ZEFTUB0g/pCOEvfSUTWTMXHxxxedaqHMUOkMy8u7eaqytNwt
Q9QJ4tl81ggS6iXsi7fZRJIYl981g9wWeHgwvdGBhvxu
-----END CERTIFICATE-----