This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/0376d1-12ca-4135-9483-8e7149f04a4e/1/x2_izSBmWmdLTS9fNjX2mfjFlPM.roa
File:                     x2_izSBmWmdLTS9fNjX2mfjFlPM.roa (raw, json)
Hash identifier:          3ob8odmwEnrugyVikE+TbFdzGSmxmii1yJoYbGejTds=
Subject key identifier:   C7:6F:E2:CD:20:66:5A:67:4B:4D:2F:5F:36:35:F6:99:F8:C5:94:F3
Certificate issuer:       /CN=ae1dc18a4b1fbfe2c2babd8bbb47fe1fd1cf22f8
Certificate serial:       019B7A5B21D7425F3F7ED4BEBB9F4CF1679A
Authority key identifier: AE:1D:C1:8A:4B:1F:BF:E2:C2:BA:BD:8B:BB:47:FE:1F:D1:CF:22:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rh3Biksfv-LCur2Lu0f-H9HPIvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/0376d1-12ca-4135-9483-8e7149f04a4e/1/x2_izSBmWmdLTS9fNjX2mfjFlPM.roa
Signing time:             Thu 01 Jan 2026 16:19:11 +0000
ROA not before:           Thu 01 Jan 2026 16:19:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8881
IP address blocks:        194.99.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/0376d1-12ca-4135-9483-8e7149f04a4e/1/rh3Biksfv-LCur2Lu0f-H9HPIvg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/0376d1-12ca-4135-9483-8e7149f04a4e/1/rh3Biksfv-LCur2Lu0f-H9HPIvg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rh3Biksfv-LCur2Lu0f-H9HPIvg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:21:d7:42:5f:3f:7e:d4:be:bb:9f:4c:f1:67:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae1dc18a4b1fbfe2c2babd8bbb47fe1fd1cf22f8
        Validity
            Not Before: Jan  1 16:19:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c76fe2cd20665a674b4d2f5f3635f699f8c594f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c1:c9:7c:81:7d:82:83:69:4c:3c:0f:54:a3:
                    a0:c8:79:6e:32:4e:87:24:7a:cc:6a:5c:c8:d7:fb:
                    fc:3a:fe:6e:35:3a:00:57:11:b8:5a:5b:e3:8a:f3:
                    5e:6e:1a:04:27:57:bd:c6:cf:88:89:d3:8d:33:ce:
                    d9:92:96:13:10:f3:ae:f3:05:53:1e:71:41:d5:98:
                    b1:94:14:4a:a9:fd:a3:4b:f1:1a:87:8e:75:1b:26:
                    a0:42:fc:13:8f:e1:3d:96:94:32:6e:f8:a8:b6:ec:
                    2e:c8:18:a3:c0:6d:50:44:ba:66:57:c4:6b:19:33:
                    ee:98:77:d3:c2:46:17:f2:ee:3d:c4:0e:91:12:38:
                    69:f0:40:e2:fd:68:b0:51:38:1d:52:08:13:79:0f:
                    b7:b6:79:ad:13:1f:a6:28:40:22:fa:6a:66:98:b7:
                    a4:75:70:2a:c5:e2:ae:6e:da:e5:74:78:4c:d2:f0:
                    86:49:80:87:84:a3:4f:f0:58:86:66:77:1c:ed:9a:
                    a7:c3:17:45:4b:82:57:95:35:82:7b:80:e9:f2:c9:
                    8d:12:54:5b:a7:11:da:ce:d0:c7:69:15:13:a6:5d:
                    ea:73:bb:bb:1d:b1:05:10:14:e7:1f:c8:29:19:12:
                    c6:d3:3e:2a:71:6f:29:38:6f:a8:34:f8:16:cb:cc:
                    b4:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:6F:E2:CD:20:66:5A:67:4B:4D:2F:5F:36:35:F6:99:F8:C5:94:F3
            X509v3 Authority Key Identifier:
                keyid:AE:1D:C1:8A:4B:1F:BF:E2:C2:BA:BD:8B:BB:47:FE:1F:D1:CF:22:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rh3Biksfv-LCur2Lu0f-H9HPIvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/0376d1-12ca-4135-9483-8e7149f04a4e/1/x2_izSBmWmdLTS9fNjX2mfjFlPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/0376d1-12ca-4135-9483-8e7149f04a4e/1/rh3Biksfv-LCur2Lu0f-H9HPIvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.99.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:73:52:32:e5:88:55:e9:47:ed:89:6b:bd:66:13:fd:6b:68:
         73:da:c6:75:d0:87:0b:2f:e5:a3:8e:7b:12:cb:91:11:72:21:
         f2:24:d3:10:ee:76:21:82:c9:99:a7:80:63:af:09:5c:1f:05:
         9c:df:dc:d6:1c:87:75:82:9a:f4:e4:76:b8:25:29:d7:1d:bb:
         5f:a7:12:b1:ed:92:f7:a6:b5:c7:b8:16:0b:84:56:83:0c:7d:
         a4:1a:05:df:bb:98:5c:cd:71:12:5f:bd:a6:60:06:57:61:4c:
         6a:f5:d3:ac:14:17:78:2d:34:ff:92:77:53:e3:41:d6:14:57:
         62:17:62:22:7d:24:7c:65:db:bf:bb:90:d1:b4:5a:40:c1:51:
         08:3e:44:51:27:b2:45:23:4e:43:87:77:ac:52:16:65:fa:bc:
         97:13:f2:53:09:e3:be:e9:0e:6e:d7:2a:8d:21:7a:83:e5:ec:
         d5:db:40:85:d1:4b:84:b4:e2:28:72:dd:21:f8:e3:2e:1d:e9:
         e5:2c:75:4d:4a:83:9e:48:ed:3c:85:97:21:cc:04:7d:9b:c3:
         d5:d1:28:3d:d0:27:0b:67:1f:55:66:53:53:ab:05:cc:26:83:
         96:5d:2e:a8:09:57:23:04:6e:e0:f2:2a:50:13:c2:bc:3d:5a:
         28:9b:1b:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WyHXQl8/ftS+u59M8WeaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlMWRjMThhNGIxZmJmZTJjMmJhYmQ4YmJiNDdmZTFmZDFj
ZjIyZjgwHhcNMjYwMTAxMTYxOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzZmZTJjZDIwNjY1YTY3NGI0ZDJmNWYzNjM1ZjY5OWY4YzU5NGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcHJfIF9goNpTDwPVKOgyHluMk6H
JHrMalzI1/v8Ov5uNToAVxG4WlvjivNebhoEJ1e9xs+IidONM87ZkpYTEPOu8wVT
HnFB1ZixlBRKqf2jS/Eah451GyagQvwTj+E9lpQybviotuwuyBijwG1QRLpmV8Rr
GTPumHfTwkYX8u49xA6REjhp8EDi/WiwUTgdUggTeQ+3tnmtEx+mKEAi+mpmmLek
dXAqxeKubtrldHhM0vCGSYCHhKNP8FiGZncc7ZqnwxdFS4JXlTWCe4Dp8smNElRb
pxHaztDHaRUTpl3qc7u7HbEFEBTnH8gpGRLG0z4qcW8pOG+oNPgWy8y00wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMdv4s0gZlpnS00vXzY19pn4xZTzMB8GA1UdIwQY
MBaAFK4dwYpLH7/iwrq9i7tH/h/RzyL4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmgzQmlrc2Z2LUxDdXIyTHUwZi1IOUhQSXZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8wMzc2ZDEtMTJjYS00MTM1LTk0ODMt
OGU3MTQ5ZjA0YTRlLzEveDJfaXpTQm1XbWRMVFM5Zk5qWDJtZmpGbFBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8wMzc2ZDEtMTJjYS00MTM1LTk0ODMtOGU3MTQ5ZjA0YTRl
LzEvcmgzQmlrc2Z2LUxDdXIyTHUwZi1IOUhQSXZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmNxMA0G
CSqGSIb3DQEBCwUAA4IBAQCyc1Iy5YhV6UftiWu9ZhP9a2hz2sZ10IcLL+WjjnsS
y5ERciHyJNMQ7nYhgsmZp4BjrwlcHwWc39zWHId1gpr05Ha4JSnXHbtfpxKx7ZL3
prXHuBYLhFaDDH2kGgXfu5hczXESX72mYAZXYUxq9dOsFBd4LTT/kndT40HWFFdi
F2IifSR8Zdu/u5DRtFpAwVEIPkRRJ7JFI05Dh3esUhZl+ryXE/JTCeO+6Q5u1yqN
IXqD5ezV20CF0UuEtOIoct0h+OMuHenlLHVNSoOeSO08hZchzAR9m8PV0Sg90CcL
Zx9VZlNTqwXMJoOWXS6oCVcjBG7g8ipQE8K8PVoomxta
-----END CERTIFICATE-----