This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/2sWURa7ZFO0dQxY1LRG7Mof567U.roa
File:                     2sWURa7ZFO0dQxY1LRG7Mof567U.roa (raw, json)
Hash identifier:          5nVS7LmTMI1AWc5lZRnqdnUKArJ3pP+93SeDSTICvog=
Subject key identifier:   DA:C5:94:45:AE:D9:14:ED:1D:43:16:35:2D:11:BB:32:87:F9:EB:B5
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019A72103B239B429ABFFAD703C92DCFE34A
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/2sWURa7ZFO0dQxY1LRG7Mof567U.roa
Signing time:             Tue 11 Nov 2025 08:37:37 +0000
ROA not before:           Tue 11 Nov 2025 08:37:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211620
IP address blocks:        170.168.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 13:09:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:10:3b:23:9b:42:9a:bf:fa:d7:03:c9:2d:cf:e3:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Nov 11 08:37:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dac59445aed914ed1d4316352d11bb3287f9ebb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ff:d9:85:d0:cf:9c:69:83:93:24:75:07:a5:
                    b6:eb:84:4f:c3:ab:12:74:c4:5e:28:3a:3d:e0:82:
                    bf:ba:56:fa:2a:8f:91:3f:57:55:98:98:0f:42:2e:
                    d7:2d:5b:15:e1:2e:29:cc:a5:f4:16:af:10:6d:40:
                    11:cf:ea:de:9c:18:6a:18:bf:eb:91:c6:c3:d5:31:
                    a4:b4:9a:66:60:25:c8:24:ca:2d:ac:8f:ac:ec:8d:
                    90:65:07:cf:39:7b:db:5b:da:43:11:ff:59:53:de:
                    8e:c3:90:fb:8b:07:e9:37:30:63:58:a2:3f:1d:ae:
                    d2:b4:1e:1d:90:7d:bb:70:38:e8:b2:8b:1a:59:11:
                    e1:1d:ee:4a:f9:6d:06:29:e8:47:c7:73:d5:d2:fe:
                    41:f3:b1:d9:12:19:0d:e7:27:ca:da:04:87:42:d8:
                    6d:38:5c:0b:1a:01:1c:8a:76:cd:17:e9:51:7f:c6:
                    f2:a6:3f:8a:f2:bb:70:b4:92:f5:7c:83:88:52:a1:
                    54:e2:89:b2:5b:cc:29:cd:e2:83:19:eb:65:89:6f:
                    23:28:e0:10:85:76:48:39:48:44:32:f0:36:dd:ea:
                    27:bc:00:a3:1c:94:5c:9d:32:c4:da:9f:5d:25:39:
                    d2:43:60:81:5f:61:02:25:9b:15:0d:e7:78:5c:53:
                    4c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:C5:94:45:AE:D9:14:ED:1D:43:16:35:2D:11:BB:32:87:F9:EB:B5
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/2sWURa7ZFO0dQxY1LRG7Mof567U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:3b:b4:9e:b3:49:cc:8d:3d:a4:74:d0:ee:a3:7a:e0:a1:b4:
         37:4d:ad:c1:a3:27:cd:e3:8b:89:4d:4f:d8:83:d2:7a:36:84:
         03:b1:c1:70:68:7d:af:dc:3f:ee:3d:89:24:ec:64:94:14:cc:
         cc:f2:6c:d0:f2:bf:a4:04:20:c8:6a:74:9a:a1:62:c5:12:81:
         b1:c1:7b:09:58:6e:46:05:a0:63:b2:8d:f9:64:c2:a2:d0:bd:
         1b:85:28:a5:73:59:cc:4c:f7:6b:00:f2:05:75:54:b5:15:07:
         75:54:ee:51:dc:6a:87:42:4c:27:3d:aa:47:a6:6d:48:4c:a4:
         e2:0a:10:8c:ba:93:5d:5d:04:2e:ff:f1:d3:bf:17:83:26:da:
         ab:94:e8:1f:3f:16:9f:5e:16:87:1a:c6:8e:55:1a:3e:e3:09:
         02:35:c7:cc:0f:86:37:8f:c5:7a:5f:59:ca:b4:c0:15:84:7c:
         69:a9:e1:96:a5:06:27:88:11:21:d3:b7:18:0c:af:5b:a4:fe:
         bd:ad:b6:7a:6b:b0:8e:5b:3e:e5:8e:0c:b5:cc:b0:93:1b:71:
         79:fb:0a:3a:f5:8a:8c:24:97:06:f4:a6:b3:46:4a:64:d7:42:
         8d:49:79:91:d8:6d:d1:b3:7d:23:af:27:86:52:e1:8c:99:c0:
         b4:5d:1f:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpyEDsjm0Kav/rXA8ktz+NKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUxMTExMDgzNzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWM1OTQ0NWFlZDkxNGVkMWQ0MzE2MzUyZDExYmIzMjg3ZjllYmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnf/ZhdDPnGmDkyR1B6W264RPw6sS
dMReKDo94IK/ulb6Ko+RP1dVmJgPQi7XLVsV4S4pzKX0Fq8QbUARz+renBhqGL/r
kcbD1TGktJpmYCXIJMotrI+s7I2QZQfPOXvbW9pDEf9ZU96Ow5D7iwfpNzBjWKI/
Ha7StB4dkH27cDjososaWRHhHe5K+W0GKehHx3PV0v5B87HZEhkN5yfK2gSHQtht
OFwLGgEcinbNF+lRf8bypj+K8rtwtJL1fIOIUqFU4omyW8wpzeKDGetliW8jKOAQ
hXZIOUhEMvA23eonvACjHJRcnTLE2p9dJTnSQ2CBX2ECJZsVDed4XFNMqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrFlEWu2RTtHUMWNS0RuzKH+eu1MB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvMnNXVVJhN1pGTzBkUXhZMUxSRzdNb2Y1NjdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqhPMA0G
CSqGSIb3DQEBCwUAA4IBAQA5O7Ses0nMjT2kdNDuo3rgobQ3Ta3BoyfN44uJTU/Y
g9J6NoQDscFwaH2v3D/uPYkk7GSUFMzM8mzQ8r+kBCDIanSaoWLFEoGxwXsJWG5G
BaBjso35ZMKi0L0bhSilc1nMTPdrAPIFdVS1FQd1VO5R3GqHQkwnPapHpm1ITKTi
ChCMupNdXQQu//HTvxeDJtqrlOgfPxafXhaHGsaOVRo+4wkCNcfMD4Y3j8V6X1nK
tMAVhHxpqeGWpQYniBEh07cYDK9bpP69rbZ6a7COWz7ljgy1zLCTG3F5+wo69YqM
JJcG9KazRkpk10KNSXmR2G3Rs30jryeGUuGMmcC0XR/M
-----END CERTIFICATE-----