This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/JflWYyfBYnxifwox2r7M8NknVSA.roa
File:                     JflWYyfBYnxifwox2r7M8NknVSA.roa (raw, json)
Hash identifier:          Pl8OpOdvMH38GGVZH482unIcPzq7BrkhWcGHU2KsYcY=
Subject key identifier:   25:F9:56:63:27:C1:62:7C:62:7F:0A:31:DA:BE:CC:F0:D9:27:55:20
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019B797F21D57BE237217E1C06B741930E5E
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/JflWYyfBYnxifwox2r7M8NknVSA.roa
Signing time:             Thu 01 Jan 2026 12:18:53 +0000
ROA not before:           Thu 01 Jan 2026 12:18:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35682
IP address blocks:        138.249.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 05:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:21:d5:7b:e2:37:21:7e:1c:06:b7:41:93:0e:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Jan  1 12:18:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=25f9566327c1627c627f0a31dabeccf0d9275520
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b3:b6:96:c0:28:f6:f6:40:1f:12:c4:9d:12:
                    3a:e5:08:34:0c:bd:31:3a:2a:00:fa:1e:23:4b:5e:
                    69:99:3c:ee:80:bc:64:1c:a5:41:91:2d:ef:ab:ad:
                    23:7e:c2:57:e9:a1:46:6f:ce:50:a0:8a:ee:3a:18:
                    9d:f3:4c:1f:ec:4d:6e:4b:e7:90:63:5a:ff:7c:15:
                    48:d4:40:7f:8a:82:48:e9:4e:78:ab:1c:78:aa:6f:
                    fd:33:f3:5d:68:06:fe:6f:3d:99:5c:fc:a9:d5:d5:
                    fe:0d:b0:0c:83:ea:ba:d8:f0:18:1b:c0:4b:5e:a8:
                    84:16:3a:7d:4a:58:86:1c:07:3d:09:8e:64:2b:aa:
                    8d:a2:01:5a:c9:ae:78:a5:11:c1:2a:f0:3c:cc:e9:
                    6f:10:35:ce:0e:93:dc:65:b7:cd:e3:bb:bd:cb:16:
                    c0:ff:21:3c:57:85:ee:bb:ca:b3:da:09:a9:47:aa:
                    d4:91:2f:d0:18:ac:ae:dd:ef:59:ad:55:e9:f8:a3:
                    c0:79:77:62:1c:18:35:d1:cb:bf:cc:f1:6a:28:05:
                    72:bd:3c:19:d3:e0:b0:4e:a8:17:fa:83:b6:43:58:
                    ae:ae:ac:24:e1:82:aa:1b:bc:a5:fa:f9:d6:72:9d:
                    25:d0:ab:85:81:8b:a3:56:99:ad:82:03:2a:dc:ae:
                    15:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:F9:56:63:27:C1:62:7C:62:7F:0A:31:DA:BE:CC:F0:D9:27:55:20
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/JflWYyfBYnxifwox2r7M8NknVSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.249.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:60:18:c6:34:ad:65:9f:4f:d8:5d:f9:83:45:bf:ab:c4:36:
         9a:4a:b3:91:bf:34:1b:b3:a6:fe:9f:22:59:6c:af:31:43:7d:
         42:96:db:5c:96:01:35:0c:d9:74:c0:df:08:26:5a:5f:3c:2f:
         93:83:19:f4:0e:fa:67:6a:54:25:22:c2:4b:25:14:cc:85:77:
         91:0e:41:b3:99:5a:fd:92:f5:4f:ee:28:46:81:a1:91:19:2f:
         77:8f:5d:57:15:10:be:b9:d5:42:aa:b7:5f:de:fe:14:e1:ae:
         2c:3f:27:a5:77:a3:79:10:e5:d8:23:71:4e:9d:8a:4a:5f:ba:
         83:5c:23:8c:33:dc:75:bd:40:7e:dc:f1:76:d8:5c:ce:c8:17:
         3b:63:c1:81:8e:34:70:43:c3:b1:5b:33:be:77:99:81:aa:ba:
         9c:cb:a3:5f:f7:0f:dc:90:d6:dd:25:41:d2:5a:06:88:5d:46:
         31:9c:fe:98:6d:ec:da:24:4a:59:05:93:08:01:f3:d6:ea:16:
         eb:0a:52:09:38:ad:52:4d:b5:01:88:3c:69:7d:1b:f3:95:2d:
         aa:65:a7:c8:24:05:80:53:0d:74:d4:3e:f8:38:08:e6:72:8e:
         2e:b5:e3:1c:51:a6:51:46:b9:61:89:59:4d:fc:54:cf:2d:2b:
         dd:97:ca:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fyHVe+I3IX4cBrdBkw5eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwMTAxMTIxODUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWY5NTY2MzI3YzE2MjdjNjI3ZjBhMzFkYWJlY2NmMGQ5Mjc1NTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLO2lsAo9vZAHxLEnRI65Qg0DL0x
OioA+h4jS15pmTzugLxkHKVBkS3vq60jfsJX6aFGb85QoIruOhid80wf7E1uS+eQ
Y1r/fBVI1EB/ioJI6U54qxx4qm/9M/NdaAb+bz2ZXPyp1dX+DbAMg+q62PAYG8BL
XqiEFjp9SliGHAc9CY5kK6qNogFaya54pRHBKvA8zOlvEDXODpPcZbfN47u9yxbA
/yE8V4Xuu8qz2gmpR6rUkS/QGKyu3e9ZrVXp+KPAeXdiHBg10cu/zPFqKAVyvTwZ
0+CwTqgX+oO2Q1iurqwk4YKqG7yl+vnWcp0l0KuFgYujVpmtggMq3K4VPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCX5VmMnwWJ8Yn8KMdq+zPDZJ1UgMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvSmZsV1l5ZkJZbnhpZndveDJyN004TmtuVlNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAivkHMA0G
CSqGSIb3DQEBCwUAA4IBAQA0YBjGNK1ln0/YXfmDRb+rxDaaSrORvzQbs6b+nyJZ
bK8xQ31ClttclgE1DNl0wN8IJlpfPC+Tgxn0DvpnalQlIsJLJRTMhXeRDkGzmVr9
kvVP7ihGgaGRGS93j11XFRC+udVCqrdf3v4U4a4sPyeld6N5EOXYI3FOnYpKX7qD
XCOMM9x1vUB+3PF22FzOyBc7Y8GBjjRwQ8OxWzO+d5mBqrqcy6Nf9w/ckNbdJUHS
WgaIXUYxnP6YbezaJEpZBZMIAfPW6hbrClIJOK1STbUBiDxpfRvzlS2qZafIJAWA
Uw101D74OAjmco4uteMcUaZRRrlhiVlN/FTPLSvdl8oa
-----END CERTIFICATE-----