This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/dRFp7_Rv7ZxiwSauRBMluN-pEKU.roa
File:                     dRFp7_Rv7ZxiwSauRBMluN-pEKU.roa (raw, json)
Hash identifier:          rdTD5gnqe2qM3s1kprcKDRhuF/1X8yoX9mqvkh70Jxk=
Subject key identifier:   75:11:69:EF:F4:6F:ED:9C:62:C1:26:AE:44:13:25:B8:DF:A9:10:A5
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019B797F2FC48608A1BF5ACA0450045ACCFD
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/dRFp7_Rv7ZxiwSauRBMluN-pEKU.roa
Signing time:             Thu 01 Jan 2026 12:18:56 +0000
ROA not before:           Thu 01 Jan 2026 12:18:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61223
IP address blocks:        170.168.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 05:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:2f:c4:86:08:a1:bf:5a:ca:04:50:04:5a:cc:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Jan  1 12:18:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=751169eff46fed9c62c126ae441325b8dfa910a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:01:34:c5:f6:88:f4:53:8e:d6:c4:3e:79:87:
                    63:07:ec:50:7c:ae:7a:e2:6c:e2:5e:57:84:d3:dd:
                    11:b7:52:91:b8:71:0a:8f:62:b7:eb:87:44:fe:21:
                    22:d3:31:6d:b2:df:fd:25:91:f2:f8:6c:84:59:3b:
                    63:ba:b9:b9:7b:c2:0f:9a:8a:5e:d0:24:60:a3:01:
                    b8:4c:d0:3c:62:33:09:ac:65:7d:f2:5d:a6:35:f3:
                    c5:8b:30:04:de:48:8d:57:b2:3b:70:f5:e0:39:f7:
                    6e:a0:3d:c6:c8:22:c6:c6:53:b0:38:58:3b:cb:3c:
                    73:50:15:89:d4:bd:35:14:e5:14:25:cf:97:c3:50:
                    f8:43:d0:fc:96:25:65:bb:1c:7e:80:ee:39:e3:f7:
                    8c:68:ec:1d:ba:62:7b:0c:97:83:6f:70:f4:16:a1:
                    32:8d:53:bb:ae:be:3b:c8:c5:dc:8d:a6:d9:43:f3:
                    68:cc:04:33:4a:22:5d:1e:ec:e6:2d:c9:66:0e:b2:
                    b3:7f:06:10:e2:e6:d1:c7:42:d5:33:6c:fa:9f:ec:
                    c4:91:4f:0e:2f:65:41:8e:aa:44:d7:9c:b3:2c:6b:
                    9e:f9:63:85:e2:f4:20:c2:20:b0:7d:bb:37:a1:b7:
                    dc:c7:20:38:3a:3d:53:d0:e5:88:0b:33:81:67:b6:
                    ee:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:11:69:EF:F4:6F:ED:9C:62:C1:26:AE:44:13:25:B8:DF:A9:10:A5
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/dRFp7_Rv7ZxiwSauRBMluN-pEKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:d9:bd:da:af:f6:fa:82:12:65:db:ea:98:79:0b:37:b1:cc:
         fb:56:6e:8d:ad:70:cc:64:dd:1f:fd:6d:ae:ca:ed:c4:f3:30:
         9f:f4:26:0e:b8:e3:6c:07:40:0a:15:4e:43:08:21:f1:17:63:
         1e:ff:52:03:b6:05:76:95:44:17:c1:c9:14:28:54:e8:fc:7e:
         f9:57:ff:cf:58:12:95:98:d9:b9:27:46:00:85:9d:54:f5:64:
         67:7d:36:b9:30:77:79:6c:c7:42:85:f4:a5:b6:63:8a:7f:c8:
         d5:42:05:8f:ff:c2:ba:32:1b:a9:08:46:8c:e6:f2:8d:93:e3:
         76:b9:e4:5e:e5:dc:af:b8:57:12:b9:8c:dd:ce:9d:8e:90:b3:
         61:ae:b2:a4:5b:66:aa:e0:8e:bd:af:d0:0b:dc:4b:a9:ad:27:
         e6:88:14:7a:e6:a0:1d:c2:4c:09:69:e6:99:68:30:d4:4f:a4:
         cb:5e:f0:52:b9:1c:ad:2e:30:93:ed:e1:01:90:9b:89:27:84:
         d9:4d:61:c5:73:5c:98:18:2b:ec:18:89:9a:de:c2:67:b6:2e:
         ef:ab:07:13:30:1e:8a:75:8a:eb:34:a1:f4:0d:f3:50:89:20:
         40:b7:00:20:36:2c:58:d5:73:2b:0a:73:f9:81:a4:50:80:d5:
         29:54:18:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fy/Ehgihv1rKBFAEWsz9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwMTAxMTIxODU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTExNjllZmY0NmZlZDljNjJjMTI2YWU0NDEzMjViOGRmYTkxMGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3wE0xfaI9FOO1sQ+eYdjB+xQfK56
4mziXleE090Rt1KRuHEKj2K364dE/iEi0zFtst/9JZHy+GyEWTtjurm5e8IPmope
0CRgowG4TNA8YjMJrGV98l2mNfPFizAE3kiNV7I7cPXgOfduoD3GyCLGxlOwOFg7
yzxzUBWJ1L01FOUUJc+Xw1D4Q9D8liVluxx+gO454/eMaOwdumJ7DJeDb3D0FqEy
jVO7rr47yMXcjabZQ/NozAQzSiJdHuzmLclmDrKzfwYQ4ubRx0LVM2z6n+zEkU8O
L2VBjqpE15yzLGue+WOF4vQgwiCwfbs3obfcxyA4Oj1T0OWICzOBZ7bu0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHURae/0b+2cYsEmrkQTJbjfqRClMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvZFJGcDdfUnY3Wnhpd1NhdVJCTWx1Ti1wRUtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqgXMA0G
CSqGSIb3DQEBCwUAA4IBAQAF2b3ar/b6ghJl2+qYeQs3scz7Vm6NrXDMZN0f/W2u
yu3E8zCf9CYOuONsB0AKFU5DCCHxF2Me/1IDtgV2lUQXwckUKFTo/H75V//PWBKV
mNm5J0YAhZ1U9WRnfTa5MHd5bMdChfSltmOKf8jVQgWP/8K6MhupCEaM5vKNk+N2
ueRe5dyvuFcSuYzdzp2OkLNhrrKkW2aq4I69r9AL3EuprSfmiBR65qAdwkwJaeaZ
aDDUT6TLXvBSuRytLjCT7eEBkJuJJ4TZTWHFc1yYGCvsGIma3sJnti7vqwcTMB6K
dYrrNKH0DfNQiSBAtwAgNixY1XMrCnP5gaRQgNUpVBjD
-----END CERTIFICATE-----