This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/a1923f-26d7-44be-a2be-03cbdb8ff960/1/2FF_JdmMPpNnVhjdAwhZJqXRuRA.roa
File:                     2FF_JdmMPpNnVhjdAwhZJqXRuRA.roa (raw, json)
Hash identifier:          w0hjY14/3MT2uCVE6s9mvHq0OBPlplAq8WkEPk3Bsz8=
Subject key identifier:   D8:51:7F:25:D9:8C:3E:93:67:56:18:DD:03:08:59:26:A5:D1:B9:10
Certificate issuer:       /CN=01f649b9d0546227b1d4626c2081e4d3da850efe
Certificate serial:       019B76EB445E7718E5393F269BE44DEC41F4
Authority key identifier: 01:F6:49:B9:D0:54:62:27:B1:D4:62:6C:20:81:E4:D3:DA:85:0E:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AfZJudBUYiex1GJsIIHk09qFDv4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/a1923f-26d7-44be-a2be-03cbdb8ff960/1/2FF_JdmMPpNnVhjdAwhZJqXRuRA.roa
Signing time:             Thu 01 Jan 2026 00:18:08 +0000
ROA not before:           Thu 01 Jan 2026 00:18:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207143
IP address blocks:        185.35.28.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/a1923f-26d7-44be-a2be-03cbdb8ff960/1/AfZJudBUYiex1GJsIIHk09qFDv4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/a1923f-26d7-44be-a2be-03cbdb8ff960/1/AfZJudBUYiex1GJsIIHk09qFDv4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AfZJudBUYiex1GJsIIHk09qFDv4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:44:5e:77:18:e5:39:3f:26:9b:e4:4d:ec:41:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01f649b9d0546227b1d4626c2081e4d3da850efe
        Validity
            Not Before: Jan  1 00:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d8517f25d98c3e93675618dd03085926a5d1b910
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:45:3b:8a:e1:21:af:7c:f5:71:1a:98:7e:bb:
                    6c:d2:83:4b:d0:ec:17:12:16:8d:62:2e:cc:00:2a:
                    4e:ff:d0:10:54:8c:f4:12:8c:42:6d:f0:a2:d8:92:
                    3b:fc:d3:cb:cb:29:02:99:59:5a:8f:c1:9d:78:34:
                    c1:1d:eb:de:47:24:0a:dd:23:f0:b7:b9:68:57:ec:
                    75:7c:39:98:fc:65:0a:2e:c7:ab:60:36:04:17:67:
                    5b:52:14:8a:a1:b0:f2:99:49:b7:05:47:08:ed:61:
                    7f:69:b8:1f:7c:43:12:56:1a:ad:bb:25:e9:c9:f5:
                    bd:b6:60:47:0f:34:b0:ec:8c:69:75:1d:51:4c:48:
                    cf:04:20:65:66:1e:80:d2:2e:9b:60:0f:d9:4b:46:
                    20:74:cf:4b:e9:44:e5:02:bb:5a:89:c5:c8:f4:8c:
                    75:e8:65:fc:22:27:9a:d5:3f:74:8f:c1:cf:8b:a9:
                    7c:48:da:7c:8e:b8:1d:4c:81:ad:ff:39:48:d1:35:
                    3f:0e:b8:b8:d3:1c:39:8b:af:78:f9:35:ac:00:2b:
                    ea:14:9d:a1:f6:25:e1:3d:ea:e3:96:41:1a:eb:bc:
                    c4:2c:88:cf:f3:cf:1d:7a:77:48:da:92:13:8f:d5:
                    81:58:97:fa:39:31:1f:10:18:b2:c0:a2:8c:2d:35:
                    92:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:51:7F:25:D9:8C:3E:93:67:56:18:DD:03:08:59:26:A5:D1:B9:10
            X509v3 Authority Key Identifier:
                keyid:01:F6:49:B9:D0:54:62:27:B1:D4:62:6C:20:81:E4:D3:DA:85:0E:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AfZJudBUYiex1GJsIIHk09qFDv4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/a1923f-26d7-44be-a2be-03cbdb8ff960/1/2FF_JdmMPpNnVhjdAwhZJqXRuRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/a1923f-26d7-44be-a2be-03cbdb8ff960/1/AfZJudBUYiex1GJsIIHk09qFDv4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.35.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:93:60:56:34:86:ca:ff:44:7f:1b:66:7e:5b:f0:41:c6:e8:
         02:52:99:94:5e:28:de:42:48:e0:16:e3:a4:43:8a:c2:8c:d9:
         92:0f:e5:d7:e6:8e:24:dc:43:32:36:d7:1b:31:8a:3f:a6:b5:
         c9:9f:21:f3:eb:5e:eb:b8:9a:24:8d:be:68:81:97:e6:f8:48:
         67:08:b0:b5:79:a9:f4:0c:4b:fe:3a:12:39:9e:f5:65:dc:cd:
         56:3f:38:5b:07:7e:18:58:a5:a7:f3:dc:c8:7d:e8:a5:03:6a:
         28:63:66:e5:f8:5f:53:01:00:1a:1b:99:4a:77:76:18:71:e8:
         85:23:1b:b6:a2:97:9d:d9:1e:31:b0:1f:12:c8:e6:7f:e0:fb:
         06:c5:8d:c8:f6:56:a1:7d:36:85:79:fc:44:88:90:5b:99:e0:
         ff:fd:8a:37:18:eb:97:fd:df:af:e7:4c:e7:cb:bc:39:7f:a0:
         e4:56:e8:66:f2:e7:ba:6b:58:54:95:81:cf:0c:49:12:9e:25:
         d3:c6:a1:36:b5:7f:15:b6:2b:30:a8:96:49:11:c9:97:17:41:
         4c:4f:f2:57:d7:4d:6e:05:31:e6:23:32:f5:f9:9a:75:53:f3:
         dc:b2:df:eb:fd:a2:63:7f:77:05:57:d1:a4:2d:36:ca:f6:39:
         52:f4:a4:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt260RedxjlOT8mm+RN7EH0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxZjY0OWI5ZDA1NDYyMjdiMWQ0NjI2YzIwODFlNGQzZGE4
NTBlZmUwHhcNMjYwMTAxMDAxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODUxN2YyNWQ5OGMzZTkzNjc1NjE4ZGQwMzA4NTkyNmE1ZDFiOTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4EU7iuEhr3z1cRqYfrts0oNL0OwX
EhaNYi7MACpO/9AQVIz0EoxCbfCi2JI7/NPLyykCmVlaj8GdeDTBHeveRyQK3SPw
t7loV+x1fDmY/GUKLserYDYEF2dbUhSKobDymUm3BUcI7WF/abgffEMSVhqtuyXp
yfW9tmBHDzSw7IxpdR1RTEjPBCBlZh6A0i6bYA/ZS0YgdM9L6UTlArtaicXI9Ix1
6GX8Iiea1T90j8HPi6l8SNp8jrgdTIGt/zlI0TU/Dri40xw5i694+TWsACvqFJ2h
9iXhPerjlkEa67zELIjP888dendI2pITj9WBWJf6OTEfEBiywKKMLTWSwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhRfyXZjD6TZ1YY3QMIWSal0bkQMB8GA1UdIwQY
MBaAFAH2SbnQVGInsdRibCCB5NPahQ7+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWZaSnVkQlVZaWV4MUdKc0lJSGswOXFGRHY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9hMTkyM2YtMjZkNy00NGJlLWEyYmUt
MDNjYmRiOGZmOTYwLzEvMkZGX0pkbU1QcE5uVmhqZEF3aFpKcVhSdVJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9hMTkyM2YtMjZkNy00NGJlLWEyYmUtMDNjYmRiOGZmOTYw
LzEvQWZaSnVkQlVZaWV4MUdKc0lJSGswOXFGRHY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSMcMA0G
CSqGSIb3DQEBCwUAA4IBAQA8k2BWNIbK/0R/G2Z+W/BBxugCUpmUXijeQkjgFuOk
Q4rCjNmSD+XX5o4k3EMyNtcbMYo/prXJnyHz617ruJokjb5ogZfm+EhnCLC1ean0
DEv+OhI5nvVl3M1WPzhbB34YWKWn89zIfeilA2ooY2bl+F9TAQAaG5lKd3YYceiF
Ixu2oped2R4xsB8SyOZ/4PsGxY3I9lahfTaFefxEiJBbmeD//Yo3GOuX/d+v50zn
y7w5f6DkVuhm8ue6a1hUlYHPDEkSniXTxqE2tX8VtiswqJZJEcmXF0FMT/JX101u
BTHmIzL1+Zp1U/Pcst/r/aJjf3cFV9GkLTbK9jlS9KQe
-----END CERTIFICATE-----