This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/K87a3SozjRNM0L2VSDzBQDss-TM.roa
File:                     K87a3SozjRNM0L2VSDzBQDss-TM.roa (raw, json)
Hash identifier:          7X4hOZNngfP2AOympHac08iUZmiyE7LGoxs4Na6L/lk=
Subject key identifier:   2B:CE:DA:DD:2A:33:8D:13:4C:D0:BD:95:48:3C:C1:40:3B:2C:F9:33
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       019B7AC8DA94CDCBF5ED9E093C1644E1DFE4
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/K87a3SozjRNM0L2VSDzBQDss-TM.roa
Signing time:             Thu 01 Jan 2026 18:19:01 +0000
ROA not before:           Thu 01 Jan 2026 18:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8839
IP address blocks:        213.245.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:da:94:cd:cb:f5:ed:9e:09:3c:16:44:e1:df:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Jan  1 18:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2bcedadd2a338d134cd0bd95483cc1403b2cf933
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b2:11:aa:49:6a:84:22:db:bb:cb:b3:cf:18:
                    f0:25:46:16:1b:8b:dd:ac:2d:46:7e:ef:32:b5:4a:
                    16:5d:cc:71:35:c8:ca:ca:fd:c6:97:97:e7:cb:4f:
                    9b:c7:72:33:a4:de:6c:33:ac:b3:ca:01:22:1c:95:
                    b8:68:a4:4f:76:0e:63:44:c7:08:52:e4:5a:e2:49:
                    a8:29:db:26:84:7f:84:f0:70:e7:81:ef:f2:5e:5f:
                    26:5f:d1:cf:ad:4a:f4:fc:ed:3e:6c:60:9c:4a:65:
                    07:88:52:e1:d3:0d:d3:ff:84:ef:44:f2:75:b1:b2:
                    45:69:a1:93:a2:87:e1:a3:a9:a8:01:31:8e:4f:21:
                    84:ff:bf:76:96:2a:0d:7a:47:d3:ca:f7:ea:af:0d:
                    b4:9d:85:61:87:7e:0f:64:cf:0c:ab:be:28:a6:c8:
                    68:57:14:7a:96:12:5e:f3:a1:a4:ef:01:e2:27:c6:
                    5d:d6:6e:f9:0c:d1:bd:a3:17:af:ed:35:98:51:ed:
                    86:94:1f:a1:a3:08:eb:a5:ac:40:af:b6:25:51:47:
                    a3:ce:62:e2:d7:c3:c2:c3:fd:f8:58:bd:aa:fc:dd:
                    51:5e:ab:e0:5c:da:c3:30:28:21:8c:01:21:d2:8c:
                    11:a2:4c:38:27:d3:7c:14:ed:88:b0:8f:45:25:7b:
                    8e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:CE:DA:DD:2A:33:8D:13:4C:D0:BD:95:48:3C:C1:40:3B:2C:F9:33
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/K87a3SozjRNM0L2VSDzBQDss-TM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.245.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:67:01:2b:dc:41:c9:8f:9e:7f:8b:51:de:cb:5e:73:d4:d9:
         ed:21:86:d1:e4:24:09:64:61:d2:11:ec:ef:5c:95:22:eb:cc:
         51:a0:7e:be:be:35:de:ff:71:72:92:9c:76:2c:e4:ed:32:a1:
         a8:df:3f:92:93:b1:1d:00:90:9a:94:0c:cb:cf:ea:55:04:d5:
         8e:01:79:f7:7a:25:d0:f6:55:ba:47:44:9a:1f:c8:07:e3:54:
         fc:2e:67:6b:3e:6a:28:52:e2:ff:ea:d6:0f:0a:3f:ff:50:07:
         f3:06:36:ad:fb:5e:b3:63:00:ed:a3:49:25:f1:2b:4d:6e:f5:
         4a:27:3f:e6:4f:dc:93:51:6f:53:7a:b0:52:32:81:91:1b:04:
         66:32:fb:3b:06:aa:de:88:ed:94:be:a5:58:20:41:66:a2:44:
         ea:20:32:e5:71:db:5f:7a:46:6c:b9:69:b4:80:ab:ee:82:3f:
         45:42:b6:db:ea:58:1d:17:4a:68:69:ea:b6:1c:84:cc:90:6d:
         57:cb:0b:7b:bd:64:2a:45:c7:72:5b:17:80:85:6c:bb:4c:e9:
         de:e9:a8:09:73:64:fc:ec:63:8d:e4:a1:18:56:a2:67:a6:c6:
         ba:cc:18:7a:ef:30:33:0b:b4:e1:b5:06:fe:aa:c5:a8:b2:84:
         92:f7:bf:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yNqUzcv17Z4JPBZE4d/kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjYwMTAxMTgxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmNlZGFkZDJhMzM4ZDEzNGNkMGJkOTU0ODNjYzE0MDNiMmNmOTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17IRqklqhCLbu8uzzxjwJUYWG4vd
rC1Gfu8ytUoWXcxxNcjKyv3Gl5fny0+bx3IzpN5sM6yzygEiHJW4aKRPdg5jRMcI
UuRa4kmoKdsmhH+E8HDnge/yXl8mX9HPrUr0/O0+bGCcSmUHiFLh0w3T/4TvRPJ1
sbJFaaGToofho6moATGOTyGE/792lioNekfTyvfqrw20nYVhh34PZM8Mq74opsho
VxR6lhJe86Gk7wHiJ8Zd1m75DNG9oxev7TWYUe2GlB+howjrpaxAr7YlUUejzmLi
18PCw/34WL2q/N1RXqvgXNrDMCghjAEh0owRokw4J9N8FO2IsI9FJXuOvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCvO2t0qM40TTNC9lUg8wUA7LPkzMB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvSzg3YTNTb3pqUk5NMEwyVlNEekJRRHNzLVRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1fUCMA0G
CSqGSIb3DQEBCwUAA4IBAQB5ZwEr3EHJj55/i1Hey15z1NntIYbR5CQJZGHSEezv
XJUi68xRoH6+vjXe/3Fykpx2LOTtMqGo3z+Sk7EdAJCalAzLz+pVBNWOAXn3eiXQ
9lW6R0SaH8gH41T8LmdrPmooUuL/6tYPCj//UAfzBjat+16zYwDto0kl8StNbvVK
Jz/mT9yTUW9TerBSMoGRGwRmMvs7BqreiO2UvqVYIEFmokTqIDLlcdtfekZsuWm0
gKvugj9FQrbb6lgdF0poaeq2HITMkG1Xywt7vWQqRcdyWxeAhWy7TOne6agJc2T8
7GON5KEYVqJnpsa6zBh67zAzC7ThtQb+qsWosoSS978P
-----END CERTIFICATE-----