This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/2aBOuFf59wEBwbLziedpbp6FKYk.roa
File:                     2aBOuFf59wEBwbLziedpbp6FKYk.roa (raw, json)
Hash identifier:          ZSpI5dlzWjQXy3Cna9NEiVVPFJtukMRorD24Z+VlJdk=
Subject key identifier:   D9:A0:4E:B8:57:F9:F7:01:01:C1:B2:F3:89:E7:69:6E:9E:85:29:89
Certificate issuer:       /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial:       019B7A5B32055A5C4415A48C9968B7603BD3
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/2aBOuFf59wEBwbLziedpbp6FKYk.roa
Signing time:             Thu 01 Jan 2026 16:19:15 +0000
ROA not before:           Thu 01 Jan 2026 16:19:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63859
IP address blocks:        151.249.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:32:05:5a:5c:44:15:a4:8c:99:68:b7:60:3b:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
        Validity
            Not Before: Jan  1 16:19:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d9a04eb857f9f70101c1b2f389e7696e9e852989
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0e:2e:c9:f4:72:37:bf:08:cc:ae:e2:df:13:
                    d3:3a:e0:4c:80:d2:60:ba:f3:8f:40:45:b9:10:45:
                    32:cb:41:f5:68:9f:f7:7d:c7:dc:01:31:bc:7f:b0:
                    93:c5:a5:09:f3:de:72:78:98:ed:8b:61:0b:04:ee:
                    28:8d:6b:e3:d1:63:87:b0:2f:64:4a:7b:f3:2d:f8:
                    1e:d7:f5:4a:6d:6d:c5:42:87:e0:bd:52:47:82:e1:
                    26:72:ce:51:6d:c0:25:56:e2:f7:e3:fb:1e:f1:fb:
                    26:ca:a1:50:ba:54:5b:30:42:04:96:24:b3:e4:84:
                    e0:80:5e:6d:8c:d3:6b:a4:52:36:a2:88:75:53:21:
                    87:25:65:88:bd:eb:41:74:39:3b:41:bd:db:fa:81:
                    bd:0b:00:f9:9a:07:a1:63:71:21:e3:c1:7e:7d:28:
                    99:5c:dc:ff:80:a9:48:1e:cc:bd:18:64:ec:61:e0:
                    fe:bd:19:31:f5:7a:79:33:df:d3:fc:d9:a0:a7:27:
                    46:a7:73:b5:d6:bb:25:26:1a:78:cf:4a:61:98:d3:
                    0c:23:77:9d:4b:ed:13:b3:fb:79:9f:48:d8:bd:23:
                    28:10:c0:8d:30:0c:eb:f7:c8:0b:11:e8:29:85:e7:
                    10:80:3d:ef:ff:78:6c:ac:7a:fe:23:c5:8c:21:57:
                    5c:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:A0:4E:B8:57:F9:F7:01:01:C1:B2:F3:89:E7:69:6E:9E:85:29:89
            X509v3 Authority Key Identifier:
                keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/2aBOuFf59wEBwbLziedpbp6FKYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.249.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:53:ce:37:ad:84:21:e6:a2:a5:46:c4:c6:e0:4b:13:0c:3b:
         5a:83:7c:f6:8e:cb:3a:63:24:90:c3:8a:20:aa:f8:f0:e2:77:
         d9:bd:bc:2b:9f:47:16:68:58:c7:16:2b:cf:79:ef:b0:35:fd:
         fe:ff:b3:80:e0:5c:86:18:be:23:64:6e:e1:05:66:66:ee:ad:
         9b:c1:5e:1e:d9:c3:81:f5:ed:50:37:27:5c:23:00:b2:e6:24:
         7f:7b:c4:34:53:a4:aa:20:5d:fc:25:ff:d3:97:05:4d:18:0d:
         af:56:8f:01:fd:36:b9:95:ab:74:ce:72:70:0f:2f:bf:45:8e:
         4a:cc:01:48:5b:1d:1c:3b:ed:29:e7:61:a3:1e:62:8c:0d:70:
         d6:ce:33:8c:25:b3:cb:95:5c:f6:93:4b:91:97:15:03:ee:a2:
         4e:a2:b7:74:ab:e5:e1:5d:0a:1e:ea:38:85:47:a9:5f:44:81:
         16:c4:b1:ea:72:4e:b7:a0:53:d7:f5:e0:f9:92:58:19:65:be:
         de:c7:bd:b8:b9:c5:76:97:f3:ec:80:30:7e:71:d0:92:97:09:
         71:44:23:49:f8:fb:19:82:eb:0c:39:c2:6a:8c:73:e0:ac:93:
         15:4f:d0:25:75:85:77:07:2e:57:50:e4:b3:56:cb:5e:77:07:
         a8:f4:24:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WzIFWlxEFaSMmWi3YDvTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjYwMTAxMTYxOTE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWEwNGViODU3ZjlmNzAxMDFjMWIyZjM4OWU3Njk2ZTllODUyOTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAww4uyfRyN78IzK7i3xPTOuBMgNJg
uvOPQEW5EEUyy0H1aJ/3fcfcATG8f7CTxaUJ895yeJjti2ELBO4ojWvj0WOHsC9k
SnvzLfge1/VKbW3FQofgvVJHguEmcs5RbcAlVuL34/se8fsmyqFQulRbMEIEliSz
5ITggF5tjNNrpFI2ooh1UyGHJWWIvetBdDk7Qb3b+oG9CwD5mgehY3Eh48F+fSiZ
XNz/gKlIHsy9GGTsYeD+vRkx9Xp5M9/T/NmgpydGp3O11rslJhp4z0phmNMMI3ed
S+0Ts/t5n0jYvSMoEMCNMAzr98gLEegphecQgD3v/3hsrHr+I8WMIVdctwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNmgTrhX+fcBAcGy84nnaW6ehSmJMB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvMmFCT3VGZjU5d0VCd2JMemllZHBicDZGS1lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/lfMA0G
CSqGSIb3DQEBCwUAA4IBAQBeU843rYQh5qKlRsTG4EsTDDtag3z2jss6YySQw4og
qvjw4nfZvbwrn0cWaFjHFivPee+wNf3+/7OA4FyGGL4jZG7hBWZm7q2bwV4e2cOB
9e1QNydcIwCy5iR/e8Q0U6SqIF38Jf/TlwVNGA2vVo8B/Ta5lat0znJwDy+/RY5K
zAFIWx0cO+0p52GjHmKMDXDWzjOMJbPLlVz2k0uRlxUD7qJOord0q+XhXQoe6jiF
R6lfRIEWxLHqck63oFPX9eD5klgZZb7ex724ucV2l/PsgDB+cdCSlwlxRCNJ+PsZ
gusMOcJqjHPgrJMVT9AldYV3By5XUOSzVstedweo9CSH
-----END CERTIFICATE-----