This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/07476c-2c5b-40e9-b562-54fa30864c21/1/P2B766sld6YbwOxda85NHhDsjNc.roa
File:                     P2B766sld6YbwOxda85NHhDsjNc.roa (raw, json)
Hash identifier:          Rh+n3/ugGLGil4AXCXWWDwwftkzN5fZJ5lMUe38d6gg=
Subject key identifier:   3F:60:7B:EB:AB:25:77:A6:1B:C0:EC:5D:6B:CE:4D:1E:10:EC:8C:D7
Certificate issuer:       /CN=ce56aa0e21558c92a48654244e05961a1fcfa0f2
Certificate serial:       019B7C123E52BE7B9622E2E5D78B07FA2B90
Authority key identifier: CE:56:AA:0E:21:55:8C:92:A4:86:54:24:4E:05:96:1A:1F:CF:A0:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zlaqDiFVjJKkhlQkTgWWGh_PoPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/07476c-2c5b-40e9-b562-54fa30864c21/1/P2B766sld6YbwOxda85NHhDsjNc.roa
Signing time:             Fri 02 Jan 2026 00:18:48 +0000
ROA not before:           Fri 02 Jan 2026 00:18:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1103
IP address blocks:        137.224.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/07476c-2c5b-40e9-b562-54fa30864c21/1/zlaqDiFVjJKkhlQkTgWWGh_PoPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/07476c-2c5b-40e9-b562-54fa30864c21/1/zlaqDiFVjJKkhlQkTgWWGh_PoPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zlaqDiFVjJKkhlQkTgWWGh_PoPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:3e:52:be:7b:96:22:e2:e5:d7:8b:07:fa:2b:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce56aa0e21558c92a48654244e05961a1fcfa0f2
        Validity
            Not Before: Jan  2 00:18:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f607bebab2577a61bc0ec5d6bce4d1e10ec8cd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:8e:49:7a:55:f1:b8:c8:bc:56:21:5a:5f:77:
                    1b:03:35:72:71:48:12:2e:9e:fc:ed:30:c8:ae:a3:
                    74:68:24:3c:7c:1d:15:52:0e:19:26:f3:20:4b:ea:
                    03:fd:57:7a:e1:1a:08:b7:43:f7:dd:63:ed:82:93:
                    a1:9a:ac:14:34:71:4b:6c:d1:58:3b:6b:8f:e2:75:
                    b9:3a:f0:b9:b3:12:28:d7:b8:58:09:6b:20:d9:cd:
                    28:ee:59:ce:42:0d:b1:38:c7:de:20:b9:33:bf:8c:
                    64:12:14:29:e5:57:8f:f0:46:0d:4f:23:40:a9:9a:
                    6c:34:97:c5:bf:55:08:a4:39:5c:3e:76:70:35:24:
                    cb:c3:13:c0:51:26:26:5f:90:46:26:a9:9f:bd:4c:
                    59:95:8d:9e:36:37:bd:d1:2d:2c:08:8e:16:6f:cd:
                    99:ab:e2:4a:14:0f:ee:9a:06:eb:05:21:76:2a:3a:
                    df:22:f0:9b:64:88:51:e6:74:4a:de:13:f4:db:fe:
                    6e:a5:d5:ac:9c:0e:a2:a5:75:6d:9b:66:d4:e4:3f:
                    9e:d5:99:ba:41:b8:4a:c6:b1:b2:b9:f2:90:f3:ae:
                    58:ee:50:7f:96:1b:96:b4:65:28:01:86:05:ca:c2:
                    d5:36:1c:2d:19:c8:df:81:f1:45:02:53:51:c6:cf:
                    e8:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:60:7B:EB:AB:25:77:A6:1B:C0:EC:5D:6B:CE:4D:1E:10:EC:8C:D7
            X509v3 Authority Key Identifier:
                keyid:CE:56:AA:0E:21:55:8C:92:A4:86:54:24:4E:05:96:1A:1F:CF:A0:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zlaqDiFVjJKkhlQkTgWWGh_PoPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/07476c-2c5b-40e9-b562-54fa30864c21/1/P2B766sld6YbwOxda85NHhDsjNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/07476c-2c5b-40e9-b562-54fa30864c21/1/zlaqDiFVjJKkhlQkTgWWGh_PoPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.224.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         17:55:c2:7b:35:d8:62:06:d7:b1:52:ba:f7:1b:cb:15:b7:32:
         7a:57:8f:84:7e:ba:6f:1b:01:f8:ac:76:f2:59:47:69:53:92:
         34:c1:5e:23:27:8a:7d:49:b0:cd:b7:42:22:9f:58:fb:fe:60:
         7b:d9:16:d3:10:59:9c:93:a2:2a:b0:bd:82:d9:91:12:6b:4a:
         4e:07:81:e8:50:61:29:53:9a:ee:63:b3:30:35:91:48:b2:8c:
         52:7c:2b:12:49:34:c5:38:73:92:05:1f:20:0b:48:d0:15:7c:
         b0:b5:34:c1:0a:5f:7e:b7:88:f2:31:42:cf:81:53:61:cb:43:
         04:b6:6d:7a:c7:b0:22:04:3b:f3:a1:0b:30:c1:25:d2:c2:9c:
         3b:29:53:c4:8b:6a:99:0d:53:61:54:c0:58:96:55:43:ef:2f:
         1b:0d:44:90:27:27:d4:53:2e:c7:d4:a9:27:68:44:48:51:70:
         e1:e8:c0:b0:ca:73:7f:0f:88:09:23:6b:cb:d1:82:86:14:62:
         f3:9c:35:a7:24:a2:3d:39:b7:34:5f:a3:b2:2f:35:4b:a3:de:
         0f:a2:21:2a:ef:a5:b3:3a:e9:d1:a8:7d:41:b4:84:88:53:a6:
         1b:b7:33:3f:92:9b:e1:3d:22:2f:11:20:2b:14:9f:f3:57:7f:
         18:47:46:ac
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt8Ej5SvnuWIuLl14sH+iuQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlNTZhYTBlMjE1NThjOTJhNDg2NTQyNDRlMDU5NjFhMWZj
ZmEwZjIwHhcNMjYwMTAyMDAxODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjYwN2JlYmFiMjU3N2E2MWJjMGVjNWQ2YmNlNGQxZTEwZWM4Y2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuY5JelXxuMi8ViFaX3cbAzVycUgS
Lp787TDIrqN0aCQ8fB0VUg4ZJvMgS+oD/Vd64RoIt0P33WPtgpOhmqwUNHFLbNFY
O2uP4nW5OvC5sxIo17hYCWsg2c0o7lnOQg2xOMfeILkzv4xkEhQp5VeP8EYNTyNA
qZpsNJfFv1UIpDlcPnZwNSTLwxPAUSYmX5BGJqmfvUxZlY2eNje90S0sCI4Wb82Z
q+JKFA/umgbrBSF2KjrfIvCbZIhR5nRK3hP02/5updWsnA6ipXVtm2bU5D+e1Zm6
QbhKxrGyufKQ865Y7lB/lhuWtGUoAYYFysLVNhwtGcjfgfFFAlNRxs/oBwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFD9ge+urJXemG8DsXWvOTR4Q7IzXMB8GA1UdIwQY
MBaAFM5Wqg4hVYySpIZUJE4Flhofz6DyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemxhcURpRlZqSktraGxRa1RnV1dHaF9Qb1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8wNzQ3NmMtMmM1Yi00MGU5LWI1NjIt
NTRmYTMwODY0YzIxLzEvUDJCNzY2c2xkNllid094ZGE4NU5IaERzak5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8wNzQ3NmMtMmM1Yi00MGU5LWI1NjItNTRmYTMwODY0YzIx
LzEvemxhcURpRlZqSktraGxRa1RnV1dHaF9Qb1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAieAwDQYJ
KoZIhvcNAQELBQADggEBABdVwns12GIG17FSuvcbyxW3MnpXj4R+um8bAfisdvJZ
R2lTkjTBXiMnin1JsM23QiKfWPv+YHvZFtMQWZyToiqwvYLZkRJrSk4HgehQYSlT
mu5jszA1kUiyjFJ8KxJJNMU4c5IFHyALSNAVfLC1NMEKX363iPIxQs+BU2HLQwS2
bXrHsCIEO/OhCzDBJdLCnDspU8SLapkNU2FUwFiWVUPvLxsNRJAnJ9RTLsfUqSdo
REhRcOHowLDKc38PiAkja8vRgoYUYvOcNackoj05tzRfo7IvNUuj3g+iISrvpbM6
6dGofUG0hIhTphu3Mz+Sm+E9Ii8RICsUn/NXfxhHRqw=
-----END CERTIFICATE-----