This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/2jrszJlgV71mCpgTFgHjigRHN0o.roa
File:                     2jrszJlgV71mCpgTFgHjigRHN0o.roa (raw, json)
Hash identifier:          WSCn/RX/PMY99fcjdFAAZEiGRwDYCQ00UuZMQjGF8MQ=
Subject key identifier:   DA:3A:EC:CC:99:60:57:BD:66:0A:98:13:16:01:E3:8A:04:47:37:4A
Certificate issuer:       /CN=4ee843a85dd664e9dc0310892bd7dd9ce52591c7
Certificate serial:       019B78A3611F9071732A40ACD056E0B2FBA4
Authority key identifier: 4E:E8:43:A8:5D:D6:64:E9:DC:03:10:89:2B:D7:DD:9C:E5:25:91:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/2jrszJlgV71mCpgTFgHjigRHN0o.roa
Signing time:             Thu 01 Jan 2026 08:18:51 +0000
ROA not before:           Thu 01 Jan 2026 08:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50056
IP address blocks:        185.217.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:61:1f:90:71:73:2a:40:ac:d0:56:e0:b2:fb:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ee843a85dd664e9dc0310892bd7dd9ce52591c7
        Validity
            Not Before: Jan  1 08:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da3aeccc996057bd660a98131601e38a0447374a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:12:40:51:e0:c6:9b:56:8b:ce:0a:00:1e:e8:
                    62:55:2f:78:6b:24:90:a8:0d:3d:0a:70:33:ba:2e:
                    d7:e0:ae:45:e8:d4:4c:c8:8c:6c:e6:97:cd:0f:f7:
                    55:19:b2:f5:5e:66:1a:c1:d2:b3:ce:4c:6c:22:15:
                    bc:7b:5b:5c:47:42:7f:3c:fb:28:a9:f9:06:d5:ff:
                    d1:bd:d1:6e:26:87:2c:a0:f0:c5:c8:68:b0:12:6f:
                    f5:80:c1:31:96:17:83:08:50:59:6d:e1:34:8a:70:
                    41:9c:b6:36:b5:fa:d7:07:e5:9a:70:c6:04:0a:05:
                    1e:c3:51:d8:40:87:b4:d5:01:81:36:4a:63:9f:96:
                    bb:be:77:e4:c1:ff:87:0d:4d:eb:09:98:bd:3e:76:
                    81:42:63:2f:7c:71:38:68:ae:16:1a:a3:eb:ac:97:
                    db:7f:1c:1a:01:b2:cb:28:f3:71:33:99:c9:d6:13:
                    c3:de:ff:64:f2:47:6c:2a:77:e0:41:4d:c3:be:a9:
                    ef:30:bb:68:c7:20:fe:3b:00:1e:78:f5:f1:37:73:
                    9b:b0:4b:ca:70:b8:9b:b0:e3:7f:7b:90:4d:e5:37:
                    df:7a:ae:ab:80:11:ef:fb:77:3f:1b:60:55:38:63:
                    be:92:f5:6e:0b:2c:d4:86:ff:fc:e9:a1:75:6f:a5:
                    bd:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:3A:EC:CC:99:60:57:BD:66:0A:98:13:16:01:E3:8A:04:47:37:4A
            X509v3 Authority Key Identifier:
                keyid:4E:E8:43:A8:5D:D6:64:E9:DC:03:10:89:2B:D7:DD:9C:E5:25:91:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/2jrszJlgV71mCpgTFgHjigRHN0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:8f:81:17:7b:78:fd:a7:49:ac:91:7b:fc:5a:b5:b2:c1:cd:
         ce:d0:7c:d4:5a:08:5f:19:35:77:2c:42:2c:a4:6c:70:46:22:
         28:31:73:fc:4d:8d:30:89:09:30:f9:37:4d:c3:71:54:02:75:
         c6:63:bf:45:58:46:42:5a:25:0c:63:20:e1:d7:ba:d7:f9:38:
         74:52:0b:1f:c6:6b:ac:3a:d1:05:df:51:e3:6e:f9:00:dd:21:
         a1:f1:a7:3b:b4:44:ef:28:48:a8:11:1f:de:11:a9:51:fc:59:
         e1:da:6b:ab:52:70:2d:9b:79:3b:29:4d:94:f2:ee:b6:68:a8:
         80:11:97:d8:a5:50:d3:64:fd:fc:48:d6:00:f5:ff:4a:ae:34:
         0d:0b:c8:e4:81:c6:9f:ab:11:4b:61:00:b8:be:79:80:25:ff:
         99:a0:4f:72:93:12:7b:b6:77:61:88:ab:25:a6:1e:89:b4:c0:
         eb:35:56:0a:34:9a:fb:11:79:ed:92:a3:a1:16:c4:95:be:62:
         17:66:8d:ac:55:72:40:a2:69:d7:94:44:5c:2e:cb:dd:6a:73:
         1e:3e:61:02:77:0d:f7:5b:88:92:06:e6:cc:dc:87:69:cb:80:
         97:9a:17:2a:52:8f:98:44:ac:28:d9:4d:f9:7a:32:ed:36:21:
         80:4b:65:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4o2EfkHFzKkCs0FbgsvukMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZTg0M2E4NWRkNjY0ZTlkYzAzMTA4OTJiZDdkZDljZTUy
NTkxYzcwHhcNMjYwMTAxMDgxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTNhZWNjYzk5NjA1N2JkNjYwYTk4MTMxNjAxZTM4YTA0NDczNzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxJAUeDGm1aLzgoAHuhiVS94aySQ
qA09CnAzui7X4K5F6NRMyIxs5pfND/dVGbL1XmYawdKzzkxsIhW8e1tcR0J/PPso
qfkG1f/RvdFuJocsoPDFyGiwEm/1gMExlheDCFBZbeE0inBBnLY2tfrXB+WacMYE
CgUew1HYQIe01QGBNkpjn5a7vnfkwf+HDU3rCZi9PnaBQmMvfHE4aK4WGqPrrJfb
fxwaAbLLKPNxM5nJ1hPD3v9k8kdsKnfgQU3DvqnvMLtoxyD+OwAeePXxN3ObsEvK
cLibsON/e5BN5Tffeq6rgBHv+3c/G2BVOGO+kvVuCyzUhv/86aF1b6W9SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNo67MyZYFe9ZgqYExYB44oERzdKMB8GA1UdIwQY
MBaAFE7oQ6hd1mTp3AMQiSvX3ZzlJZHHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHVoRHFGM1daT25jQXhDSks5ZmRuT1Vsa2NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9hZGFkMjAtYzUxMi00ZmIwLWExMjct
NDhjZjQxMmIzODdiLzEvMmpyc3pKbGdWNzFtQ3BnVEZnSGppZ1JITjBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9hZGFkMjAtYzUxMi00ZmIwLWExMjctNDhjZjQxMmIzODdi
LzEvVHVoRHFGM1daT25jQXhDSks5ZmRuT1Vsa2NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudmlMA0G
CSqGSIb3DQEBCwUAA4IBAQBOj4EXe3j9p0mskXv8WrWywc3O0HzUWghfGTV3LEIs
pGxwRiIoMXP8TY0wiQkw+TdNw3FUAnXGY79FWEZCWiUMYyDh17rX+Th0Ugsfxmus
OtEF31HjbvkA3SGh8ac7tETvKEioER/eEalR/Fnh2murUnAtm3k7KU2U8u62aKiA
EZfYpVDTZP38SNYA9f9KrjQNC8jkgcafqxFLYQC4vnmAJf+ZoE9ykxJ7tndhiKsl
ph6JtMDrNVYKNJr7EXntkqOhFsSVvmIXZo2sVXJAomnXlERcLsvdanMePmECdw33
W4iSBubM3Idpy4CXmhcqUo+YRKwo2U35ejLtNiGAS2WJ
-----END CERTIFICATE-----