This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/dff181-2b76-4ca2-96e4-6b158b22b48f/1/2A0tOUxx1jRAdQbbBEQYCyO6q2A.roa
File:                     2A0tOUxx1jRAdQbbBEQYCyO6q2A.roa (raw, json)
Hash identifier:          /b2wneTZen/fW0tEw9EyQoVhwLVdm5eunsXsaX5W9vg=
Subject key identifier:   D8:0D:2D:39:4C:71:D6:34:40:75:06:DB:04:44:18:0B:23:BA:AB:60
Certificate issuer:       /CN=0314514897a0aa3ffbf45b48606124627f15e506
Certificate serial:       019B7AC86D80EDAA3783B0BF1387E267B816
Authority key identifier: 03:14:51:48:97:A0:AA:3F:FB:F4:5B:48:60:61:24:62:7F:15:E5:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AxRRSJegqj_79FtIYGEkYn8V5QY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/dff181-2b76-4ca2-96e4-6b158b22b48f/1/2A0tOUxx1jRAdQbbBEQYCyO6q2A.roa
Signing time:             Thu 01 Jan 2026 18:18:34 +0000
ROA not before:           Thu 01 Jan 2026 18:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31027
IP address blocks:        37.140.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/dff181-2b76-4ca2-96e4-6b158b22b48f/1/AxRRSJegqj_79FtIYGEkYn8V5QY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/dff181-2b76-4ca2-96e4-6b158b22b48f/1/AxRRSJegqj_79FtIYGEkYn8V5QY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AxRRSJegqj_79FtIYGEkYn8V5QY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:6d:80:ed:aa:37:83:b0:bf:13:87:e2:67:b8:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0314514897a0aa3ffbf45b48606124627f15e506
        Validity
            Not Before: Jan  1 18:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d80d2d394c71d634407506db0444180b23baab60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:d1:1c:f6:25:52:fe:c7:c2:06:d7:d9:e1:22:
                    4f:a3:55:3e:c2:78:97:2c:9f:b3:5a:84:56:22:d9:
                    71:8b:3f:53:a6:f9:00:67:73:85:ca:19:09:72:70:
                    19:f3:b5:e5:d3:6e:83:ea:ee:b2:41:75:8c:2a:be:
                    c1:94:04:6c:c8:f4:5c:e0:15:2c:04:5b:d0:b0:19:
                    40:d4:db:3f:b3:0c:71:ea:d7:75:4b:22:4c:fe:fa:
                    b2:47:eb:0c:6d:7a:0d:cf:11:36:2f:37:62:8b:dd:
                    9b:d0:10:20:76:95:f1:5c:66:48:5f:cf:26:dc:fc:
                    68:f6:77:b5:78:46:79:01:8c:47:e3:d0:76:05:df:
                    c8:1f:cc:e0:08:40:59:bb:62:e7:10:85:7d:ae:de:
                    57:e1:0f:a7:65:f7:f6:80:96:2f:51:0b:d2:e7:05:
                    8a:7f:86:80:28:81:cb:ec:d4:40:c8:e3:6c:24:47:
                    90:78:23:53:47:65:db:bd:1d:db:78:e4:19:ee:01:
                    dc:2b:75:ab:1e:3b:61:be:4b:69:04:43:3b:4b:cc:
                    bd:2f:5b:96:8c:27:ef:18:2b:44:93:94:ba:f4:cb:
                    23:94:cd:c0:04:3a:98:e6:14:03:31:fa:64:fe:ed:
                    e6:2d:82:56:a9:7a:5f:12:06:37:a7:34:c9:b9:5f:
                    c6:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:0D:2D:39:4C:71:D6:34:40:75:06:DB:04:44:18:0B:23:BA:AB:60
            X509v3 Authority Key Identifier:
                keyid:03:14:51:48:97:A0:AA:3F:FB:F4:5B:48:60:61:24:62:7F:15:E5:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AxRRSJegqj_79FtIYGEkYn8V5QY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/dff181-2b76-4ca2-96e4-6b158b22b48f/1/2A0tOUxx1jRAdQbbBEQYCyO6q2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/dff181-2b76-4ca2-96e4-6b158b22b48f/1/AxRRSJegqj_79FtIYGEkYn8V5QY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.140.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:b8:b3:96:47:ba:cf:1d:c7:d5:64:6c:4b:b8:83:54:b5:f8:
         f6:b6:a2:a9:58:0e:e3:39:16:3b:ab:cb:6c:5e:1e:d5:51:14:
         16:9e:bd:68:d8:8c:f0:66:b7:55:9b:62:92:94:7a:20:b3:16:
         e7:18:fb:15:8d:43:3f:cb:ea:a9:48:71:83:1e:73:95:73:61:
         13:0c:53:e1:de:a2:6f:67:d9:5f:84:28:b4:6a:00:86:6a:9d:
         be:3f:96:ad:5a:8f:bb:a2:dd:53:5b:a5:dc:fb:c9:1e:01:ab:
         e4:88:14:14:ca:13:58:35:e6:f2:61:aa:1f:bb:58:c5:de:ac:
         8e:d9:5a:66:fd:df:31:1f:38:11:4f:2e:f1:75:bc:91:df:ba:
         24:bb:0f:b6:47:3e:0b:f6:be:b1:b2:67:48:a4:ab:e8:73:94:
         83:68:fb:f0:2e:9c:2c:b8:b4:94:dd:f0:c1:66:e8:77:79:df:
         a9:06:e7:3a:2a:a9:06:33:7d:e7:8b:76:4c:22:a7:87:17:4c:
         4b:60:52:a2:da:95:bd:bf:5c:88:5c:a3:d1:66:9c:ae:40:5f:
         85:b9:ac:03:d3:06:da:60:7c:e5:f2:0b:e9:11:6f:9d:6d:49:
         70:fa:71:21:12:32:b2:2f:43:5c:fe:b5:ee:71:6f:f7:00:cf:
         f7:bc:84:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yG2A7ao3g7C/E4fiZ7gWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMTQ1MTQ4OTdhMGFhM2ZmYmY0NWI0ODYwNjEyNDYyN2Yx
NWU1MDYwHhcNMjYwMTAxMTgxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODBkMmQzOTRjNzFkNjM0NDA3NTA2ZGIwNDQ0MTgwYjIzYmFhYjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7dEc9iVS/sfCBtfZ4SJPo1U+wniX
LJ+zWoRWItlxiz9TpvkAZ3OFyhkJcnAZ87Xl026D6u6yQXWMKr7BlARsyPRc4BUs
BFvQsBlA1Ns/swxx6td1SyJM/vqyR+sMbXoNzxE2Lzdii92b0BAgdpXxXGZIX88m
3Pxo9ne1eEZ5AYxH49B2Bd/IH8zgCEBZu2LnEIV9rt5X4Q+nZff2gJYvUQvS5wWK
f4aAKIHL7NRAyONsJEeQeCNTR2XbvR3beOQZ7gHcK3WrHjthvktpBEM7S8y9L1uW
jCfvGCtEk5S69MsjlM3ABDqY5hQDMfpk/u3mLYJWqXpfEgY3pzTJuV/GlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgNLTlMcdY0QHUG2wREGAsjuqtgMB8GA1UdIwQY
MBaAFAMUUUiXoKo/+/RbSGBhJGJ/FeUGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXhSUlNKZWdxal83OUZ0SVlHRWtZbjhWNVFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9kZmYxODEtMmI3Ni00Y2EyLTk2ZTQt
NmIxNThiMjJiNDhmLzEvMkEwdE9VeHgxalJBZFFiYkJFUVlDeU82cTJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9kZmYxODEtMmI3Ni00Y2EyLTk2ZTQtNmIxNThiMjJiNDhm
LzEvQXhSUlNKZWdxal83OUZ0SVlHRWtZbjhWNVFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJYzbMA0G
CSqGSIb3DQEBCwUAA4IBAQB9uLOWR7rPHcfVZGxLuINUtfj2tqKpWA7jORY7q8ts
Xh7VURQWnr1o2IzwZrdVm2KSlHogsxbnGPsVjUM/y+qpSHGDHnOVc2ETDFPh3qJv
Z9lfhCi0agCGap2+P5atWo+7ot1TW6Xc+8keAavkiBQUyhNYNebyYaofu1jF3qyO
2Vpm/d8xHzgRTy7xdbyR37okuw+2Rz4L9r6xsmdIpKvoc5SDaPvwLpwsuLSU3fDB
Zuh3ed+pBuc6KqkGM33ni3ZMIqeHF0xLYFKi2pW9v1yIXKPRZpyuQF+FuawD0wba
YHzl8gvpEW+dbUlw+nEhEjKyL0Nc/rXucW/3AM/3vISk
-----END CERTIFICATE-----