This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/2gPQsLQidFlNoUpg4gg_ADdL3W4.roa
File:                     2gPQsLQidFlNoUpg4gg_ADdL3W4.roa (raw, json)
Hash identifier:          dR7WJFM9E+NBkuHWztfqhsy3xUJg6ogHIBnI4hJZhs0=
Subject key identifier:   DA:03:D0:B0:B4:22:74:59:4D:A1:4A:60:E2:08:3F:00:37:4B:DD:6E
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       019B7E37E64A1ACDD9E6F622F4D44BB7D118
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/2gPQsLQidFlNoUpg4gg_ADdL3W4.roa
Signing time:             Fri 02 Jan 2026 10:19:11 +0000
ROA not before:           Fri 02 Jan 2026 10:19:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42337
IP address blocks:        185.215.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 10:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:e6:4a:1a:cd:d9:e6:f6:22:f4:d4:4b:b7:d1:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jan  2 10:19:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da03d0b0b42274594da14a60e2083f00374bdd6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:9b:0a:4e:ad:3a:7e:46:aa:21:b4:c6:58:42:
                    9e:1e:3c:a0:bd:9c:e7:4c:04:32:6b:70:5d:88:33:
                    7e:40:48:5e:b5:05:e3:d6:0b:7c:35:4e:c2:ea:a6:
                    ac:65:42:84:03:f8:45:f7:01:b6:e0:2b:d1:55:4e:
                    6a:5d:c8:1f:64:86:53:0a:2d:41:38:55:36:2f:e8:
                    a5:81:08:bb:d3:cb:d7:42:67:0d:58:6c:0a:49:61:
                    dd:a6:ee:41:50:62:a8:d4:38:87:7f:d4:d4:aa:af:
                    fb:8e:30:6b:ba:bc:64:a0:60:bf:17:67:f7:1c:c5:
                    c3:8a:56:2b:38:ac:72:7f:c1:92:b3:b0:4b:ed:12:
                    17:ed:70:27:33:f0:79:54:c0:5a:24:85:7b:0d:41:
                    c9:09:9a:f6:f5:30:48:ef:c6:fa:24:f9:f3:b7:4c:
                    66:26:e1:9a:df:9c:22:d9:0c:4a:de:35:1d:40:55:
                    50:f2:6b:4d:1c:67:a1:f4:96:84:65:d7:0e:be:2b:
                    d5:22:f1:3d:c4:55:1d:8a:15:e0:20:26:62:71:14:
                    3f:2e:22:d6:52:fa:8f:a0:69:2f:96:f2:b9:93:bf:
                    a9:10:f7:2e:e8:e9:1c:0b:5b:80:3b:4b:34:23:04:
                    49:57:04:38:dd:72:21:eb:df:2a:df:c7:9a:ba:f9:
                    a7:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:03:D0:B0:B4:22:74:59:4D:A1:4A:60:E2:08:3F:00:37:4B:DD:6E
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/2gPQsLQidFlNoUpg4gg_ADdL3W4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.215.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:c7:6a:53:6d:5a:51:17:0f:f0:5a:ac:22:00:fb:1e:33:c5:
         bb:c7:86:24:b2:30:92:d5:93:79:b4:9b:68:a0:cb:34:09:fa:
         86:11:5c:18:55:ac:4a:fd:c5:b8:5c:03:43:93:38:cc:75:13:
         d0:af:42:2c:85:a8:66:b0:47:28:46:d8:17:5b:6b:1a:ee:b6:
         0e:96:e6:00:cb:fd:62:c4:74:a4:60:2c:8a:fb:f5:e5:f5:1f:
         99:38:a4:94:df:e8:83:63:24:18:8f:66:69:26:b3:88:f2:4e:
         8f:92:3d:28:c1:e2:c5:5d:80:b2:e9:a6:f7:a3:90:95:73:f8:
         75:88:4e:ac:67:4a:7b:54:39:0f:c8:0c:af:a1:37:f4:ed:9d:
         21:ff:38:e4:84:65:fc:92:c7:ed:94:85:97:82:0e:6f:30:4b:
         a2:b0:09:0f:7c:d9:6e:39:10:69:e8:11:ac:31:0d:dc:46:64:
         db:3e:67:52:e7:5e:59:21:48:4a:ab:91:24:9b:ce:85:14:47:
         44:eb:00:24:da:27:bf:94:b7:57:14:a6:11:7e:28:86:29:44:
         96:e4:eb:b0:a7:10:e1:69:14:cd:7d:09:0c:5f:af:a0:dc:f1:
         84:d1:49:73:e4:5b:c8:95:b6:f4:88:5b:5d:a9:56:1a:02:c5:
         18:be:c1:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N+ZKGs3Z5vYi9NRLt9EYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjYwMTAyMTAxOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTAzZDBiMGI0MjI3NDU5NGRhMTRhNjBlMjA4M2YwMDM3NGJkZDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZsKTq06fkaqIbTGWEKeHjygvZzn
TAQya3BdiDN+QEhetQXj1gt8NU7C6qasZUKEA/hF9wG24CvRVU5qXcgfZIZTCi1B
OFU2L+ilgQi708vXQmcNWGwKSWHdpu5BUGKo1DiHf9TUqq/7jjBrurxkoGC/F2f3
HMXDilYrOKxyf8GSs7BL7RIX7XAnM/B5VMBaJIV7DUHJCZr29TBI78b6JPnzt0xm
JuGa35wi2QxK3jUdQFVQ8mtNHGeh9JaEZdcOvivVIvE9xFUdihXgICZicRQ/LiLW
UvqPoGkvlvK5k7+pEPcu6OkcC1uAO0s0IwRJVwQ43XIh698q38eauvmn8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNoD0LC0InRZTaFKYOIIPwA3S91uMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvMmdQUXNMUWlkRmxOb1VwZzRnZ19BRGRMM1c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudfkMA0G
CSqGSIb3DQEBCwUAA4IBAQBJx2pTbVpRFw/wWqwiAPseM8W7x4YksjCS1ZN5tJto
oMs0CfqGEVwYVaxK/cW4XANDkzjMdRPQr0IshahmsEcoRtgXW2sa7rYOluYAy/1i
xHSkYCyK+/Xl9R+ZOKSU3+iDYyQYj2ZpJrOI8k6Pkj0oweLFXYCy6ab3o5CVc/h1
iE6sZ0p7VDkPyAyvoTf07Z0h/zjkhGX8ksftlIWXgg5vMEuisAkPfNluORBp6BGs
MQ3cRmTbPmdS515ZIUhKq5Ekm86FFEdE6wAk2ie/lLdXFKYRfiiGKUSW5OuwpxDh
aRTNfQkMX6+g3PGE0Ulz5FvIlbb0iFtdqVYaAsUYvsG/
-----END CERTIFICATE-----