This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/2gp85iNI9hOHVMoD-AVmhaVIeZQ.roa
File:                     2gp85iNI9hOHVMoD-AVmhaVIeZQ.roa (raw, json)
Hash identifier:          axs71u0qY3GNU78vZgfYXYLH532ZZvavOcB1PlEaAyE=
Subject key identifier:   DA:0A:7C:E6:23:48:F6:13:87:54:CA:03:F8:05:66:85:A5:48:79:94
Certificate issuer:       /CN=f62eeb879085c94194297dd9e4cd249cd2516515
Certificate serial:       019B7C7FE75B8C86E7A125BFE9692B858B43
Authority key identifier: F6:2E:EB:87:90:85:C9:41:94:29:7D:D9:E4:CD:24:9C:D2:51:65:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/2gp85iNI9hOHVMoD-AVmhaVIeZQ.roa
Signing time:             Fri 02 Jan 2026 02:18:35 +0000
ROA not before:           Fri 02 Jan 2026 02:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62654
IP address blocks:        159.195.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:e7:5b:8c:86:e7:a1:25:bf:e9:69:2b:85:8b:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f62eeb879085c94194297dd9e4cd249cd2516515
        Validity
            Not Before: Jan  2 02:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da0a7ce62348f6138754ca03f8056685a5487994
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c1:c9:4a:60:84:df:c9:33:43:2e:6d:6d:dc:
                    b1:2a:ed:e5:1e:f2:92:78:35:51:26:3a:d9:72:fb:
                    2e:8c:48:68:bd:3b:1b:a7:13:c6:04:24:d4:61:1c:
                    d6:ec:20:bd:d4:34:fd:30:ff:1a:3d:ca:98:3d:6b:
                    07:02:36:63:bc:ea:5c:94:87:eb:54:26:be:11:a7:
                    dd:4f:0d:ab:55:e0:16:ad:ef:e3:09:7c:79:0a:c6:
                    8d:e5:13:dc:5e:c6:40:e2:a8:1a:fd:b3:67:87:75:
                    16:38:70:01:07:15:a1:a9:b8:2a:3a:25:ee:e4:d7:
                    63:a6:53:99:91:8f:c1:5f:5c:c8:73:b9:f6:a0:cc:
                    15:a3:e1:a8:aa:9e:93:29:eb:92:fe:26:88:08:fa:
                    ce:15:17:01:6f:69:d8:d4:90:33:36:18:5f:b3:aa:
                    28:8b:60:bc:3a:77:62:e1:a8:42:4a:60:62:79:9a:
                    46:c6:d8:14:50:77:bd:e3:25:4b:0b:75:a1:81:35:
                    95:8d:a5:43:c0:60:8c:a9:0c:ae:df:2f:9a:b3:d6:
                    79:4f:06:63:90:ad:9f:63:a1:e5:cc:67:ce:e3:b1:
                    7e:50:de:b9:7c:a7:a9:c5:ee:b0:f6:61:c3:1e:cd:
                    01:f0:14:43:1b:f1:8a:c0:7f:3b:68:5f:15:d6:af:
                    52:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:0A:7C:E6:23:48:F6:13:87:54:CA:03:F8:05:66:85:A5:48:79:94
            X509v3 Authority Key Identifier:
                keyid:F6:2E:EB:87:90:85:C9:41:94:29:7D:D9:E4:CD:24:9C:D2:51:65:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/2gp85iNI9hOHVMoD-AVmhaVIeZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.195.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:77:aa:e4:83:45:44:89:df:cb:61:8e:68:de:c9:ba:74:5e:
         fa:94:0e:2d:3a:fe:e1:9a:1e:54:d9:39:b2:47:c0:97:9d:d9:
         8f:a8:b9:87:56:fd:06:52:19:fd:0e:c0:8a:57:77:b6:49:30:
         5e:28:4e:29:a4:ca:a6:b6:de:6f:08:dc:e0:87:9f:bd:04:37:
         a4:85:f1:02:d4:ab:b6:e0:d5:fd:33:23:bd:a1:77:42:b6:27:
         c8:f5:a6:b6:33:9b:9e:48:1c:d3:b9:83:f5:9f:cd:03:3d:ac:
         be:9a:99:47:34:c3:7e:f2:08:f2:98:e0:95:63:7b:37:89:f9:
         ee:7c:f9:53:42:4c:6e:72:39:c5:ed:d7:bf:a4:8e:d2:39:e2:
         5a:32:24:53:34:2a:c4:ab:a2:c3:ce:c2:31:86:21:03:3d:59:
         f8:32:50:69:4d:8d:ac:ef:e1:92:cd:3a:17:85:2e:64:49:c5:
         f2:80:43:4d:d9:6e:6c:e9:24:19:89:24:bb:a4:90:1f:41:bc:
         63:98:cd:d2:f6:d9:49:4a:5d:d7:da:e2:04:bc:7b:f4:fc:be:
         32:25:94:52:ed:7a:84:f2:f0:c3:3b:d9:a2:3b:5c:4d:f8:9e:
         67:a9:3e:ca:cc:e8:7e:95:04:8c:9a:7d:57:c7:30:e0:1c:da:
         95:83:c2:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f+dbjIbnoSW/6WkrhYtDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MmVlYjg3OTA4NWM5NDE5NDI5N2RkOWU0Y2QyNDljZDI1
MTY1MTUwHhcNMjYwMTAyMDIxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTBhN2NlNjIzNDhmNjEzODc1NGNhMDNmODA1NjY4NWE1NDg3OTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcHJSmCE38kzQy5tbdyxKu3lHvKS
eDVRJjrZcvsujEhovTsbpxPGBCTUYRzW7CC91DT9MP8aPcqYPWsHAjZjvOpclIfr
VCa+EafdTw2rVeAWre/jCXx5CsaN5RPcXsZA4qga/bNnh3UWOHABBxWhqbgqOiXu
5NdjplOZkY/BX1zIc7n2oMwVo+Goqp6TKeuS/iaICPrOFRcBb2nY1JAzNhhfs6oo
i2C8Ondi4ahCSmBieZpGxtgUUHe94yVLC3WhgTWVjaVDwGCMqQyu3y+as9Z5TwZj
kK2fY6HlzGfO47F+UN65fKepxe6w9mHDHs0B8BRDG/GKwH87aF8V1q9SxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNoKfOYjSPYTh1TKA/gFZoWlSHmUMB8GA1UdIwQY
MBaAFPYu64eQhclBlCl92eTNJJzSUWUVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWk3cmg1Q0Z5VUdVS1gzWjVNMGtuTkpSWlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS85MWRhOGItMDUwMi00OGRmLTg1MzIt
NWZiZjlhMjliNmUxLzEvMmdwODVpTkk5aE9IVk1vRC1BVm1oYVZJZVpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS85MWRhOGItMDUwMi00OGRmLTg1MzItNWZiZjlhMjliNmUx
LzEvOWk3cmg1Q0Z5VUdVS1gzWjVNMGtuTkpSWlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn8MAMA0G
CSqGSIb3DQEBCwUAA4IBAQARd6rkg0VEid/LYY5o3sm6dF76lA4tOv7hmh5U2Tmy
R8CXndmPqLmHVv0GUhn9DsCKV3e2STBeKE4ppMqmtt5vCNzgh5+9BDekhfEC1Ku2
4NX9MyO9oXdCtifI9aa2M5ueSBzTuYP1n80DPay+mplHNMN+8gjymOCVY3s3ifnu
fPlTQkxucjnF7de/pI7SOeJaMiRTNCrEq6LDzsIxhiEDPVn4MlBpTY2s7+GSzToX
hS5kScXygENN2W5s6SQZiSS7pJAfQbxjmM3S9tlJSl3X2uIEvHv0/L4yJZRS7XqE
8vDDO9miO1xN+J5nqT7KzOh+lQSMmn1XxzDgHNqVg8Ic
-----END CERTIFICATE-----