This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/2SgtXArHa91zHSP62V3VxCstPjQ.roa
File:                     2SgtXArHa91zHSP62V3VxCstPjQ.roa (raw, json)
Hash identifier:          V4cGQtg2SBaCI8DVoJaqr+ulcrK5fl4LGupKdqP0XPQ=
Subject key identifier:   D9:28:2D:5C:0A:C7:6B:DD:73:1D:23:FA:D9:5D:D5:C4:2B:2D:3E:34
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       019B7E388D652B8F60434F82078AB38D288F
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/2SgtXArHa91zHSP62V3VxCstPjQ.roa
Signing time:             Fri 02 Jan 2026 10:19:53 +0000
ROA not before:           Fri 02 Jan 2026 10:19:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8245
IP address blocks:        217.19.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:8d:65:2b:8f:60:43:4f:82:07:8a:b3:8d:28:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Jan  2 10:19:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d9282d5c0ac76bdd731d23fad95dd5c42b2d3e34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b1:68:02:cb:ce:9a:b4:bb:34:0a:c4:de:5b:
                    d6:b4:1c:89:9a:62:f6:8c:0d:b7:52:dd:67:e2:b3:
                    5c:6c:89:50:41:fb:07:ed:28:6f:0a:0a:74:35:20:
                    ef:67:f5:90:0d:e8:84:df:c1:f5:6a:53:26:10:ab:
                    ea:ca:f9:8c:19:ba:6d:a2:dd:cd:d3:53:66:df:dd:
                    fd:c8:0c:99:9e:a0:cb:23:cb:33:e3:b9:38:6e:cc:
                    98:05:2c:2e:e6:86:48:79:a2:d2:82:d4:4d:a0:85:
                    80:80:65:5e:cb:5b:e5:0f:b5:c9:04:c7:5c:e7:16:
                    92:39:ea:0e:4b:d7:ab:a9:08:39:cb:84:25:92:65:
                    a4:29:77:12:af:45:5b:71:15:23:71:b2:8f:1f:44:
                    a7:1c:a0:a8:32:88:08:b3:c0:b9:6d:75:e6:d5:c0:
                    a2:bb:08:16:01:37:21:e2:28:e7:eb:7a:50:5b:fb:
                    f5:40:d5:24:69:4c:13:5a:91:30:28:a1:63:06:9c:
                    0d:77:2e:29:61:b1:23:23:da:09:3d:0d:b0:4c:3c:
                    d3:5f:4d:c4:68:35:3a:dc:8c:7e:ce:3c:4d:f5:ed:
                    87:87:8b:dc:aa:54:30:d0:b0:0e:b9:bd:80:69:7e:
                    dd:ce:2f:2e:6e:ae:1d:85:08:eb:49:cb:ea:09:4c:
                    8c:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:28:2D:5C:0A:C7:6B:DD:73:1D:23:FA:D9:5D:D5:C4:2B:2D:3E:34
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/2SgtXArHa91zHSP62V3VxCstPjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.19.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:c8:b7:20:e5:bc:c8:b7:1e:2a:06:ec:67:aa:8d:e6:7f:47:
         e4:76:c6:43:86:ca:1c:b8:d1:82:56:14:7b:b1:7f:f2:f8:a1:
         8d:4d:de:87:46:c6:b1:e3:09:0e:bb:de:bf:12:ba:22:e5:96:
         5e:3b:6c:bc:51:cc:ec:6a:59:1a:52:e0:20:ad:0b:8f:f6:20:
         c2:3f:bb:48:b8:81:4d:10:1a:d3:db:51:74:57:11:78:c3:30:
         e2:f3:1f:ba:68:2f:b8:82:78:1d:d9:a9:26:2c:4c:ec:6f:b7:
         43:1f:c6:a7:b4:4f:cf:24:30:f2:9a:c5:62:65:3f:5f:12:c3:
         e4:85:9b:89:9e:55:a0:ee:81:22:2a:58:32:67:24:91:0d:70:
         99:6d:19:19:16:ae:96:66:ce:3b:27:86:01:40:49:7c:9b:86:
         f9:8d:25:3c:af:da:15:16:a4:f4:b6:9c:19:26:12:8f:bd:49:
         f3:cc:6e:77:cb:96:c3:02:f0:21:2d:7a:99:15:1c:a3:09:2d:
         6f:fe:96:6c:9e:82:07:e0:eb:c9:d4:cf:d1:be:b3:f2:cd:5d:
         53:fb:84:c3:3a:57:3d:32:76:62:d4:32:4e:d5:d1:3d:53:50:
         33:74:ad:e4:c7:ef:d1:ec:ec:d0:81:0d:e3:81:a4:cc:b9:15:
         59:6d:1a:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OI1lK49gQ0+CB4qzjSiPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjYwMTAyMTAxOTUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTI4MmQ1YzBhYzc2YmRkNzMxZDIzZmFkOTVkZDVjNDJiMmQzZTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLFoAsvOmrS7NArE3lvWtByJmmL2
jA23Ut1n4rNcbIlQQfsH7ShvCgp0NSDvZ/WQDeiE38H1alMmEKvqyvmMGbptot3N
01Nm3939yAyZnqDLI8sz47k4bsyYBSwu5oZIeaLSgtRNoIWAgGVey1vlD7XJBMdc
5xaSOeoOS9erqQg5y4QlkmWkKXcSr0VbcRUjcbKPH0SnHKCoMogIs8C5bXXm1cCi
uwgWATch4ijn63pQW/v1QNUkaUwTWpEwKKFjBpwNdy4pYbEjI9oJPQ2wTDzTX03E
aDU63Ix+zjxN9e2Hh4vcqlQw0LAOub2AaX7dzi8ubq4dhQjrScvqCUyMvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNkoLVwKx2vdcx0j+tld1cQrLT40MB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvMlNndFhBckhhOTF6SFNQNjJWM1Z4Q3N0UGpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RMsMA0G
CSqGSIb3DQEBCwUAA4IBAQBRyLcg5bzItx4qBuxnqo3mf0fkdsZDhsocuNGCVhR7
sX/y+KGNTd6HRsax4wkOu96/Eroi5ZZeO2y8UczsalkaUuAgrQuP9iDCP7tIuIFN
EBrT21F0VxF4wzDi8x+6aC+4gngd2akmLEzsb7dDH8antE/PJDDymsViZT9fEsPk
hZuJnlWg7oEiKlgyZySRDXCZbRkZFq6WZs47J4YBQEl8m4b5jSU8r9oVFqT0tpwZ
JhKPvUnzzG53y5bDAvAhLXqZFRyjCS1v/pZsnoIH4OvJ1M/RvrPyzV1T+4TDOlc9
MnZi1DJO1dE9U1AzdK3kx+/R7OzQgQ3jgaTMuRVZbRr7
-----END CERTIFICATE-----