This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/2ecqjdvwwVeADzgAXi31Tj-9uMY.roa
File:                     2ecqjdvwwVeADzgAXi31Tj-9uMY.roa (raw, json)
Hash identifier:          PYkuLmF1i/LptCyvK8hoFYIwFZUAA+w8WWm3Jdteb0o=
Subject key identifier:   D9:E7:2A:8D:DB:F0:C1:57:80:0F:38:00:5E:2D:F5:4E:3F:BD:B8:C6
Certificate issuer:       /CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
Certificate serial:       019B7AC7D00E38D1A10C05C1F7637A008518
Authority key identifier: 8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/2ecqjdvwwVeADzgAXi31Tj-9uMY.roa
Signing time:             Thu 01 Jan 2026 18:17:53 +0000
ROA not before:           Thu 01 Jan 2026 18:17:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        45.152.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:d0:0e:38:d1:a1:0c:05:c1:f7:63:7a:00:85:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
        Validity
            Not Before: Jan  1 18:17:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d9e72a8ddbf0c157800f38005e2df54e3fbdb8c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:25:99:19:63:66:60:70:51:57:d7:c4:6a:20:
                    06:4c:9d:0f:75:6f:db:0e:f0:dd:70:5e:67:42:06:
                    e1:76:23:a8:a4:c4:73:81:21:c8:2d:7c:fb:9f:f3:
                    51:e8:b9:d9:96:87:e7:57:c7:59:73:7b:be:76:d6:
                    bf:d2:fc:c9:9d:6b:a7:64:a5:b2:88:e8:a2:db:fb:
                    89:67:c2:21:46:ec:e0:81:a1:4e:00:c7:bd:bb:c9:
                    65:b6:e9:66:2b:d2:e8:c3:3e:ac:30:fb:6a:9f:b5:
                    35:64:55:9e:2c:62:d4:f4:8b:8b:40:71:1a:a2:f5:
                    48:5c:e9:61:0c:5d:91:e2:d3:56:48:ee:1d:3d:3b:
                    a5:9c:0d:f6:00:a9:98:64:ca:2b:67:7b:1d:53:df:
                    a0:05:ad:4f:42:f7:1d:d3:16:85:30:af:ba:5f:da:
                    4b:f0:e5:29:5a:4c:ba:b2:06:34:1e:01:50:32:37:
                    2e:8c:65:a7:77:4b:eb:85:68:61:d3:9b:05:b0:71:
                    09:0e:19:35:c1:81:ed:ad:dc:c5:28:a5:3d:fe:86:
                    b9:a7:49:2b:50:d7:48:0d:ea:00:f5:af:8e:d9:2b:
                    54:f9:1c:da:bd:1a:cc:e1:ce:b0:9e:76:be:71:82:
                    ad:be:53:6c:62:1f:6b:96:f0:11:b3:e9:a4:ff:25:
                    e1:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:E7:2A:8D:DB:F0:C1:57:80:0F:38:00:5E:2D:F5:4E:3F:BD:B8:C6
            X509v3 Authority Key Identifier:
                keyid:8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/2ecqjdvwwVeADzgAXi31Tj-9uMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:b1:43:f3:62:56:ed:8a:a9:82:2b:ec:c0:50:9a:ff:19:cb:
         b8:30:0b:ae:3e:74:3f:18:a8:d5:46:0d:58:54:18:db:18:34:
         dd:09:8b:84:cc:c1:e9:a7:ab:eb:43:5a:08:95:76:de:3c:62:
         fc:40:a1:27:4a:8e:5d:29:d5:54:aa:ad:a0:d1:4a:7e:42:f9:
         ad:7e:53:db:f3:01:61:e7:55:02:f8:3d:e0:d5:5d:46:6f:d4:
         b7:d9:61:4c:a9:b3:15:8e:fa:a0:1e:11:eb:df:a0:36:8c:08:
         6b:87:5f:2b:89:67:f8:37:26:5b:14:ff:d1:5c:73:06:02:df:
         79:d8:40:47:76:cc:fa:73:bb:a6:48:c9:de:95:cd:c5:1f:e5:
         11:e7:20:23:db:98:8e:fc:61:2e:3d:cd:a3:64:0e:dc:ef:91:
         66:ff:af:3c:24:b6:38:35:f9:8c:b5:a8:16:2f:69:88:57:a7:
         80:a1:8c:2a:b1:40:d0:4a:da:3f:82:66:6f:9e:7b:4c:44:9c:
         81:da:04:fe:bd:73:77:44:8e:b1:fc:d7:17:b5:30:7d:ac:b4:
         9a:63:ea:c8:f1:70:c5:a4:c0:a6:c0:87:dd:d9:9c:8f:fd:cf:
         68:7c:9f:99:f4:78:0b:c1:14:1d:3e:b7:70:d0:58:88:a1:33:
         f0:9a:2d:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x9AOONGhDAXB92N6AIUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMzcxODMzNDFhMmFiNmRmM2M1OWVjODI3ZWQ3MTIwMGI1
YTYyNDQwHhcNMjYwMTAxMTgxNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWU3MmE4ZGRiZjBjMTU3ODAwZjM4MDA1ZTJkZjU0ZTNmYmRiOGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSWZGWNmYHBRV9fEaiAGTJ0PdW/b
DvDdcF5nQgbhdiOopMRzgSHILXz7n/NR6LnZlofnV8dZc3u+dta/0vzJnWunZKWy
iOii2/uJZ8IhRuzggaFOAMe9u8lltulmK9Lowz6sMPtqn7U1ZFWeLGLU9IuLQHEa
ovVIXOlhDF2R4tNWSO4dPTulnA32AKmYZMorZ3sdU9+gBa1PQvcd0xaFMK+6X9pL
8OUpWky6sgY0HgFQMjcujGWnd0vrhWhh05sFsHEJDhk1wYHtrdzFKKU9/oa5p0kr
UNdIDeoA9a+O2StU+RzavRrM4c6wnna+cYKtvlNsYh9rlvARs+mk/yXhswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNnnKo3b8MFXgA84AF4t9U4/vbjGMB8GA1UdIwQY
MBaAFIs3GDNBoqtt88WeyCftcSALWmJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUt
MDg1MmNiMzUzMjkzLzEvMmVjcWpkdnd3VmVBRHpnQVhpMzFUai05dU1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUtMDg1MmNiMzUzMjkz
LzEvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZixMA0G
CSqGSIb3DQEBCwUAA4IBAQB0sUPzYlbtiqmCK+zAUJr/Gcu4MAuuPnQ/GKjVRg1Y
VBjbGDTdCYuEzMHpp6vrQ1oIlXbePGL8QKEnSo5dKdVUqq2g0Up+QvmtflPb8wFh
51UC+D3g1V1Gb9S32WFMqbMVjvqgHhHr36A2jAhrh18riWf4NyZbFP/RXHMGAt95
2EBHdsz6c7umSMnelc3FH+UR5yAj25iO/GEuPc2jZA7c75Fm/688JLY4NfmMtagW
L2mIV6eAoYwqsUDQSto/gmZvnntMRJyB2gT+vXN3RI6x/NcXtTB9rLSaY+rI8XDF
pMCmwIfd2ZyP/c9ofJ+Z9HgLwRQdPrdw0FiIoTPwmi3T
-----END CERTIFICATE-----