This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/2h03YLcJi07umFfWBMekaGyMszo.roa
File:                     2h03YLcJi07umFfWBMekaGyMszo.roa (raw, json)
Hash identifier:          5p1klLZ4eTTH+xDUevI3fc9e5Mrxjxzue4guV7UT95Y=
Subject key identifier:   DA:1D:37:60:B7:09:8B:4E:EE:98:57:D6:04:C7:A4:68:6C:8C:B3:3A
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019B7E390ED5D587877D5B33F4454EA81EEF
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/2h03YLcJi07umFfWBMekaGyMszo.roa
Signing time:             Fri 02 Jan 2026 10:20:27 +0000
ROA not before:           Fri 02 Jan 2026 10:20:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60722
IP address blocks:        82.137.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:0e:d5:d5:87:87:7d:5b:33:f4:45:4e:a8:1e:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  2 10:20:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da1d3760b7098b4eee9857d604c7a4686c8cb33a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:17:ce:a2:6b:0b:8b:5d:19:fa:c8:57:8e:e8:
                    70:cd:dd:b2:3d:42:9a:f7:2d:64:a0:e8:c5:46:c8:
                    7d:af:5a:34:8c:4e:3c:57:30:43:56:c1:c1:46:bc:
                    9b:8e:bb:01:db:23:1a:b2:bb:d1:f0:38:40:d2:aa:
                    a7:86:f7:29:83:62:7c:b6:33:48:09:95:54:ab:1a:
                    df:d3:26:ad:dc:05:a2:8b:d8:27:c2:34:0d:a1:2d:
                    69:f9:b3:4e:96:3b:df:b6:21:79:10:c8:f7:e4:fd:
                    f1:0f:27:fc:1a:b1:ec:9d:e9:9b:87:cd:23:32:8c:
                    85:1b:0b:ab:af:0b:cf:05:b0:ee:3d:87:55:52:b0:
                    ad:90:2b:4f:a2:23:11:69:30:f4:dd:f6:a1:aa:ae:
                    b4:af:4f:10:71:a6:19:e3:d4:29:46:c9:d6:74:55:
                    f9:9f:e4:1f:96:01:1f:66:a3:ff:e5:b5:e7:98:55:
                    32:99:86:86:c9:41:3e:ec:9a:71:6e:72:f6:0f:01:
                    c0:06:d7:65:89:7f:24:a9:6f:e2:a2:f3:0c:3c:19:
                    58:e4:e9:24:5b:67:c8:ce:55:6d:1d:dc:e8:b5:56:
                    f1:ff:41:78:1a:d0:68:e6:0e:8e:a3:ae:16:14:81:
                    03:44:13:5c:04:57:d2:99:8c:de:03:81:1b:83:3b:
                    0a:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:1D:37:60:B7:09:8B:4E:EE:98:57:D6:04:C7:A4:68:6C:8C:B3:3A
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/2h03YLcJi07umFfWBMekaGyMszo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.137.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:0e:fc:45:c0:fe:a8:04:d3:16:74:d3:8a:bf:40:27:1e:5d:
         5d:77:4c:04:0d:55:d7:06:0f:ed:92:34:e1:1a:01:c6:63:c7:
         ba:21:8f:fe:4d:31:4c:53:03:58:bd:1b:ce:17:93:83:dd:60:
         02:d7:b0:76:96:74:d0:0a:14:3d:14:a3:75:3a:1c:f5:dd:62:
         15:a1:96:ac:08:74:ea:1c:64:0d:36:79:ab:01:1b:7e:fe:1d:
         b3:82:d7:10:d6:36:cd:c0:5f:4c:76:bb:f2:59:dc:44:f4:7a:
         c4:ef:3f:dd:f7:ae:98:ef:d5:15:e6:99:1f:51:48:90:34:61:
         79:1c:2c:17:dc:1c:07:3d:7b:f4:30:9f:c0:44:2a:37:9c:28:
         51:54:b9:c8:8e:8c:91:c8:ec:9c:61:8e:ea:0b:d9:a1:12:a1:
         04:d0:10:81:84:f4:a9:56:da:bb:4d:95:7f:39:16:d6:21:a5:
         d1:8e:c2:d3:7e:3a:26:69:08:7c:6b:e7:10:70:8b:e7:92:7d:
         55:22:af:7e:8b:28:d3:76:90:a3:85:fc:44:97:4b:7c:d5:3e:
         e3:f4:6d:d3:53:16:39:41:42:3c:b5:7b:dc:ed:54:e5:05:f3:
         d3:75:3d:8e:c6:2e:05:25:39:b3:9d:e9:9c:5b:5c:54:5e:fa:
         fd:55:6e:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OQ7V1YeHfVsz9EVOqB7vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjYwMTAyMTAyMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTFkMzc2MGI3MDk4YjRlZWU5ODU3ZDYwNGM3YTQ2ODZjOGNiMzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5hfOomsLi10Z+shXjuhwzd2yPUKa
9y1koOjFRsh9r1o0jE48VzBDVsHBRrybjrsB2yMasrvR8DhA0qqnhvcpg2J8tjNI
CZVUqxrf0yat3AWii9gnwjQNoS1p+bNOljvftiF5EMj35P3xDyf8GrHsnembh80j
MoyFGwurrwvPBbDuPYdVUrCtkCtPoiMRaTD03fahqq60r08QcaYZ49QpRsnWdFX5
n+QflgEfZqP/5bXnmFUymYaGyUE+7JpxbnL2DwHABtdliX8kqW/iovMMPBlY5Okk
W2fIzlVtHdzotVbx/0F4GtBo5g6Oo64WFIEDRBNcBFfSmYzeA4EbgzsKdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNodN2C3CYtO7phX1gTHpGhsjLM6MB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvMmgwM1lMY0ppMDd1bUZmV0JNZWthR3lNc3pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUomjMA0G
CSqGSIb3DQEBCwUAA4IBAQAlDvxFwP6oBNMWdNOKv0AnHl1dd0wEDVXXBg/tkjTh
GgHGY8e6IY/+TTFMUwNYvRvOF5OD3WAC17B2lnTQChQ9FKN1Ohz13WIVoZasCHTq
HGQNNnmrARt+/h2zgtcQ1jbNwF9MdrvyWdxE9HrE7z/d966Y79UV5pkfUUiQNGF5
HCwX3BwHPXv0MJ/ARCo3nChRVLnIjoyRyOycYY7qC9mhEqEE0BCBhPSpVtq7TZV/
ORbWIaXRjsLTfjomaQh8a+cQcIvnkn1VIq9+iyjTdpCjhfxEl0t81T7j9G3TUxY5
QUI8tXvc7VTlBfPTdT2Oxi4FJTmznemcW1xUXvr9VW7+
-----END CERTIFICATE-----