This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/ac00b7-da42-4464-bbc5-3416044e358e/1/2sekLYLRU9svSlYdz5DgXczYbZ4.roa
File:                     2sekLYLRU9svSlYdz5DgXczYbZ4.roa (raw, json)
Hash identifier:          LFWvTLo8Q3qqX6yHRgyzbBIUG3C19O+Lb3LnHSjmeZA=
Subject key identifier:   DA:C7:A4:2D:82:D1:53:DB:2F:4A:56:1D:CF:90:E0:5D:CC:D8:6D:9E
Certificate issuer:       /CN=39b08ca2c64ba735f4b145216dd14d99f0829f0f
Certificate serial:       019B7FF146F7F36BB0AD1DB9102920A7FD0F
Authority key identifier: 39:B0:8C:A2:C6:4B:A7:35:F4:B1:45:21:6D:D1:4D:99:F0:82:9F:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ObCMosZLpzX0sUUhbdFNmfCCnw8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/ac00b7-da42-4464-bbc5-3416044e358e/1/2sekLYLRU9svSlYdz5DgXczYbZ4.roa
Signing time:             Fri 02 Jan 2026 18:21:17 +0000
ROA not before:           Fri 02 Jan 2026 18:21:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47777
IP address blocks:        185.224.240.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/ac00b7-da42-4464-bbc5-3416044e358e/1/ObCMosZLpzX0sUUhbdFNmfCCnw8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/ac00b7-da42-4464-bbc5-3416044e358e/1/ObCMosZLpzX0sUUhbdFNmfCCnw8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ObCMosZLpzX0sUUhbdFNmfCCnw8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:46:f7:f3:6b:b0:ad:1d:b9:10:29:20:a7:fd:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39b08ca2c64ba735f4b145216dd14d99f0829f0f
        Validity
            Not Before: Jan  2 18:21:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dac7a42d82d153db2f4a561dcf90e05dccd86d9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:a4:d2:ab:2d:89:5a:a9:1c:5a:a9:d1:65:e6:
                    17:a2:48:51:45:64:d7:fd:71:3c:ca:67:e1:6e:a5:
                    81:37:fe:ba:21:32:39:f5:38:31:25:aa:a9:2d:ca:
                    9a:88:7a:38:e9:ce:27:01:eb:e2:a9:a7:42:4f:c3:
                    e4:b9:5b:21:e0:59:aa:63:20:81:fc:d8:56:76:c0:
                    2a:7c:23:19:65:8b:64:d2:9d:41:f6:e6:9b:3b:55:
                    15:a5:c7:ff:75:86:7d:8b:ec:e9:c4:ac:94:e6:d9:
                    4a:72:d4:79:b0:e6:ff:8d:bc:03:34:97:d3:f7:a5:
                    d7:4e:4a:b0:28:b4:bd:4b:da:22:53:08:be:a6:11:
                    45:57:16:6c:a0:27:01:a9:2b:1d:e3:8a:25:9c:7e:
                    6f:0c:7c:5b:7a:f3:2c:ce:1a:78:60:22:7c:0a:72:
                    d1:14:87:30:38:60:ea:dc:a9:f3:b4:cd:db:5e:b9:
                    fb:c7:16:b7:21:93:58:b5:59:04:b4:a6:43:20:98:
                    05:d7:c9:de:77:92:a5:5c:bb:fa:55:00:79:f4:07:
                    05:e5:4f:66:5e:0b:6d:45:97:ef:dd:9a:ed:68:47:
                    c2:1f:0c:c1:19:d0:e4:2d:ee:a0:31:f1:65:63:a1:
                    20:0c:dd:d5:36:c7:b5:00:89:99:bb:51:2d:cf:7c:
                    af:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:C7:A4:2D:82:D1:53:DB:2F:4A:56:1D:CF:90:E0:5D:CC:D8:6D:9E
            X509v3 Authority Key Identifier:
                keyid:39:B0:8C:A2:C6:4B:A7:35:F4:B1:45:21:6D:D1:4D:99:F0:82:9F:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ObCMosZLpzX0sUUhbdFNmfCCnw8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/ac00b7-da42-4464-bbc5-3416044e358e/1/2sekLYLRU9svSlYdz5DgXczYbZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/ac00b7-da42-4464-bbc5-3416044e358e/1/ObCMosZLpzX0sUUhbdFNmfCCnw8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         10:90:08:ba:ce:ff:9f:bc:eb:53:b5:f3:55:d3:f4:f9:f6:59:
         ab:f4:f1:4c:5a:e4:fa:be:d3:28:bf:7f:27:3d:dc:f3:f1:6a:
         ea:88:75:d9:70:34:79:d9:24:26:23:c3:20:5b:49:72:a4:e1:
         40:22:ec:74:e6:f2:79:c0:53:c6:1f:1e:6a:e9:0d:8a:7f:c1:
         64:38:32:34:4f:b5:fd:42:c1:24:d0:a0:53:29:8a:3b:7b:63:
         60:12:5e:2c:66:15:24:0a:1a:4a:48:23:81:07:ef:0d:0b:6b:
         78:f5:32:33:ff:e7:01:6d:fc:ff:e3:58:88:f2:da:40:6e:0a:
         93:d8:5b:cd:af:2d:fb:ff:00:73:d1:08:a0:e6:b3:5d:3b:70:
         5d:24:75:a6:e4:ba:14:c5:da:a2:fe:d0:b0:4b:1c:d0:53:7d:
         1b:32:fb:58:f7:b9:ac:07:5c:c8:7b:bd:52:50:16:d2:62:20:
         fb:f0:fa:99:a1:a6:37:d2:5b:08:e2:ab:49:2f:0b:4a:9e:40:
         c4:bd:f3:75:3c:d3:c5:4c:d5:65:af:1a:1f:5d:ea:80:c0:2a:
         fd:94:02:89:27:b3:00:56:3e:32:0e:69:db:aa:94:2d:3f:55:
         3b:3b:84:19:55:61:3f:e9:fd:d5:28:20:fb:39:0e:0b:d4:a8:
         16:59:c0:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8Ub382uwrR25ECkgp/0PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5YjA4Y2EyYzY0YmE3MzVmNGIxNDUyMTZkZDE0ZDk5ZjA4
MjlmMGYwHhcNMjYwMTAyMTgyMTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWM3YTQyZDgyZDE1M2RiMmY0YTU2MWRjZjkwZTA1ZGNjZDg2ZDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4aTSqy2JWqkcWqnRZeYXokhRRWTX
/XE8ymfhbqWBN/66ITI59TgxJaqpLcqaiHo46c4nAeviqadCT8PkuVsh4FmqYyCB
/NhWdsAqfCMZZYtk0p1B9uabO1UVpcf/dYZ9i+zpxKyU5tlKctR5sOb/jbwDNJfT
96XXTkqwKLS9S9oiUwi+phFFVxZsoCcBqSsd44olnH5vDHxbevMszhp4YCJ8CnLR
FIcwOGDq3KnztM3bXrn7xxa3IZNYtVkEtKZDIJgF18ned5KlXLv6VQB59AcF5U9m
XgttRZfv3ZrtaEfCHwzBGdDkLe6gMfFlY6EgDN3VNse1AImZu1Etz3yvfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrHpC2C0VPbL0pWHc+Q4F3M2G2eMB8GA1UdIwQY
MBaAFDmwjKLGS6c19LFFIW3RTZnwgp8PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2JDTW9zWkxwelgwc1VVaGJkRk5tZkNDbnc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hYzAwYjctZGE0Mi00NDY0LWJiYzUt
MzQxNjA0NGUzNThlLzEvMnNla0xZTFJVOXN2U2xZZHo1RGdYY3pZYlo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hYzAwYjctZGE0Mi00NDY0LWJiYzUtMzQxNjA0NGUzNThl
LzEvT2JDTW9zWkxwelgwc1VVaGJkRk5tZkNDbnc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBueDwMA0G
CSqGSIb3DQEBCwUAA4IBAQAQkAi6zv+fvOtTtfNV0/T59lmr9PFMWuT6vtMov38n
Pdzz8WrqiHXZcDR52SQmI8MgW0lypOFAIux05vJ5wFPGHx5q6Q2Kf8FkODI0T7X9
QsEk0KBTKYo7e2NgEl4sZhUkChpKSCOBB+8NC2t49TIz/+cBbfz/41iI8tpAbgqT
2FvNry37/wBz0Qig5rNdO3BdJHWm5LoUxdqi/tCwSxzQU30bMvtY97msB1zIe71S
UBbSYiD78PqZoaY30lsI4qtJLwtKnkDEvfN1PNPFTNVlrxofXeqAwCr9lAKJJ7MA
Vj4yDmnbqpQtP1U7O4QZVWE/6f3VKCD7OQ4L1KgWWcDa
-----END CERTIFICATE-----