This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/2T_q8-bSWq8nyDmjWftFHGfKZ1o.roa
File:                     2T_q8-bSWq8nyDmjWftFHGfKZ1o.roa (raw, json)
Hash identifier:          B8+bGWOh6p/FPFm3lveugmIs7+EELROY0fcrsP0SlJs=
Subject key identifier:   D9:3F:EA:F3:E6:D2:5A:AF:27:C8:39:A3:59:FB:45:1C:67:CA:67:5A
Certificate issuer:       /CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
Certificate serial:       019B7EA573D9836791C784F5B376B8D094D1
Authority key identifier: 54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/2T_q8-bSWq8nyDmjWftFHGfKZ1o.roa
Signing time:             Fri 02 Jan 2026 12:18:50 +0000
ROA not before:           Fri 02 Jan 2026 12:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     65632
IP address blocks:        188.125.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:73:d9:83:67:91:c7:84:f5:b3:76:b8:d0:94:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
        Validity
            Not Before: Jan  2 12:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d93feaf3e6d25aaf27c839a359fb451c67ca675a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e7:56:b0:cb:2f:03:88:e1:31:5a:8d:87:15:
                    81:ea:b1:3a:b8:59:c1:34:73:b0:f3:7c:29:61:e8:
                    f0:b5:47:7b:6a:df:10:6a:a4:77:a4:a9:63:9d:d7:
                    d7:83:7e:6e:e4:6e:3d:d2:fd:6b:9d:69:23:3b:c6:
                    b3:e8:c5:06:35:9e:29:74:eb:ef:ce:6e:f8:4f:f6:
                    b6:f3:7f:97:f0:f7:4d:2d:40:eb:19:eb:2a:a2:f7:
                    72:e5:98:87:09:e6:cf:dd:ba:e0:23:4a:ee:c7:e2:
                    29:a7:d0:27:91:88:04:63:10:77:c5:bf:d1:f0:09:
                    ee:dd:c3:52:c9:a7:cd:f8:c9:99:0c:f1:a5:6f:77:
                    da:dd:c2:1a:0a:c3:da:d3:89:65:95:23:6f:a1:e2:
                    18:fa:17:6b:ee:c7:a2:f4:1f:2e:0d:1b:f4:db:fe:
                    26:a2:66:ca:68:a2:57:c3:62:4b:49:35:a0:bf:b3:
                    ff:42:3e:b1:c6:6d:1d:df:46:31:58:5c:28:61:ff:
                    2b:65:2f:3c:fa:dc:3f:62:a2:b7:b1:ca:a2:9a:48:
                    bb:2b:e3:a6:39:46:f5:fa:36:bd:e4:88:12:cd:a8:
                    f8:c1:07:67:67:dc:2a:bc:0a:be:6c:00:11:51:1a:
                    cf:77:f0:6a:ef:03:00:8b:d3:49:d2:3f:ed:c5:ef:
                    de:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:3F:EA:F3:E6:D2:5A:AF:27:C8:39:A3:59:FB:45:1C:67:CA:67:5A
            X509v3 Authority Key Identifier:
                keyid:54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/2T_q8-bSWq8nyDmjWftFHGfKZ1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.125.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:fb:59:6b:93:39:3c:ab:1c:78:8f:51:06:7a:63:26:bf:0c:
         3c:47:45:8e:5a:f0:a1:a3:be:4c:68:c2:67:4e:80:9e:b5:7e:
         9b:ff:e4:57:21:0e:1a:0d:79:9f:32:be:a5:a2:90:2f:7d:14:
         a3:d0:15:35:9e:f6:8e:4f:14:a3:ca:91:33:e9:eb:24:c4:36:
         11:e1:00:b1:0c:17:df:62:d0:ee:c9:bb:a1:6a:06:1a:48:2c:
         99:b9:98:ae:ff:be:93:cd:00:c3:b6:eb:42:72:df:00:94:f3:
         22:bb:d5:9f:89:a0:f7:52:e8:b4:59:e5:59:f2:f2:23:03:c0:
         f4:46:22:de:26:a0:1e:17:a2:e4:ca:c3:81:21:fd:c4:97:a9:
         86:75:9c:53:8f:d0:3e:c5:5c:06:0b:68:66:64:01:c7:d1:5c:
         12:8c:4d:ba:72:88:4b:5c:24:13:11:61:2f:24:29:6e:d4:cd:
         c6:41:36:b7:ae:11:79:bf:eb:61:de:bf:0c:3c:c5:51:a7:a9:
         9b:d4:02:b9:25:93:16:be:7e:ad:f2:f7:49:05:97:75:c7:8b:
         aa:ae:64:0e:55:d0:23:1e:3f:3d:1a:0d:dc:5f:5e:9d:44:38:
         f9:26:3f:6f:9e:1f:82:46:6b:7f:c9:65:b4:b2:05:1e:ce:67:
         cb:81:33:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pXPZg2eRx4T1s3a40JTRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MmY2MzNmNzZlOGQ4YWFlYWEzMmI1YWNlMTZhM2RiMzk0
M2Q4MGMwHhcNMjYwMTAyMTIxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTNmZWFmM2U2ZDI1YWFmMjdjODM5YTM1OWZiNDUxYzY3Y2E2NzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOdWsMsvA4jhMVqNhxWB6rE6uFnB
NHOw83wpYejwtUd7at8QaqR3pKljndfXg35u5G490v1rnWkjO8az6MUGNZ4pdOvv
zm74T/a283+X8PdNLUDrGesqovdy5ZiHCebP3brgI0rux+Ipp9AnkYgEYxB3xb/R
8Anu3cNSyafN+MmZDPGlb3fa3cIaCsPa04lllSNvoeIY+hdr7sei9B8uDRv02/4m
ombKaKJXw2JLSTWgv7P/Qj6xxm0d30YxWFwoYf8rZS88+tw/YqK3scqimki7K+Om
OUb1+ja95IgSzaj4wQdnZ9wqvAq+bAARURrPd/Bq7wMAi9NJ0j/txe/e/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNk/6vPm0lqvJ8g5o1n7RRxnymdaMB8GA1UdIwQY
MBaAFFQvYz926Niq6qMrWs4Wo9s5Q9gMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDIt
NjliOTUzYzlkNWFhLzEvMlRfcTgtYlNXcThueURtaldmdEZIR2ZLWjFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDItNjliOTUzYzlkNWFh
LzEvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvH2jMA0G
CSqGSIb3DQEBCwUAA4IBAQBQ+1lrkzk8qxx4j1EGemMmvww8R0WOWvCho75MaMJn
ToCetX6b/+RXIQ4aDXmfMr6lopAvfRSj0BU1nvaOTxSjypEz6eskxDYR4QCxDBff
YtDuybuhagYaSCyZuZiu/76TzQDDtutCct8AlPMiu9WfiaD3Uui0WeVZ8vIjA8D0
RiLeJqAeF6LkysOBIf3El6mGdZxTj9A+xVwGC2hmZAHH0VwSjE26cohLXCQTEWEv
JClu1M3GQTa3rhF5v+th3r8MPMVRp6mb1AK5JZMWvn6t8vdJBZd1x4uqrmQOVdAj
Hj89Gg3cX16dRDj5Jj9vnh+CRmt/yWW0sgUezmfLgTPX
-----END CERTIFICATE-----