This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/2nST-WJVV3wnt2Ywo-h_QbVYVc8.roa
File:                     2nST-WJVV3wnt2Ywo-h_QbVYVc8.roa (raw, json)
Hash identifier:          BuSb1j+4OFxPz/aKcDFoWL6I9jIRxHVEzdI/3BhNSpc=
Subject key identifier:   DA:74:93:F9:62:55:57:7C:27:B7:66:30:A3:E8:7F:41:B5:58:55:CF
Certificate issuer:       /CN=5794afdb5e6a1885780920a54ffa82408ea85ba1
Certificate serial:       019B7AC812EC22C0746F1E7DF5E773B8321E
Authority key identifier: 57:94:AF:DB:5E:6A:18:85:78:09:20:A5:4F:FA:82:40:8E:A8:5B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/2nST-WJVV3wnt2Ywo-h_QbVYVc8.roa
Signing time:             Thu 01 Jan 2026 18:18:10 +0000
ROA not before:           Thu 01 Jan 2026 18:18:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     328608
IP address blocks:        178.236.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:12:ec:22:c0:74:6f:1e:7d:f5:e7:73:b8:32:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5794afdb5e6a1885780920a54ffa82408ea85ba1
        Validity
            Not Before: Jan  1 18:18:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da7493f96255577c27b76630a3e87f41b55855cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:58:d1:c1:f7:1e:12:8e:3e:50:b9:68:2e:ce:
                    32:2a:97:df:93:f7:5b:e4:0a:5b:81:d0:bf:35:88:
                    c4:10:94:05:5f:54:36:08:b9:dc:b0:bd:e4:36:4b:
                    1a:19:89:65:89:b5:13:d7:a0:f1:73:ac:78:36:6a:
                    1f:6c:f3:d8:7d:3b:d7:1d:b7:8b:b9:ea:95:3a:7a:
                    65:ff:d7:ec:4b:8f:59:8e:92:09:76:e5:89:36:92:
                    93:24:de:ca:87:c5:72:ca:78:eb:23:36:ac:15:9e:
                    13:91:28:45:cd:26:50:28:d6:31:d0:f3:16:9e:9e:
                    02:b3:29:bf:a7:5a:a3:be:06:99:7f:70:5e:3b:80:
                    75:79:ca:95:0a:39:54:d0:df:7a:fa:97:e7:6b:47:
                    03:62:cc:1c:e3:c9:77:51:dd:f3:75:96:38:0e:28:
                    37:d4:35:4d:82:a6:e9:e0:99:84:d1:34:74:f6:66:
                    1d:b2:9e:8c:50:f2:cd:c7:df:bd:5b:de:5b:f0:5a:
                    bf:83:15:ef:8a:ca:47:ff:25:9c:71:45:26:3d:72:
                    83:61:9a:4d:2b:20:05:07:43:f1:cf:bf:3d:0e:6d:
                    b0:86:4d:f7:4f:f6:2f:1c:69:8b:34:d2:d9:06:10:
                    46:c5:87:a2:73:db:23:a1:e4:9c:15:c4:94:b6:de:
                    4c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:74:93:F9:62:55:57:7C:27:B7:66:30:A3:E8:7F:41:B5:58:55:CF
            X509v3 Authority Key Identifier:
                keyid:57:94:AF:DB:5E:6A:18:85:78:09:20:A5:4F:FA:82:40:8E:A8:5B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V5Sv215qGIV4CSClT_qCQI6oW6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/2nST-WJVV3wnt2Ywo-h_QbVYVc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ddce4d-9912-487d-b55d-47d82a41a8f3/1/V5Sv215qGIV4CSClT_qCQI6oW6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:04:67:18:58:dd:28:0d:bb:84:fc:e3:f3:ed:50:6e:b9:d6:
         6f:3e:a2:6a:12:6c:06:96:68:3f:d0:78:55:8c:a8:0c:5b:f9:
         52:cf:72:5d:c1:f8:5c:25:29:c1:78:24:99:7a:c3:9e:35:c0:
         3f:3b:d9:4c:16:68:aa:c9:94:95:12:dc:9a:19:a2:92:6d:74:
         37:f8:cc:b6:5d:15:8b:af:4e:4d:16:c8:54:d4:8e:1f:8c:a0:
         a7:e4:17:2c:90:f8:c0:35:15:37:d8:c6:8d:fb:d8:d0:79:a8:
         d7:75:6b:10:54:93:70:9b:5c:79:ca:8a:e7:ea:14:ec:f8:42:
         b4:97:f6:95:90:95:dc:fd:68:0d:37:1b:d6:e2:96:72:35:05:
         d7:53:38:5c:b9:b8:21:ee:62:94:46:4d:8e:2d:62:20:19:12:
         42:66:eb:a8:f1:d9:d2:a0:09:fe:83:9a:f7:4f:8b:b8:1d:22:
         c7:f6:2e:49:47:bb:e0:97:47:cd:46:6e:5e:75:4f:b8:8e:5b:
         a7:59:62:3d:d0:f8:9d:a6:fb:63:79:ee:1d:f1:c5:a6:ec:b1:
         96:8f:a8:e9:49:af:15:77:54:0f:47:24:a7:8a:44:fb:77:2b:
         45:6e:16:58:34:70:4b:2d:aa:73:6d:32:c6:92:49:2f:7e:33:
         ad:b8:3f:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yBLsIsB0bx599edzuDIeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3OTRhZmRiNWU2YTE4ODU3ODA5MjBhNTRmZmE4MjQwOGVh
ODViYTEwHhcNMjYwMTAxMTgxODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTc0OTNmOTYyNTU1NzdjMjdiNzY2MzBhM2U4N2Y0MWI1NTg1NWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ljRwfceEo4+ULloLs4yKpffk/db
5ApbgdC/NYjEEJQFX1Q2CLncsL3kNksaGYllibUT16Dxc6x4NmofbPPYfTvXHbeL
ueqVOnpl/9fsS49ZjpIJduWJNpKTJN7Kh8VyynjrIzasFZ4TkShFzSZQKNYx0PMW
np4Csym/p1qjvgaZf3BeO4B1ecqVCjlU0N96+pfna0cDYswc48l3Ud3zdZY4Dig3
1DVNgqbp4JmE0TR09mYdsp6MUPLNx9+9W95b8Fq/gxXvispH/yWccUUmPXKDYZpN
KyAFB0Pxz789Dm2whk33T/YvHGmLNNLZBhBGxYeic9sjoeScFcSUtt5MAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNp0k/liVVd8J7dmMKPof0G1WFXPMB8GA1UdIwQY
MBaAFFeUr9teahiFeAkgpU/6gkCOqFuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjVTdjIxNXFHSVY0Q1NDbFRfcUNRSTZvVzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9kZGNlNGQtOTkxMi00ODdkLWI1NWQt
NDdkODJhNDFhOGYzLzEvMm5TVC1XSlZWM3dudDJZd28taF9RYlZZVmM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9kZGNlNGQtOTkxMi00ODdkLWI1NWQtNDdkODJhNDFhOGYz
LzEvVjVTdjIxNXFHSVY0Q1NDbFRfcUNRSTZvVzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsuzgMA0G
CSqGSIb3DQEBCwUAA4IBAQAfBGcYWN0oDbuE/OPz7VBuudZvPqJqEmwGlmg/0HhV
jKgMW/lSz3JdwfhcJSnBeCSZesOeNcA/O9lMFmiqyZSVEtyaGaKSbXQ3+My2XRWL
r05NFshU1I4fjKCn5BcskPjANRU32MaN+9jQeajXdWsQVJNwm1x5yorn6hTs+EK0
l/aVkJXc/WgNNxvW4pZyNQXXUzhcubgh7mKURk2OLWIgGRJCZuuo8dnSoAn+g5r3
T4u4HSLH9i5JR7vgl0fNRm5edU+4jlunWWI90Pidpvtjee4d8cWm7LGWj6jpSa8V
d1QPRySnikT7dytFbhZYNHBLLapzbTLGkkkvfjOtuD9g
-----END CERTIFICATE-----