This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/a97c7d-bcc7-4fb5-86e2-2e6246c219f7/1/2G4Xf8pLqEWjirvogul_LDd5FPI.roa
File:                     2G4Xf8pLqEWjirvogul_LDd5FPI.roa (raw, json)
Hash identifier:          /5ZBPi9hR3OWcYF4JvFkWR9sLIrIvmMOKZx6ycQkpcU=
Subject key identifier:   D8:6E:17:7F:CA:4B:A8:45:A3:8A:BB:E8:82:E9:7F:2C:37:79:14:F2
Certificate issuer:       /CN=39d01e8ca0afe414c157e1fbfb5394867ce51edb
Certificate serial:       019ABA34D3E195107A6E3C7899B7FDD5287C
Authority key identifier: 39:D0:1E:8C:A0:AF:E4:14:C1:57:E1:FB:FB:53:94:86:7C:E5:1E:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OdAejKCv5BTBV-H7-1OUhnzlHts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/a97c7d-bcc7-4fb5-86e2-2e6246c219f7/1/2G4Xf8pLqEWjirvogul_LDd5FPI.roa
Signing time:             Tue 25 Nov 2025 08:50:15 +0000
ROA not before:           Tue 25 Nov 2025 08:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203529
IP address blocks:        194.140.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/a97c7d-bcc7-4fb5-86e2-2e6246c219f7/1/OdAejKCv5BTBV-H7-1OUhnzlHts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/a97c7d-bcc7-4fb5-86e2-2e6246c219f7/1/OdAejKCv5BTBV-H7-1OUhnzlHts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OdAejKCv5BTBV-H7-1OUhnzlHts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 13:09:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:ba:34:d3:e1:95:10:7a:6e:3c:78:99:b7:fd:d5:28:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39d01e8ca0afe414c157e1fbfb5394867ce51edb
        Validity
            Not Before: Nov 25 08:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d86e177fca4ba845a38abbe882e97f2c377914f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b9:5b:e0:54:b4:c6:a5:79:88:f9:37:8e:a4:
                    14:70:28:e7:e0:cd:69:b4:00:01:5f:f5:b4:39:d3:
                    7c:09:49:2c:27:a6:21:07:5d:85:64:91:70:21:53:
                    38:ac:9c:bb:86:30:df:fc:f9:ad:0b:43:4c:9e:56:
                    bd:62:08:3a:54:2a:42:b6:ba:58:c3:15:85:22:a4:
                    57:fe:ae:e5:a9:d9:41:e3:43:5c:88:17:4b:20:ae:
                    73:00:80:3c:67:82:4c:15:01:49:70:be:ae:a8:f8:
                    86:f6:fe:9e:7e:17:c4:39:5f:4d:b9:0b:d0:51:8d:
                    b1:e5:6a:1f:3c:95:c3:6f:93:c6:4c:43:85:06:8b:
                    ab:c2:66:c6:c5:47:1f:36:bc:64:a9:f3:3a:2b:c8:
                    27:d9:2b:d5:73:6d:b1:6a:08:a8:74:23:d0:27:90:
                    3b:f8:69:bb:0d:e2:c0:0f:09:9b:18:e4:a9:d4:35:
                    92:8a:34:82:e7:6f:02:28:f5:a1:e8:f8:45:32:2e:
                    fb:0b:a3:33:b9:65:22:f5:31:03:57:fe:7a:da:4e:
                    81:17:24:1e:57:64:f6:b5:72:be:37:ed:5b:4a:ff:
                    08:8d:da:16:3d:4b:29:e0:4f:f1:d4:5a:9f:30:48:
                    5b:73:3b:fe:02:22:20:9a:27:f9:4e:d0:23:8a:45:
                    5b:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:6E:17:7F:CA:4B:A8:45:A3:8A:BB:E8:82:E9:7F:2C:37:79:14:F2
            X509v3 Authority Key Identifier:
                keyid:39:D0:1E:8C:A0:AF:E4:14:C1:57:E1:FB:FB:53:94:86:7C:E5:1E:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OdAejKCv5BTBV-H7-1OUhnzlHts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/a97c7d-bcc7-4fb5-86e2-2e6246c219f7/1/2G4Xf8pLqEWjirvogul_LDd5FPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/a97c7d-bcc7-4fb5-86e2-2e6246c219f7/1/OdAejKCv5BTBV-H7-1OUhnzlHts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.140.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:50:a3:ce:94:31:e7:fa:68:1c:79:67:7b:5f:94:fd:01:16:
         fd:41:b0:47:25:9b:f7:6b:3b:a0:63:31:2d:3f:7f:25:ea:38:
         c6:b8:dc:bf:52:08:49:ad:a4:b3:f5:e1:61:58:1b:dc:91:0c:
         c0:ff:7a:26:1d:3c:7a:6e:26:6a:4a:3d:54:14:d3:55:34:19:
         59:a4:88:d6:eb:0f:7f:47:6a:f9:c9:44:5f:02:73:e2:fb:da:
         fa:8a:b5:ea:1c:42:b9:eb:d0:b9:d2:99:63:31:49:9d:81:32:
         9f:1c:7b:d3:2f:34:19:d8:76:c0:ad:92:19:ce:65:5a:ea:ac:
         fe:81:e8:f4:68:c2:7d:e9:72:78:83:4a:f8:da:f8:3f:c2:0e:
         1c:b0:7b:fc:7a:eb:78:c2:7f:b0:e3:76:b2:32:b9:60:84:37:
         97:36:a2:a3:5e:3e:6c:4b:81:5a:46:2a:05:55:24:e2:51:9a:
         d6:bc:11:e5:df:93:80:18:8a:e9:87:db:7b:2a:c6:c8:d3:01:
         fc:9c:57:8d:d9:e0:88:30:73:78:c3:18:e6:23:4a:54:af:36:
         e4:e7:e7:42:e5:4f:04:4e:aa:c9:35:a2:a8:c3:dd:97:dc:8a:
         2a:f0:40:b8:55:53:62:7d:c0:2d:8f:95:8f:c1:18:21:c0:c3:
         79:a6:5c:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZq6NNPhlRB6bjx4mbf91Sh8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5ZDAxZThjYTBhZmU0MTRjMTU3ZTFmYmZiNTM5NDg2N2Nl
NTFlZGIwHhcNMjUxMTI1MDg1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODZlMTc3ZmNhNGJhODQ1YTM4YWJiZTg4MmU5N2YyYzM3NzkxNGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrlb4FS0xqV5iPk3jqQUcCjn4M1p
tAABX/W0OdN8CUksJ6YhB12FZJFwIVM4rJy7hjDf/PmtC0NMnla9Ygg6VCpCtrpY
wxWFIqRX/q7lqdlB40NciBdLIK5zAIA8Z4JMFQFJcL6uqPiG9v6efhfEOV9NuQvQ
UY2x5WofPJXDb5PGTEOFBourwmbGxUcfNrxkqfM6K8gn2SvVc22xagiodCPQJ5A7
+Gm7DeLADwmbGOSp1DWSijSC528CKPWh6PhFMi77C6MzuWUi9TEDV/562k6BFyQe
V2T2tXK+N+1bSv8IjdoWPUsp4E/x1FqfMEhbczv+AiIgmif5TtAjikVbrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhuF3/KS6hFo4q76ILpfyw3eRTyMB8GA1UdIwQY
MBaAFDnQHoygr+QUwVfh+/tTlIZ85R7bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2RBZWpLQ3Y1QlRCVi1INy0xT1VobnpsSHRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9hOTdjN2QtYmNjNy00ZmI1LTg2ZTIt
MmU2MjQ2YzIxOWY3LzEvMkc0WGY4cExxRVdqaXJ2b2d1bF9MRGQ1RlBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9hOTdjN2QtYmNjNy00ZmI1LTg2ZTItMmU2MjQ2YzIxOWY3
LzEvT2RBZWpLQ3Y1QlRCVi1INy0xT1VobnpsSHRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwozDMA0G
CSqGSIb3DQEBCwUAA4IBAQBlUKPOlDHn+mgceWd7X5T9ARb9QbBHJZv3azugYzEt
P38l6jjGuNy/UghJraSz9eFhWBvckQzA/3omHTx6biZqSj1UFNNVNBlZpIjW6w9/
R2r5yURfAnPi+9r6irXqHEK569C50pljMUmdgTKfHHvTLzQZ2HbArZIZzmVa6qz+
gej0aMJ96XJ4g0r42vg/wg4csHv8eut4wn+w43ayMrlghDeXNqKjXj5sS4FaRioF
VSTiUZrWvBHl35OAGIrph9t7KsbI0wH8nFeN2eCIMHN4wxjmI0pUrzbk5+dC5U8E
TqrJNaKow92X3Ioq8EC4VVNifcAtj5WPwRghwMN5ply+
-----END CERTIFICATE-----