This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/e23969-ffb0-4e57-a36a-760f6b6aabc1/1/2xP9m1PRgrEVDmtd4i2eqIDsm-A.roa
File:                     2xP9m1PRgrEVDmtd4i2eqIDsm-A.roa (raw, json)
Hash identifier:          YQaYHIwFaP+vp12w1AQ2mwIWx2mQt+KNJdo+tWceYBM=
Subject key identifier:   DB:13:FD:9B:53:D1:82:B1:15:0E:6B:5D:E2:2D:9E:A8:80:EC:9B:E0
Certificate issuer:       /CN=1d10e38ed55e3185aed6f079f8bb9bf12d4448db
Certificate serial:       019B79ECF74BDE017226417C1EF16B1FC50D
Authority key identifier: 1D:10:E3:8E:D5:5E:31:85:AE:D6:F0:79:F8:BB:9B:F1:2D:44:48:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HRDjjtVeMYWu1vB5-Lub8S1ESNs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/e23969-ffb0-4e57-a36a-760f6b6aabc1/1/2xP9m1PRgrEVDmtd4i2eqIDsm-A.roa
Signing time:             Thu 01 Jan 2026 14:18:51 +0000
ROA not before:           Thu 01 Jan 2026 14:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57256
IP address blocks:        185.164.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/e23969-ffb0-4e57-a36a-760f6b6aabc1/1/HRDjjtVeMYWu1vB5-Lub8S1ESNs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/e23969-ffb0-4e57-a36a-760f6b6aabc1/1/HRDjjtVeMYWu1vB5-Lub8S1ESNs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HRDjjtVeMYWu1vB5-Lub8S1ESNs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:f7:4b:de:01:72:26:41:7c:1e:f1:6b:1f:c5:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d10e38ed55e3185aed6f079f8bb9bf12d4448db
        Validity
            Not Before: Jan  1 14:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db13fd9b53d182b1150e6b5de22d9ea880ec9be0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:86:dc:14:3a:b7:f0:04:ab:7e:dc:33:21:2e:
                    84:11:58:50:d0:be:48:43:ec:7a:a0:21:f3:9b:4c:
                    77:d2:72:4c:cb:04:98:f7:61:f8:4d:44:19:14:0f:
                    ff:fc:75:0f:49:9e:e4:61:cd:85:2f:2c:2e:f3:4f:
                    d9:f4:87:33:5b:a9:60:c4:0e:8b:90:de:18:73:2c:
                    ad:14:93:e2:50:e3:82:5f:90:7c:1d:b0:32:7b:f8:
                    20:55:06:03:c6:66:06:73:70:87:e0:38:8c:9f:c1:
                    41:bf:d4:48:20:8e:d2:f3:df:2d:4e:f6:ab:5a:a2:
                    d8:19:b2:d6:83:49:89:3d:1c:f2:5e:39:25:f2:a0:
                    aa:53:3a:d3:2e:4a:f7:b2:5e:0d:01:23:b6:7b:55:
                    a3:7f:75:2b:ed:54:84:5d:c4:03:d4:81:e8:be:b2:
                    c3:e1:fa:21:a2:4f:f7:f6:07:f3:5b:30:1f:86:18:
                    d5:ad:de:6b:8b:eb:8e:c7:b9:b9:71:f8:85:29:b4:
                    9b:c1:58:b1:5d:9a:5f:57:80:d1:f1:eb:b3:13:02:
                    36:f6:b4:06:f6:be:4f:2e:ab:38:e7:de:06:4b:12:
                    49:d4:78:26:5c:09:1a:64:48:c9:50:c1:4c:0a:e5:
                    77:bb:65:cc:98:ae:56:4a:08:a5:ac:e8:25:00:16:
                    9b:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:13:FD:9B:53:D1:82:B1:15:0E:6B:5D:E2:2D:9E:A8:80:EC:9B:E0
            X509v3 Authority Key Identifier:
                keyid:1D:10:E3:8E:D5:5E:31:85:AE:D6:F0:79:F8:BB:9B:F1:2D:44:48:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HRDjjtVeMYWu1vB5-Lub8S1ESNs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e23969-ffb0-4e57-a36a-760f6b6aabc1/1/2xP9m1PRgrEVDmtd4i2eqIDsm-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e23969-ffb0-4e57-a36a-760f6b6aabc1/1/HRDjjtVeMYWu1vB5-Lub8S1ESNs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:1d:21:2c:a7:2b:43:3d:46:c7:d6:b6:42:b6:96:79:be:c2:
         41:8e:6d:c2:1f:48:b0:56:ef:03:b8:68:04:38:53:6e:cf:a2:
         32:96:21:01:23:b2:f3:af:01:75:bc:e9:07:a4:0e:7a:ba:7f:
         2e:ed:9e:23:87:a5:c5:fb:ea:7c:eb:42:d8:e4:1e:70:e2:f8:
         21:b6:5e:59:54:a0:25:0b:07:e0:2b:c1:52:c9:26:af:ff:4d:
         ca:47:86:e8:5f:bb:61:8b:b2:5b:d7:c2:62:ec:60:bc:c3:f0:
         3c:77:b6:66:97:ac:da:e2:18:e1:a4:56:55:24:2d:82:23:00:
         78:96:6f:b5:24:14:1b:ff:c5:5b:79:72:c9:f3:78:c0:a4:1d:
         8e:a6:0c:7e:d0:e7:fc:ac:1f:14:1e:81:47:08:78:80:eb:03:
         ff:54:28:c8:6a:a3:ed:75:c9:a5:c7:cd:1c:7f:78:64:ea:4b:
         bf:ef:56:1a:1e:3d:12:30:06:af:d2:ad:81:8c:3f:c1:e3:92:
         94:54:5a:a5:b5:a3:c5:10:4d:2e:f3:b2:99:6f:83:c6:2e:0d:
         89:a2:e9:5d:1c:53:e6:d1:1d:22:41:3a:73:e3:48:55:16:78:
         cb:f1:be:02:de:a9:41:32:a5:ee:07:b9:1e:44:1c:fe:0d:29:
         45:60:58:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57PdL3gFyJkF8HvFrH8UNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMTBlMzhlZDU1ZTMxODVhZWQ2ZjA3OWY4YmI5YmYxMmQ0
NDQ4ZGIwHhcNMjYwMTAxMTQxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjEzZmQ5YjUzZDE4MmIxMTUwZTZiNWRlMjJkOWVhODgwZWM5YmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwobcFDq38ASrftwzIS6EEVhQ0L5I
Q+x6oCHzm0x30nJMywSY92H4TUQZFA///HUPSZ7kYc2FLywu80/Z9IczW6lgxA6L
kN4YcyytFJPiUOOCX5B8HbAye/ggVQYDxmYGc3CH4DiMn8FBv9RIII7S898tTvar
WqLYGbLWg0mJPRzyXjkl8qCqUzrTLkr3sl4NASO2e1Wjf3Ur7VSEXcQD1IHovrLD
4fohok/39gfzWzAfhhjVrd5ri+uOx7m5cfiFKbSbwVixXZpfV4DR8euzEwI29rQG
9r5PLqs4594GSxJJ1HgmXAkaZEjJUMFMCuV3u2XMmK5WSgilrOglABabIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNsT/ZtT0YKxFQ5rXeItnqiA7JvgMB8GA1UdIwQY
MBaAFB0Q447VXjGFrtbwefi7m/EtREjbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFJEamp0VmVNWVd1MXZCNS1MdWI4UzFFU05zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9lMjM5NjktZmZiMC00ZTU3LWEzNmEt
NzYwZjZiNmFhYmMxLzEvMnhQOW0xUFJnckVWRG10ZDRpMmVxSURzbS1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9lMjM5NjktZmZiMC00ZTU3LWEzNmEtNzYwZjZiNmFhYmMx
LzEvSFJEamp0VmVNWVd1MXZCNS1MdWI4UzFFU05zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaRoMA0G
CSqGSIb3DQEBCwUAA4IBAQCoHSEspytDPUbH1rZCtpZ5vsJBjm3CH0iwVu8DuGgE
OFNuz6IyliEBI7LzrwF1vOkHpA56un8u7Z4jh6XF++p860LY5B5w4vghtl5ZVKAl
CwfgK8FSySav/03KR4boX7thi7Jb18Ji7GC8w/A8d7Zml6za4hjhpFZVJC2CIwB4
lm+1JBQb/8VbeXLJ83jApB2Opgx+0Of8rB8UHoFHCHiA6wP/VCjIaqPtdcmlx80c
f3hk6ku/71YaHj0SMAav0q2BjD/B45KUVFqltaPFEE0u87KZb4PGLg2JouldHFPm
0R0iQTpz40hVFnjL8b4C3qlBMqXuB7keRBz+DSlFYFgY
-----END CERTIFICATE-----