This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/17b797-2e66-40df-868a-0a275a6763ce/1/2ikB92Z1YZga53T_5TgPbCYNO2U.roa
File:                     2ikB92Z1YZga53T_5TgPbCYNO2U.roa (raw, json)
Hash identifier:          6LYS7/XU1c9VFgwkPm/Cq36EgEjl8++/LJln5tJD5X8=
Subject key identifier:   DA:29:01:F7:66:75:61:98:1A:E7:74:FF:E5:38:0F:6C:26:0D:3B:65
Certificate issuer:       /CN=bfe57cc3db1840470c73a09605d187d7bd9595cb
Certificate serial:       019B7AC77F94341C3261C20D2B7848E563B4
Authority key identifier: BF:E5:7C:C3:DB:18:40:47:0C:73:A0:96:05:D1:87:D7:BD:95:95:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v-V8w9sYQEcMc6CWBdGH172Vlcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/17b797-2e66-40df-868a-0a275a6763ce/1/2ikB92Z1YZga53T_5TgPbCYNO2U.roa
Signing time:             Thu 01 Jan 2026 18:17:33 +0000
ROA not before:           Thu 01 Jan 2026 18:17:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205544
IP address blocks:        185.245.124.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/17b797-2e66-40df-868a-0a275a6763ce/1/v-V8w9sYQEcMc6CWBdGH172Vlcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/17b797-2e66-40df-868a-0a275a6763ce/1/v-V8w9sYQEcMc6CWBdGH172Vlcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v-V8w9sYQEcMc6CWBdGH172Vlcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:7f:94:34:1c:32:61:c2:0d:2b:78:48:e5:63:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfe57cc3db1840470c73a09605d187d7bd9595cb
        Validity
            Not Before: Jan  1 18:17:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da2901f7667561981ae774ffe5380f6c260d3b65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:46:e7:65:97:41:74:51:33:4e:f1:70:2f:7e:
                    9e:f8:fe:d1:74:2f:61:87:17:c1:00:b4:2b:14:b2:
                    40:62:6e:59:28:dd:d7:44:20:96:47:58:56:14:96:
                    39:1b:f7:18:0e:d2:f0:93:3d:55:91:fb:c5:d1:91:
                    0b:a7:98:65:6e:e7:2e:d3:55:92:c8:12:aa:cc:41:
                    f8:34:97:7d:3b:b5:11:f1:c1:92:73:9c:0a:99:2b:
                    7c:ad:be:e3:75:d1:c2:33:2a:de:9f:ba:0c:ad:67:
                    e0:98:ca:2e:04:e6:8d:c2:aa:47:41:79:f0:7e:9d:
                    13:c0:d7:fe:d6:7d:36:de:80:e3:8c:38:8f:f2:b9:
                    a4:03:b9:34:e9:b7:a2:b7:40:92:b8:f2:a3:42:52:
                    2e:68:90:be:26:f4:11:a7:64:f1:e5:23:a8:b4:78:
                    f6:b1:ae:67:43:83:7a:ac:00:a6:3b:23:b5:22:a5:
                    b8:ba:a7:72:d5:de:27:4f:a2:cf:b1:68:e2:00:02:
                    d3:85:eb:cb:18:8b:bb:a6:56:2e:43:0b:cb:71:4e:
                    02:ad:5a:89:63:6c:01:1c:48:8e:60:8c:34:e9:b0:
                    20:a8:8d:b0:9c:de:ff:62:b5:78:15:e4:83:6d:44:
                    1f:a0:e5:ab:89:1f:ba:7e:2d:ca:d3:fc:93:2d:bb:
                    0b:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:29:01:F7:66:75:61:98:1A:E7:74:FF:E5:38:0F:6C:26:0D:3B:65
            X509v3 Authority Key Identifier:
                keyid:BF:E5:7C:C3:DB:18:40:47:0C:73:A0:96:05:D1:87:D7:BD:95:95:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v-V8w9sYQEcMc6CWBdGH172Vlcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/17b797-2e66-40df-868a-0a275a6763ce/1/2ikB92Z1YZga53T_5TgPbCYNO2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/17b797-2e66-40df-868a-0a275a6763ce/1/v-V8w9sYQEcMc6CWBdGH172Vlcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:95:95:4b:fd:4b:ee:1c:5d:1d:71:a6:06:3a:b8:cf:a7:e0:
         5f:77:a3:30:72:17:be:4b:09:73:4c:eb:36:93:5d:c3:ef:65:
         94:4c:62:83:ad:65:c3:24:f0:da:5e:62:83:40:a9:ef:e7:7e:
         b5:e0:1b:8d:6e:2b:69:76:97:dd:a0:b6:c8:94:1b:31:0b:b8:
         f8:5c:c2:24:7e:67:36:83:72:c4:78:4a:66:6d:9f:30:f1:ba:
         44:21:94:9e:a2:68:cc:7c:ae:71:ed:f1:fa:01:1f:77:6a:8a:
         e7:07:e3:50:02:e5:c2:6d:b9:59:ca:8e:5d:45:9e:60:0a:ec:
         bf:c6:35:94:b5:fd:2e:6c:99:c5:27:c6:13:56:d0:76:8c:79:
         a9:78:f6:2c:cd:f6:ed:e9:0b:f9:d7:4f:c8:ac:94:f1:7b:b1:
         6f:95:60:24:65:26:81:6b:81:61:c4:be:af:c5:8b:bc:bc:6b:
         ef:10:05:6f:9a:d0:cc:4f:12:34:78:59:ca:30:79:78:ce:68:
         ae:88:23:39:82:e3:ea:ae:49:6a:ab:78:f2:c2:c2:94:f4:0e:
         82:e5:41:92:c7:01:40:74:8f:3e:6c:6d:f5:c2:84:17:eb:a3:
         e0:69:2a:ce:e1:b7:7e:a0:ba:7c:b8:08:50:fa:ad:06:ce:21:
         fd:b8:f0:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x3+UNBwyYcINK3hI5WO0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZTU3Y2MzZGIxODQwNDcwYzczYTA5NjA1ZDE4N2Q3YmQ5
NTk1Y2IwHhcNMjYwMTAxMTgxNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTI5MDFmNzY2NzU2MTk4MWFlNzc0ZmZlNTM4MGY2YzI2MGQzYjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEbnZZdBdFEzTvFwL36e+P7RdC9h
hxfBALQrFLJAYm5ZKN3XRCCWR1hWFJY5G/cYDtLwkz1VkfvF0ZELp5hlbucu01WS
yBKqzEH4NJd9O7UR8cGSc5wKmSt8rb7jddHCMyren7oMrWfgmMouBOaNwqpHQXnw
fp0TwNf+1n023oDjjDiP8rmkA7k06beit0CSuPKjQlIuaJC+JvQRp2Tx5SOotHj2
sa5nQ4N6rACmOyO1IqW4uqdy1d4nT6LPsWjiAALThevLGIu7plYuQwvLcU4CrVqJ
Y2wBHEiOYIw06bAgqI2wnN7/YrV4FeSDbUQfoOWriR+6fi3K0/yTLbsL3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNopAfdmdWGYGud0/+U4D2wmDTtlMB8GA1UdIwQY
MBaAFL/lfMPbGEBHDHOglgXRh9e9lZXLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdi1WOHc5c1lRRWNNYzZDV0JkR0gxNzJWbGNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8xN2I3OTctMmU2Ni00MGRmLTg2OGEt
MGEyNzVhNjc2M2NlLzEvMmlrQjkyWjFZWmdhNTNUXzVUZ1BiQ1lOTzJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8xN2I3OTctMmU2Ni00MGRmLTg2OGEtMGEyNzVhNjc2M2Nl
LzEvdi1WOHc5c1lRRWNNYzZDV0JkR0gxNzJWbGNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufV8MA0G
CSqGSIb3DQEBCwUAA4IBAQCelZVL/UvuHF0dcaYGOrjPp+Bfd6Mwche+SwlzTOs2
k13D72WUTGKDrWXDJPDaXmKDQKnv53614BuNbitpdpfdoLbIlBsxC7j4XMIkfmc2
g3LEeEpmbZ8w8bpEIZSeomjMfK5x7fH6AR93aornB+NQAuXCbblZyo5dRZ5gCuy/
xjWUtf0ubJnFJ8YTVtB2jHmpePYszfbt6Qv510/IrJTxe7FvlWAkZSaBa4FhxL6v
xYu8vGvvEAVvmtDMTxI0eFnKMHl4zmiuiCM5guPqrklqq3jywsKU9A6C5UGSxwFA
dI8+bG31woQX66PgaSrO4bd+oLp8uAhQ+q0GziH9uPDj
-----END CERTIFICATE-----