This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/2R4qazNLSt_RDhIqgNJX537nd3M.roa
File:                     2R4qazNLSt_RDhIqgNJX537nd3M.roa (raw, json)
Hash identifier:          IvWoPDvDk15n6pb3UgrI/eE54rqQ+OqHA7wWhj9Kyy4=
Subject key identifier:   D9:1E:2A:6B:33:4B:4A:DF:D1:0E:12:2A:80:D2:57:E7:7E:E7:77:73
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       019B7FF1680F1BB72B6ABBF0FB4C82E76636
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/2R4qazNLSt_RDhIqgNJX537nd3M.roa
Signing time:             Fri 02 Jan 2026 18:21:25 +0000
ROA not before:           Fri 02 Jan 2026 18:21:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        207.244.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 18 Jan 2026 02:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:68:0f:1b:b7:2b:6a:bb:f0:fb:4c:82:e7:66:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Jan  2 18:21:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d91e2a6b334b4adfd10e122a80d257e77ee77773
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:98:9f:e1:c6:30:d8:98:11:b8:36:c5:c4:63:
                    d4:aa:3d:ef:7f:a3:8a:ad:00:39:06:01:32:b7:99:
                    e1:d4:dd:5d:7f:d4:e7:85:62:42:94:00:e1:d2:53:
                    79:35:2b:29:51:17:dc:5c:01:cd:47:cd:72:77:50:
                    78:ea:64:f0:61:db:3a:7c:b7:7b:db:57:e3:4e:a9:
                    06:e6:48:62:49:c9:a8:c2:b5:51:aa:a8:54:02:cd:
                    c0:2e:c0:5e:e4:c3:90:af:17:1b:4c:21:aa:d3:68:
                    43:cb:39:0c:82:fc:9f:5b:87:df:92:e4:cc:59:80:
                    bb:c6:18:24:ec:3a:12:35:5f:1c:5e:01:82:ca:4b:
                    bd:ca:92:c6:f0:6a:d1:56:21:86:98:23:f6:53:4e:
                    d3:c3:e7:e3:41:43:18:af:5b:09:29:99:97:8b:65:
                    9b:0a:4f:4d:2c:c1:bb:82:3b:ef:0b:0f:74:85:a9:
                    94:4b:48:b4:b1:48:db:14:45:cd:12:ca:a7:92:72:
                    4e:46:d2:90:4f:0a:f6:c9:97:c4:f7:5e:29:bd:a1:
                    11:02:00:9c:d6:2d:76:ac:71:b8:24:a1:6f:cc:6a:
                    c1:ab:ea:fe:97:fe:e7:77:9d:66:a7:56:9b:63:39:
                    16:2f:94:ac:ef:0e:c2:16:c1:c0:96:bb:e4:2a:d9:
                    2f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:1E:2A:6B:33:4B:4A:DF:D1:0E:12:2A:80:D2:57:E7:7E:E7:77:73
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/2R4qazNLSt_RDhIqgNJX537nd3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.244.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:66:37:48:42:14:ad:ce:08:59:05:8f:7d:37:53:18:82:89:
         3c:75:1f:a1:2b:3e:57:b3:3f:92:6a:8d:59:c5:52:1f:e9:84:
         02:11:f1:c0:99:b4:7a:2b:4f:a0:1b:93:0a:25:ba:d9:ee:1f:
         42:bf:45:5b:ed:ad:9d:15:89:dc:5f:72:1e:13:c0:a7:3d:50:
         9f:a9:ee:31:2c:f2:18:08:59:65:ba:6d:c0:86:7b:47:e0:6f:
         90:ec:d4:d7:aa:b1:d4:eb:61:08:24:f8:dd:51:0a:d0:d2:6f:
         41:82:3e:2b:d4:03:4d:42:01:2f:99:d6:fd:90:ee:89:91:cb:
         2c:4d:51:d0:f5:93:cb:82:5a:ca:7d:f7:4b:d2:00:52:3c:d2:
         a3:9a:c8:4b:4e:5e:05:53:4f:13:95:1a:3e:11:2f:d1:81:5a:
         d2:b9:5f:53:93:f7:86:9c:c2:ad:31:c8:92:51:10:58:29:8c:
         0a:77:34:2f:1b:75:21:ad:7b:a9:2a:69:3e:55:29:cf:4a:bc:
         24:c5:c3:54:f7:32:d6:de:e1:af:54:be:04:f5:76:1e:d1:9a:
         5a:d4:a9:9b:e4:36:26:95:ce:50:2f:32:a4:d3:1e:2b:06:db:
         d9:4c:f7:53:19:42:80:31:15:0d:d3:7e:e6:92:ee:00:85:ce:
         d9:cf:8b:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8WgPG7crarvw+0yC52Y2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjYwMTAyMTgyMTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTFlMmE2YjMzNGI0YWRmZDEwZTEyMmE4MGQyNTdlNzdlZTc3NzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZif4cYw2JgRuDbFxGPUqj3vf6OK
rQA5BgEyt5nh1N1df9TnhWJClADh0lN5NSspURfcXAHNR81yd1B46mTwYds6fLd7
21fjTqkG5khiScmowrVRqqhUAs3ALsBe5MOQrxcbTCGq02hDyzkMgvyfW4ffkuTM
WYC7xhgk7DoSNV8cXgGCyku9ypLG8GrRViGGmCP2U07Tw+fjQUMYr1sJKZmXi2Wb
Ck9NLMG7gjvvCw90hamUS0i0sUjbFEXNEsqnknJORtKQTwr2yZfE914pvaERAgCc
1i12rHG4JKFvzGrBq+r+l/7nd51mp1abYzkWL5Ss7w7CFsHAlrvkKtkvuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNkeKmszS0rf0Q4SKoDSV+d+53dzMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvMlI0cWF6TkxTdF9SRGhJcWdOSlg1MzduZDNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAz/TFMA0G
CSqGSIb3DQEBCwUAA4IBAQChZjdIQhStzghZBY99N1MYgok8dR+hKz5Xsz+Sao1Z
xVIf6YQCEfHAmbR6K0+gG5MKJbrZ7h9Cv0Vb7a2dFYncX3IeE8CnPVCfqe4xLPIY
CFllum3AhntH4G+Q7NTXqrHU62EIJPjdUQrQ0m9Bgj4r1ANNQgEvmdb9kO6Jkcss
TVHQ9ZPLglrKffdL0gBSPNKjmshLTl4FU08TlRo+ES/RgVrSuV9Tk/eGnMKtMciS
URBYKYwKdzQvG3UhrXupKmk+VSnPSrwkxcNU9zLW3uGvVL4E9XYe0Zpa1Kmb5DYm
lc5QLzKk0x4rBtvZTPdTGUKAMRUN037mku4Ahc7Zz4s2
-----END CERTIFICATE-----