This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/e3694b-77f9-42b0-b5a3-9b7d49adedb3/1/2zOKVHZfMm9AxAnIgk6BSVssqPo.roa
File:                     2zOKVHZfMm9AxAnIgk6BSVssqPo.roa (raw, json)
Hash identifier:          UxUPcLpqbBTjs1BO/RAIL95/BplOFFKqBnWYZsn/g5c=
Subject key identifier:   DB:33:8A:54:76:5F:32:6F:40:C4:09:C8:82:4E:81:49:5B:2C:A8:FA
Certificate issuer:       /CN=b79e5d4f835ea88d76b60256e0037547cd968279
Certificate serial:       019B7BA4EC2C3F5EA998AA2B88EDF4515071
Authority key identifier: B7:9E:5D:4F:83:5E:A8:8D:76:B6:02:56:E0:03:75:47:CD:96:82:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t55dT4NeqI12tgJW4AN1R82Wgnk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/e3694b-77f9-42b0-b5a3-9b7d49adedb3/1/2zOKVHZfMm9AxAnIgk6BSVssqPo.roa
Signing time:             Thu 01 Jan 2026 22:19:24 +0000
ROA not before:           Thu 01 Jan 2026 22:19:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43350
IP address blocks:        185.56.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/e3694b-77f9-42b0-b5a3-9b7d49adedb3/1/t55dT4NeqI12tgJW4AN1R82Wgnk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/e3694b-77f9-42b0-b5a3-9b7d49adedb3/1/t55dT4NeqI12tgJW4AN1R82Wgnk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t55dT4NeqI12tgJW4AN1R82Wgnk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:ec:2c:3f:5e:a9:98:aa:2b:88:ed:f4:51:50:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b79e5d4f835ea88d76b60256e0037547cd968279
        Validity
            Not Before: Jan  1 22:19:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db338a54765f326f40c409c8824e81495b2ca8fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:8a:f5:d1:97:e8:2e:c9:85:04:cf:b1:46:9c:
                    4a:55:32:f5:7d:50:c2:87:10:8a:7c:a7:d5:16:c8:
                    a5:43:f1:1a:4f:3f:fa:c9:49:43:bd:45:ec:e1:19:
                    1b:09:b9:53:a6:aa:f6:69:32:52:34:c4:7c:89:4b:
                    2b:3b:6e:72:44:41:56:2a:ae:99:8e:e4:82:16:10:
                    52:9b:c1:90:92:84:35:87:57:40:53:7c:ec:84:db:
                    1e:88:08:50:29:ea:7f:0a:20:af:71:77:7a:85:a7:
                    30:54:ae:64:e1:7e:65:96:ba:54:1f:e4:53:fd:d2:
                    e9:7a:b3:74:18:a3:ba:fe:a5:57:85:46:8a:15:2a:
                    e3:8d:9e:b2:58:b6:24:20:54:44:9d:42:c4:32:97:
                    df:9a:8a:f4:a7:98:71:92:ba:a9:eb:63:dd:7d:da:
                    03:54:37:0e:52:74:cd:9d:ad:d4:e7:6c:07:a4:31:
                    56:d7:53:fe:e6:94:e7:8c:a6:45:b4:55:75:07:da:
                    98:8a:7a:7d:8c:29:e1:ac:cf:e4:de:9d:2d:ea:20:
                    28:5e:f5:59:13:ee:a5:12:33:40:e4:3e:21:1d:b6:
                    5a:57:c5:f5:4f:68:bd:6c:be:e6:08:2b:d8:c5:6e:
                    38:92:84:8b:54:e7:a9:1b:76:ef:bc:9f:3d:e9:8e:
                    72:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:33:8A:54:76:5F:32:6F:40:C4:09:C8:82:4E:81:49:5B:2C:A8:FA
            X509v3 Authority Key Identifier:
                keyid:B7:9E:5D:4F:83:5E:A8:8D:76:B6:02:56:E0:03:75:47:CD:96:82:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t55dT4NeqI12tgJW4AN1R82Wgnk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/e3694b-77f9-42b0-b5a3-9b7d49adedb3/1/2zOKVHZfMm9AxAnIgk6BSVssqPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/e3694b-77f9-42b0-b5a3-9b7d49adedb3/1/t55dT4NeqI12tgJW4AN1R82Wgnk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:b8:53:88:63:9d:95:03:2b:91:24:0b:fb:f7:2c:b3:6f:f7:
         17:c3:b7:09:30:56:df:be:d8:51:b9:30:1b:b2:cd:c6:0e:7f:
         9a:90:c3:f8:b6:7d:c9:76:90:96:31:60:ac:c4:83:35:1c:53:
         5f:a5:00:3a:22:fe:7f:b7:1d:ab:38:96:20:a6:9b:d5:89:60:
         30:84:2d:b3:11:dc:7e:49:a3:f1:57:0b:97:34:80:c5:95:d9:
         d5:31:8d:93:c6:47:37:fa:cc:77:ee:0a:fa:a4:ba:2a:b5:75:
         d1:11:41:dd:d8:26:b5:fa:cd:7c:b2:0e:72:0b:59:c3:10:cf:
         7a:92:ff:d0:53:88:93:2b:f2:93:b5:7d:2c:50:9d:3b:ea:13:
         c7:db:23:b5:0c:c9:70:8f:02:6a:2b:28:8e:14:db:df:c4:ae:
         a6:88:74:95:62:dc:09:60:40:4d:a9:3a:e0:b7:37:15:63:5c:
         f0:2a:4b:32:d0:5d:97:b8:ac:44:37:6c:45:62:e8:d3:f1:a6:
         fe:3f:51:db:7d:b5:c7:0b:dd:a7:70:09:e1:1b:8f:80:8a:73:
         33:ca:5b:1b:c8:d9:bf:94:79:d9:c3:ea:ba:50:dd:34:91:08:
         2a:86:f1:5c:76:74:dc:f9:62:ce:20:5d:39:12:6a:b6:83:3c:
         49:19:bf:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pOwsP16pmKoriO30UVBxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3OWU1ZDRmODM1ZWE4OGQ3NmI2MDI1NmUwMDM3NTQ3Y2Q5
NjgyNzkwHhcNMjYwMTAxMjIxOTI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjMzOGE1NDc2NWYzMjZmNDBjNDA5Yzg4MjRlODE0OTViMmNhOGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4r10ZfoLsmFBM+xRpxKVTL1fVDC
hxCKfKfVFsilQ/EaTz/6yUlDvUXs4RkbCblTpqr2aTJSNMR8iUsrO25yREFWKq6Z
juSCFhBSm8GQkoQ1h1dAU3zshNseiAhQKep/CiCvcXd6hacwVK5k4X5llrpUH+RT
/dLperN0GKO6/qVXhUaKFSrjjZ6yWLYkIFREnULEMpffmor0p5hxkrqp62PdfdoD
VDcOUnTNna3U52wHpDFW11P+5pTnjKZFtFV1B9qYinp9jCnhrM/k3p0t6iAoXvVZ
E+6lEjNA5D4hHbZaV8X1T2i9bL7mCCvYxW44koSLVOepG3bvvJ896Y5ywQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNszilR2XzJvQMQJyIJOgUlbLKj6MB8GA1UdIwQY
MBaAFLeeXU+DXqiNdrYCVuADdUfNloJ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDU1ZFQ0TmVxSTEydGdKVzRBTjFSODJXZ25rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9lMzY5NGItNzdmOS00MmIwLWI1YTMt
OWI3ZDQ5YWRlZGIzLzEvMnpPS1ZIWmZNbTlBeEFuSWdrNkJTVnNzcVBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9lMzY5NGItNzdmOS00MmIwLWI1YTMtOWI3ZDQ5YWRlZGIz
LzEvdDU1ZFQ0TmVxSTEydGdKVzRBTjFSODJXZ25rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTgUMA0G
CSqGSIb3DQEBCwUAA4IBAQA/uFOIY52VAyuRJAv79yyzb/cXw7cJMFbfvthRuTAb
ss3GDn+akMP4tn3JdpCWMWCsxIM1HFNfpQA6Iv5/tx2rOJYgppvViWAwhC2zEdx+
SaPxVwuXNIDFldnVMY2Txkc3+sx37gr6pLoqtXXREUHd2Ca1+s18sg5yC1nDEM96
kv/QU4iTK/KTtX0sUJ076hPH2yO1DMlwjwJqKyiOFNvfxK6miHSVYtwJYEBNqTrg
tzcVY1zwKksy0F2XuKxEN2xFYujT8ab+P1HbfbXHC92ncAnhG4+AinMzylsbyNm/
lHnZw+q6UN00kQgqhvFcdnTc+WLOIF05Emq2gzxJGb+V
-----END CERTIFICATE-----