This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/EYThgoJAOS7rj7R6waw-6X4MwvQ.roa
File:                     EYThgoJAOS7rj7R6waw-6X4MwvQ.roa (raw, json)
Hash identifier:          qzY829UZ38vAKUpg8PsbanvdJXGfvnNe3uhIAuCLnqM=
Subject key identifier:   11:84:E1:82:82:40:39:2E:EB:8F:B4:7A:C1:AC:3E:E9:7E:0C:C2:F4
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019B78A34D6B453D9DBD2C7F52A8528F795D
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/EYThgoJAOS7rj7R6waw-6X4MwvQ.roa
Signing time:             Thu 01 Jan 2026 08:18:46 +0000
ROA not before:           Thu 01 Jan 2026 08:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215343
IP address blocks:        2.59.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 02:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:4d:6b:45:3d:9d:bd:2c:7f:52:a8:52:8f:79:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  1 08:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1184e1828240392eeb8fb47ac1ac3ee97e0cc2f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:9b:a1:8e:d1:94:30:b1:57:25:3a:54:ef:26:
                    7d:01:a6:cd:d8:54:7c:26:a3:56:0b:fb:cf:90:ca:
                    dd:47:34:92:bb:6e:11:07:48:79:3f:59:0a:48:59:
                    d2:80:ab:96:d1:36:35:64:6e:77:0f:53:93:d1:4f:
                    7b:a7:68:f5:43:cb:7d:a4:0c:9e:15:79:64:47:1f:
                    b7:24:c1:6d:2c:ce:f9:be:da:9f:83:2e:00:f7:33:
                    28:36:ab:a8:c9:66:7f:39:f8:36:fc:5c:3d:6b:ea:
                    99:0e:df:08:88:40:f0:ff:0e:79:e1:68:b2:7f:03:
                    cd:e9:6f:90:5f:55:d8:94:25:c9:6a:e3:59:d8:aa:
                    cc:4b:61:3e:e7:9c:41:10:4e:9f:73:4e:1c:ad:ec:
                    69:56:7b:33:6f:f7:13:cb:bd:d6:ce:af:3f:bf:12:
                    9f:2c:9c:70:8c:90:0a:eb:80:d1:68:89:41:0e:b2:
                    b6:54:44:a5:a0:8c:37:96:01:43:4e:0f:93:13:e5:
                    fe:67:7b:6d:bc:ba:14:44:7b:54:92:15:e9:2f:8b:
                    78:37:76:1d:c5:74:bf:22:21:7f:7d:49:70:9d:50:
                    b6:91:b7:16:19:d9:14:50:61:bb:cc:0f:c4:e3:cd:
                    60:04:70:a6:dd:7e:bd:53:3d:27:85:64:36:93:9b:
                    10:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:84:E1:82:82:40:39:2E:EB:8F:B4:7A:C1:AC:3E:E9:7E:0C:C2:F4
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/EYThgoJAOS7rj7R6waw-6X4MwvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:44:58:9e:0d:cb:1a:45:0c:12:b2:05:b4:f3:48:cc:f3:27:
         9b:b9:5a:39:e9:a1:b2:3e:24:d4:da:7e:6b:e9:73:f5:e8:71:
         3b:f6:a3:8a:d1:4b:62:0d:8a:bd:37:6a:49:0d:60:b6:bc:d0:
         6d:b6:24:2a:28:38:dd:aa:7e:71:c5:be:d0:fc:19:de:bb:66:
         bf:ed:41:e6:cb:13:56:0b:62:01:00:92:e2:41:b2:12:27:17:
         7e:77:56:f5:b7:13:5f:06:ee:ed:85:26:89:1c:c6:9d:a5:22:
         bb:4d:dd:ed:12:e3:b4:e6:01:2a:bb:15:a7:4f:bf:06:71:c5:
         67:d6:ec:c7:c6:01:62:01:ba:19:a4:49:a0:e6:d3:6a:ce:19:
         82:64:14:85:b3:df:28:04:9c:81:ab:c1:b1:5a:67:26:02:f7:
         d7:e3:53:18:e2:47:ed:cf:04:2c:59:c5:70:fd:70:93:d0:51:
         69:d7:e8:e2:e2:71:2c:bb:0e:ac:84:c0:72:27:41:18:49:8f:
         30:69:cc:b1:6c:ca:53:25:ce:33:7e:55:24:58:89:46:21:02:
         fd:4a:00:83:e2:33:bc:7f:94:a0:11:55:53:bf:69:c9:4a:ae:
         74:d9:83:19:f0:a3:ff:ba:69:61:c7:68:0b:0d:90:33:c2:bd:
         46:5e:64:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4o01rRT2dvSx/UqhSj3ldMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwMTAxMDgxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTg0ZTE4MjgyNDAzOTJlZWI4ZmI0N2FjMWFjM2VlOTdlMGNjMmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA55uhjtGUMLFXJTpU7yZ9AabN2FR8
JqNWC/vPkMrdRzSSu24RB0h5P1kKSFnSgKuW0TY1ZG53D1OT0U97p2j1Q8t9pAye
FXlkRx+3JMFtLM75vtqfgy4A9zMoNquoyWZ/Ofg2/Fw9a+qZDt8IiEDw/w554Wiy
fwPN6W+QX1XYlCXJauNZ2KrMS2E+55xBEE6fc04crexpVnszb/cTy73Wzq8/vxKf
LJxwjJAK64DRaIlBDrK2VESloIw3lgFDTg+TE+X+Z3ttvLoURHtUkhXpL4t4N3Yd
xXS/IiF/fUlwnVC2kbcWGdkUUGG7zA/E481gBHCm3X69Uz0nhWQ2k5sQUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGE4YKCQDku64+0esGsPul+DML0MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRVlUaGdvSkFPUzdyajdSNndhdy02WDRNd3ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjv8MA0G
CSqGSIb3DQEBCwUAA4IBAQC1RFieDcsaRQwSsgW080jM8yebuVo56aGyPiTU2n5r
6XP16HE79qOK0UtiDYq9N2pJDWC2vNBttiQqKDjdqn5xxb7Q/Bneu2a/7UHmyxNW
C2IBAJLiQbISJxd+d1b1txNfBu7thSaJHMadpSK7Td3tEuO05gEquxWnT78GccVn
1uzHxgFiAboZpEmg5tNqzhmCZBSFs98oBJyBq8GxWmcmAvfX41MY4kftzwQsWcVw
/XCT0FFp1+ji4nEsuw6shMByJ0EYSY8wacyxbMpTJc4zflUkWIlGIQL9SgCD4jO8
f5SgEVVTv2nJSq502YMZ8KP/umlhx2gLDZAzwr1GXmQ8
-----END CERTIFICATE-----