This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/pK3wXshdXUBc_510wjj8280_r6w.roa
File:                     pK3wXshdXUBc_510wjj8280_r6w.roa (raw, json)
Hash identifier:          tlRvTDj4ux/jzXbuUoic7lpL63DyaGLEzDJQk6sEb8g=
Subject key identifier:   A4:AD:F0:5E:C8:5D:5D:40:5C:FF:9D:74:C2:38:FC:DB:CD:3F:AF:AC
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019B7C802CF4A83A7323B8B15C1EB890A04A
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/pK3wXshdXUBc_510wjj8280_r6w.roa
Signing time:             Fri 02 Jan 2026 02:18:53 +0000
ROA not before:           Fri 02 Jan 2026 02:18:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214243
IP address blocks:        2.56.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:55:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:2c:f4:a8:3a:73:23:b8:b1:5c:1e:b8:90:a0:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 02:18:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4adf05ec85d5d405cff9d74c238fcdbcd3fafac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c1:da:d5:78:4b:22:08:cd:b8:ef:f9:6b:80:
                    78:6e:65:8a:00:b4:03:88:12:c9:27:8c:11:91:c8:
                    4f:f8:cd:3f:96:87:ac:86:e4:27:10:ab:ef:44:be:
                    e4:57:0f:99:75:ec:08:da:29:b5:6c:63:b9:90:39:
                    4c:4d:f5:d1:5c:5f:37:d7:f7:29:a0:01:91:fc:c0:
                    97:64:24:78:61:00:12:9f:81:fe:26:bd:22:b4:bf:
                    cb:07:b4:c1:b4:15:ff:6c:56:05:33:df:03:32:89:
                    89:b9:bd:ea:ec:27:8f:24:69:61:27:dd:03:cb:2e:
                    11:10:8b:c7:f9:c4:a5:21:60:59:a3:81:d8:4d:6b:
                    1d:73:de:94:f7:c9:92:6b:c6:da:de:0e:e0:c3:29:
                    d7:31:89:3a:26:d9:3e:92:cb:23:19:03:df:6f:9d:
                    8b:1b:84:dc:44:09:a7:11:9b:68:d9:2e:99:75:fa:
                    d8:0f:49:2a:5f:be:ba:42:9c:6f:99:81:79:d2:ed:
                    d9:10:02:bf:81:72:f5:45:28:aa:af:59:53:b9:d1:
                    41:30:c9:0b:4e:a6:e7:bb:dc:d5:ec:f8:70:bb:bd:
                    42:bb:cb:0a:9c:59:db:73:ef:a8:54:91:af:d6:b9:
                    9e:30:44:0b:0b:bd:23:3d:48:46:b3:e7:5a:36:dc:
                    b9:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:AD:F0:5E:C8:5D:5D:40:5C:FF:9D:74:C2:38:FC:DB:CD:3F:AF:AC
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/pK3wXshdXUBc_510wjj8280_r6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:d8:d3:3c:67:49:00:fe:bb:e3:cb:ce:04:ef:39:7b:21:79:
         73:9a:e6:e7:85:d2:84:04:d9:f3:f9:4e:c9:2a:b9:0a:71:e0:
         07:7d:0f:8e:02:4a:46:c6:cf:84:49:d8:f1:9c:46:ec:70:d8:
         3e:d5:06:49:fb:d6:e1:dd:35:5a:2f:a7:dc:4e:81:4d:8f:18:
         cf:bc:8f:42:ac:ab:2a:8c:69:04:76:13:c1:30:ac:c2:08:5f:
         2d:c6:3e:5a:97:a4:81:04:3c:58:17:8a:5c:34:76:04:52:49:
         f4:86:10:de:d0:7c:e2:9d:ce:e4:50:a8:07:21:11:36:37:64:
         14:15:1b:2a:1d:ca:db:8b:98:64:89:69:b5:92:24:3d:cf:8a:
         4c:9c:d9:03:9a:6d:f7:de:07:a0:1d:fc:2b:fb:a5:81:0b:b1:
         f6:dd:34:52:34:4b:4d:60:be:3c:ad:fb:51:68:6d:b1:2d:7a:
         1d:5d:aa:25:a3:d2:d2:9d:69:21:c1:dd:68:c6:24:c0:35:04:
         3d:b8:83:8c:44:de:5e:b0:7d:8a:2f:aa:f4:89:0b:0b:d4:77:
         03:fb:1a:ef:de:39:ed:31:e0:c7:fc:57:dc:ea:63:71:50:1f:
         0e:13:9f:e8:67:6e:f3:58:21:af:9b:42:5c:f6:1b:51:5c:96:
         8c:04:75:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gCz0qDpzI7ixXB64kKBKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjYwMTAyMDIxODUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGFkZjA1ZWM4NWQ1ZDQwNWNmZjlkNzRjMjM4ZmNkYmNkM2ZhZmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsHa1XhLIgjNuO/5a4B4bmWKALQD
iBLJJ4wRkchP+M0/loeshuQnEKvvRL7kVw+ZdewI2im1bGO5kDlMTfXRXF831/cp
oAGR/MCXZCR4YQASn4H+Jr0itL/LB7TBtBX/bFYFM98DMomJub3q7CePJGlhJ90D
yy4REIvH+cSlIWBZo4HYTWsdc96U98mSa8ba3g7gwynXMYk6Jtk+kssjGQPfb52L
G4TcRAmnEZto2S6ZdfrYD0kqX766QpxvmYF50u3ZEAK/gXL1RSiqr1lTudFBMMkL
Tqbnu9zV7Phwu71Cu8sKnFnbc++oVJGv1rmeMEQLC70jPUhGs+daNty5NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKSt8F7IXV1AXP+ddMI4/NvNP6+sMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvcEszd1hzaGRYVUJjXzUxMHdqajgyODBfcjZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjj3MA0G
CSqGSIb3DQEBCwUAA4IBAQAy2NM8Z0kA/rvjy84E7zl7IXlzmubnhdKEBNnz+U7J
KrkKceAHfQ+OAkpGxs+ESdjxnEbscNg+1QZJ+9bh3TVaL6fcToFNjxjPvI9CrKsq
jGkEdhPBMKzCCF8txj5al6SBBDxYF4pcNHYEUkn0hhDe0Hzinc7kUKgHIRE2N2QU
FRsqHcrbi5hkiWm1kiQ9z4pMnNkDmm333gegHfwr+6WBC7H23TRSNEtNYL48rftR
aG2xLXodXaolo9LSnWkhwd1oxiTANQQ9uIOMRN5esH2KL6r0iQsL1HcD+xrv3jnt
MeDH/Ffc6mNxUB8OE5/oZ27zWCGvm0Jc9htRXJaMBHV/
-----END CERTIFICATE-----