This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/DBlN6AMWvUUecd88X_GT27Ku_DM.roa
File:                     DBlN6AMWvUUecd88X_GT27Ku_DM.roa (raw, json)
Hash identifier:          TVNzPGwnl6SWulVb1YrNj0LkhaTyReSJ3PBa4Fh1Xto=
Subject key identifier:   0C:19:4D:E8:03:16:BD:45:1E:71:DF:3C:5F:F1:93:DB:B2:AE:FC:33
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019B7F15E98A0AF453258661A94EFD8A12A1
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/DBlN6AMWvUUecd88X_GT27Ku_DM.roa
Signing time:             Fri 02 Jan 2026 14:21:40 +0000
ROA not before:           Fri 02 Jan 2026 14:21:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62816
IP address blocks:        2.56.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 Jan 2026 14:32:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:e9:8a:0a:f4:53:25:86:61:a9:4e:fd:8a:12:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  2 14:21:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0c194de80316bd451e71df3c5ff193dbb2aefc33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:15:54:bc:62:36:1c:40:a2:99:11:da:53:f4:
                    b6:41:48:c0:be:83:4f:f1:1e:8f:e2:8e:2f:01:37:
                    54:b6:a2:4f:25:a9:76:10:5c:e9:38:12:68:08:b7:
                    f1:b1:ed:d6:50:38:1f:0c:c3:77:eb:70:0f:fc:8e:
                    da:4a:67:d3:d2:bf:14:c3:2d:31:19:d8:13:8d:50:
                    31:e7:cb:60:98:7f:c0:2b:8a:c5:a4:66:2c:84:e3:
                    84:b4:24:6e:1e:0c:7b:31:64:8d:84:ad:f7:4c:bc:
                    c7:b9:c2:02:74:b0:a5:6b:07:aa:08:cd:7b:a5:25:
                    3a:fa:d4:90:cc:4b:8c:01:87:63:d4:44:a6:36:79:
                    e7:cf:c5:b6:f4:4c:90:4a:10:f2:36:42:de:d9:c6:
                    46:de:41:ba:fe:24:74:2e:1d:f1:62:24:fe:44:6a:
                    02:a7:e2:c5:7a:51:ec:dd:b4:0b:e5:a7:3f:6f:7e:
                    f2:5a:94:d8:0d:cb:c0:45:da:cf:5e:2b:5e:e7:1f:
                    27:2d:d8:64:6a:20:1c:33:9f:c4:ec:a5:e7:00:e4:
                    57:51:ee:78:72:1a:38:59:9c:79:23:65:3d:e6:1d:
                    ef:ad:10:24:17:5e:3d:e2:c2:a1:9e:7c:20:a1:f1:
                    b6:b7:11:22:c0:4a:8d:b2:6a:b1:96:39:25:3d:90:
                    97:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:19:4D:E8:03:16:BD:45:1E:71:DF:3C:5F:F1:93:DB:B2:AE:FC:33
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/DBlN6AMWvUUecd88X_GT27Ku_DM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:47:bf:c4:86:4e:04:ac:ed:02:25:81:2e:d7:3b:4d:59:b8:
         f8:c3:54:2d:af:39:e1:55:05:e7:18:a2:32:12:9d:b3:56:f9:
         5b:e8:3c:9e:71:fb:2e:fd:d3:9b:82:b1:eb:9d:be:11:85:78:
         97:4b:ea:a0:2b:0a:fe:41:79:47:15:0d:37:8a:cc:c6:ea:01:
         fc:42:f1:df:96:55:40:c1:d1:10:a1:a2:d1:2a:fd:54:0b:33:
         a9:10:ee:da:77:32:03:2f:bd:18:3c:de:76:ea:b7:74:d7:6d:
         ca:ac:e3:66:cd:d5:af:e8:c3:5a:c5:f0:0e:e2:4b:70:5c:ad:
         9a:ad:4e:4f:a5:18:c5:83:ab:f9:46:89:ef:43:d8:31:20:11:
         36:43:27:03:45:33:f2:9a:aa:8b:5a:12:57:03:b1:e5:87:74:
         4a:21:0a:87:e2:a3:40:74:23:71:3a:44:ea:b0:b6:a5:3e:3a:
         c2:1f:b4:87:ee:6c:55:bb:56:93:55:37:9e:d7:56:fd:42:e7:
         2a:35:e3:31:76:26:91:48:47:34:8d:c5:98:66:f8:91:a8:e9:
         e6:a6:8f:78:d1:64:8a:0b:29:cc:c5:ef:c1:e3:87:c1:50:94:
         37:5e:c0:16:7b:82:12:94:c2:80:ab:9a:12:6e:c5:51:8f:b1:
         94:08:41:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FemKCvRTJYZhqU79ihKhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwMTAyMTQyMTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzE5NGRlODAzMTZiZDQ1MWU3MWRmM2M1ZmYxOTNkYmIyYWVmYzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRVUvGI2HECimRHaU/S2QUjAvoNP
8R6P4o4vATdUtqJPJal2EFzpOBJoCLfxse3WUDgfDMN363AP/I7aSmfT0r8Uwy0x
GdgTjVAx58tgmH/AK4rFpGYshOOEtCRuHgx7MWSNhK33TLzHucICdLClaweqCM17
pSU6+tSQzEuMAYdj1ESmNnnnz8W29EyQShDyNkLe2cZG3kG6/iR0Lh3xYiT+RGoC
p+LFelHs3bQL5ac/b37yWpTYDcvARdrPXite5x8nLdhkaiAcM5/E7KXnAORXUe54
cho4WZx5I2U95h3vrRAkF1494sKhnnwgofG2txEiwEqNsmqxljklPZCXcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAwZTegDFr1FHnHfPF/xk9uyrvwzMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvREJsTjZBTVd2VVVlY2Q4OFhfR1QyN0t1X0RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjhuMA0G
CSqGSIb3DQEBCwUAA4IBAQAhR7/Ehk4ErO0CJYEu1ztNWbj4w1QtrznhVQXnGKIy
Ep2zVvlb6Dyecfsu/dObgrHrnb4RhXiXS+qgKwr+QXlHFQ03iszG6gH8QvHfllVA
wdEQoaLRKv1UCzOpEO7adzIDL70YPN526rd0123KrONmzdWv6MNaxfAO4ktwXK2a
rU5PpRjFg6v5RonvQ9gxIBE2QycDRTPymqqLWhJXA7Hlh3RKIQqH4qNAdCNxOkTq
sLalPjrCH7SH7mxVu1aTVTee11b9QucqNeMxdiaRSEc0jcWYZviRqOnmpo940WSK
CynMxe/B44fBUJQ3XsAWe4ISlMKAq5oSbsVRj7GUCEGN
-----END CERTIFICATE-----