This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/2EkuPAqVHEWEKp6ASw2K5zmACQk.roa
File:                     2EkuPAqVHEWEKp6ASw2K5zmACQk.roa (raw, json)
Hash identifier:          n72y5YkbbuFUJAYmxmxnzR7f3ZsUZLnhTxeGIE67Cko=
Subject key identifier:   D8:49:2E:3C:0A:95:1C:45:84:2A:9E:80:4B:0D:8A:E7:39:80:09:09
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       019B7E3825FD2176DE17E298C59D8674099E
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/2EkuPAqVHEWEKp6ASw2K5zmACQk.roa
Signing time:             Fri 02 Jan 2026 10:19:27 +0000
ROA not before:           Fri 02 Jan 2026 10:19:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199058
IP address blocks:        91.221.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:25:fd:21:76:de:17:e2:98:c5:9d:86:74:09:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Jan  2 10:19:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d8492e3c0a951c45842a9e804b0d8ae739800909
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:8e:16:88:78:ec:15:b0:76:23:72:7b:53:5a:
                    50:0b:b0:d9:8a:87:65:6b:59:be:ac:cb:df:45:dd:
                    01:cb:0f:92:14:db:64:30:c5:5d:85:34:5e:18:f3:
                    13:88:0d:50:b6:92:31:63:01:7e:10:7d:36:e0:c3:
                    95:dd:55:f0:09:ce:70:8f:1e:ae:4a:40:4e:5f:3b:
                    5a:33:a3:ec:ee:2d:9d:64:58:20:b0:89:47:d5:e6:
                    7f:a3:ea:83:d1:a0:4d:f8:29:c3:f3:58:a6:78:ab:
                    9f:59:b4:08:bc:f0:51:df:d5:f4:70:27:ce:12:fc:
                    2b:bb:ed:15:a0:5e:fb:91:5d:4e:a4:98:5e:b3:a7:
                    ab:31:40:72:71:48:fe:77:83:2c:9a:f6:f8:73:05:
                    78:1f:7b:6f:9d:5b:55:91:7e:58:4f:7c:c5:e0:1e:
                    98:6b:1d:4a:14:42:4c:05:1e:0c:dc:3f:1a:e4:9c:
                    81:d9:22:1a:4c:cb:42:8f:b6:eb:f3:b3:af:b0:7a:
                    c6:54:29:f7:31:13:21:ff:4f:9d:d7:00:fd:d8:49:
                    14:62:21:5d:9c:2b:9b:86:36:81:7e:43:b9:0b:3b:
                    2d:f1:af:a3:6e:ba:53:8d:41:50:1c:3b:55:65:ab:
                    0d:d4:36:58:13:02:47:03:62:62:c3:9b:bc:fa:3e:
                    6d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:49:2E:3C:0A:95:1C:45:84:2A:9E:80:4B:0D:8A:E7:39:80:09:09
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/2EkuPAqVHEWEKp6ASw2K5zmACQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:e3:8d:d8:b9:c3:5d:ff:a3:ee:67:5e:e2:f5:d1:15:23:3d:
         25:47:06:0f:7f:94:cb:0a:b3:18:3d:d6:c3:2c:dd:79:4c:30:
         50:2b:24:b6:ae:eb:20:8a:b1:c7:73:ff:9a:a5:b2:60:e3:f8:
         4d:d7:a3:82:44:1c:8f:73:b1:b9:77:f1:4f:6b:61:4a:72:e2:
         69:71:34:08:fc:a4:a2:5a:0e:62:fb:da:3f:57:45:aa:97:de:
         e1:d8:80:4a:fd:5c:f4:74:8b:a0:30:c3:38:6c:fd:be:3f:6d:
         63:74:08:4e:8d:30:53:b7:6a:9c:95:64:d5:ef:8b:b4:87:c6:
         5c:33:3b:ff:7b:da:d1:e9:25:3f:5c:3a:13:c2:48:2a:11:82:
         fc:dd:0f:65:7a:4d:0a:75:11:63:1f:fc:fc:40:82:d4:b7:f5:
         02:dc:3e:08:9d:d8:de:73:8b:67:f1:46:6a:a1:a6:d6:c8:9d:
         47:ce:6c:b8:5a:42:e0:c8:49:c7:21:54:33:6a:c0:df:e2:7f:
         61:87:cc:36:03:28:df:dc:96:19:ec:1a:2e:5e:02:1e:22:ff:
         14:cb:21:af:c7:4d:6c:fe:54:bc:ed:9d:32:16:96:3c:5f:74:
         28:df:db:57:46:ae:e4:bb:b1:eb:e4:31:74:5c:61:b6:bc:48:
         63:81:b1:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OCX9IXbeF+KYxZ2GdAmeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjYwMTAyMTAxOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODQ5MmUzYzBhOTUxYzQ1ODQyYTllODA0YjBkOGFlNzM5ODAwOTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl44WiHjsFbB2I3J7U1pQC7DZiodl
a1m+rMvfRd0Byw+SFNtkMMVdhTReGPMTiA1QtpIxYwF+EH024MOV3VXwCc5wjx6u
SkBOXztaM6Ps7i2dZFggsIlH1eZ/o+qD0aBN+CnD81imeKufWbQIvPBR39X0cCfO
Evwru+0VoF77kV1OpJhes6erMUBycUj+d4Msmvb4cwV4H3tvnVtVkX5YT3zF4B6Y
ax1KFEJMBR4M3D8a5JyB2SIaTMtCj7br87OvsHrGVCn3MRMh/0+d1wD92EkUYiFd
nCubhjaBfkO5Czst8a+jbrpTjUFQHDtVZasN1DZYEwJHA2Jiw5u8+j5tTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhJLjwKlRxFhCqegEsNiuc5gAkJMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvMkVrdVBBcVZIRVdFS3A2QVN3Mks1em1BQ1FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW93oMA0G
CSqGSIb3DQEBCwUAA4IBAQCY443YucNd/6PuZ17i9dEVIz0lRwYPf5TLCrMYPdbD
LN15TDBQKyS2rusgirHHc/+apbJg4/hN16OCRByPc7G5d/FPa2FKcuJpcTQI/KSi
Wg5i+9o/V0Wql97h2IBK/Vz0dIugMMM4bP2+P21jdAhOjTBTt2qclWTV74u0h8Zc
Mzv/e9rR6SU/XDoTwkgqEYL83Q9lek0KdRFjH/z8QILUt/UC3D4Indjec4tn8UZq
oabWyJ1Hzmy4WkLgyEnHIVQzasDf4n9hh8w2Ayjf3JYZ7BouXgIeIv8UyyGvx01s
/lS87Z0yFpY8X3Qo39tXRq7ku7Hr5DF0XGG2vEhjgbEV
-----END CERTIFICATE-----