This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/I0ObBkw0BoSsed68HvUSTmyIOcg.roa
File:                     I0ObBkw0BoSsed68HvUSTmyIOcg.roa (raw, json)
Hash identifier:          qq697iH1bz84Hu6h5PkLlKCPT6nE0C4z1c+Ke/2ZrqM=
Subject key identifier:   23:43:9B:06:4C:34:06:84:AC:79:DE:BC:1E:F5:12:4E:6C:88:39:C8
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       019B7F85433298B7E2135802855C51DE7F0C
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/I0ObBkw0BoSsed68HvUSTmyIOcg.roa
Signing time:             Fri 02 Jan 2026 16:23:18 +0000
ROA not before:           Fri 02 Jan 2026 16:23:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204868
IP address blocks:        2.59.204.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:43:32:98:b7:e2:13:58:02:85:5c:51:de:7f:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  2 16:23:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=23439b064c340684ac79debc1ef5124e6c8839c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:18:68:08:ad:c2:3d:a9:01:9d:b5:ec:3b:8b:
                    c7:03:b9:c4:4b:53:94:59:9f:8b:66:7d:2a:92:c4:
                    12:bf:ad:e2:22:ce:f9:ee:65:cb:69:2d:23:7d:0e:
                    42:e1:24:51:4c:6e:68:df:3b:9c:1d:f1:f9:90:bc:
                    87:3f:52:9c:c7:3c:d0:a4:e1:a6:fc:9c:f7:78:e9:
                    91:db:4f:86:e4:97:38:88:d0:12:4d:4e:ab:5f:b8:
                    9d:53:29:7b:13:5c:c4:c8:c6:aa:4c:d4:4c:51:d6:
                    60:e9:76:ed:f7:ed:e6:c7:b8:34:45:d6:3b:5c:25:
                    38:15:ac:da:99:e1:16:5d:15:69:e2:35:6c:76:76:
                    1d:87:c5:bf:46:4c:14:d6:e3:31:34:c3:3d:e2:6e:
                    bd:a8:75:b2:76:45:78:61:31:df:35:5a:f1:05:ab:
                    aa:f0:fc:88:f3:71:40:99:ab:ad:14:6f:08:70:3a:
                    3f:f6:14:40:0f:18:0a:58:ab:51:84:11:2e:8b:c8:
                    15:f3:f8:d3:69:6e:0e:a2:c4:71:a1:8b:9f:c4:b4:
                    b6:4e:4a:c7:93:32:3f:ff:29:6a:0b:a4:4a:3b:61:
                    c1:9b:46:ce:b8:58:d4:b0:92:52:85:c8:36:52:4d:
                    66:15:84:49:28:2f:21:68:6c:2a:3d:79:5c:a2:c8:
                    0b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:43:9B:06:4C:34:06:84:AC:79:DE:BC:1E:F5:12:4E:6C:88:39:C8
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/I0ObBkw0BoSsed68HvUSTmyIOcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:f8:68:46:b2:15:51:57:5d:a5:0a:16:a7:73:e2:e9:6e:5b:
         9d:68:fe:a2:5e:0a:56:86:d4:3d:ff:f4:2a:a6:d8:72:f4:2a:
         c0:28:eb:e3:23:6f:8d:02:65:5a:e4:1e:a7:df:13:08:96:d9:
         6d:bf:1b:ac:2d:6e:c6:26:b9:10:df:b8:7b:71:44:40:23:b9:
         ea:b8:57:53:28:db:29:59:90:0d:70:d9:f9:72:17:f4:c3:d0:
         03:b7:6e:d3:a9:9a:f6:bd:4b:ce:87:f9:d3:79:64:d4:7a:a9:
         eb:d9:74:e0:24:44:dd:7d:b1:cf:e9:16:32:8e:e8:95:59:e8:
         2e:fb:1e:40:a3:4e:50:19:53:04:83:6e:1a:8c:c8:a4:73:c7:
         90:ad:9f:e2:e6:5d:43:79:6d:f7:ce:6e:90:9d:7a:48:95:00:
         e3:41:48:2c:72:57:d4:15:57:a7:ef:60:99:c6:60:2d:85:73:
         ba:7b:da:f5:cf:cc:34:0e:97:81:77:5a:0b:7e:1c:d9:f6:5c:
         f5:d5:c5:d8:b1:a2:e8:37:b7:88:13:d7:08:92:dc:e3:fc:84:
         73:f0:9d:10:24:50:74:fe:00:f5:cd:4e:72:de:dc:90:36:6a:
         12:48:a7:c2:15:9a:52:4b:1d:ae:fc:69:b4:34:ed:d5:7b:2b:
         1a:d7:6e:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hUMymLfiE1gChVxR3n8MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjYwMTAyMTYyMzE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzQzOWIwNjRjMzQwNjg0YWM3OWRlYmMxZWY1MTI0ZTZjODgzOWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhhoCK3CPakBnbXsO4vHA7nES1OU
WZ+LZn0qksQSv63iIs757mXLaS0jfQ5C4SRRTG5o3zucHfH5kLyHP1KcxzzQpOGm
/Jz3eOmR20+G5Jc4iNASTU6rX7idUyl7E1zEyMaqTNRMUdZg6Xbt9+3mx7g0RdY7
XCU4FazameEWXRVp4jVsdnYdh8W/RkwU1uMxNMM94m69qHWydkV4YTHfNVrxBauq
8PyI83FAmautFG8IcDo/9hRADxgKWKtRhBEui8gV8/jTaW4OosRxoYufxLS2TkrH
kzI//ylqC6RKO2HBm0bOuFjUsJJShcg2Uk1mFYRJKC8haGwqPXlcosgLvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNDmwZMNAaErHnevB71Ek5siDnIMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvSTBPYkJrdzBCb1NzZWQ2OEh2VVNUbXlJT2NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjvMMA0G
CSqGSIb3DQEBCwUAA4IBAQCM+GhGshVRV12lChanc+LpbludaP6iXgpWhtQ9//Qq
pthy9CrAKOvjI2+NAmVa5B6n3xMIltltvxusLW7GJrkQ37h7cURAI7nquFdTKNsp
WZANcNn5chf0w9ADt27TqZr2vUvOh/nTeWTUeqnr2XTgJETdfbHP6RYyjuiVWegu
+x5Ao05QGVMEg24ajMikc8eQrZ/i5l1DeW33zm6QnXpIlQDjQUgsclfUFVen72CZ
xmAthXO6e9r1z8w0DpeBd1oLfhzZ9lz11cXYsaLoN7eIE9cIktzj/IRz8J0QJFB0
/gD1zU5y3tyQNmoSSKfCFZpSSx2u/Gm0NO3Veysa127q
-----END CERTIFICATE-----