This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/X2sYjg-fj233ar3hWvffRwGHuo0.roa
File:                     X2sYjg-fj233ar3hWvffRwGHuo0.roa (raw, json)
Hash identifier:          NGBpo7ekbg3Jd2tLNOQZmEXqBAh2FPpbkIXoR44Tm0c=
Subject key identifier:   5F:6B:18:8E:0F:9F:8F:6D:F7:6A:BD:E1:5A:F7:DF:47:01:87:BA:8D
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       019B7F854C537207CEE7A407E4B2F3AB2A33
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/X2sYjg-fj233ar3hWvffRwGHuo0.roa
Signing time:             Fri 02 Jan 2026 16:23:20 +0000
ROA not before:           Fri 02 Jan 2026 16:23:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209868
IP address blocks:        2.57.152.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:4c:53:72:07:ce:e7:a4:07:e4:b2:f3:ab:2a:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  2 16:23:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5f6b188e0f9f8f6df76abde15af7df470187ba8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:49:82:b9:12:b5:56:53:9b:39:dd:e4:f5:fd:
                    33:c1:03:55:b7:b0:a5:9c:71:c9:95:d9:19:ed:b8:
                    c6:f8:50:04:90:14:fc:51:99:4b:90:b1:9d:40:ff:
                    af:aa:e4:36:05:f2:72:e6:6b:3e:17:98:cb:36:bc:
                    bf:dd:05:d1:c6:96:14:f9:f7:15:29:67:4f:07:9a:
                    2d:32:6f:14:7c:60:2e:39:1f:8d:53:29:c8:5c:da:
                    79:d0:b1:d3:32:98:7e:de:52:40:53:26:48:e0:0a:
                    71:9d:c6:36:3f:31:43:39:35:58:da:c8:67:43:0b:
                    ce:da:db:92:72:dd:33:e1:d2:04:a4:30:fd:81:9d:
                    59:73:eb:3f:61:97:5f:2e:63:c9:e6:fa:65:5e:5a:
                    c4:1a:ed:95:00:1a:a1:19:f5:38:7b:4c:e9:45:89:
                    b6:7b:fa:c8:20:a1:ce:f0:4e:ab:8a:31:00:5b:6c:
                    65:47:e6:d1:02:44:5f:00:3d:b8:ed:09:dc:a5:0e:
                    51:a6:20:42:10:6b:17:fc:01:32:72:f8:d3:cc:0f:
                    f9:94:96:be:85:43:91:fc:57:57:cc:24:23:1e:d6:
                    4c:3a:9a:6c:44:11:9e:39:65:ba:43:af:e1:e4:32:
                    ce:a2:de:c9:e2:ec:3f:36:91:25:ef:00:54:5b:96:
                    db:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:6B:18:8E:0F:9F:8F:6D:F7:6A:BD:E1:5A:F7:DF:47:01:87:BA:8D
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/X2sYjg-fj233ar3hWvffRwGHuo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:a8:bb:5e:64:a3:1d:18:d1:1a:f5:d5:ec:cf:39:d1:1d:58:
         71:2b:7c:cb:11:c5:58:99:7e:1d:f8:d7:eb:71:f7:75:56:dc:
         ad:5f:52:3a:79:97:c8:25:8a:7d:16:f0:48:e8:61:12:cc:67:
         a5:cb:85:97:15:86:57:a6:76:c4:65:91:46:dd:3b:cc:94:6f:
         5f:8d:4e:59:dc:8d:32:39:9b:b9:dd:7b:dc:e6:b5:41:71:fa:
         56:07:c5:e5:52:aa:61:4d:3c:59:0d:a0:59:40:6b:77:37:95:
         99:aa:c4:88:87:ea:82:f0:5e:27:df:ab:83:ac:78:eb:18:61:
         a0:9c:e0:2d:0a:44:96:87:b1:68:df:e8:30:7a:1d:a7:c3:95:
         63:03:47:80:c8:bc:e9:05:fd:38:ef:41:60:41:9f:60:ec:da:
         68:c7:ca:6a:34:0d:12:c6:b3:c3:3f:b3:35:87:54:d7:f4:6d:
         fb:66:a1:8e:8d:95:26:7f:0f:a2:fd:8d:b5:28:87:f1:53:ce:
         59:74:0e:0c:45:82:8f:3e:1e:b9:58:19:ef:95:03:ef:a9:9b:
         1e:80:1f:b2:a7:9c:52:16:dc:bc:8b:5a:c2:f7:2f:3c:cd:05:
         5c:7e:74:b1:b3:ca:b7:08:d8:fb:2e:e7:9f:c0:75:46:5b:f6:
         60:9b:97:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hUxTcgfO56QH5LLzqyozMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjYwMTAyMTYyMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjZiMTg4ZTBmOWY4ZjZkZjc2YWJkZTE1YWY3ZGY0NzAxODdiYThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkmCuRK1VlObOd3k9f0zwQNVt7Cl
nHHJldkZ7bjG+FAEkBT8UZlLkLGdQP+vquQ2BfJy5ms+F5jLNry/3QXRxpYU+fcV
KWdPB5otMm8UfGAuOR+NUynIXNp50LHTMph+3lJAUyZI4ApxncY2PzFDOTVY2shn
QwvO2tuSct0z4dIEpDD9gZ1Zc+s/YZdfLmPJ5vplXlrEGu2VABqhGfU4e0zpRYm2
e/rIIKHO8E6rijEAW2xlR+bRAkRfAD247QncpQ5RpiBCEGsX/AEycvjTzA/5lJa+
hUOR/FdXzCQjHtZMOppsRBGeOWW6Q6/h5DLOot7J4uw/NpEl7wBUW5bbNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF9rGI4Pn49t92q94Vr330cBh7qNMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvWDJzWWpnLWZqMjMzYXIzaFd2ZmZSd0dIdW8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjmYMA0G
CSqGSIb3DQEBCwUAA4IBAQAnqLteZKMdGNEa9dXszznRHVhxK3zLEcVYmX4d+Nfr
cfd1VtytX1I6eZfIJYp9FvBI6GESzGely4WXFYZXpnbEZZFG3TvMlG9fjU5Z3I0y
OZu53Xvc5rVBcfpWB8XlUqphTTxZDaBZQGt3N5WZqsSIh+qC8F4n36uDrHjrGGGg
nOAtCkSWh7Fo3+gweh2nw5VjA0eAyLzpBf0470FgQZ9g7Npox8pqNA0SxrPDP7M1
h1TX9G37ZqGOjZUmfw+i/Y21KIfxU85ZdA4MRYKPPh65WBnvlQPvqZsegB+yp5xS
Fty8i1rC9y88zQVcfnSxs8q3CNj7LuefwHVGW/Zgm5eS
-----END CERTIFICATE-----