This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/f5fafc-668d-4ada-8ec6-2449a3ec923e/1/2Ern7XpI7xVTQ3CUwnW69GXo5Eg.roa
File:                     2Ern7XpI7xVTQ3CUwnW69GXo5Eg.roa (raw, json)
Hash identifier:          DdH3QDSIQvtC4AyWFmCb4yynqcvOBrRuTl5/+XJCiVs=
Subject key identifier:   D8:4A:E7:ED:7A:48:EF:15:53:43:70:94:C2:75:BA:F4:65:E8:E4:48
Certificate issuer:       /CN=2fc20be6167890247303214197658ca7c9676150
Certificate serial:       019AA6B1B486404EA9176E1038CE5DF9924F
Authority key identifier: 2F:C2:0B:E6:16:78:90:24:73:03:21:41:97:65:8C:A7:C9:67:61:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L8IL5hZ4kCRzAyFBl2WMp8lnYVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/f5fafc-668d-4ada-8ec6-2449a3ec923e/1/2Ern7XpI7xVTQ3CUwnW69GXo5Eg.roa
Signing time:             Fri 21 Nov 2025 13:54:15 +0000
ROA not before:           Fri 21 Nov 2025 13:54:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31898
IP address blocks:        91.223.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/f5fafc-668d-4ada-8ec6-2449a3ec923e/1/L8IL5hZ4kCRzAyFBl2WMp8lnYVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/f5fafc-668d-4ada-8ec6-2449a3ec923e/1/L8IL5hZ4kCRzAyFBl2WMp8lnYVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L8IL5hZ4kCRzAyFBl2WMp8lnYVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Nov 2025 12:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:a6:b1:b4:86:40:4e:a9:17:6e:10:38:ce:5d:f9:92:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fc20be6167890247303214197658ca7c9676150
        Validity
            Not Before: Nov 21 13:54:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d84ae7ed7a48ef1553437094c275baf465e8e448
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b0:0f:00:e6:57:52:39:3f:39:e5:f1:bd:b4:
                    66:c9:7c:79:ed:27:95:b6:a4:8d:9d:5c:1d:ab:2a:
                    a6:18:a4:3b:e7:cc:5e:bf:47:3b:18:df:d7:1f:4a:
                    00:4c:6b:84:63:45:90:3b:86:66:30:95:0a:68:e5:
                    90:b9:88:5e:1f:c2:3e:ca:ff:ed:85:3b:ba:60:d2:
                    86:df:77:43:1c:11:aa:d3:35:2b:42:72:74:69:ed:
                    b2:6f:5a:4a:36:60:b3:b8:3e:eb:4a:f7:ad:8a:3e:
                    b8:ce:0e:8d:39:d4:6d:05:25:73:79:f2:7c:46:45:
                    27:39:cd:fd:ec:33:a1:75:54:86:80:d3:d9:60:2f:
                    a1:b9:62:33:5e:9a:d9:a7:95:d2:23:31:d8:98:93:
                    0e:70:3b:1b:6f:16:09:33:3c:d2:98:3f:e0:ae:fc:
                    90:11:0f:b9:32:44:6c:1e:7f:5b:68:b3:e6:0c:50:
                    a1:a4:71:7d:e0:ca:82:88:7c:52:59:d5:9d:17:63:
                    34:e1:42:e2:77:af:fc:3d:23:fa:90:01:35:5e:65:
                    c0:85:e0:e4:d4:a5:c7:9c:89:5b:24:53:93:52:03:
                    49:d0:7f:47:3f:1d:e5:46:6b:e1:86:6e:d2:73:bd:
                    12:b9:47:0a:1f:91:d9:3d:1c:04:81:f3:76:a4:3c:
                    12:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:4A:E7:ED:7A:48:EF:15:53:43:70:94:C2:75:BA:F4:65:E8:E4:48
            X509v3 Authority Key Identifier:
                keyid:2F:C2:0B:E6:16:78:90:24:73:03:21:41:97:65:8C:A7:C9:67:61:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L8IL5hZ4kCRzAyFBl2WMp8lnYVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f5fafc-668d-4ada-8ec6-2449a3ec923e/1/2Ern7XpI7xVTQ3CUwnW69GXo5Eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f5fafc-668d-4ada-8ec6-2449a3ec923e/1/L8IL5hZ4kCRzAyFBl2WMp8lnYVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:8c:8d:1e:1a:01:11:53:4a:38:03:63:a0:63:4b:6c:bb:7f:
         9b:2f:9a:b0:ac:4d:15:44:8b:6b:52:eb:7f:c8:9b:14:67:b1:
         88:5e:8d:4b:ad:bd:58:be:da:f3:9f:07:76:ab:6c:3c:33:4e:
         8c:71:8a:58:82:1a:5e:41:70:47:f7:dd:c1:4a:c7:9a:b6:10:
         30:f3:8c:09:70:71:94:be:2f:9b:26:11:98:be:90:a2:3b:3f:
         05:66:f1:18:3f:e7:71:20:1d:eb:f3:13:ae:45:14:e3:f7:c1:
         1f:d8:a0:6c:f0:9d:a6:2c:f9:f6:83:c1:f2:58:c8:54:d4:78:
         aa:24:bb:ef:a4:ea:88:fe:19:d3:c5:b8:f0:99:28:dd:a5:89:
         cd:54:c9:c2:30:f0:d8:ae:5e:bd:29:fa:32:4c:2b:be:da:5f:
         5e:01:4e:c1:03:d8:92:32:30:c4:b0:d1:6d:01:7a:e6:d3:19:
         4a:ac:16:b9:b9:96:7c:f4:fc:35:7d:c7:0e:f7:f7:e0:78:ba:
         83:31:fa:63:c4:bf:c1:c0:96:f4:67:90:d0:93:e3:0a:37:29:
         a9:b5:6d:b1:27:7e:f7:a1:36:dc:19:14:45:ae:80:1e:c6:59:
         7e:26:46:8c:e0:95:ca:06:ec:a3:08:a6:40:a8:ba:a8:9e:c9:
         fc:1f:17:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqmsbSGQE6pF24QOM5d+ZJPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYzIwYmU2MTY3ODkwMjQ3MzAzMjE0MTk3NjU4Y2E3Yzk2
NzYxNTAwHhcNMjUxMTIxMTM1NDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODRhZTdlZDdhNDhlZjE1NTM0MzcwOTRjMjc1YmFmNDY1ZThlNDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7APAOZXUjk/OeXxvbRmyXx57SeV
tqSNnVwdqyqmGKQ758xev0c7GN/XH0oATGuEY0WQO4ZmMJUKaOWQuYheH8I+yv/t
hTu6YNKG33dDHBGq0zUrQnJ0ae2yb1pKNmCzuD7rSvetij64zg6NOdRtBSVzefJ8
RkUnOc397DOhdVSGgNPZYC+huWIzXprZp5XSIzHYmJMOcDsbbxYJMzzSmD/grvyQ
EQ+5MkRsHn9baLPmDFChpHF94MqCiHxSWdWdF2M04ULid6/8PSP6kAE1XmXAheDk
1KXHnIlbJFOTUgNJ0H9HPx3lRmvhhm7Sc70SuUcKH5HZPRwEgfN2pDwSiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhK5+16SO8VU0NwlMJ1uvRl6ORIMB8GA1UdIwQY
MBaAFC/CC+YWeJAkcwMhQZdljKfJZ2FQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDhJTDVoWjRrQ1J6QXlGQmwyV01wOGxuWVZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9mNWZhZmMtNjY4ZC00YWRhLThlYzYt
MjQ0OWEzZWM5MjNlLzEvMkVybjdYcEk3eFZUUTNDVXduVzY5R1hvNUVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9mNWZhZmMtNjY4ZC00YWRhLThlYzYtMjQ0OWEzZWM5MjNl
LzEvTDhJTDVoWjRrQ1J6QXlGQmwyV01wOGxuWVZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9/tMA0G
CSqGSIb3DQEBCwUAA4IBAQCPjI0eGgERU0o4A2OgY0tsu3+bL5qwrE0VRItrUut/
yJsUZ7GIXo1Lrb1Yvtrznwd2q2w8M06McYpYghpeQXBH993BSseathAw84wJcHGU
vi+bJhGYvpCiOz8FZvEYP+dxIB3r8xOuRRTj98Ef2KBs8J2mLPn2g8HyWMhU1Hiq
JLvvpOqI/hnTxbjwmSjdpYnNVMnCMPDYrl69KfoyTCu+2l9eAU7BA9iSMjDEsNFt
AXrm0xlKrBa5uZZ89Pw1fccO9/fgeLqDMfpjxL/BwJb0Z5DQk+MKNymptW2xJ373
oTbcGRRFroAexll+JkaM4JXKBuyjCKZAqLqonsn8Hxck
-----END CERTIFICATE-----