This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/2H_skqhovBQMey1glVXvd3CvdbA.roa
File:                     2H_skqhovBQMey1glVXvd3CvdbA.roa (raw, json)
Hash identifier:          z7TT1bo7CwKpf1V/kSKR6NUcpIpdl9gypdxBd/KE4Kc=
Subject key identifier:   D8:7F:EC:92:A8:68:BC:14:0C:7B:2D:60:95:55:EF:77:70:AF:75:B0
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       019B7B3605EED1E71C5FA4830C899302D7CC
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/2H_skqhovBQMey1glVXvd3CvdbA.roa
Signing time:             Thu 01 Jan 2026 20:18:16 +0000
ROA not before:           Thu 01 Jan 2026 20:18:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     134989
IP address blocks:        172.110.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:05:ee:d1:e7:1c:5f:a4:83:0c:89:93:02:d7:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  1 20:18:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d87fec92a868bc140c7b2d609555ef7770af75b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:42:e4:21:3e:15:59:fe:55:5c:97:71:da:f7:
                    22:c5:9c:c0:45:7c:a7:36:0a:98:03:f0:e9:b3:67:
                    99:25:90:95:a8:4f:d8:c6:ae:82:19:cd:0f:27:a7:
                    ad:66:ae:af:18:62:12:e4:46:06:fa:a8:69:b8:4d:
                    7f:c1:97:71:3d:46:75:27:e4:3d:d1:80:a7:46:65:
                    d5:f5:86:af:83:e5:4d:c3:53:06:53:75:28:19:d3:
                    7a:c0:2a:22:35:31:a2:d0:71:3f:c9:eb:8a:0f:10:
                    3a:9a:cf:6f:fe:22:b4:80:b0:93:02:eb:29:ae:21:
                    a9:43:ec:cc:39:fe:b7:2a:85:1b:64:8e:1b:7c:8e:
                    f7:e3:42:44:90:2f:3d:78:ff:50:4a:23:e1:c2:13:
                    6f:fa:51:ce:eb:1c:73:b9:68:41:10:6e:f9:82:86:
                    3b:af:65:a8:95:b4:45:f9:8a:95:a4:0b:63:69:cf:
                    fa:e2:42:d4:0e:c7:18:88:f6:7f:e8:24:f8:c5:15:
                    46:c9:df:1a:fb:85:3c:a9:99:52:91:d1:c2:6b:bb:
                    23:a6:c9:db:f9:73:52:82:da:a3:bc:8c:46:aa:85:
                    21:b2:18:16:d1:ba:d6:10:45:38:73:b4:43:19:aa:
                    ee:be:62:5b:b2:2d:fe:06:cd:7a:e9:5b:c5:55:79:
                    59:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:7F:EC:92:A8:68:BC:14:0C:7B:2D:60:95:55:EF:77:70:AF:75:B0
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/2H_skqhovBQMey1glVXvd3CvdbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  172.110.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:65:c4:90:4f:31:88:b4:b3:58:db:53:22:33:88:1e:70:fc:
         f1:4d:59:ee:6c:71:31:20:8d:8a:8b:c2:22:aa:8b:53:02:5a:
         65:c0:7e:d3:d7:cb:49:92:6b:a3:ff:73:ba:1c:1f:d5:17:f1:
         ee:ab:09:3a:ef:4b:fb:81:88:d5:fd:e0:30:8f:6c:16:83:12:
         09:7b:78:26:0f:81:5b:ff:06:c7:dd:1b:c7:19:f6:df:12:6f:
         97:e3:da:6d:93:90:b8:54:ca:07:66:00:19:df:04:d5:83:c0:
         a5:3f:85:4d:ea:c9:47:6d:8a:02:11:b1:fa:d5:f2:f3:2a:0d:
         df:62:11:d9:c2:33:46:bb:a6:9d:7d:8f:69:02:c6:cf:de:3f:
         e1:df:22:90:d2:e2:d1:2c:65:fc:60:00:14:65:b8:dd:eb:d8:
         2f:49:91:4f:ee:c7:37:b5:24:4b:f9:81:19:21:fd:33:cb:5e:
         95:0c:3b:dc:d2:ce:9c:dd:36:1e:03:9e:e0:47:28:e3:26:91:
         33:dd:ec:73:e2:5e:1c:30:fb:8c:06:c0:66:78:1b:b0:03:34:
         fb:e3:2e:48:cb:b4:6d:64:a2:c8:6d:9d:12:c6:6d:0b:a7:d5:
         30:cc:99:55:78:19:05:65:34:2f:85:83:e8:ff:98:86:df:58:
         46:06:7b:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NgXu0eccX6SDDImTAtfMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjYwMTAxMjAxODE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODdmZWM5MmE4NjhiYzE0MGM3YjJkNjA5NTU1ZWY3NzcwYWY3NWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0LkIT4VWf5VXJdx2vcixZzARXyn
NgqYA/Dps2eZJZCVqE/Yxq6CGc0PJ6etZq6vGGIS5EYG+qhpuE1/wZdxPUZ1J+Q9
0YCnRmXV9Yavg+VNw1MGU3UoGdN6wCoiNTGi0HE/yeuKDxA6ms9v/iK0gLCTAusp
riGpQ+zMOf63KoUbZI4bfI7340JEkC89eP9QSiPhwhNv+lHO6xxzuWhBEG75goY7
r2WolbRF+YqVpAtjac/64kLUDscYiPZ/6CT4xRVGyd8a+4U8qZlSkdHCa7sjpsnb
+XNSgtqjvIxGqoUhshgW0brWEEU4c7RDGaruvmJbsi3+Bs166VvFVXlZBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNh/7JKoaLwUDHstYJVV73dwr3WwMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvMkhfc2txaG92QlFNZXkxZ2xWWHZkM0N2ZGJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQArG7XMA0G
CSqGSIb3DQEBCwUAA4IBAQAGZcSQTzGItLNY21MiM4gecPzxTVnubHExII2Ki8Ii
qotTAlplwH7T18tJkmuj/3O6HB/VF/Huqwk670v7gYjV/eAwj2wWgxIJe3gmD4Fb
/wbH3RvHGfbfEm+X49ptk5C4VMoHZgAZ3wTVg8ClP4VN6slHbYoCEbH61fLzKg3f
YhHZwjNGu6adfY9pAsbP3j/h3yKQ0uLRLGX8YAAUZbjd69gvSZFP7sc3tSRL+YEZ
If0zy16VDDvc0s6c3TYeA57gRyjjJpEz3exz4l4cMPuMBsBmeBuwAzT74y5Iy7Rt
ZKLIbZ0Sxm0Lp9UwzJlVeBkFZTQvhYPo/5iG31hGBnsx
-----END CERTIFICATE-----