This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/544bc7-f204-4a40-a30d-805efcd1149c/1/2gPdkQWW9jUCbizX1SsNX62y_98.roa
File:                     2gPdkQWW9jUCbizX1SsNX62y_98.roa (raw, json)
Hash identifier:          VSRNfwKyTAYD9LB8Wv+fsBtowZBw7KWBvIp7E5dQ+Cg=
Subject key identifier:   DA:03:DD:91:05:96:F6:35:02:6E:2C:D7:D5:2B:0D:5F:AD:B2:FF:DF
Certificate issuer:       /CN=ece15063cb0b3e78888cb4d0f22a04a193dd6706
Certificate serial:       019BFA42A62252F15F94B3618F23804A44CD
Authority key identifier: EC:E1:50:63:CB:0B:3E:78:88:8C:B4:D0:F2:2A:04:A1:93:DD:67:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7OFQY8sLPniIjLTQ8ioEoZPdZwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/544bc7-f204-4a40-a30d-805efcd1149c/1/2gPdkQWW9jUCbizX1SsNX62y_98.roa
Signing time:             Mon 26 Jan 2026 12:23:50 +0000
ROA not before:           Mon 26 Jan 2026 12:23:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3209
IP address blocks:        194.187.184.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/544bc7-f204-4a40-a30d-805efcd1149c/1/7OFQY8sLPniIjLTQ8ioEoZPdZwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/544bc7-f204-4a40-a30d-805efcd1149c/1/7OFQY8sLPniIjLTQ8ioEoZPdZwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7OFQY8sLPniIjLTQ8ioEoZPdZwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 12:23:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:fa:42:a6:22:52:f1:5f:94:b3:61:8f:23:80:4a:44:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ece15063cb0b3e78888cb4d0f22a04a193dd6706
        Validity
            Not Before: Jan 26 12:23:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da03dd910596f635026e2cd7d52b0d5fadb2ffdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3d:3f:e8:fe:31:d9:ca:c9:21:70:6e:02:3f:
                    07:6a:99:5a:a4:a7:45:63:2f:21:eb:65:5a:bc:f0:
                    2d:fa:b0:ab:80:08:8c:65:e4:85:7a:2c:6c:82:c1:
                    de:1c:be:90:e3:52:d1:ba:8f:7b:a1:f3:88:68:ad:
                    f2:33:ca:3e:4d:28:09:d2:27:13:dd:1c:b5:47:0a:
                    c3:0c:48:eb:74:83:86:e9:3c:ea:39:86:22:6c:f7:
                    3b:17:f8:cc:24:50:ed:2b:3b:b1:a0:cd:53:86:ee:
                    03:f5:e5:53:60:b7:e9:17:1a:f2:90:ba:87:fb:8c:
                    72:ed:aa:e0:25:a1:6f:8c:22:f4:70:05:8a:94:a9:
                    f6:a1:05:d8:bc:99:15:6e:0b:0d:bb:d5:fc:9b:89:
                    72:5b:b4:1a:6b:9d:b8:10:22:83:72:d7:9b:08:c0:
                    73:a6:7e:21:af:e2:ff:a8:d9:74:c7:3b:08:ae:6b:
                    2d:9d:99:e6:7e:69:cb:54:09:ce:97:b6:25:38:21:
                    dc:59:0a:92:c8:bd:f5:02:af:d3:5d:25:31:7f:95:
                    a6:18:c8:5a:45:81:3e:49:23:2b:a0:99:80:18:9f:
                    47:40:55:13:28:eb:f0:c8:27:14:5d:6d:bb:bb:46:
                    f6:ff:57:db:92:f7:52:f8:cc:48:08:2e:45:5d:f1:
                    70:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:03:DD:91:05:96:F6:35:02:6E:2C:D7:D5:2B:0D:5F:AD:B2:FF:DF
            X509v3 Authority Key Identifier:
                keyid:EC:E1:50:63:CB:0B:3E:78:88:8C:B4:D0:F2:2A:04:A1:93:DD:67:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7OFQY8sLPniIjLTQ8ioEoZPdZwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/544bc7-f204-4a40-a30d-805efcd1149c/1/2gPdkQWW9jUCbizX1SsNX62y_98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/544bc7-f204-4a40-a30d-805efcd1149c/1/7OFQY8sLPniIjLTQ8ioEoZPdZwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b7:a6:6a:92:93:2d:a9:f0:fb:62:57:02:4d:f3:80:8a:bc:fb:
         15:27:ae:3d:88:41:68:b4:e8:b3:cb:94:bc:f9:eb:76:ff:81:
         41:8f:89:b9:55:e3:27:16:db:3a:a5:dc:92:7b:b9:00:0b:bf:
         30:68:72:dd:ce:5b:a7:0f:c6:df:63:62:eb:66:00:4a:27:63:
         b9:c6:10:03:f1:7d:b4:f7:71:d4:a0:97:f2:c8:50:23:f2:bf:
         6a:67:36:af:bb:ce:a6:89:4d:12:e9:af:f1:27:63:fb:d8:d2:
         0a:49:b6:f6:e3:2d:9b:23:42:5d:93:91:eb:26:d2:13:cb:50:
         d1:06:d5:e7:7d:6f:b2:e0:54:ed:e2:e9:5e:04:3a:02:eb:e7:
         57:3a:68:ea:bc:f6:30:33:52:b4:f2:1d:3a:24:c9:62:a3:5d:
         7b:57:60:aa:d9:b2:7b:68:6d:8b:8e:6a:d8:91:3a:24:44:58:
         85:f2:21:ad:d2:40:d4:e5:7f:55:5e:d8:3f:80:d6:b5:82:9d:
         23:ed:36:ca:99:8d:70:6d:45:cd:30:71:f4:15:e1:bf:9a:14:
         fa:82:0b:a6:90:8f:b6:7c:f9:24:dc:b3:6f:8b:54:24:d7:93:
         60:98:12:e0:b4:b8:91:e3:77:2b:60:32:7a:b8:fd:c4:3c:a8:
         ab:b4:6f:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZv6QqYiUvFflLNhjyOASkTNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjZTE1MDYzY2IwYjNlNzg4ODhjYjRkMGYyMmEwNGExOTNk
ZDY3MDYwHhcNMjYwMTI2MTIyMzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTAzZGQ5MTA1OTZmNjM1MDI2ZTJjZDdkNTJiMGQ1ZmFkYjJmZmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvj0/6P4x2crJIXBuAj8HaplapKdF
Yy8h62VavPAt+rCrgAiMZeSFeixsgsHeHL6Q41LRuo97ofOIaK3yM8o+TSgJ0icT
3Ry1RwrDDEjrdIOG6TzqOYYibPc7F/jMJFDtKzuxoM1Thu4D9eVTYLfpFxrykLqH
+4xy7argJaFvjCL0cAWKlKn2oQXYvJkVbgsNu9X8m4lyW7Qaa524ECKDctebCMBz
pn4hr+L/qNl0xzsIrmstnZnmfmnLVAnOl7YlOCHcWQqSyL31Aq/TXSUxf5WmGMha
RYE+SSMroJmAGJ9HQFUTKOvwyCcUXW27u0b2/1fbkvdS+MxICC5FXfFwYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNoD3ZEFlvY1Am4s19UrDV+tsv/fMB8GA1UdIwQY
MBaAFOzhUGPLCz54iIy00PIqBKGT3WcGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN09GUVk4c0xQbmlJakxUUThpb0VvWlBkWndZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC81NDRiYzctZjIwNC00YTQwLWEzMGQt
ODA1ZWZjZDExNDljLzEvMmdQZGtRV1c5alVDYml6WDFTc05YNjJ5Xzk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC81NDRiYzctZjIwNC00YTQwLWEzMGQtODA1ZWZjZDExNDlj
LzEvN09GUVk4c0xQbmlJakxUUThpb0VvWlBkWndZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwru4MA0G
CSqGSIb3DQEBCwUAA4IBAQC3pmqSky2p8PtiVwJN84CKvPsVJ649iEFotOizy5S8
+et2/4FBj4m5VeMnFts6pdySe7kAC78waHLdzlunD8bfY2LrZgBKJ2O5xhAD8X20
93HUoJfyyFAj8r9qZzavu86miU0S6a/xJ2P72NIKSbb24y2bI0Jdk5HrJtITy1DR
BtXnfW+y4FTt4uleBDoC6+dXOmjqvPYwM1K08h06JMlio117V2Cq2bJ7aG2LjmrY
kTokRFiF8iGt0kDU5X9VXtg/gNa1gp0j7TbKmY1wbUXNMHH0FeG/mhT6ggumkI+2
fPkk3LNvi1Qk15NgmBLgtLiR43crYDJ6uP3EPKirtG/u
-----END CERTIFICATE-----