This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/K2gUzHo9NIfLw7mxue-WG2dSfGg.roa
File:                     K2gUzHo9NIfLw7mxue-WG2dSfGg.roa (raw, json)
Hash identifier:          RMJ36vLekShGJJkGXChFrGurKJHvS238P0567oNnDc8=
Subject key identifier:   2B:68:14:CC:7A:3D:34:87:CB:C3:B9:B1:B9:EF:96:1B:67:52:7C:68
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019B7758AA1E193ECA4282DAFF55A3AB55CC
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/K2gUzHo9NIfLw7mxue-WG2dSfGg.roa
Signing time:             Thu 01 Jan 2026 02:17:37 +0000
ROA not before:           Thu 01 Jan 2026 02:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        160.20.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:aa:1e:19:3e:ca:42:82:da:ff:55:a3:ab:55:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 02:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b6814cc7a3d3487cbc3b9b1b9ef961b67527c68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:86:af:32:96:80:10:16:af:16:7d:34:d0:c9:
                    80:7c:83:3d:d0:84:dc:93:32:b8:af:68:bb:ab:7a:
                    5b:aa:5f:0d:1b:f0:a7:89:f1:24:26:cc:f8:47:20:
                    8e:bd:6a:84:77:9b:3a:84:28:a8:2e:96:d3:76:1d:
                    eb:87:e7:9e:cf:68:9c:d4:91:0b:86:b8:ca:db:d4:
                    fb:bd:b4:61:24:90:d3:22:5d:7a:0a:86:80:a5:ae:
                    ed:ae:20:ff:10:64:a0:34:05:95:87:59:67:90:2e:
                    1d:34:c6:df:45:0a:51:0c:cc:10:8b:05:0e:09:ce:
                    1b:36:3f:bd:7d:fa:1d:15:be:ce:e7:4d:8e:d3:31:
                    72:93:75:45:9e:0d:76:52:b3:68:68:f6:bf:69:e1:
                    7f:05:2d:de:ac:40:97:5e:cb:fa:bf:63:1c:cf:af:
                    0d:7c:27:4e:37:6f:f3:4b:02:7b:6a:08:8f:ea:48:
                    d5:06:2f:1f:49:50:42:5c:0a:ce:49:49:04:40:5c:
                    48:98:75:1f:6b:d6:ae:d0:ac:2f:1f:f5:5e:d9:01:
                    05:3b:69:26:00:b2:38:a9:a4:6b:3b:12:7b:3e:ea:
                    97:85:5f:9a:92:fb:36:e5:f9:e0:d3:e2:05:9e:21:
                    b7:c0:d7:77:f3:1f:de:da:98:4c:d6:56:cd:1c:40:
                    83:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:68:14:CC:7A:3D:34:87:CB:C3:B9:B1:B9:EF:96:1B:67:52:7C:68
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/K2gUzHo9NIfLw7mxue-WG2dSfGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.20.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:f6:37:fe:60:76:f6:0b:c3:96:cd:3a:ab:63:42:d1:8c:88:
         83:15:47:d1:c0:85:d9:62:0f:97:be:eb:f4:fb:1e:e9:c0:df:
         65:0d:e9:ac:af:64:0b:d8:17:c3:c2:6f:2a:99:28:fb:db:0a:
         60:ca:86:a6:8a:68:ff:30:a7:70:0e:53:71:48:83:6a:9c:c6:
         f4:c5:5b:76:c7:e2:74:93:3a:79:38:44:12:e5:ac:02:1d:66:
         9c:a8:ef:c3:67:24:b1:cb:dd:f3:04:d4:a5:45:5e:b9:59:b6:
         17:2d:87:e9:c2:93:d3:bf:4f:93:62:83:1b:63:f7:19:05:16:
         b3:3c:02:59:79:7f:4c:ad:db:fc:cb:66:85:53:8d:de:a1:0a:
         68:59:bb:cd:79:b5:35:49:e0:32:8d:ac:c0:9f:11:55:3d:52:
         4e:1d:51:5f:60:dc:49:d5:32:be:24:47:bf:f5:ff:c0:bf:cc:
         55:d7:79:71:6b:06:02:5a:4b:b9:64:39:8c:f5:d8:04:e1:de:
         c2:ec:8c:f6:f3:50:d1:af:95:00:0a:41:a8:e2:8d:03:83:22:
         d1:19:3c:bc:a0:47:4b:6d:f1:6b:9b:e1:c4:62:42:c3:cd:87:
         ab:da:32:fb:d9:f0:1a:89:75:24:a0:af:54:f5:ec:4b:91:f8:
         ec:50:3c:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WKoeGT7KQoLa/1Wjq1XMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwMTAxMDIxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjY4MTRjYzdhM2QzNDg3Y2JjM2I5YjFiOWVmOTYxYjY3NTI3YzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloavMpaAEBavFn000MmAfIM90ITc
kzK4r2i7q3pbql8NG/CnifEkJsz4RyCOvWqEd5s6hCioLpbTdh3rh+eez2ic1JEL
hrjK29T7vbRhJJDTIl16CoaApa7triD/EGSgNAWVh1lnkC4dNMbfRQpRDMwQiwUO
Cc4bNj+9ffodFb7O502O0zFyk3VFng12UrNoaPa/aeF/BS3erECXXsv6v2Mcz68N
fCdON2/zSwJ7agiP6kjVBi8fSVBCXArOSUkEQFxImHUfa9au0KwvH/Ve2QEFO2km
ALI4qaRrOxJ7PuqXhV+akvs25fng0+IFniG3wNd38x/e2phM1lbNHECDzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCtoFMx6PTSHy8O5sbnvlhtnUnxoMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvSzJnVXpIbzlOSWZMdzdteHVlLVdHMmRTZkdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoBRsMA0G
CSqGSIb3DQEBCwUAA4IBAQAE9jf+YHb2C8OWzTqrY0LRjIiDFUfRwIXZYg+Xvuv0
+x7pwN9lDemsr2QL2BfDwm8qmSj72wpgyoamimj/MKdwDlNxSINqnMb0xVt2x+J0
kzp5OEQS5awCHWacqO/DZySxy93zBNSlRV65WbYXLYfpwpPTv0+TYoMbY/cZBRaz
PAJZeX9Mrdv8y2aFU43eoQpoWbvNebU1SeAyjazAnxFVPVJOHVFfYNxJ1TK+JEe/
9f/Av8xV13lxawYCWku5ZDmM9dgE4d7C7Iz281DRr5UACkGo4o0DgyLRGTy8oEdL
bfFrm+HEYkLDzYer2jL72fAaiXUkoK9U9exLkfjsUDxX
-----END CERTIFICATE-----