This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/c4cf76-2441-4bcd-8c1d-608330be6ba7/1/2danITD8WjQekR05ezjj-XhPrBY.roa
File:                     2danITD8WjQekR05ezjj-XhPrBY.roa (raw, json)
Hash identifier:          +cZJZZibDZjNoxr60QAY9eYKPTcoNjE8iJKXJQEvtXw=
Subject key identifier:   D9:D6:A7:21:30:FC:5A:34:1E:91:1D:39:7B:38:E3:F9:78:4F:AC:16
Certificate issuer:       /CN=b24ea58b5a532e28acc6111ff550271ae1bcdfe8
Certificate serial:       019B7A5AA6DA25D08ABB7E0DE041B1366BC4
Authority key identifier: B2:4E:A5:8B:5A:53:2E:28:AC:C6:11:1F:F5:50:27:1A:E1:BC:DF:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sk6li1pTLiisxhEf9VAnGuG83-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/c4cf76-2441-4bcd-8c1d-608330be6ba7/1/2danITD8WjQekR05ezjj-XhPrBY.roa
Signing time:             Thu 01 Jan 2026 16:18:39 +0000
ROA not before:           Thu 01 Jan 2026 16:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     196882
IP address blocks:        193.104.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/c4cf76-2441-4bcd-8c1d-608330be6ba7/1/sk6li1pTLiisxhEf9VAnGuG83-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/c4cf76-2441-4bcd-8c1d-608330be6ba7/1/sk6li1pTLiisxhEf9VAnGuG83-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sk6li1pTLiisxhEf9VAnGuG83-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:a6:da:25:d0:8a:bb:7e:0d:e0:41:b1:36:6b:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b24ea58b5a532e28acc6111ff550271ae1bcdfe8
        Validity
            Not Before: Jan  1 16:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d9d6a72130fc5a341e911d397b38e3f9784fac16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:5a:09:2d:1f:78:f8:97:6a:ff:b4:db:93:c5:
                    22:2b:25:83:9f:dd:b1:26:45:b5:50:1f:5d:ba:aa:
                    8d:e8:f4:48:19:4b:01:08:28:86:00:18:73:bf:1a:
                    f2:f0:5e:5f:ab:cb:49:1b:63:e2:6f:e2:82:a4:0a:
                    0e:0c:86:2b:ef:06:3b:cc:7e:6b:7c:5a:51:c5:79:
                    45:19:32:54:83:16:5a:d8:37:b5:15:75:54:a0:76:
                    ce:f0:4d:42:4f:75:ae:38:9d:3b:2d:0f:71:3d:70:
                    b8:eb:5d:98:90:09:cb:6e:9d:2f:60:43:a0:f4:b6:
                    b2:20:53:11:a0:28:d0:83:f2:ff:5b:2a:ca:69:97:
                    3d:11:a0:82:77:fa:77:88:0a:a5:36:ef:08:69:08:
                    80:d6:b9:7b:7b:f6:a1:6f:ba:82:e7:f3:3c:9f:5d:
                    a2:83:b3:0c:9f:c7:50:ad:d5:b4:c9:03:42:80:1a:
                    c2:a8:dc:4e:da:15:bf:d3:a9:86:4b:de:e8:4c:a7:
                    75:d1:ea:5b:94:0e:d3:5b:b2:36:81:dd:ac:eb:07:
                    10:67:e1:b3:10:1e:a6:97:e0:38:13:f0:8a:a3:52:
                    5f:30:2f:d5:8c:a6:ca:62:98:6a:83:04:69:80:f5:
                    5d:5d:15:98:91:32:09:ba:ed:2e:dc:07:bc:0f:b5:
                    27:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:D6:A7:21:30:FC:5A:34:1E:91:1D:39:7B:38:E3:F9:78:4F:AC:16
            X509v3 Authority Key Identifier:
                keyid:B2:4E:A5:8B:5A:53:2E:28:AC:C6:11:1F:F5:50:27:1A:E1:BC:DF:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sk6li1pTLiisxhEf9VAnGuG83-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/c4cf76-2441-4bcd-8c1d-608330be6ba7/1/2danITD8WjQekR05ezjj-XhPrBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/c4cf76-2441-4bcd-8c1d-608330be6ba7/1/sk6li1pTLiisxhEf9VAnGuG83-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:4e:e1:b4:30:05:3e:11:50:ad:3e:73:bf:cc:ae:1a:e4:52:
         41:5f:46:ed:17:3a:0e:13:61:49:a7:98:9c:b1:a1:1e:75:96:
         d6:48:06:e1:41:ef:53:76:85:0a:27:0f:64:9f:c6:30:9e:27:
         7e:86:2b:14:22:eb:74:c7:4f:8c:c0:2d:f9:21:2b:6c:3d:2d:
         3c:02:4e:ed:2f:e1:c0:c7:bf:8d:48:23:d7:5b:64:43:d3:6e:
         61:76:bc:7e:d1:68:73:b6:70:7c:34:27:88:72:ef:10:5e:d2:
         f3:b2:04:a8:0f:2d:35:58:ea:50:f8:50:74:b4:e1:28:25:f7:
         91:de:2e:5d:47:ff:e4:09:74:42:ac:e3:09:39:25:85:a8:af:
         6c:30:71:f2:06:b2:c5:43:f0:da:47:7c:20:1b:e0:43:05:c7:
         d4:80:82:e8:5f:74:63:ba:a0:99:91:8a:0e:68:fa:6f:18:a4:
         92:35:ee:40:17:34:95:77:37:a2:19:68:ba:b6:9d:52:a6:c6:
         5d:80:d1:b3:65:5c:27:25:a9:08:04:0b:7c:c2:40:fb:57:96:
         37:09:b0:e1:9e:53:73:21:70:63:18:7e:94:45:69:58:a6:7d:
         5f:4e:1d:18:e2:54:85:3b:6d:70:85:a8:fe:55:64:a3:41:49:
         cc:a5:e5:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WqbaJdCKu34N4EGxNmvEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNGVhNThiNWE1MzJlMjhhY2M2MTExZmY1NTAyNzFhZTFi
Y2RmZTgwHhcNMjYwMTAxMTYxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWQ2YTcyMTMwZmM1YTM0MWU5MTFkMzk3YjM4ZTNmOTc4NGZhYzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVoJLR94+Jdq/7Tbk8UiKyWDn92x
JkW1UB9duqqN6PRIGUsBCCiGABhzvxry8F5fq8tJG2Pib+KCpAoODIYr7wY7zH5r
fFpRxXlFGTJUgxZa2De1FXVUoHbO8E1CT3WuOJ07LQ9xPXC4612YkAnLbp0vYEOg
9LayIFMRoCjQg/L/WyrKaZc9EaCCd/p3iAqlNu8IaQiA1rl7e/ahb7qC5/M8n12i
g7MMn8dQrdW0yQNCgBrCqNxO2hW/06mGS97oTKd10epblA7TW7I2gd2s6wcQZ+Gz
EB6ml+A4E/CKo1JfMC/VjKbKYphqgwRpgPVdXRWYkTIJuu0u3Ae8D7UnEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNnWpyEw/Fo0HpEdOXs44/l4T6wWMB8GA1UdIwQY
MBaAFLJOpYtaUy4orMYRH/VQJxrhvN/oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2s2bGkxcFRMaWlzeGhFZjlWQW5HdUc4My1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9jNGNmNzYtMjQ0MS00YmNkLThjMWQt
NjA4MzMwYmU2YmE3LzEvMmRhbklURDhXalFla1IwNWV6amotWGhQckJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9jNGNmNzYtMjQ0MS00YmNkLThjMWQtNjA4MzMwYmU2YmE3
LzEvc2s2bGkxcFRMaWlzeGhFZjlWQW5HdUc4My1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWjrMA0G
CSqGSIb3DQEBCwUAA4IBAQANTuG0MAU+EVCtPnO/zK4a5FJBX0btFzoOE2FJp5ic
saEedZbWSAbhQe9TdoUKJw9kn8Ywnid+hisUIut0x0+MwC35IStsPS08Ak7tL+HA
x7+NSCPXW2RD025hdrx+0WhztnB8NCeIcu8QXtLzsgSoDy01WOpQ+FB0tOEoJfeR
3i5dR//kCXRCrOMJOSWFqK9sMHHyBrLFQ/DaR3wgG+BDBcfUgILoX3RjuqCZkYoO
aPpvGKSSNe5AFzSVdzeiGWi6tp1SpsZdgNGzZVwnJakIBAt8wkD7V5Y3CbDhnlNz
IXBjGH6URWlYpn1fTh0Y4lSFO21whaj+VWSjQUnMpeX4
-----END CERTIFICATE-----