This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/2KDXrZTw6zwNCS3yFkoAqJLo_KE.roa
File:                     2KDXrZTw6zwNCS3yFkoAqJLo_KE.roa (raw, json)
Hash identifier:          XL8CjyffUsZpFmUyFwpkGPsA9J1lod+QjcfeFc4nfjM=
Subject key identifier:   D8:A0:D7:AD:94:F0:EB:3C:0D:09:2D:F2:16:4A:00:A8:92:E8:FC:A1
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019B7AC79D7824C3A8B7655BFD2E206D2CAB
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/2KDXrZTw6zwNCS3yFkoAqJLo_KE.roa
Signing time:             Thu 01 Jan 2026 18:17:40 +0000
ROA not before:           Thu 01 Jan 2026 18:17:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200019
IP address blocks:        45.145.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:9d:78:24:c3:a8:b7:65:5b:fd:2e:20:6d:2c:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 18:17:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d8a0d7ad94f0eb3c0d092df2164a00a892e8fca1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:13:1c:0c:d6:27:f4:65:17:3e:ab:7a:45:0a:
                    4d:57:e2:e5:d7:b3:ed:da:b5:90:2b:f8:86:40:77:
                    27:e8:a5:07:ac:9e:67:c6:67:30:99:2c:26:4c:d1:
                    2e:2b:d0:81:c2:dd:a3:bc:c7:9a:ee:d7:e5:d0:b3:
                    c2:cc:57:6c:cd:ca:41:fd:fc:13:f5:7d:61:fe:6e:
                    c1:80:4a:66:00:ae:7b:a6:6d:d6:94:77:ab:ff:4f:
                    6f:e3:a9:3e:6c:79:26:0d:6b:35:7b:27:7e:69:a3:
                    9f:5f:96:b3:a2:1b:18:ee:1c:1f:9c:00:49:31:f6:
                    c9:f3:3c:d6:a7:9a:80:14:5c:f5:a0:ee:15:c9:4e:
                    48:05:47:47:74:9a:ea:31:83:5b:ed:a7:36:9c:41:
                    0d:46:6d:1e:62:7f:28:30:54:46:e3:52:46:bb:01:
                    78:b2:96:73:13:91:df:0b:a5:f6:a4:ef:e7:52:90:
                    fa:d4:93:ad:7c:7e:49:d6:69:4a:1f:dd:3b:9d:58:
                    19:8b:52:b8:20:93:86:db:15:e5:76:54:21:2e:87:
                    bf:f2:70:9a:71:f6:0c:25:b3:d9:52:cd:90:85:1c:
                    cb:fc:e3:58:8c:3f:8f:54:7b:a9:00:c6:50:d7:40:
                    a8:73:65:a9:62:a4:2b:b5:b4:18:57:21:17:32:f7:
                    9f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:A0:D7:AD:94:F0:EB:3C:0D:09:2D:F2:16:4A:00:A8:92:E8:FC:A1
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/2KDXrZTw6zwNCS3yFkoAqJLo_KE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:5e:3e:0e:0a:a5:63:e4:89:8d:31:da:5e:04:4d:66:8d:96:
         15:63:5e:1b:65:1d:a1:51:22:78:c2:a7:94:3e:ad:9a:6f:e5:
         dc:a2:71:a7:5a:df:9a:15:af:1e:9b:ac:74:6c:38:46:15:77:
         fd:b1:12:4a:4f:ce:46:8b:cb:46:ec:96:36:1b:27:77:69:64:
         ea:b5:3a:8c:76:ff:8b:a9:f4:a0:07:bc:2a:0e:ed:d1:88:3f:
         ba:0b:19:fc:db:83:f2:44:6f:62:b0:ce:12:18:92:6a:35:86:
         ce:5e:de:6f:4d:24:f5:a6:2d:6d:9b:0d:8e:4b:4a:cf:e1:f5:
         d7:00:8f:84:c8:5e:ac:ce:9d:57:58:fd:d5:2c:44:ef:72:cc:
         42:99:3a:07:37:b9:00:b0:0d:f3:11:50:fd:cc:ee:33:4f:66:
         d2:a1:3d:aa:db:42:c1:69:74:84:21:d6:df:79:3f:43:d2:ff:
         0f:30:06:05:13:d2:a7:99:d8:e2:94:30:c5:d9:6d:11:c3:12:
         7e:c3:47:b5:ce:50:ba:93:a4:a5:9d:25:82:26:15:cf:0d:68:
         29:ba:8c:6e:30:6c:28:24:4c:f5:e4:1a:82:e1:2c:67:05:33:
         90:be:26:40:6b:26:ae:c0:32:56:36:da:1f:38:10:94:2f:2a:
         43:fe:32:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x514JMOot2Vb/S4gbSyrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwMTAxMTgxNzQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGEwZDdhZDk0ZjBlYjNjMGQwOTJkZjIxNjRhMDBhODkyZThmY2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBMcDNYn9GUXPqt6RQpNV+Ll17Pt
2rWQK/iGQHcn6KUHrJ5nxmcwmSwmTNEuK9CBwt2jvMea7tfl0LPCzFdszcpB/fwT
9X1h/m7BgEpmAK57pm3WlHer/09v46k+bHkmDWs1eyd+aaOfX5azohsY7hwfnABJ
MfbJ8zzWp5qAFFz1oO4VyU5IBUdHdJrqMYNb7ac2nEENRm0eYn8oMFRG41JGuwF4
spZzE5HfC6X2pO/nUpD61JOtfH5J1mlKH907nVgZi1K4IJOG2xXldlQhLoe/8nCa
cfYMJbPZUs2QhRzL/ONYjD+PVHupAMZQ10Coc2WpYqQrtbQYVyEXMvefxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNig162U8Os8DQkt8hZKAKiS6PyhMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvMktEWHJaVHc2endOQ1MzeUZrb0FxSkxvX0tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZEAMA0G
CSqGSIb3DQEBCwUAA4IBAQAkXj4OCqVj5ImNMdpeBE1mjZYVY14bZR2hUSJ4wqeU
Pq2ab+XconGnWt+aFa8em6x0bDhGFXf9sRJKT85Gi8tG7JY2Gyd3aWTqtTqMdv+L
qfSgB7wqDu3RiD+6Cxn824PyRG9isM4SGJJqNYbOXt5vTST1pi1tmw2OS0rP4fXX
AI+EyF6szp1XWP3VLETvcsxCmToHN7kAsA3zEVD9zO4zT2bSoT2q20LBaXSEIdbf
eT9D0v8PMAYFE9KnmdjilDDF2W0RwxJ+w0e1zlC6k6SlnSWCJhXPDWgpuoxuMGwo
JEz15BqC4SxnBTOQviZAayauwDJWNtofOBCULypD/jKw
-----END CERTIFICATE-----