This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/cCGcqwqPiP3VDBcenc_u6SoVALA.roa
File:                     cCGcqwqPiP3VDBcenc_u6SoVALA.roa (raw, json)
Hash identifier:          z3gEBGScS7gPkb7UO0W5YFRJpGoxVnZ5LzDEvJ1dTXg=
Subject key identifier:   70:21:9C:AB:0A:8F:88:FD:D5:0C:17:1E:9D:CF:EE:E9:2A:15:00:B0
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019B7E37BF06A322919ABF1AAF7260EC68A9
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/cCGcqwqPiP3VDBcenc_u6SoVALA.roa
Signing time:             Fri 02 Jan 2026 10:19:01 +0000
ROA not before:           Fri 02 Jan 2026 10:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     136557
IP address blocks:        155.2.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 06:10:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:bf:06:a3:22:91:9a:bf:1a:af:72:60:ec:68:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jan  2 10:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70219cab0a8f88fdd50c171e9dcfeee92a1500b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7a:29:44:0a:e6:57:f8:bf:cb:95:c5:b6:a3:
                    e2:b1:46:42:56:2b:9e:58:26:39:8d:bb:e3:46:fa:
                    12:74:f6:51:e2:f8:d3:76:e3:d3:20:37:43:d7:ea:
                    8b:10:10:11:e2:af:7d:5f:58:0b:5a:1d:f3:29:d2:
                    74:44:ac:2d:5b:81:81:ab:ca:c4:97:a0:20:b2:70:
                    ff:f0:a9:b0:6d:44:27:d7:8d:35:ca:bb:e6:de:7a:
                    44:24:f4:f9:28:50:ed:d4:b5:95:b5:e6:d4:09:ac:
                    81:a9:a9:81:2d:1c:72:36:fc:bd:1c:87:5b:94:e5:
                    bb:59:64:ab:b2:46:ee:9e:88:c5:22:39:af:9b:8e:
                    e2:dc:36:c3:d9:34:94:5f:61:04:43:c6:db:e3:c4:
                    24:3e:72:82:21:84:68:d0:f7:a6:f0:da:fd:70:73:
                    84:8e:ab:f1:d9:b7:21:7f:2d:ed:74:25:da:2b:18:
                    5e:d1:67:29:f3:94:1d:0c:ca:d9:d6:f6:3b:0b:aa:
                    de:8a:e6:64:bb:53:f3:d8:8f:53:62:f9:90:3c:b2:
                    f0:dd:b1:ca:1a:40:d0:c5:c2:59:fe:27:92:aa:ed:
                    6a:4d:f0:ec:82:df:c4:3c:08:21:ca:7c:de:5d:80:
                    0c:ef:83:1e:a9:1f:c2:05:97:b0:10:15:bc:b4:36:
                    8e:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:21:9C:AB:0A:8F:88:FD:D5:0C:17:1E:9D:CF:EE:E9:2A:15:00:B0
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/cCGcqwqPiP3VDBcenc_u6SoVALA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.2.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:3d:97:99:c8:76:b6:f5:69:ee:56:3c:49:43:74:b8:40:d0:
         87:0a:b2:c0:dd:dd:85:82:94:cb:e5:da:8a:29:6d:d4:1e:39:
         84:8a:70:39:e0:52:89:0a:a0:b0:4c:96:4c:70:a3:b5:8b:75:
         85:76:d6:3b:a3:cb:60:7b:56:68:b6:ac:ab:fc:14:ac:8a:49:
         52:01:72:f0:fb:74:42:5d:8c:65:2a:09:36:f6:f8:7b:80:15:
         4e:90:9c:b6:56:6c:81:a5:4c:4f:96:c5:9e:c0:1e:2a:d2:9f:
         66:ae:ee:e4:ea:6d:17:7c:c8:7a:35:0b:b6:8c:01:a8:4f:5c:
         94:07:f5:44:6c:8e:ed:8d:9b:0f:68:4a:43:56:67:83:0a:16:
         7c:c5:a1:96:10:df:63:89:0c:bc:e5:f4:0b:4d:8d:3f:53:35:
         f0:aa:43:83:86:0b:f2:1e:a7:ca:0e:a7:40:6b:52:b5:64:04:
         f9:7d:43:e2:f4:51:0e:a7:ec:17:db:47:1e:d6:a9:82:2b:fb:
         cc:74:f4:63:fd:52:04:00:14:bf:93:8a:90:58:5f:c5:76:bd:
         5d:90:52:da:09:2f:ec:fd:1c:d5:5d:43:2b:dc:09:6b:51:f6:
         01:61:17:a3:7a:98:40:5b:e4:e0:02:ef:22:f6:5c:cc:4e:f9:
         fd:b7:90:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N78GoyKRmr8ar3Jg7GipMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMTAyMTAxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDIxOWNhYjBhOGY4OGZkZDUwYzE3MWU5ZGNmZWVlOTJhMTUwMGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3opRArmV/i/y5XFtqPisUZCViue
WCY5jbvjRvoSdPZR4vjTduPTIDdD1+qLEBAR4q99X1gLWh3zKdJ0RKwtW4GBq8rE
l6AgsnD/8KmwbUQn1401yrvm3npEJPT5KFDt1LWVtebUCayBqamBLRxyNvy9HIdb
lOW7WWSrskbunojFIjmvm47i3DbD2TSUX2EEQ8bb48QkPnKCIYRo0Pem8Nr9cHOE
jqvx2bchfy3tdCXaKxhe0Wcp85QdDMrZ1vY7C6reiuZku1Pz2I9TYvmQPLLw3bHK
GkDQxcJZ/ieSqu1qTfDsgt/EPAghynzeXYAM74MeqR/CBZewEBW8tDaOMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHAhnKsKj4j91QwXHp3P7ukqFQCwMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvY0NHY3F3cVBpUDNWREJjZW5jX3U2U29WQUxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmwK/MA0G
CSqGSIb3DQEBCwUAA4IBAQDIPZeZyHa29WnuVjxJQ3S4QNCHCrLA3d2FgpTL5dqK
KW3UHjmEinA54FKJCqCwTJZMcKO1i3WFdtY7o8tge1Zotqyr/BSsiklSAXLw+3RC
XYxlKgk29vh7gBVOkJy2VmyBpUxPlsWewB4q0p9mru7k6m0XfMh6NQu2jAGoT1yU
B/VEbI7tjZsPaEpDVmeDChZ8xaGWEN9jiQy85fQLTY0/UzXwqkODhgvyHqfKDqdA
a1K1ZAT5fUPi9FEOp+wX20ce1qmCK/vMdPRj/VIEABS/k4qQWF/Fdr1dkFLaCS/s
/RzVXUMr3AlrUfYBYRejephAW+TgAu8i9lzMTvn9t5DG
-----END CERTIFICATE-----