This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/2bmFSMgy2P2oSH2qP7eO7iwn9Zg.roa
File:                     2bmFSMgy2P2oSH2qP7eO7iwn9Zg.roa (raw, json)
Hash identifier:          cbsBP6OAzhAl2v8n1tj2ekwJ+n2ubBjhhjsuWSnOR4E=
Subject key identifier:   D9:B9:85:48:C8:32:D8:FD:A8:48:7D:AA:3F:B7:8E:EE:2C:27:F5:98
Certificate issuer:       /CN=4b405caab34bbfde6b8ee66c600860c6ce96f32b
Certificate serial:       019B7C11FDA814A42FCDFAFEC256B62B0EAA
Authority key identifier: 4B:40:5C:AA:B3:4B:BF:DE:6B:8E:E6:6C:60:08:60:C6:CE:96:F3:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S0BcqrNLv95rjuZsYAhgxs6W8ys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/2bmFSMgy2P2oSH2qP7eO7iwn9Zg.roa
Signing time:             Fri 02 Jan 2026 00:18:32 +0000
ROA not before:           Fri 02 Jan 2026 00:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31129
IP address blocks:        212.106.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/S0BcqrNLv95rjuZsYAhgxs6W8ys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/S0BcqrNLv95rjuZsYAhgxs6W8ys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S0BcqrNLv95rjuZsYAhgxs6W8ys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:fd:a8:14:a4:2f:cd:fa:fe:c2:56:b6:2b:0e:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b405caab34bbfde6b8ee66c600860c6ce96f32b
        Validity
            Not Before: Jan  2 00:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d9b98548c832d8fda8487daa3fb78eee2c27f598
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:60:5d:34:48:a6:0e:cc:a0:84:35:3b:1e:5e:
                    57:a0:e1:ca:fb:51:22:ef:e7:e6:7d:fb:a4:8d:c9:
                    ce:f7:61:73:99:d5:f8:4c:f0:35:c6:34:c3:ae:e1:
                    a1:b7:f6:24:25:58:a6:a8:22:73:1a:4f:5d:ef:e3:
                    db:7f:13:cd:3b:b0:f2:93:05:84:07:e9:17:04:46:
                    27:63:a0:ea:e9:19:38:b4:cb:fc:73:88:31:79:37:
                    43:4e:6e:57:8e:b8:54:e8:0b:31:99:83:dd:3c:d4:
                    fd:fd:79:8a:d7:29:c1:07:ff:81:bc:6e:1d:e8:ae:
                    9b:07:75:a7:e9:70:31:01:aa:62:55:13:40:a7:e1:
                    a8:3c:89:a4:fe:cc:5a:ab:40:f1:3a:c1:38:c8:d7:
                    8d:c4:84:bf:6c:1a:4d:84:39:0d:21:ff:86:50:7e:
                    0e:bd:80:af:3e:74:b3:be:6f:92:e5:5a:b5:2e:16:
                    45:78:fe:8d:ec:b9:35:8d:45:5b:a8:a9:1a:b6:63:
                    d0:8a:84:9c:50:22:b6:af:42:a9:68:47:88:51:05:
                    6a:e4:ff:ec:94:4b:91:e7:87:06:0d:08:68:17:82:
                    1b:f2:54:07:08:ae:88:9c:ec:ee:f6:8e:6c:18:3c:
                    53:3b:53:ce:d4:03:d3:24:87:ed:83:9e:e0:94:27:
                    ac:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:B9:85:48:C8:32:D8:FD:A8:48:7D:AA:3F:B7:8E:EE:2C:27:F5:98
            X509v3 Authority Key Identifier:
                keyid:4B:40:5C:AA:B3:4B:BF:DE:6B:8E:E6:6C:60:08:60:C6:CE:96:F3:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0BcqrNLv95rjuZsYAhgxs6W8ys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/2bmFSMgy2P2oSH2qP7eO7iwn9Zg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/914d39-3020-4b79-ad26-d87affb8bc61/1/S0BcqrNLv95rjuZsYAhgxs6W8ys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.106.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:18:f5:9f:e7:71:55:17:38:03:6c:33:5e:14:d2:a5:b3:14:
         89:5e:33:17:da:41:d7:1f:31:2d:49:19:cc:2e:44:5c:30:3a:
         d3:d2:ed:73:c4:d0:46:b3:ea:1e:b4:a1:a0:d2:fd:22:45:0f:
         55:f6:9d:77:e9:89:de:d2:83:10:98:20:5b:ec:fa:f3:44:81:
         dd:12:7f:57:85:d8:85:1a:e3:f5:31:e5:fb:3c:51:52:04:75:
         31:e4:1a:9e:2f:0d:fa:90:e2:28:44:0c:90:06:ba:45:ba:1c:
         b8:82:fb:20:e7:a7:a1:7b:72:95:30:54:27:24:98:d2:50:6c:
         7c:42:a6:6e:87:0c:2d:78:d1:e6:3d:d5:d6:ed:ee:f3:63:48:
         4b:67:80:46:40:46:40:a6:22:ac:ea:67:a4:d5:8c:97:97:e8:
         d7:9b:77:62:58:bb:b9:ce:1c:aa:bc:23:1a:c9:49:4f:ee:c6:
         8a:e4:4a:aa:57:d8:2d:39:12:bc:92:75:11:eb:6c:de:14:1e:
         60:97:93:b1:86:4e:53:62:57:e7:f0:67:ca:36:8d:65:bd:6d:
         34:1a:ef:5a:fd:cc:77:67:52:23:5c:d0:6d:df:e2:80:76:81:
         60:50:4b:ad:77:b0:32:21:66:a8:ee:4e:04:65:f6:76:88:9c:
         b5:45:2a:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Ef2oFKQvzfr+wla2Kw6qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNDA1Y2FhYjM0YmJmZGU2YjhlZTY2YzYwMDg2MGM2Y2U5
NmYzMmIwHhcNMjYwMTAyMDAxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWI5ODU0OGM4MzJkOGZkYTg0ODdkYWEzZmI3OGVlZTJjMjdmNTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWBdNEimDsyghDU7Hl5XoOHK+1Ei
7+fmffukjcnO92FzmdX4TPA1xjTDruGht/YkJVimqCJzGk9d7+PbfxPNO7DykwWE
B+kXBEYnY6Dq6Rk4tMv8c4gxeTdDTm5XjrhU6AsxmYPdPNT9/XmK1ynBB/+BvG4d
6K6bB3Wn6XAxAapiVRNAp+GoPImk/sxaq0DxOsE4yNeNxIS/bBpNhDkNIf+GUH4O
vYCvPnSzvm+S5Vq1LhZFeP6N7Lk1jUVbqKkatmPQioScUCK2r0KpaEeIUQVq5P/s
lEuR54cGDQhoF4Ib8lQHCK6InOzu9o5sGDxTO1PO1APTJIftg57glCes6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNm5hUjIMtj9qEh9qj+3ju4sJ/WYMB8GA1UdIwQY
MBaAFEtAXKqzS7/ea47mbGAIYMbOlvMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzBCY3FyTkx2OTVyanVac1lBaGd4czZXOHlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS85MTRkMzktMzAyMC00Yjc5LWFkMjYt
ZDg3YWZmYjhiYzYxLzEvMmJtRlNNZ3kyUDJvU0gycVA3ZU83aXduOVpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS85MTRkMzktMzAyMC00Yjc5LWFkMjYtZDg3YWZmYjhiYzYx
LzEvUzBCY3FyTkx2OTVyanVac1lBaGd4czZXOHlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GqPMA0G
CSqGSIb3DQEBCwUAA4IBAQBbGPWf53FVFzgDbDNeFNKlsxSJXjMX2kHXHzEtSRnM
LkRcMDrT0u1zxNBGs+oetKGg0v0iRQ9V9p136Yne0oMQmCBb7PrzRIHdEn9XhdiF
GuP1MeX7PFFSBHUx5BqeLw36kOIoRAyQBrpFuhy4gvsg56ehe3KVMFQnJJjSUGx8
QqZuhwwteNHmPdXW7e7zY0hLZ4BGQEZApiKs6mek1YyXl+jXm3diWLu5zhyqvCMa
yUlP7saK5EqqV9gtORK8knUR62zeFB5gl5Oxhk5TYlfn8GfKNo1lvW00Gu9a/cx3
Z1IjXNBt3+KAdoFgUEutd7AyIWao7k4EZfZ2iJy1RSqG
-----END CERTIFICATE-----