This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/T2MyCYDe8ZVj6MHLOpPsRFQaLyc.roa
File:                     T2MyCYDe8ZVj6MHLOpPsRFQaLyc.roa (raw, json)
Hash identifier:          2HMXQDaERD47LVw7adtPSZsCeqM+FdyN2voYgfm3nq4=
Subject key identifier:   4F:63:32:09:80:DE:F1:95:63:E8:C1:CB:3A:93:EC:44:54:1A:2F:27
Certificate issuer:       /CN=261b941dbe59651fafbba9724a12775e07edb635
Certificate serial:       019B79ECDAE6D3A4B66410B4863C03324D7A
Authority key identifier: 26:1B:94:1D:BE:59:65:1F:AF:BB:A9:72:4A:12:77:5E:07:ED:B6:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JhuUHb5ZZR-vu6lyShJ3XgfttjU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/T2MyCYDe8ZVj6MHLOpPsRFQaLyc.roa
Signing time:             Thu 01 Jan 2026 14:18:44 +0000
ROA not before:           Thu 01 Jan 2026 14:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        185.172.152.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/JhuUHb5ZZR-vu6lyShJ3XgfttjU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/JhuUHb5ZZR-vu6lyShJ3XgfttjU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JhuUHb5ZZR-vu6lyShJ3XgfttjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 14:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:da:e6:d3:a4:b6:64:10:b4:86:3c:03:32:4d:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=261b941dbe59651fafbba9724a12775e07edb635
        Validity
            Not Before: Jan  1 14:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4f63320980def19563e8c1cb3a93ec44541a2f27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ff:46:27:1b:07:38:f6:2c:fa:03:23:59:d6:
                    ae:3b:d3:96:e1:7e:c8:f1:7c:b8:a7:0d:ef:ab:3e:
                    ea:5b:a5:89:38:0e:aa:39:66:8a:a1:35:69:2c:58:
                    21:66:e8:60:f0:eb:2a:ba:84:10:83:4d:94:f7:e2:
                    15:28:da:f7:87:56:5e:92:b3:1f:2f:93:a5:e2:e2:
                    c7:b8:0a:ce:00:fc:5e:1f:70:20:e6:8b:53:96:09:
                    6c:4a:a0:87:6d:20:94:8e:43:8d:c1:aa:82:76:44:
                    76:8f:63:16:78:c9:32:f3:fe:6a:4b:0a:d0:b5:d2:
                    08:65:bd:c0:23:71:50:12:8d:50:57:dc:94:ec:fb:
                    bb:e7:0c:c8:33:6d:7e:7c:c4:ff:e5:af:e5:84:a9:
                    0d:8a:65:d5:7a:71:70:cc:b1:47:21:fb:6e:52:dc:
                    0e:4d:46:8b:60:43:e3:90:c1:99:42:a1:c6:6c:42:
                    fa:15:5b:9a:16:52:1c:9b:00:08:f9:d9:4b:2c:c0:
                    db:6e:ab:85:c7:19:a8:ed:f9:db:ba:6a:1f:2f:93:
                    0e:0a:f8:c4:e4:f5:28:19:f8:3e:c2:6a:10:69:96:
                    64:27:9e:d9:e4:f6:c0:a9:f0:67:59:ea:3f:61:f6:
                    28:0f:08:3a:41:ed:0c:81:ce:86:15:d6:f3:ef:6f:
                    cd:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:63:32:09:80:DE:F1:95:63:E8:C1:CB:3A:93:EC:44:54:1A:2F:27
            X509v3 Authority Key Identifier:
                keyid:26:1B:94:1D:BE:59:65:1F:AF:BB:A9:72:4A:12:77:5E:07:ED:B6:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JhuUHb5ZZR-vu6lyShJ3XgfttjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/T2MyCYDe8ZVj6MHLOpPsRFQaLyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/JhuUHb5ZZR-vu6lyShJ3XgfttjU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:2a:ee:eb:35:2b:5d:45:10:d0:e7:a1:ec:41:1e:54:00:41:
         31:10:c9:7d:86:57:93:49:7b:2e:3f:f8:41:a4:fa:1f:9d:f6:
         f5:b2:b5:fb:1e:17:74:ac:41:fc:dd:8f:99:78:c2:4b:f0:13:
         e7:04:77:4b:da:df:21:68:5e:df:b4:03:e7:38:d3:16:8f:0f:
         f9:54:b9:e4:e3:07:8a:63:2c:7c:76:5d:e8:63:7b:44:50:d4:
         7a:28:fc:3f:b4:04:10:5e:ba:a0:06:69:03:d4:df:cb:03:02:
         77:81:8a:9b:68:3b:08:d8:90:cb:ee:54:f3:7a:6d:e4:83:90:
         1b:9a:37:6e:40:94:7b:37:e2:b1:26:fc:a0:53:2f:2e:55:c4:
         88:74:cf:20:7e:a6:e6:08:02:ea:77:2f:1d:26:2b:d0:63:29:
         db:19:91:55:c2:a5:51:64:08:f2:1c:f2:d8:2b:81:22:7d:70:
         27:13:e1:6e:da:b5:58:43:4b:1b:b9:4d:82:2c:19:81:15:32:
         e0:47:62:dd:ef:33:0d:5f:ce:08:eb:53:2b:11:fe:43:d6:bb:
         61:6d:a0:a6:ad:1c:b2:9c:33:c3:ff:74:71:32:ab:7f:3b:03:
         6d:fa:5c:f5:e5:2c:5d:24:27:b1:3e:fb:9a:af:3d:b6:81:46:
         8a:ed:13:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57Nrm06S2ZBC0hjwDMk16MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MWI5NDFkYmU1OTY1MWZhZmJiYTk3MjRhMTI3NzVlMDdl
ZGI2MzUwHhcNMjYwMTAxMTQxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjYzMzIwOTgwZGVmMTk1NjNlOGMxY2IzYTkzZWM0NDU0MWEyZjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAof9GJxsHOPYs+gMjWdauO9OW4X7I
8Xy4pw3vqz7qW6WJOA6qOWaKoTVpLFghZuhg8OsquoQQg02U9+IVKNr3h1ZekrMf
L5Ol4uLHuArOAPxeH3Ag5otTlglsSqCHbSCUjkONwaqCdkR2j2MWeMky8/5qSwrQ
tdIIZb3AI3FQEo1QV9yU7Pu75wzIM21+fMT/5a/lhKkNimXVenFwzLFHIftuUtwO
TUaLYEPjkMGZQqHGbEL6FVuaFlIcmwAI+dlLLMDbbquFxxmo7fnbumofL5MOCvjE
5PUoGfg+wmoQaZZkJ57Z5PbAqfBnWeo/YfYoDwg6Qe0Mgc6GFdbz72/N/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE9jMgmA3vGVY+jByzqT7ERUGi8nMB8GA1UdIwQY
MBaAFCYblB2+WWUfr7upckoSd14H7bY1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmh1VUhiNVpaUi12dTZseVNoSjNYZ2Z0dGpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8yZjgzMGYtYWY0ZC00ZDMzLWEzMDAt
Yjk4ZGY1NDRiYzIwLzEvVDJNeUNZRGU4WlZqNk1ITE9wUHNSRlFhTHljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8yZjgzMGYtYWY0ZC00ZDMzLWEzMDAtYjk4ZGY1NDRiYzIw
LzEvSmh1VUhiNVpaUi12dTZseVNoSjNYZ2Z0dGpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuayYMA0G
CSqGSIb3DQEBCwUAA4IBAQAQKu7rNStdRRDQ56HsQR5UAEExEMl9hleTSXsuP/hB
pPofnfb1srX7Hhd0rEH83Y+ZeMJL8BPnBHdL2t8haF7ftAPnONMWjw/5VLnk4weK
Yyx8dl3oY3tEUNR6KPw/tAQQXrqgBmkD1N/LAwJ3gYqbaDsI2JDL7lTzem3kg5Ab
mjduQJR7N+KxJvygUy8uVcSIdM8gfqbmCALqdy8dJivQYynbGZFVwqVRZAjyHPLY
K4EifXAnE+Fu2rVYQ0sbuU2CLBmBFTLgR2Ld7zMNX84I61MrEf5D1rthbaCmrRyy
nDPD/3RxMqt/OwNt+lz15SxdJCexPvuarz22gUaK7RM1
-----END CERTIFICATE-----