This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/bQ2Z3MpaRAN6Ght6WnEtUcjPZgg.roa
File:                     bQ2Z3MpaRAN6Ght6WnEtUcjPZgg.roa (raw, json)
Hash identifier:          5jTz/OfVAorDmvszopQ0R2vKYBjIj8qCbrV2KmrXO8I=
Subject key identifier:   6D:0D:99:DC:CA:5A:44:03:7A:1A:1B:7A:5A:71:2D:51:C8:CF:66:08
Certificate issuer:       /CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Certificate serial:       019B7EA6195DEC2361719017E6E52F382E4B
Authority key identifier: D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/bQ2Z3MpaRAN6Ght6WnEtUcjPZgg.roa
Signing time:             Fri 02 Jan 2026 12:19:33 +0000
ROA not before:           Fri 02 Jan 2026 12:19:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41474
IP address blocks:        152.53.172.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 12:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:19:5d:ec:23:61:71:90:17:e6:e5:2f:38:2e:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
        Validity
            Not Before: Jan  2 12:19:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6d0d99dcca5a44037a1a1b7a5a712d51c8cf6608
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:30:ba:87:72:de:2b:f5:b2:2f:a0:18:a0:bf:
                    af:a0:a7:33:19:5b:c5:52:26:5e:eb:92:05:c7:9c:
                    98:c5:5e:f7:a3:81:82:de:e5:ce:0d:4d:22:cb:43:
                    be:45:a5:fa:2d:ee:00:43:ea:c8:c6:27:90:e5:30:
                    e1:7d:78:a1:51:7e:64:f1:b0:c6:22:dd:b3:d5:ec:
                    de:db:04:09:94:f3:8c:81:a4:f5:6d:3f:62:2c:9e:
                    e8:f8:e2:35:93:f0:1a:e4:b3:c8:9b:67:26:5e:18:
                    63:8d:74:2a:c0:24:68:99:f2:a0:7d:7f:8f:98:16:
                    23:d2:ee:aa:92:8e:85:2b:13:4b:b9:ad:06:71:b7:
                    c2:08:9d:0f:9a:93:02:ba:64:1f:86:6f:46:55:8c:
                    f0:93:23:e4:f5:e1:7f:dc:12:22:03:8b:9d:12:ce:
                    73:dc:7b:f6:fa:3a:79:c4:1f:3f:34:93:fe:df:0e:
                    59:07:49:c2:14:cf:5b:ef:cd:c2:49:ae:4b:7b:57:
                    bd:49:ed:54:27:8c:47:2b:d4:95:00:44:49:2c:3f:
                    00:4d:c2:0e:fc:3f:a9:4e:77:92:4b:80:03:c2:14:
                    83:d8:cb:c7:b4:00:19:50:95:0c:a5:2d:2a:f6:56:
                    80:1a:83:77:4f:68:e0:b3:09:7c:9d:c8:cd:10:3e:
                    fe:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:0D:99:DC:CA:5A:44:03:7A:1A:1B:7A:5A:71:2D:51:C8:CF:66:08
            X509v3 Authority Key Identifier:
                keyid:D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/bQ2Z3MpaRAN6Ght6WnEtUcjPZgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.53.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:e7:c0:72:22:81:28:8b:21:ed:ab:07:e3:32:d7:03:60:58:
         de:5d:ba:1b:46:9a:c1:19:86:f5:0c:46:1e:2e:70:8a:0f:a0:
         d9:71:cd:f7:af:b4:97:b0:e5:76:f9:d2:37:fb:70:cc:d6:5e:
         ff:06:38:86:6d:bb:6a:7d:c9:ad:87:82:9b:a2:67:f6:b4:90:
         50:ac:88:d3:2e:48:2a:22:e4:8b:80:10:2a:9b:37:6f:fa:3d:
         68:36:a6:e0:78:d0:24:34:d8:52:c1:02:0d:06:dd:7e:0c:c6:
         ca:09:59:be:e5:8e:e7:f0:1b:6f:e8:2f:96:a5:9e:e7:f9:f4:
         28:0f:09:7e:5c:d0:df:9f:c3:3e:54:8b:b3:83:2a:bc:f1:bc:
         50:b3:5d:41:6d:5f:be:be:4e:a9:8a:7f:43:58:b8:d2:f9:c0:
         74:8e:d9:38:0e:51:fa:2e:39:d2:46:98:20:b8:ff:ff:c6:e7:
         84:97:fe:31:3e:e2:e5:cd:2b:bd:53:a5:bb:5c:f4:44:12:95:
         90:55:96:52:42:b9:c8:9d:b1:f5:63:e2:08:df:e0:1a:bc:48:
         82:0c:da:ca:68:18:db:97:56:15:8d:fd:17:33:46:31:e2:f6:
         d0:a5:97:78:de:89:6c:fe:94:40:5b:55:59:04:b6:c3:4d:29:
         2b:22:d4:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+phld7CNhcZAX5uUvOC5LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMGIzN2I2ZjRiNDQ1NjQ1ZTY5OTNhOWM1ZWM2MDg0OTI0
MjVmMGUwHhcNMjYwMTAyMTIxOTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDBkOTlkY2NhNWE0NDAzN2ExYTFiN2E1YTcxMmQ1MWM4Y2Y2NjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDC6h3LeK/WyL6AYoL+voKczGVvF
UiZe65IFx5yYxV73o4GC3uXODU0iy0O+RaX6Le4AQ+rIxieQ5TDhfXihUX5k8bDG
It2z1eze2wQJlPOMgaT1bT9iLJ7o+OI1k/Aa5LPIm2cmXhhjjXQqwCRomfKgfX+P
mBYj0u6qko6FKxNLua0GcbfCCJ0PmpMCumQfhm9GVYzwkyPk9eF/3BIiA4udEs5z
3Hv2+jp5xB8/NJP+3w5ZB0nCFM9b783CSa5Le1e9Se1UJ4xHK9SVAERJLD8ATcIO
/D+pTneSS4ADwhSD2MvHtAAZUJUMpS0q9laAGoN3T2jgswl8ncjNED7+AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0NmdzKWkQDehobelpxLVHIz2YIMB8GA1UdIwQY
MBaAFNALN7b0tEVkXmmTqcXsYISSQl8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEt
N2RiNjg2OGQ4NDc0LzEvYlEyWjNNcGFSQU42R2h0NlduRXRVY2pQWmdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEtN2RiNjg2OGQ4NDc0
LzEvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCmDWsMA0G
CSqGSIb3DQEBCwUAA4IBAQCh58ByIoEoiyHtqwfjMtcDYFjeXbobRprBGYb1DEYe
LnCKD6DZcc33r7SXsOV2+dI3+3DM1l7/BjiGbbtqfcmth4Kbomf2tJBQrIjTLkgq
IuSLgBAqmzdv+j1oNqbgeNAkNNhSwQINBt1+DMbKCVm+5Y7n8Btv6C+WpZ7n+fQo
Dwl+XNDfn8M+VIuzgyq88bxQs11BbV++vk6pin9DWLjS+cB0jtk4DlH6LjnSRpgg
uP//xueEl/4xPuLlzSu9U6W7XPREEpWQVZZSQrnInbH1Y+II3+AavEiCDNrKaBjb
l1YVjf0XM0Yx4vbQpZd43ols/pRAW1VZBLbDTSkrItQo
-----END CERTIFICATE-----