This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/3ce047-d858-4e7f-a070-d4319d13c775/1/2KPFTLeDrSm9M4_XVjKhQsAeW5w.roa
File:                     2KPFTLeDrSm9M4_XVjKhQsAeW5w.roa (raw, json)
Hash identifier:          oiy5/t8+xoYRfuAXJZSTJK9AhNzpLlj1CftKpmctdeM=
Subject key identifier:   D8:A3:C5:4C:B7:83:AD:29:BD:33:8F:D7:56:32:A1:42:C0:1E:5B:9C
Certificate issuer:       /CN=1e0436dd698eba3eab5a92db1d64f2f314ed3116
Certificate serial:       019B7CEDC9B832335FDE019BDF27FE7C0738
Authority key identifier: 1E:04:36:DD:69:8E:BA:3E:AB:5A:92:DB:1D:64:F2:F3:14:ED:31:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HgQ23WmOuj6rWpLbHWTy8xTtMRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/3ce047-d858-4e7f-a070-d4319d13c775/1/2KPFTLeDrSm9M4_XVjKhQsAeW5w.roa
Signing time:             Fri 02 Jan 2026 04:18:37 +0000
ROA not before:           Fri 02 Jan 2026 04:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12843
IP address blocks:        193.164.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/3ce047-d858-4e7f-a070-d4319d13c775/1/HgQ23WmOuj6rWpLbHWTy8xTtMRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/3ce047-d858-4e7f-a070-d4319d13c775/1/HgQ23WmOuj6rWpLbHWTy8xTtMRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HgQ23WmOuj6rWpLbHWTy8xTtMRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 13:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:c9:b8:32:33:5f:de:01:9b:df:27:fe:7c:07:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e0436dd698eba3eab5a92db1d64f2f314ed3116
        Validity
            Not Before: Jan  2 04:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d8a3c54cb783ad29bd338fd75632a142c01e5b9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:7e:9f:5b:56:c4:ff:7f:37:da:d1:0c:31:dd:
                    80:82:f5:ef:2d:49:19:1b:57:f1:71:9f:47:8b:a5:
                    07:ea:33:a8:1f:75:96:51:87:08:36:55:4e:f2:e3:
                    66:5d:0d:ad:cf:61:28:65:d2:07:91:e2:1c:e0:01:
                    db:8b:ab:65:0b:da:3a:fe:2e:8e:b8:38:e7:63:88:
                    ba:ca:76:49:79:34:40:58:ac:14:a6:3d:9c:7d:43:
                    b9:95:da:6f:cc:36:1c:14:a3:c0:e7:95:d0:b8:2f:
                    cc:5c:4d:35:92:77:39:60:db:b6:ce:84:39:2a:76:
                    2a:30:a7:b2:50:d8:f8:52:b0:78:b1:78:a1:82:ea:
                    27:a1:34:51:72:ab:31:cd:fb:c3:a9:9b:ce:c5:1c:
                    9b:cc:88:0d:b7:58:4e:5f:e8:a5:d7:63:ca:d4:8c:
                    7c:06:ab:6b:63:e6:ad:e8:70:73:e8:68:f1:da:0c:
                    b4:48:88:00:cf:b3:ae:3a:ea:68:c0:0f:5d:e7:b1:
                    b3:45:08:19:3b:7b:a3:a3:01:35:85:91:1f:18:75:
                    7e:63:44:a4:3c:b4:69:e3:d1:e1:5b:3d:d9:51:84:
                    df:1a:34:51:06:75:88:94:fa:7e:69:85:cc:85:ca:
                    42:98:6e:dc:cd:4b:2c:57:3d:06:4f:b2:0d:69:21:
                    10:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:A3:C5:4C:B7:83:AD:29:BD:33:8F:D7:56:32:A1:42:C0:1E:5B:9C
            X509v3 Authority Key Identifier:
                keyid:1E:04:36:DD:69:8E:BA:3E:AB:5A:92:DB:1D:64:F2:F3:14:ED:31:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HgQ23WmOuj6rWpLbHWTy8xTtMRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/3ce047-d858-4e7f-a070-d4319d13c775/1/2KPFTLeDrSm9M4_XVjKhQsAeW5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/3ce047-d858-4e7f-a070-d4319d13c775/1/HgQ23WmOuj6rWpLbHWTy8xTtMRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.164.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:57:11:a8:33:ab:28:d8:f9:3e:9f:da:8f:62:62:01:8d:54:
         fe:90:a3:66:5e:29:75:da:e6:e8:2d:ef:2a:89:3c:a9:90:58:
         9c:ec:33:af:26:28:64:ac:63:cc:ea:7b:70:65:b0:88:26:e9:
         60:ff:d5:04:36:4e:52:3c:a8:1f:e1:e0:5a:f8:78:29:00:00:
         94:b6:16:a4:ba:93:5e:2e:02:40:e7:f6:61:53:44:92:b0:63:
         43:6c:79:46:d1:0a:da:a9:2e:d4:a2:cc:03:0e:8e:9f:87:8a:
         f6:a5:cb:d8:34:43:75:5f:4e:b4:4e:09:ac:6c:79:12:8b:19:
         d7:13:3b:89:04:57:85:dd:50:9e:fd:08:ef:ec:4a:3c:83:07:
         f4:8e:7d:ac:c9:c2:d9:68:db:4d:9f:90:36:74:0c:af:a5:67:
         ec:df:ce:00:1e:2d:f3:9f:12:66:9c:8c:db:d6:c3:8b:b2:8d:
         c9:f9:fa:d7:cc:4b:18:01:fc:28:00:22:1b:1e:c9:5f:51:02:
         6f:5a:2f:78:c8:7e:d7:f0:17:46:4b:b5:e4:b7:fd:4e:6c:e9:
         f7:7a:5a:47:8e:ee:59:56:c4:37:54:0c:f2:da:51:5d:9f:aa:
         63:71:45:fc:13:6c:0e:b2:c7:48:61:89:1a:e4:55:67:cb:63:
         f4:ca:9a:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87cm4MjNf3gGb3yf+fAc4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMDQzNmRkNjk4ZWJhM2VhYjVhOTJkYjFkNjRmMmYzMTRl
ZDMxMTYwHhcNMjYwMTAyMDQxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGEzYzU0Y2I3ODNhZDI5YmQzMzhmZDc1NjMyYTE0MmMwMWU1YjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu36fW1bE/3832tEMMd2AgvXvLUkZ
G1fxcZ9Hi6UH6jOoH3WWUYcINlVO8uNmXQ2tz2EoZdIHkeIc4AHbi6tlC9o6/i6O
uDjnY4i6ynZJeTRAWKwUpj2cfUO5ldpvzDYcFKPA55XQuC/MXE01knc5YNu2zoQ5
KnYqMKeyUNj4UrB4sXihguonoTRRcqsxzfvDqZvOxRybzIgNt1hOX+il12PK1Ix8
BqtrY+at6HBz6Gjx2gy0SIgAz7OuOupowA9d57GzRQgZO3ujowE1hZEfGHV+Y0Sk
PLRp49HhWz3ZUYTfGjRRBnWIlPp+aYXMhcpCmG7czUssVz0GT7INaSEQDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNijxUy3g60pvTOP11YyoULAHlucMB8GA1UdIwQY
MBaAFB4ENt1pjro+q1qS2x1k8vMU7TEWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGdRMjNXbU91ajZyV3BMYkhXVHk4eFR0TVJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zY2UwNDctZDg1OC00ZTdmLWEwNzAt
ZDQzMTlkMTNjNzc1LzEvMktQRlRMZURyU205TTRfWFZqS2hRc0FlVzV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zY2UwNDctZDg1OC00ZTdmLWEwNzAtZDQzMTlkMTNjNzc1
LzEvSGdRMjNXbU91ajZyV3BMYkhXVHk4eFR0TVJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaSaMA0G
CSqGSIb3DQEBCwUAA4IBAQAcVxGoM6so2Pk+n9qPYmIBjVT+kKNmXil12uboLe8q
iTypkFic7DOvJihkrGPM6ntwZbCIJulg/9UENk5SPKgf4eBa+HgpAACUthakupNe
LgJA5/ZhU0SSsGNDbHlG0QraqS7UoswDDo6fh4r2pcvYNEN1X060TgmsbHkSixnX
EzuJBFeF3VCe/Qjv7Eo8gwf0jn2sycLZaNtNn5A2dAyvpWfs384AHi3znxJmnIzb
1sOLso3J+frXzEsYAfwoACIbHslfUQJvWi94yH7X8BdGS7Xkt/1ObOn3elpHju5Z
VsQ3VAzy2lFdn6pjcUX8E2wOssdIYYka5FVny2P0yprL
-----END CERTIFICATE-----