This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/L2j3YbDrhxKGFha7tz1-c-vN-uQ.roa
File:                     L2j3YbDrhxKGFha7tz1-c-vN-uQ.roa (raw, json)
Hash identifier:          iDoMcXtz4bozdB/C54gk9t9e+mReC2IXbtgvzCL2Yp0=
Subject key identifier:   2F:68:F7:61:B0:EB:87:12:86:16:16:BB:B7:3D:7E:73:EB:CD:FA:E4
Certificate issuer:       /CN=d9ad18f4c36067220f4d833cbc78a10f94eb0888
Certificate serial:       019B79EC16ACAED91BC0D2BBB3349CD116E3
Authority key identifier: D9:AD:18:F4:C3:60:67:22:0F:4D:83:3C:BC:78:A1:0F:94:EB:08:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2a0Y9MNgZyIPTYM8vHihD5TrCIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/L2j3YbDrhxKGFha7tz1-c-vN-uQ.roa
Signing time:             Thu 01 Jan 2026 14:17:54 +0000
ROA not before:           Thu 01 Jan 2026 14:17:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     64406
IP address blocks:        185.72.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/2a0Y9MNgZyIPTYM8vHihD5TrCIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/2a0Y9MNgZyIPTYM8vHihD5TrCIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2a0Y9MNgZyIPTYM8vHihD5TrCIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:16:ac:ae:d9:1b:c0:d2:bb:b3:34:9c:d1:16:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9ad18f4c36067220f4d833cbc78a10f94eb0888
        Validity
            Not Before: Jan  1 14:17:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f68f761b0eb8712861616bbb73d7e73ebcdfae4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c3:50:4b:a3:ba:36:3e:8b:f5:1c:41:06:40:
                    85:f1:16:d3:20:77:fc:ac:8e:9b:8f:76:24:e1:1f:
                    1c:a7:05:b2:4d:0e:29:0a:e6:5d:e7:ed:c8:c5:7b:
                    32:f5:bf:b6:b9:bd:81:aa:cc:86:14:2a:7a:33:2f:
                    65:0b:1b:19:4c:df:2b:5b:ed:12:7c:c1:9c:2b:92:
                    e8:aa:83:50:42:65:7b:9b:b3:29:b4:67:5b:a9:df:
                    9d:8c:a6:35:2e:27:3f:65:9d:15:43:58:fc:9b:b1:
                    c5:eb:9f:e1:77:24:b6:c0:02:d6:c2:84:74:d9:7c:
                    7b:98:16:55:5d:27:e9:98:cd:d9:47:4e:a7:63:13:
                    e2:59:4a:60:60:34:6b:65:0e:2d:85:7e:90:80:b8:
                    e1:76:1a:ac:2f:58:12:42:a6:2b:3b:00:30:f1:ac:
                    2a:83:4f:94:7a:d4:b4:fb:94:69:b6:8e:72:d4:71:
                    6d:47:bd:ab:06:2d:48:93:c8:b2:8f:9a:9d:eb:7f:
                    42:60:51:aa:21:1b:eb:96:2b:dd:be:dc:27:83:9e:
                    7f:57:02:e4:cf:47:2a:f3:05:7e:ca:8b:d5:17:ec:
                    fe:3f:83:ab:fe:e0:15:b7:e6:d2:f6:ff:3a:55:78:
                    fb:51:b9:56:5e:0f:3a:fd:d1:08:3a:d2:83:11:77:
                    f9:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:68:F7:61:B0:EB:87:12:86:16:16:BB:B7:3D:7E:73:EB:CD:FA:E4
            X509v3 Authority Key Identifier:
                keyid:D9:AD:18:F4:C3:60:67:22:0F:4D:83:3C:BC:78:A1:0F:94:EB:08:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a0Y9MNgZyIPTYM8vHihD5TrCIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/L2j3YbDrhxKGFha7tz1-c-vN-uQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/2a0Y9MNgZyIPTYM8vHihD5TrCIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:12:4a:13:a2:cb:3e:5a:9c:3d:c5:ab:22:52:de:34:99:4a:
         4c:c8:36:37:9b:9c:9e:17:27:66:b6:c8:86:66:95:7b:e2:47:
         31:ca:d5:e2:19:e7:71:07:6a:b5:c5:20:1e:f0:32:fc:c7:ba:
         88:46:9b:30:07:39:fe:92:24:71:70:8a:9b:b4:d1:bb:ef:70:
         56:a8:ac:81:75:4a:e0:b9:2c:85:56:51:72:6b:d4:d0:09:d5:
         e4:79:64:f6:9f:61:75:83:b0:29:3b:46:99:38:ab:73:97:2a:
         0b:a9:4a:fb:bf:57:d2:27:c2:54:24:97:4b:7a:96:1e:4e:ed:
         aa:68:fb:eb:ea:31:4e:13:ba:cf:c0:e4:33:bc:3d:c1:07:2d:
         30:a2:f0:5b:a7:74:aa:d3:c6:ab:35:fc:e1:a7:06:18:89:33:
         6a:06:d9:18:5c:a5:c9:6f:9c:13:79:ae:68:13:b8:47:66:8b:
         89:fe:e9:63:c1:60:f5:1e:f8:6b:5c:51:86:4b:da:9e:76:b6:
         e7:51:9d:3f:b8:8d:c6:66:19:d6:6b:ec:5f:c4:93:3d:62:8d:
         b1:56:ec:03:96:49:81:d7:8c:44:34:17:89:28:2d:9c:85:e1:
         38:d3:9e:5c:c6:c5:00:20:ee:d9:b4:3e:da:22:b3:8e:48:c8:
         65:d7:e1:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57BasrtkbwNK7szSc0RbjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5YWQxOGY0YzM2MDY3MjIwZjRkODMzY2JjNzhhMTBmOTRl
YjA4ODgwHhcNMjYwMTAxMTQxNzU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjY4Zjc2MWIwZWI4NzEyODYxNjE2YmJiNzNkN2U3M2ViY2RmYWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcNQS6O6Nj6L9RxBBkCF8RbTIHf8
rI6bj3Yk4R8cpwWyTQ4pCuZd5+3IxXsy9b+2ub2BqsyGFCp6My9lCxsZTN8rW+0S
fMGcK5LoqoNQQmV7m7MptGdbqd+djKY1Lic/ZZ0VQ1j8m7HF65/hdyS2wALWwoR0
2Xx7mBZVXSfpmM3ZR06nYxPiWUpgYDRrZQ4thX6QgLjhdhqsL1gSQqYrOwAw8awq
g0+UetS0+5Rpto5y1HFtR72rBi1Ik8iyj5qd639CYFGqIRvrlivdvtwng55/VwLk
z0cq8wV+yovVF+z+P4Or/uAVt+bS9v86VXj7UblWXg86/dEIOtKDEXf5vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC9o92Gw64cShhYWu7c9fnPrzfrkMB8GA1UdIwQY
MBaAFNmtGPTDYGciD02DPLx4oQ+U6wiIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmEwWTlNTmdaeUlQVFlNOHZIaWhENVRyQ0lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9kMzUxYmYtNzFjZS00ODU3LTllNTAt
YzI2NDczODVlNzI3LzEvTDJqM1liRHJoeEtHRmhhN3R6MS1jLXZOLXVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9kMzUxYmYtNzFjZS00ODU3LTllNTAtYzI2NDczODVlNzI3
LzEvMmEwWTlNTmdaeUlQVFlNOHZIaWhENVRyQ0lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUgyMA0G
CSqGSIb3DQEBCwUAA4IBAQAgEkoToss+Wpw9xasiUt40mUpMyDY3m5yeFydmtsiG
ZpV74kcxytXiGedxB2q1xSAe8DL8x7qIRpswBzn+kiRxcIqbtNG773BWqKyBdUrg
uSyFVlFya9TQCdXkeWT2n2F1g7ApO0aZOKtzlyoLqUr7v1fSJ8JUJJdLepYeTu2q
aPvr6jFOE7rPwOQzvD3BBy0wovBbp3Sq08arNfzhpwYYiTNqBtkYXKXJb5wTea5o
E7hHZouJ/uljwWD1HvhrXFGGS9qedrbnUZ0/uI3GZhnWa+xfxJM9Yo2xVuwDlkmB
14xENBeJKC2cheE4055cxsUAIO7ZtD7aIrOOSMhl1+FV
-----END CERTIFICATE-----