This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/204268-6078-4b53-94d2-44fde96b8aec/1/2nQB2E6BUhwfRdMk7xQATWi9kI0.roa
File:                     2nQB2E6BUhwfRdMk7xQATWi9kI0.roa (raw, json)
Hash identifier:          O2K+jT0p/eGe0P+/wXfc4p3/RWSSlNcPnUldJ8hZwb8=
Subject key identifier:   DA:74:01:D8:4E:81:52:1C:1F:45:D3:24:EF:14:00:4D:68:BD:90:8D
Certificate issuer:       /CN=856f0c90073afb8ecde7e83409ceabdb93b41a4e
Certificate serial:       019B7759558027AE77FC3D7142550CF4896A
Authority key identifier: 85:6F:0C:90:07:3A:FB:8E:CD:E7:E8:34:09:CE:AB:DB:93:B4:1A:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hW8MkAc6-47N5-g0Cc6r25O0Gk4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/204268-6078-4b53-94d2-44fde96b8aec/1/2nQB2E6BUhwfRdMk7xQATWi9kI0.roa
Signing time:             Thu 01 Jan 2026 02:18:21 +0000
ROA not before:           Thu 01 Jan 2026 02:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24940
IP address blocks:        185.110.95.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/204268-6078-4b53-94d2-44fde96b8aec/1/hW8MkAc6-47N5-g0Cc6r25O0Gk4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/204268-6078-4b53-94d2-44fde96b8aec/1/hW8MkAc6-47N5-g0Cc6r25O0Gk4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hW8MkAc6-47N5-g0Cc6r25O0Gk4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:55:80:27:ae:77:fc:3d:71:42:55:0c:f4:89:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=856f0c90073afb8ecde7e83409ceabdb93b41a4e
        Validity
            Not Before: Jan  1 02:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da7401d84e81521c1f45d324ef14004d68bd908d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c5:03:9a:49:c8:ea:06:c3:78:24:78:1c:1a:
                    1e:b8:34:e2:2d:5c:9b:c6:9b:fc:be:d6:4f:78:b7:
                    cd:9b:da:4a:be:f7:04:dc:80:4e:5b:2d:20:79:8a:
                    1a:f0:2a:0d:92:31:e2:ef:e4:7d:f9:09:ff:e4:39:
                    ba:b9:97:0a:af:48:89:f3:75:31:eb:74:1b:7c:c6:
                    1b:e2:64:08:81:c6:1f:9e:8b:e7:75:64:bd:66:08:
                    bb:bf:f6:2d:ac:a0:44:4e:b2:84:2a:93:8c:35:c4:
                    29:1c:f7:20:b3:43:c1:6b:f5:ce:b4:1a:d0:2d:ed:
                    ac:ce:f3:31:79:58:aa:53:29:b7:14:ed:9d:a7:aa:
                    09:b2:59:6b:bd:e8:56:b6:26:1e:d9:a2:6d:3e:0e:
                    08:83:3f:3d:32:d0:3d:e5:67:f1:fc:8c:0e:6d:56:
                    84:91:60:45:44:a0:ca:e8:61:15:41:fd:0a:6b:56:
                    e0:6b:87:2e:dd:99:80:3a:9c:9f:8c:d3:68:02:9c:
                    7f:43:48:37:cc:77:b6:31:6b:2a:ba:1f:9c:3e:25:
                    c5:5a:63:68:05:64:04:56:8c:9b:9c:82:db:24:24:
                    e4:3d:f1:3a:3d:4d:05:1c:7d:19:fc:d2:20:e8:94:
                    65:99:01:98:4b:9a:f5:6f:dd:de:fe:77:74:72:f5:
                    9d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:74:01:D8:4E:81:52:1C:1F:45:D3:24:EF:14:00:4D:68:BD:90:8D
            X509v3 Authority Key Identifier:
                keyid:85:6F:0C:90:07:3A:FB:8E:CD:E7:E8:34:09:CE:AB:DB:93:B4:1A:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hW8MkAc6-47N5-g0Cc6r25O0Gk4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/204268-6078-4b53-94d2-44fde96b8aec/1/2nQB2E6BUhwfRdMk7xQATWi9kI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/204268-6078-4b53-94d2-44fde96b8aec/1/hW8MkAc6-47N5-g0Cc6r25O0Gk4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:70:b5:5e:ca:0b:f5:02:b9:58:d8:db:e9:1c:46:9b:c8:fd:
         7c:ca:7e:e5:c7:5c:a9:9c:7c:9f:0f:e7:ed:58:57:c1:0f:7e:
         ae:5c:59:38:fd:e2:9e:e5:c9:71:63:70:b1:38:f3:20:25:ee:
         08:3b:a9:a2:a3:2c:bb:c9:0f:41:0a:18:13:4d:17:e8:42:a5:
         d4:3c:0b:af:53:72:c6:5b:a9:39:dc:8c:93:1a:8f:4d:dc:92:
         a3:62:77:ae:7b:35:5f:0f:d9:13:56:0a:6a:e1:a9:ef:9b:4f:
         a7:fe:c1:60:d4:fc:50:e2:99:ab:65:01:42:c1:31:e6:d8:f0:
         3c:59:c6:d9:8c:e1:d9:66:fa:bb:97:88:22:84:dc:a4:9f:70:
         40:c5:bb:7e:a6:8f:60:cb:39:4e:70:4a:49:1a:03:78:ee:0b:
         34:9a:13:66:4f:66:27:e9:f4:b1:03:2a:da:28:d2:fc:fa:fa:
         ce:82:33:78:8d:d9:00:9f:8f:df:96:67:70:98:48:6f:17:bc:
         ff:05:4e:55:d7:96:8c:ac:6d:d8:4d:33:07:a1:45:b1:13:c1:
         f0:9b:18:7d:c9:de:be:55:76:4b:f2:0f:28:f6:4e:c2:ec:3e:
         5e:95:e1:12:5b:f6:68:64:82:48:94:8d:ad:9a:96:ef:3e:ef:
         5a:ec:47:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WVWAJ653/D1xQlUM9IlqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NmYwYzkwMDczYWZiOGVjZGU3ZTgzNDA5Y2VhYmRiOTNi
NDFhNGUwHhcNMjYwMTAxMDIxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTc0MDFkODRlODE1MjFjMWY0NWQzMjRlZjE0MDA0ZDY4YmQ5MDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusUDmknI6gbDeCR4HBoeuDTiLVyb
xpv8vtZPeLfNm9pKvvcE3IBOWy0geYoa8CoNkjHi7+R9+Qn/5Dm6uZcKr0iJ83Ux
63QbfMYb4mQIgcYfnovndWS9Zgi7v/YtrKBETrKEKpOMNcQpHPcgs0PBa/XOtBrQ
Le2szvMxeViqUym3FO2dp6oJsllrvehWtiYe2aJtPg4Igz89MtA95Wfx/IwObVaE
kWBFRKDK6GEVQf0Ka1bga4cu3ZmAOpyfjNNoApx/Q0g3zHe2MWsquh+cPiXFWmNo
BWQEVoybnILbJCTkPfE6PU0FHH0Z/NIg6JRlmQGYS5r1b93e/nd0cvWdAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNp0AdhOgVIcH0XTJO8UAE1ovZCNMB8GA1UdIwQY
MBaAFIVvDJAHOvuOzefoNAnOq9uTtBpOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFc4TWtBYzYtNDdONS1nMENjNnIyNU8wR2s0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy8yMDQyNjgtNjA3OC00YjUzLTk0ZDIt
NDRmZGU5NmI4YWVjLzEvMm5RQjJFNkJVaHdmUmRNazd4UUFUV2k5a0kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy8yMDQyNjgtNjA3OC00YjUzLTk0ZDItNDRmZGU5NmI4YWVj
LzEvaFc4TWtBYzYtNDdONS1nMENjNnIyNU8wR2s0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuW5fMA0G
CSqGSIb3DQEBCwUAA4IBAQAlcLVeygv1ArlY2NvpHEabyP18yn7lx1ypnHyfD+ft
WFfBD36uXFk4/eKe5clxY3CxOPMgJe4IO6mioyy7yQ9BChgTTRfoQqXUPAuvU3LG
W6k53IyTGo9N3JKjYneuezVfD9kTVgpq4anvm0+n/sFg1PxQ4pmrZQFCwTHm2PA8
WcbZjOHZZvq7l4gihNykn3BAxbt+po9gyzlOcEpJGgN47gs0mhNmT2Yn6fSxAyra
KNL8+vrOgjN4jdkAn4/flmdwmEhvF7z/BU5V15aMrG3YTTMHoUWxE8Hwmxh9yd6+
VXZL8g8o9k7C7D5eleESW/ZoZIJIlI2tmpbvPu9a7Ech
-----END CERTIFICATE-----