This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/2rG6ym8QVb4IUhWKaVABLqMEudA.roa
File:                     2rG6ym8QVb4IUhWKaVABLqMEudA.roa (raw, json)
Hash identifier:          Y1qgFOR6xRSvB0/M5PW+1DtdG1enb2kLb7e2HnI2Yl0=
Subject key identifier:   DA:B1:BA:CA:6F:10:55:BE:08:52:15:8A:69:50:01:2E:A3:04:B9:D0
Certificate issuer:       /CN=4ee843a85dd664e9dc0310892bd7dd9ce52591c7
Certificate serial:       019B78A360A0EB71BF32DC8458BF4BCFB0B9
Authority key identifier: 4E:E8:43:A8:5D:D6:64:E9:DC:03:10:89:2B:D7:DD:9C:E5:25:91:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/2rG6ym8QVb4IUhWKaVABLqMEudA.roa
Signing time:             Thu 01 Jan 2026 08:18:51 +0000
ROA not before:           Thu 01 Jan 2026 08:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2856
IP address blocks:        144.98.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 09:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:60:a0:eb:71:bf:32:dc:84:58:bf:4b:cf:b0:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ee843a85dd664e9dc0310892bd7dd9ce52591c7
        Validity
            Not Before: Jan  1 08:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dab1baca6f1055be0852158a6950012ea304b9d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5d:52:8b:50:14:52:f7:12:0c:65:7d:70:e7:
                    1f:45:0b:86:14:c6:c2:b7:5f:29:77:d9:f1:a0:31:
                    16:af:3c:a1:81:d9:01:45:53:2e:67:98:e6:73:1a:
                    36:1a:bb:ad:b1:3b:ab:fa:e2:66:2b:ea:8b:d0:2e:
                    f8:e7:34:bd:b4:3f:30:9a:9f:79:b4:6f:54:d3:78:
                    0d:27:c1:ca:fb:70:d4:de:0e:8f:fe:e8:40:cd:7a:
                    b9:7a:71:7e:90:c6:23:a3:11:24:22:73:db:50:11:
                    e1:fc:a6:2e:05:91:16:59:09:08:66:1e:7b:ee:3d:
                    cd:48:c1:c5:1c:7c:9c:17:5a:69:e9:6d:1e:0c:d1:
                    8a:bf:40:7b:3f:e7:30:85:61:bf:ef:35:df:95:37:
                    c9:b2:b4:46:a7:4b:4f:7f:0d:a0:e8:d2:77:6c:23:
                    0a:d5:12:f3:58:0b:df:06:79:6f:15:05:4c:01:c0:
                    4c:50:31:20:65:aa:2c:5a:1d:9a:ad:46:6f:5f:d7:
                    f8:93:39:35:f8:74:de:f2:8a:96:1f:05:9b:4e:09:
                    75:cf:28:06:c6:34:8e:37:2e:1c:0e:dd:9e:84:9a:
                    16:11:70:ee:31:93:d2:f4:15:8f:e1:fd:72:12:fb:
                    d7:ca:9f:4e:64:91:d0:a7:5a:f4:fa:a7:22:d4:a5:
                    b2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:B1:BA:CA:6F:10:55:BE:08:52:15:8A:69:50:01:2E:A3:04:B9:D0
            X509v3 Authority Key Identifier:
                keyid:4E:E8:43:A8:5D:D6:64:E9:DC:03:10:89:2B:D7:DD:9C:E5:25:91:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TuhDqF3WZOncAxCJK9fdnOUlkcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/2rG6ym8QVb4IUhWKaVABLqMEudA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/adad20-c512-4fb0-a127-48cf412b387b/1/TuhDqF3WZOncAxCJK9fdnOUlkcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.98.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:e9:92:91:a4:57:1f:e0:5b:dc:a4:fa:b8:63:a0:6f:85:ac:
         b9:f8:77:2d:f5:2d:70:70:76:59:2a:a6:d9:00:77:21:b2:4b:
         0e:ec:fb:bc:b6:1c:27:c1:49:ae:ea:c2:3b:54:85:5c:44:68:
         9b:10:c1:3a:f4:ce:75:ef:c1:c1:ed:36:3a:74:4f:7a:fb:c2:
         1f:2c:ef:7b:d2:5e:25:d9:0e:43:6f:1d:8d:5f:0d:b4:61:63:
         4f:e9:10:e2:82:cb:60:bd:a8:f5:74:63:74:6b:4e:02:49:36:
         78:ee:bd:82:12:18:7d:28:70:2c:7c:97:10:27:da:9a:5b:00:
         4d:6e:94:3a:49:37:6b:5b:74:2b:98:08:fa:cc:f5:6b:d1:fd:
         36:0d:bd:6d:82:52:4f:33:cb:6d:97:21:0d:c9:6b:86:09:91:
         ba:6d:61:12:3e:cf:3b:d8:5f:11:7e:3e:32:3f:58:98:6a:64:
         8d:f7:ae:a0:f5:6b:c6:39:00:4a:6e:cb:ba:d9:38:0b:32:87:
         2d:10:23:c8:2e:67:1e:33:60:cc:ee:d5:f5:ff:24:33:b4:ec:
         66:8f:fb:83:44:0a:74:c3:dc:20:af:48:6c:2d:1f:bb:e4:ec:
         94:ed:79:6b:ab:37:c4:34:4e:bd:f3:fb:a5:98:2b:3a:9b:9f:
         fb:29:7b:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4o2Cg63G/MtyEWL9Lz7C5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZTg0M2E4NWRkNjY0ZTlkYzAzMTA4OTJiZDdkZDljZTUy
NTkxYzcwHhcNMjYwMTAxMDgxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWIxYmFjYTZmMTA1NWJlMDg1MjE1OGE2OTUwMDEyZWEzMDRiOWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqF1Si1AUUvcSDGV9cOcfRQuGFMbC
t18pd9nxoDEWrzyhgdkBRVMuZ5jmcxo2GrutsTur+uJmK+qL0C745zS9tD8wmp95
tG9U03gNJ8HK+3DU3g6P/uhAzXq5enF+kMYjoxEkInPbUBHh/KYuBZEWWQkIZh57
7j3NSMHFHHycF1pp6W0eDNGKv0B7P+cwhWG/7zXflTfJsrRGp0tPfw2g6NJ3bCMK
1RLzWAvfBnlvFQVMAcBMUDEgZaosWh2arUZvX9f4kzk1+HTe8oqWHwWbTgl1zygG
xjSONy4cDt2ehJoWEXDuMZPS9BWP4f1yEvvXyp9OZJHQp1r0+qci1KWy+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNqxuspvEFW+CFIVimlQAS6jBLnQMB8GA1UdIwQY
MBaAFE7oQ6hd1mTp3AMQiSvX3ZzlJZHHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHVoRHFGM1daT25jQXhDSks5ZmRuT1Vsa2NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9hZGFkMjAtYzUxMi00ZmIwLWExMjct
NDhjZjQxMmIzODdiLzEvMnJHNnltOFFWYjRJVWhXS2FWQUJMcU1FdWRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9hZGFkMjAtYzUxMi00ZmIwLWExMjctNDhjZjQxMmIzODdi
LzEvVHVoRHFGM1daT25jQXhDSks5ZmRuT1Vsa2NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkGKQMA0G
CSqGSIb3DQEBCwUAA4IBAQBK6ZKRpFcf4FvcpPq4Y6Bvhay5+Hct9S1wcHZZKqbZ
AHchsksO7Pu8thwnwUmu6sI7VIVcRGibEME69M5178HB7TY6dE96+8IfLO970l4l
2Q5Dbx2NXw20YWNP6RDigstgvaj1dGN0a04CSTZ47r2CEhh9KHAsfJcQJ9qaWwBN
bpQ6STdrW3QrmAj6zPVr0f02Db1tglJPM8ttlyENyWuGCZG6bWESPs872F8Rfj4y
P1iYamSN966g9WvGOQBKbsu62TgLMoctECPILmceM2DM7tX1/yQztOxmj/uDRAp0
w9wgr0hsLR+75OyU7XlrqzfENE698/ulmCs6m5/7KXsN
-----END CERTIFICATE-----