This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/p32AqgICpWGV5IUX6fmyer79QMY.roa
File:                     p32AqgICpWGV5IUX6fmyer79QMY.roa (raw, json)
Hash identifier:          Qp7WxCFuaih23zF/G1VCAMMPnZC5xDFs0GhMuipzmtk=
Subject key identifier:   A7:7D:80:AA:02:02:A5:61:95:E4:85:17:E9:F9:B2:7A:BE:FD:40:C6
Certificate issuer:       /CN=ba60a4d874d9601c8142c352f80c56a43276cd47
Certificate serial:       019B7AC939AFABD6E8E6E7F4F3ECC6A1073F
Authority key identifier: BA:60:A4:D8:74:D9:60:1C:81:42:C3:52:F8:0C:56:A4:32:76:CD:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/p32AqgICpWGV5IUX6fmyer79QMY.roa
Signing time:             Thu 01 Jan 2026 18:19:26 +0000
ROA not before:           Thu 01 Jan 2026 18:19:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49581
IP address blocks:        2.58.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:39:af:ab:d6:e8:e6:e7:f4:f3:ec:c6:a1:07:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba60a4d874d9601c8142c352f80c56a43276cd47
        Validity
            Not Before: Jan  1 18:19:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a77d80aa0202a56195e48517e9f9b27abefd40c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:40:03:ee:78:88:fb:d4:53:5f:ca:3c:1d:6f:
                    a4:99:b0:b8:c1:b4:a2:8e:6b:90:48:c7:2b:92:30:
                    bc:3e:e7:c0:50:fb:5d:ac:8b:76:50:79:85:23:04:
                    2e:20:a4:37:cf:0f:46:fa:4b:99:4b:e9:82:d1:c7:
                    ef:31:f2:4e:77:bc:2b:c0:50:ff:41:08:8c:52:e9:
                    1d:6f:e0:fb:cf:5b:46:03:2b:1b:5b:4c:cd:02:0d:
                    ae:0e:64:0d:aa:24:94:99:9e:c6:ba:09:5b:f9:36:
                    05:32:17:12:29:9f:41:81:20:41:6d:b4:d6:1e:6c:
                    fb:3d:09:4f:b0:4b:b9:6b:d8:66:77:9c:f2:cb:ea:
                    69:ea:6d:78:d6:2a:3f:d8:6c:9e:b6:2f:05:f7:ea:
                    8d:3a:2a:d0:a6:1a:80:57:c0:4c:22:e9:0f:c6:28:
                    80:da:32:6a:30:cd:4a:58:5d:80:bd:88:d1:f6:68:
                    d7:fe:36:87:d8:b6:69:fa:26:7f:33:a4:32:57:0f:
                    3d:86:ab:ce:73:4f:39:13:f7:d3:8d:bc:86:aa:7e:
                    32:86:dd:8d:a5:de:57:cc:5a:95:fe:eb:0e:20:21:
                    19:c2:d7:bc:d1:2d:ee:0c:fa:a2:4b:72:25:99:d8:
                    39:e7:d8:77:e1:4c:80:c1:19:e2:3b:b4:7c:c6:5d:
                    fb:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:7D:80:AA:02:02:A5:61:95:E4:85:17:E9:F9:B2:7A:BE:FD:40:C6
            X509v3 Authority Key Identifier:
                keyid:BA:60:A4:D8:74:D9:60:1C:81:42:C3:52:F8:0C:56:A4:32:76:CD:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/p32AqgICpWGV5IUX6fmyer79QMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:c8:f7:f8:94:b4:43:3f:77:9d:ec:50:92:c0:fa:4c:8c:bb:
         40:db:c1:98:ff:68:e1:2b:d8:0b:91:ba:d0:80:3e:07:1a:0c:
         10:f8:05:46:a2:ce:c9:22:a0:73:20:35:6b:29:73:eb:3f:a9:
         18:c4:e8:bc:94:63:42:8a:48:03:14:78:e3:06:b5:a9:47:f2:
         d2:a0:57:0e:4f:1d:85:bf:0f:34:12:f8:42:7e:02:b0:15:72:
         48:88:47:2f:71:ff:1e:42:2f:aa:cd:69:48:5d:78:27:b7:65:
         02:08:e3:ad:42:36:99:ce:17:22:fa:5a:33:1b:b5:5d:c2:99:
         b4:2b:3f:8c:89:61:8d:7d:77:ce:3c:3d:28:27:8c:3d:e6:55:
         58:82:f1:be:b5:7e:cc:92:31:6e:9b:28:73:8d:21:17:62:d6:
         83:81:6b:89:6d:81:da:ce:79:93:33:7b:ba:0e:46:91:08:be:
         d6:ae:6d:10:ca:f5:e1:7a:d1:3d:a3:38:d7:03:92:c4:78:91:
         5d:f7:19:d1:03:33:0b:32:4e:28:05:10:fb:9b:20:46:76:b8:
         97:46:28:aa:e1:5d:95:cf:aa:5e:63:9d:23:07:45:a4:7d:1c:
         cf:8c:b0:28:10:27:38:6d:0f:2b:b8:5d:af:21:9a:d5:bf:b4:
         f6:45:e6:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yTmvq9bo5uf08+zGoQc/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjBhNGQ4NzRkOTYwMWM4MTQyYzM1MmY4MGM1NmE0MzI3
NmNkNDcwHhcNMjYwMTAxMTgxOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzdkODBhYTAyMDJhNTYxOTVlNDg1MTdlOWY5YjI3YWJlZmQ0MGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEAD7niI+9RTX8o8HW+kmbC4wbSi
jmuQSMcrkjC8PufAUPtdrIt2UHmFIwQuIKQ3zw9G+kuZS+mC0cfvMfJOd7wrwFD/
QQiMUukdb+D7z1tGAysbW0zNAg2uDmQNqiSUmZ7Guglb+TYFMhcSKZ9BgSBBbbTW
Hmz7PQlPsEu5a9hmd5zyy+pp6m141io/2Gyeti8F9+qNOirQphqAV8BMIukPxiiA
2jJqMM1KWF2AvYjR9mjX/jaH2LZp+iZ/M6QyVw89hqvOc085E/fTjbyGqn4yht2N
pd5XzFqV/usOICEZwte80S3uDPqiS3Ilmdg559h34UyAwRniO7R8xl37JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKd9gKoCAqVhleSFF+n5snq+/UDGMB8GA1UdIwQY
MBaAFLpgpNh02WAcgULDUvgMVqQyds1HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1DazJIVFpZQnlCUXNOUy1BeFdwREoyelVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8yOGNiNWMtMjk4Zi00ZDhiLTgxNWIt
ZTVhMzc3OGJlM2FkLzEvcDMyQXFnSUNwV0dWNUlVWDZmbXllcjc5UU1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8yOGNiNWMtMjk4Zi00ZDhiLTgxNWItZTVhMzc3OGJlM2Fk
LzEvdW1DazJIVFpZQnlCUXNOUy1BeFdwREoyelVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjpxMA0G
CSqGSIb3DQEBCwUAA4IBAQBnyPf4lLRDP3ed7FCSwPpMjLtA28GY/2jhK9gLkbrQ
gD4HGgwQ+AVGos7JIqBzIDVrKXPrP6kYxOi8lGNCikgDFHjjBrWpR/LSoFcOTx2F
vw80EvhCfgKwFXJIiEcvcf8eQi+qzWlIXXgnt2UCCOOtQjaZzhci+lozG7Vdwpm0
Kz+MiWGNfXfOPD0oJ4w95lVYgvG+tX7MkjFumyhzjSEXYtaDgWuJbYHaznmTM3u6
DkaRCL7Wrm0QyvXhetE9ozjXA5LEeJFd9xnRAzMLMk4oBRD7myBGdriXRiiq4V2V
z6peY50jB0WkfRzPjLAoECc4bQ8ruF2vIZrVv7T2ReZF
-----END CERTIFICATE-----