This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/7514d6-59de-460e-8e2f-ffcee1533577/1/y2taGqw2UEDAKG5TCLDBWFLjqEw.roa
File:                     y2taGqw2UEDAKG5TCLDBWFLjqEw.roa (raw, json)
Hash identifier:          tK8h1c2C7RZoKF8ADN3Dd1e3mCsCEmC4/YVEGzes/WY=
Subject key identifier:   CB:6B:5A:1A:AC:36:50:40:C0:28:6E:53:08:B0:C1:58:52:E3:A8:4C
Certificate issuer:       /CN=2d9ae102e6cadb471a30a0c85933e0390bf2f9ca
Certificate serial:       019B7D5B7EAF10FFACFBD4BA3FC9728A3B0A
Authority key identifier: 2D:9A:E1:02:E6:CA:DB:47:1A:30:A0:C8:59:33:E0:39:0B:F2:F9:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LZrhAubK20caMKDIWTPgOQvy-co.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/7514d6-59de-460e-8e2f-ffcee1533577/1/y2taGqw2UEDAKG5TCLDBWFLjqEw.roa
Signing time:             Fri 02 Jan 2026 06:18:26 +0000
ROA not before:           Fri 02 Jan 2026 06:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30848
IP address blocks:        185.21.72.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/7514d6-59de-460e-8e2f-ffcee1533577/1/LZrhAubK20caMKDIWTPgOQvy-co.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/7514d6-59de-460e-8e2f-ffcee1533577/1/LZrhAubK20caMKDIWTPgOQvy-co.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LZrhAubK20caMKDIWTPgOQvy-co.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:7e:af:10:ff:ac:fb:d4:ba:3f:c9:72:8a:3b:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d9ae102e6cadb471a30a0c85933e0390bf2f9ca
        Validity
            Not Before: Jan  2 06:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cb6b5a1aac365040c0286e5308b0c15852e3a84c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:23:fb:3d:8c:e3:f0:e6:26:ef:fb:86:42:a9:
                    07:53:bc:b5:ec:ff:b3:cd:5f:36:f4:8d:c0:93:43:
                    83:d9:49:59:a5:3b:99:63:3a:62:a9:c7:4a:32:71:
                    a7:41:1c:7b:aa:05:8d:9f:bb:07:40:f7:3c:14:7a:
                    61:95:9a:a4:11:46:a0:02:84:39:81:af:f7:f8:aa:
                    41:b2:87:a7:0a:d7:0c:1f:28:24:98:0e:4c:8b:0f:
                    82:90:b2:f2:6b:b7:41:1a:0a:c1:cf:e4:85:3f:22:
                    f4:ea:49:f0:4c:8e:cc:23:6b:6f:31:be:22:18:2b:
                    4b:ee:0a:73:66:0b:db:75:be:40:f7:87:ea:78:e1:
                    28:1e:60:4b:06:35:a2:83:65:bd:f3:20:97:b8:ac:
                    63:9d:14:5c:0a:de:47:73:e8:3a:b4:45:b9:c4:50:
                    c0:55:68:9d:ca:21:7c:ba:45:a9:e7:b3:58:52:fa:
                    fd:a3:08:52:6e:fb:16:83:31:bd:0a:ba:87:f5:29:
                    e9:1e:60:ef:b0:ac:0d:a5:fe:59:bf:11:18:8b:2d:
                    23:7a:c8:3d:69:cc:48:c4:73:85:8e:93:5f:26:2c:
                    4c:3b:09:21:cd:fe:b7:2f:e0:f2:c5:8b:97:c4:9c:
                    59:d2:cf:46:d2:99:35:e8:b3:69:d2:d2:e4:a8:b5:
                    12:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:6B:5A:1A:AC:36:50:40:C0:28:6E:53:08:B0:C1:58:52:E3:A8:4C
            X509v3 Authority Key Identifier:
                keyid:2D:9A:E1:02:E6:CA:DB:47:1A:30:A0:C8:59:33:E0:39:0B:F2:F9:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LZrhAubK20caMKDIWTPgOQvy-co.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7514d6-59de-460e-8e2f-ffcee1533577/1/y2taGqw2UEDAKG5TCLDBWFLjqEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7514d6-59de-460e-8e2f-ffcee1533577/1/LZrhAubK20caMKDIWTPgOQvy-co.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:01:61:16:3e:28:e1:eb:57:1c:10:66:8f:c1:6e:a7:7e:28:
         57:53:de:68:66:5b:3c:43:0f:2e:b5:a7:8e:71:66:65:a9:ff:
         21:c9:a7:a8:f3:6c:5e:0f:9f:18:6e:cf:db:5a:df:8d:09:1f:
         97:b3:74:e4:df:04:2b:72:87:9b:31:5d:70:8c:6e:ec:ab:9a:
         8e:26:a5:16:0d:38:3d:ba:10:47:5b:c6:a3:b8:5a:f5:c1:eb:
         5a:44:b5:e3:ec:ad:87:fa:26:f7:d8:59:27:b9:7f:ba:c6:ce:
         c0:0c:0e:fd:c0:7e:13:4c:f5:f6:c0:fc:60:1b:a4:c0:e7:62:
         07:a8:12:02:d8:1d:c4:0f:38:91:85:64:f5:2a:2d:95:4e:a1:
         40:50:47:c9:2c:37:f9:37:80:3d:c2:08:e6:7a:7d:9f:6c:a6:
         99:c1:5d:d9:66:e0:f0:0f:95:be:c8:e4:6b:66:a7:f8:f7:23:
         25:98:c4:d7:72:c9:ed:8f:a3:c7:bb:4c:dd:4a:a7:9e:d4:c4:
         04:e4:e9:a9:8f:d7:8d:e8:0a:55:ee:ea:b9:28:04:6b:33:19:
         c2:61:bf:35:78:9b:6b:fb:e0:c9:a1:14:54:58:77:c3:16:4b:
         10:84:b4:1d:32:44:b2:69:08:f5:f9:98:f0:3e:79:6f:c9:55:
         c8:e5:ad:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9W36vEP+s+9S6P8lyijsKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkOWFlMTAyZTZjYWRiNDcxYTMwYTBjODU5MzNlMDM5MGJm
MmY5Y2EwHhcNMjYwMTAyMDYxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjZiNWExYWFjMzY1MDQwYzAyODZlNTMwOGIwYzE1ODUyZTNhODRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4yP7PYzj8OYm7/uGQqkHU7y17P+z
zV829I3Ak0OD2UlZpTuZYzpiqcdKMnGnQRx7qgWNn7sHQPc8FHphlZqkEUagAoQ5
ga/3+KpBsoenCtcMHygkmA5Miw+CkLLya7dBGgrBz+SFPyL06knwTI7MI2tvMb4i
GCtL7gpzZgvbdb5A94fqeOEoHmBLBjWig2W98yCXuKxjnRRcCt5Hc+g6tEW5xFDA
VWidyiF8ukWp57NYUvr9owhSbvsWgzG9CrqH9SnpHmDvsKwNpf5ZvxEYiy0jesg9
acxIxHOFjpNfJixMOwkhzf63L+DyxYuXxJxZ0s9G0pk16LNp0tLkqLUS9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMtrWhqsNlBAwChuUwiwwVhS46hMMB8GA1UdIwQY
MBaAFC2a4QLmyttHGjCgyFkz4DkL8vnKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFpyaEF1YksyMGNhTUtESVdUUGdPUXZ5LWNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS83NTE0ZDYtNTlkZS00NjBlLThlMmYt
ZmZjZWUxNTMzNTc3LzEveTJ0YUdxdzJVRURBS0c1VENMREJXRkxqcUV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS83NTE0ZDYtNTlkZS00NjBlLThlMmYtZmZjZWUxNTMzNTc3
LzEvTFpyaEF1YksyMGNhTUtESVdUUGdPUXZ5LWNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRVIMA0G
CSqGSIb3DQEBCwUAA4IBAQCTAWEWPijh61ccEGaPwW6nfihXU95oZls8Qw8utaeO
cWZlqf8hyaeo82xeD58Ybs/bWt+NCR+Xs3Tk3wQrcoebMV1wjG7sq5qOJqUWDTg9
uhBHW8ajuFr1wetaRLXj7K2H+ib32FknuX+6xs7ADA79wH4TTPX2wPxgG6TA52IH
qBIC2B3EDziRhWT1Ki2VTqFAUEfJLDf5N4A9wgjmen2fbKaZwV3ZZuDwD5W+yORr
Zqf49yMlmMTXcsntj6PHu0zdSqee1MQE5Ompj9eN6ApV7uq5KARrMxnCYb81eJtr
++DJoRRUWHfDFksQhLQdMkSyaQj1+ZjwPnlvyVXI5a25
-----END CERTIFICATE-----
Generated at Tue Jan 27 08:30:19 2026 by rpki-client