This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/6e6405-dbe7-42b2-887c-ffdebec8f505/1/2_kKsluZPpTjZPOr9nXKxoDbv6o.roa
File:                     2_kKsluZPpTjZPOr9nXKxoDbv6o.roa (raw, json)
Hash identifier:          oJRwhRHFVN4UC8uIJgD85cpNy3gmR91KVrX4wcGTHWc=
Subject key identifier:   DB:F9:0A:B2:5B:99:3E:94:E3:64:F3:AB:F6:75:CA:C6:80:DB:BF:AA
Certificate issuer:       /CN=e4db0301fe2461c6de3f718d847cb5dc7c00b2d2
Certificate serial:       019B7910156B0823964337C63D9B88B68CB3
Authority key identifier: E4:DB:03:01:FE:24:61:C6:DE:3F:71:8D:84:7C:B5:DC:7C:00:B2:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5NsDAf4kYcbeP3GNhHy13HwAstI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/6e6405-dbe7-42b2-887c-ffdebec8f505/1/2_kKsluZPpTjZPOr9nXKxoDbv6o.roa
Signing time:             Thu 01 Jan 2026 10:17:35 +0000
ROA not before:           Thu 01 Jan 2026 10:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29107
IP address blocks:        91.216.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/6e6405-dbe7-42b2-887c-ffdebec8f505/1/5NsDAf4kYcbeP3GNhHy13HwAstI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/6e6405-dbe7-42b2-887c-ffdebec8f505/1/5NsDAf4kYcbeP3GNhHy13HwAstI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5NsDAf4kYcbeP3GNhHy13HwAstI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 19:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:15:6b:08:23:96:43:37:c6:3d:9b:88:b6:8c:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4db0301fe2461c6de3f718d847cb5dc7c00b2d2
        Validity
            Not Before: Jan  1 10:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dbf90ab25b993e94e364f3abf675cac680dbbfaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:46:65:2c:35:73:39:57:41:2c:53:7e:00:d5:
                    c8:b2:ea:99:18:72:a6:76:44:f9:76:03:be:65:42:
                    c7:c5:49:3f:70:23:23:b5:7a:fe:d8:7d:3d:e4:50:
                    89:e3:3b:3f:3c:6d:71:d6:d9:06:00:38:db:fd:9f:
                    1d:1c:6f:4b:8b:74:26:b1:d1:a7:92:b1:0f:52:33:
                    10:15:88:e0:69:88:17:6e:04:b3:5d:33:77:13:6f:
                    52:2f:44:7f:a5:b6:47:5a:7b:57:9a:e3:d3:b2:fc:
                    44:aa:8b:a4:d0:fd:df:ac:2c:38:22:7c:74:11:87:
                    87:dd:10:83:78:cb:09:4e:cf:80:de:39:8b:a9:e4:
                    ce:f6:53:2e:14:2d:06:9a:15:e4:05:c8:ed:ea:e1:
                    df:ab:8f:b1:77:5a:ea:fd:0e:8a:6c:2c:9d:3f:48:
                    bb:62:a5:0b:9e:55:c2:07:49:b2:fc:5d:c4:ae:2e:
                    db:0b:0f:14:28:42:dd:3c:d0:f7:c4:b8:c5:d4:bd:
                    83:50:59:b8:4e:96:cf:a6:4d:d4:f8:54:16:a4:2f:
                    77:17:5e:b4:44:ec:00:05:58:88:e0:f8:8f:74:34:
                    d6:22:00:a4:86:5a:6a:6d:aa:f7:61:6f:84:bc:eb:
                    a0:6b:dd:9a:44:a3:b5:5d:ed:32:e1:30:d8:5f:77:
                    1e:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:F9:0A:B2:5B:99:3E:94:E3:64:F3:AB:F6:75:CA:C6:80:DB:BF:AA
            X509v3 Authority Key Identifier:
                keyid:E4:DB:03:01:FE:24:61:C6:DE:3F:71:8D:84:7C:B5:DC:7C:00:B2:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5NsDAf4kYcbeP3GNhHy13HwAstI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/6e6405-dbe7-42b2-887c-ffdebec8f505/1/2_kKsluZPpTjZPOr9nXKxoDbv6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/6e6405-dbe7-42b2-887c-ffdebec8f505/1/5NsDAf4kYcbeP3GNhHy13HwAstI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:5d:f2:4f:c8:c5:15:d1:9b:68:41:66:4a:2e:80:5a:9c:78:
         5f:76:69:18:76:82:45:31:aa:87:b5:4d:d0:30:32:71:6b:88:
         b4:9c:94:46:51:5a:86:9e:2c:31:29:c7:63:b6:10:27:98:ef:
         ff:40:c9:fd:52:d6:d2:d0:ca:a5:32:35:a7:2e:75:cb:27:c7:
         e8:84:79:ae:da:4d:b1:65:c7:d8:1c:5c:46:2f:ef:60:d6:91:
         cf:8a:9c:0c:c2:96:af:f2:06:d2:eb:32:4a:3b:b4:e9:a5:68:
         f9:64:47:1b:5d:0e:b4:d6:2d:0f:ba:12:d6:f5:f2:01:11:6e:
         d4:02:4a:bf:31:29:63:31:36:53:6c:e6:c9:9a:06:ec:35:9c:
         81:65:21:80:9b:8f:a3:d3:6c:4e:51:4a:d0:77:5d:cc:6c:1d:
         02:47:58:32:78:d8:5a:a2:ce:04:84:d6:1c:51:7d:06:a3:89:
         c6:de:c5:78:65:80:c5:5f:b7:82:46:f9:3a:c0:10:9a:ae:67:
         4c:a6:b6:87:56:2d:d4:3a:b3:88:91:ce:b4:70:5c:03:fb:0c:
         f7:b2:62:80:a3:a3:7a:77:80:8d:ab:5a:5b:48:9c:58:ca:d0:
         ca:31:01:2e:08:01:6f:ca:cf:45:6e:f5:ab:c3:81:21:f1:47:
         af:b5:9d:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EBVrCCOWQzfGPZuItoyzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0ZGIwMzAxZmUyNDYxYzZkZTNmNzE4ZDg0N2NiNWRjN2Mw
MGIyZDIwHhcNMjYwMTAxMTAxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmY5MGFiMjViOTkzZTk0ZTM2NGYzYWJmNjc1Y2FjNjgwZGJiZmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUZlLDVzOVdBLFN+ANXIsuqZGHKm
dkT5dgO+ZULHxUk/cCMjtXr+2H095FCJ4zs/PG1x1tkGADjb/Z8dHG9Li3QmsdGn
krEPUjMQFYjgaYgXbgSzXTN3E29SL0R/pbZHWntXmuPTsvxEqouk0P3frCw4Inx0
EYeH3RCDeMsJTs+A3jmLqeTO9lMuFC0GmhXkBcjt6uHfq4+xd1rq/Q6KbCydP0i7
YqULnlXCB0my/F3Eri7bCw8UKELdPND3xLjF1L2DUFm4TpbPpk3U+FQWpC93F160
ROwABViI4PiPdDTWIgCkhlpqbar3YW+EvOuga92aRKO1Xe0y4TDYX3cegQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNv5CrJbmT6U42Tzq/Z1ysaA27+qMB8GA1UdIwQY
MBaAFOTbAwH+JGHG3j9xjYR8tdx8ALLSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU5zREFmNGtZY2JlUDNHTmhIeTEzSHdBc3RJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC82ZTY0MDUtZGJlNy00MmIyLTg4N2Mt
ZmZkZWJlYzhmNTA1LzEvMl9rS3NsdVpQcFRqWlBPcjluWEt4b0RidjZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC82ZTY0MDUtZGJlNy00MmIyLTg4N2MtZmZkZWJlYzhmNTA1
LzEvNU5zREFmNGtZY2JlUDNHTmhIeTEzSHdBc3RJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9iwMA0G
CSqGSIb3DQEBCwUAA4IBAQBWXfJPyMUV0ZtoQWZKLoBanHhfdmkYdoJFMaqHtU3Q
MDJxa4i0nJRGUVqGniwxKcdjthAnmO//QMn9UtbS0MqlMjWnLnXLJ8fohHmu2k2x
ZcfYHFxGL+9g1pHPipwMwpav8gbS6zJKO7TppWj5ZEcbXQ601i0PuhLW9fIBEW7U
Akq/MSljMTZTbObJmgbsNZyBZSGAm4+j02xOUUrQd13MbB0CR1gyeNhaos4EhNYc
UX0Go4nG3sV4ZYDFX7eCRvk6wBCarmdMpraHVi3UOrOIkc60cFwD+wz3smKAo6N6
d4CNq1pbSJxYytDKMQEuCAFvys9FbvWrw4Eh8UevtZ0t
-----END CERTIFICATE-----