This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/002a88-3a85-476f-b452-60a039dd1bca/1/2GTvWzpclUq6kJYm-wsP_GwJPLY.roa
File:                     2GTvWzpclUq6kJYm-wsP_GwJPLY.roa (raw, json)
Hash identifier:          fYmZ9Cu3/ER+umCuIKfV6emnqQD55csuls9mkFBGOE4=
Subject key identifier:   D8:64:EF:5B:3A:5C:95:4A:BA:90:96:26:FB:0B:0F:FC:6C:09:3C:B6
Certificate issuer:       /CN=f2ee5b6849c8c81f5a763595588a6ba6821e767b
Certificate serial:       019B78A2348B030A0B8999A504648E78FEDE
Authority key identifier: F2:EE:5B:68:49:C8:C8:1F:5A:76:35:95:58:8A:6B:A6:82:1E:76:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8u5baEnIyB9adjWVWIprpoIedns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/002a88-3a85-476f-b452-60a039dd1bca/1/2GTvWzpclUq6kJYm-wsP_GwJPLY.roa
Signing time:             Thu 01 Jan 2026 08:17:34 +0000
ROA not before:           Thu 01 Jan 2026 08:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212559
IP address blocks:        5.252.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/002a88-3a85-476f-b452-60a039dd1bca/1/8u5baEnIyB9adjWVWIprpoIedns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/002a88-3a85-476f-b452-60a039dd1bca/1/8u5baEnIyB9adjWVWIprpoIedns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8u5baEnIyB9adjWVWIprpoIedns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:34:8b:03:0a:0b:89:99:a5:04:64:8e:78:fe:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2ee5b6849c8c81f5a763595588a6ba6821e767b
        Validity
            Not Before: Jan  1 08:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d864ef5b3a5c954aba909626fb0b0ffc6c093cb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4d:78:8f:76:b7:29:c2:84:8c:9a:f9:5f:93:
                    97:7a:a3:8f:c9:23:7d:42:05:87:03:dc:75:5a:23:
                    a1:71:84:58:c7:59:7d:47:cf:60:03:cb:0d:ff:24:
                    ce:18:26:db:33:5d:0a:0c:49:7e:55:85:ad:ea:5e:
                    35:87:cd:f7:2a:18:13:97:79:d6:0f:58:36:ed:46:
                    e7:37:09:8e:38:38:69:f2:c3:b7:c6:f5:1e:44:51:
                    50:60:6f:57:c4:b5:22:1b:7a:52:43:f0:a8:c4:4c:
                    7c:40:85:3e:64:1d:f7:ba:d1:74:d8:c7:d8:77:ef:
                    d3:22:da:e5:7f:5f:a3:d9:3a:c2:35:20:36:1b:a5:
                    f6:08:39:ff:d7:b1:60:61:48:d3:33:be:e7:dd:1e:
                    2a:1d:86:e6:ee:21:b1:3e:42:eb:91:36:41:96:87:
                    35:be:52:6d:1e:0c:6e:76:08:ed:ab:36:a2:8d:c2:
                    54:d4:7d:3f:88:16:80:72:5d:98:53:6a:76:8d:17:
                    47:c8:35:2c:43:d1:76:31:7a:8c:8f:90:e1:89:c4:
                    d9:fc:47:94:8a:db:00:b9:bb:27:69:ae:bc:93:a5:
                    78:e1:50:5b:1f:bf:00:a6:79:23:fa:b3:c7:71:49:
                    51:fb:93:8e:56:93:cb:9b:87:ed:85:af:c5:6a:3d:
                    ab:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:64:EF:5B:3A:5C:95:4A:BA:90:96:26:FB:0B:0F:FC:6C:09:3C:B6
            X509v3 Authority Key Identifier:
                keyid:F2:EE:5B:68:49:C8:C8:1F:5A:76:35:95:58:8A:6B:A6:82:1E:76:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8u5baEnIyB9adjWVWIprpoIedns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/002a88-3a85-476f-b452-60a039dd1bca/1/2GTvWzpclUq6kJYm-wsP_GwJPLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/002a88-3a85-476f-b452-60a039dd1bca/1/8u5baEnIyB9adjWVWIprpoIedns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:43:75:0c:a7:c4:c2:5f:85:a2:dd:4e:14:93:bf:20:b4:4b:
         34:2f:a5:ab:2b:3c:a9:19:c1:27:b5:6c:f9:cc:65:56:65:89:
         40:c5:96:df:08:bc:0d:76:3c:28:fa:51:f5:c3:0c:27:98:fe:
         f6:b5:a8:ff:20:8f:69:bc:cc:57:8c:d5:e8:ed:32:77:9b:7a:
         9d:6a:c1:8b:14:1a:06:e3:a1:7a:c5:74:4c:19:5e:30:69:d2:
         3d:ff:fb:1f:e6:7d:5b:e5:b0:00:8d:8d:19:2a:40:20:82:c5:
         f6:17:c1:ec:e7:4f:5f:55:51:95:ef:98:f8:5b:e1:ad:88:77:
         10:e8:ff:6b:9e:8b:cd:01:c7:cb:88:24:3c:a5:e1:fc:97:82:
         7f:b6:94:16:0a:16:85:fa:4a:87:38:81:22:47:d8:1a:f1:6a:
         a5:aa:66:0f:b0:be:bf:e1:fe:cb:a3:a4:d0:e8:4f:0a:f3:57:
         dd:aa:4f:06:f0:87:cf:72:1a:11:0e:57:37:d9:e0:d7:04:e0:
         ec:68:42:23:48:a3:a9:bc:af:6c:8d:d4:3e:57:dc:ef:cc:87:
         1e:c1:d9:ea:9f:8f:59:ec:eb:87:24:1f:68:b8:04:24:75:79:
         aa:41:f5:71:47:15:21:92:43:b0:b3:de:d5:e9:60:c1:6f:e6:
         f5:f6:eb:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4ojSLAwoLiZmlBGSOeP7eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyZWU1YjY4NDljOGM4MWY1YTc2MzU5NTU4OGE2YmE2ODIx
ZTc2N2IwHhcNMjYwMTAxMDgxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODY0ZWY1YjNhNWM5NTRhYmE5MDk2MjZmYjBiMGZmYzZjMDkzY2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvU14j3a3KcKEjJr5X5OXeqOPySN9
QgWHA9x1WiOhcYRYx1l9R89gA8sN/yTOGCbbM10KDEl+VYWt6l41h833KhgTl3nW
D1g27UbnNwmOODhp8sO3xvUeRFFQYG9XxLUiG3pSQ/CoxEx8QIU+ZB33utF02MfY
d+/TItrlf1+j2TrCNSA2G6X2CDn/17FgYUjTM77n3R4qHYbm7iGxPkLrkTZBloc1
vlJtHgxudgjtqzaijcJU1H0/iBaAcl2YU2p2jRdHyDUsQ9F2MXqMj5DhicTZ/EeU
itsAubsnaa68k6V44VBbH78Apnkj+rPHcUlR+5OOVpPLm4ftha/Faj2rJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhk71s6XJVKupCWJvsLD/xsCTy2MB8GA1UdIwQY
MBaAFPLuW2hJyMgfWnY1lViKa6aCHnZ7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHU1YmFFbkl5QjlhZGpXVldJcHJwb0llZG5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8wMDJhODgtM2E4NS00NzZmLWI0NTIt
NjBhMDM5ZGQxYmNhLzEvMkdUdld6cGNsVXE2a0pZbS13c1BfR3dKUExZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8wMDJhODgtM2E4NS00NzZmLWI0NTItNjBhMDM5ZGQxYmNh
LzEvOHU1YmFFbkl5QjlhZGpXVldJcHJwb0llZG5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABfwSMA0G
CSqGSIb3DQEBCwUAA4IBAQAIQ3UMp8TCX4Wi3U4Uk78gtEs0L6WrKzypGcEntWz5
zGVWZYlAxZbfCLwNdjwo+lH1wwwnmP72taj/II9pvMxXjNXo7TJ3m3qdasGLFBoG
46F6xXRMGV4wadI9//sf5n1b5bAAjY0ZKkAggsX2F8Hs509fVVGV75j4W+GtiHcQ
6P9rnovNAcfLiCQ8peH8l4J/tpQWChaF+kqHOIEiR9ga8WqlqmYPsL6/4f7Lo6TQ
6E8K81fdqk8G8IfPchoRDlc32eDXBODsaEIjSKOpvK9sjdQ+V9zvzIcewdnqn49Z
7OuHJB9ouAQkdXmqQfVxRxUhkkOws97V6WDBb+b19uum
-----END CERTIFICATE-----