This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/Rxt2CLseUCvSS0aBQtPjXzszCqg.roa
File:                     Rxt2CLseUCvSS0aBQtPjXzszCqg.roa (raw, json)
Hash identifier:          t/WG3LqTBzVpZUkPVYwf0yWDRBg9EaL/KqhhkGh1DOc=
Subject key identifier:   47:1B:76:08:BB:1E:50:2B:D2:4B:46:81:42:D3:E3:5F:3B:33:0A:A8
Certificate issuer:       /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial:       019B7F154EFC67A104CE2746E12667BFCD7B
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/Rxt2CLseUCvSS0aBQtPjXzszCqg.roa
Signing time:             Fri 02 Jan 2026 14:21:01 +0000
ROA not before:           Fri 02 Jan 2026 14:21:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        2.255.190.0/24 maxlen: 24
                          2.255.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 08:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:4e:fc:67:a1:04:ce:27:46:e1:26:67:bf:cd:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
        Validity
            Not Before: Jan  2 14:21:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=471b7608bb1e502bd24b468142d3e35f3b330aa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:c5:c8:61:68:e8:52:4b:cb:fa:dd:3c:72:b8:
                    89:46:30:5f:41:80:f1:64:36:f5:c6:8b:74:b3:3e:
                    ba:5e:86:c8:7c:75:2d:a2:be:db:d5:8e:7b:cb:2a:
                    ba:7f:cb:a5:c8:17:97:03:56:f9:1e:be:b6:41:63:
                    70:93:17:e5:5f:09:5a:4f:d3:bc:fe:cd:62:39:e5:
                    5c:1f:07:6f:f4:29:39:4b:61:1f:72:f1:95:ab:94:
                    c8:b4:bf:10:12:f3:47:f5:f4:a1:95:e7:74:89:03:
                    2f:a8:ac:3f:23:f6:59:5e:fb:03:c3:5f:72:e2:26:
                    e8:b1:d2:52:44:8a:b6:c0:82:5e:85:f9:57:83:99:
                    87:84:1e:71:cf:72:13:fc:c6:50:da:83:45:e2:30:
                    96:db:3f:3a:62:bf:24:d3:53:35:8e:eb:3a:35:65:
                    22:f3:1d:06:24:66:23:0d:f0:3a:5a:6d:9e:18:3a:
                    13:b0:db:69:b0:e3:a7:71:b7:79:1f:43:be:4a:62:
                    37:a8:91:4c:23:97:03:e7:52:05:40:bf:bc:34:3d:
                    36:f9:ae:a2:d4:46:d9:9f:43:42:d2:2c:32:0a:87:
                    1b:64:24:b2:bd:07:2b:a5:57:41:33:36:e8:0b:5d:
                    bb:31:d6:a7:dc:64:db:bc:f2:7b:7d:76:6d:93:95:
                    03:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:1B:76:08:BB:1E:50:2B:D2:4B:46:81:42:D3:E3:5F:3B:33:0A:A8
            X509v3 Authority Key Identifier:
                keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/Rxt2CLseUCvSS0aBQtPjXzszCqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.255.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d9:c4:6a:7e:51:54:e2:a3:88:1c:d0:a1:c3:ab:bd:18:6f:72:
         b1:0c:90:fd:d6:9c:f0:47:d1:58:24:31:cb:90:23:4f:c2:f0:
         c4:c7:40:fb:3c:8d:70:67:1d:1a:49:42:f6:58:5a:99:6a:bd:
         7c:a9:b9:09:4c:eb:23:aa:19:13:25:16:cd:60:f3:ed:8a:94:
         47:20:dc:cd:ea:99:47:94:a8:27:ce:a9:25:cb:16:e5:aa:ff:
         54:18:01:39:4d:56:3f:4e:59:ba:67:dc:fc:16:bb:c0:13:99:
         d3:ab:8a:12:66:88:74:80:ea:8b:cf:1e:df:17:f6:62:20:a1:
         90:aa:99:47:46:1d:4f:d6:50:a8:5c:3d:39:4d:07:9e:03:74:
         08:f1:46:a5:1c:63:ad:53:d9:68:d3:96:0a:2a:d2:79:6d:8c:
         2a:a7:7c:4b:fe:9b:94:f3:a7:18:7c:92:bd:4d:06:d1:af:72:
         e4:69:8a:2d:39:01:5e:0f:0f:22:e4:4c:c3:df:7b:74:a8:62:
         fb:f8:b4:8f:80:b7:3f:e9:0e:d1:f0:6b:a5:d8:90:ca:0d:e1:
         a4:b7:55:9e:08:1b:c0:96:bb:1a:91:92:53:ba:34:e7:70:e2:
         52:b9:7e:4c:82:7d:fb:93:b6:fb:28:78:cb:ef:dc:15:51:0e:
         11:a0:a1:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FU78Z6EEzidG4SZnv817MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjgxMzhkNGVjMmVhNTFjYWNlZjA5ZmYxMDU4YTM3MGE1
YmUxOTAwHhcNMjYwMTAyMTQyMTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzFiNzYwOGJiMWU1MDJiZDI0YjQ2ODE0MmQzZTM1ZjNiMzMwYWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA38XIYWjoUkvL+t08criJRjBfQYDx
ZDb1xot0sz66XobIfHUtor7b1Y57yyq6f8ulyBeXA1b5Hr62QWNwkxflXwlaT9O8
/s1iOeVcHwdv9Ck5S2EfcvGVq5TItL8QEvNH9fShled0iQMvqKw/I/ZZXvsDw19y
4ibosdJSRIq2wIJehflXg5mHhB5xz3IT/MZQ2oNF4jCW2z86Yr8k01M1jus6NWUi
8x0GJGYjDfA6Wm2eGDoTsNtpsOOncbd5H0O+SmI3qJFMI5cD51IFQL+8ND02+a6i
1EbZn0NC0iwyCocbZCSyvQcrpVdBMzboC127Mdan3GTbvPJ7fXZtk5UDawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEcbdgi7HlAr0ktGgULT4187MwqoMB8GA1UdIwQY
MBaAFB9oE41OwupRys7wn/EFijcKW+GQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgt
NjA4NTY0ODM5ZmQwLzEvUnh0MkNMc2VVQ3ZTUzBhQlF0UGpYenN6Q3FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgtNjA4NTY0ODM5ZmQw
LzEvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBAv++MA0G
CSqGSIb3DQEBCwUAA4IBAQDZxGp+UVTio4gc0KHDq70Yb3KxDJD91pzwR9FYJDHL
kCNPwvDEx0D7PI1wZx0aSUL2WFqZar18qbkJTOsjqhkTJRbNYPPtipRHINzN6plH
lKgnzqklyxblqv9UGAE5TVY/Tlm6Z9z8FrvAE5nTq4oSZoh0gOqLzx7fF/ZiIKGQ
qplHRh1P1lCoXD05TQeeA3QI8UalHGOtU9lo05YKKtJ5bYwqp3xL/puU86cYfJK9
TQbRr3LkaYotOQFeDw8i5EzD33t0qGL7+LSPgLc/6Q7R8Gul2JDKDeGkt1WeCBvA
lrsakZJTujTncOJSuX5Mgn37k7b7KHjL79wVUQ4RoKG1
-----END CERTIFICATE-----