This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/n2yklqPTbZScECuvP8sdtw1dqJs.roa
File:                     n2yklqPTbZScECuvP8sdtw1dqJs.roa (raw, json)
Hash identifier:          XUl4EOZ0ACrcilwccYybYvigPaj+N+oRT70pMBR6/n4=
Subject key identifier:   9F:6C:A4:96:A3:D3:6D:94:9C:10:2B:AF:3F:CB:1D:B7:0D:5D:A8:9B
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       019B76EB85D91AF38851EB5619EC6E629DCC
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/n2yklqPTbZScECuvP8sdtw1dqJs.roa
Signing time:             Thu 01 Jan 2026 00:18:25 +0000
ROA not before:           Thu 01 Jan 2026 00:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208485
IP address blocks:        84.247.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:85:d9:1a:f3:88:51:eb:56:19:ec:6e:62:9d:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  1 00:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9f6ca496a3d36d949c102baf3fcb1db70d5da89b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:8d:35:c2:3d:6f:12:ae:43:6b:08:ea:ee:0b:
                    35:a3:77:75:cf:90:82:c8:dd:82:51:ae:ad:ba:42:
                    da:ef:9b:dd:96:d9:15:5d:8c:81:30:3e:56:95:54:
                    b8:d1:6f:09:0a:27:da:b6:06:0c:fc:2a:34:a7:af:
                    2f:33:22:48:12:bb:4e:33:78:9b:cd:f7:ea:dc:37:
                    a0:07:08:7d:de:39:63:c7:04:81:46:79:c1:d4:85:
                    1a:08:a9:ce:7d:0b:ac:a1:07:62:e0:ed:6f:33:1c:
                    3b:ac:00:e1:5a:b9:a7:29:3b:33:38:e9:5a:36:57:
                    71:e4:e4:f6:33:19:97:3b:1e:49:e3:76:85:79:6f:
                    78:22:e8:50:d4:1b:6c:96:bc:b9:66:1a:b1:f6:ed:
                    ba:b3:8a:78:ec:b8:9c:8e:57:db:20:07:72:6b:40:
                    cb:32:d7:c8:5e:13:29:2c:08:ab:06:39:a0:fd:67:
                    f1:01:cb:6d:9b:9d:fe:d8:b6:78:48:ee:44:2e:23:
                    91:30:58:67:e2:97:80:49:95:ce:80:d7:ec:d9:9f:
                    9c:2f:0c:40:d0:69:bd:48:12:a2:3c:db:55:c4:8b:
                    ab:05:d5:af:f7:5c:53:f5:ef:a2:48:97:5c:d5:f7:
                    df:52:88:59:b8:74:2a:0e:e9:07:34:5a:3d:89:54:
                    d4:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:6C:A4:96:A3:D3:6D:94:9C:10:2B:AF:3F:CB:1D:B7:0D:5D:A8:9B
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/n2yklqPTbZScECuvP8sdtw1dqJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.247.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:00:a7:4e:21:0c:3a:5e:ad:02:eb:ba:26:44:b8:a2:02:4b:
         6d:77:e0:ed:b1:b4:c5:02:65:50:88:ae:4e:d9:97:d7:b3:6d:
         79:45:3f:b7:9b:d8:a6:90:4d:bf:79:cf:da:06:61:9c:1c:7e:
         66:64:ac:d5:67:54:77:67:19:2f:df:3e:dc:c7:7b:15:4a:3d:
         ec:41:34:7c:cc:04:65:1e:df:ae:79:21:1c:ca:21:17:35:7f:
         be:9b:30:3c:1e:fc:73:d4:dc:79:7d:20:1b:f9:d7:65:bf:75:
         ec:ba:94:2b:1d:fa:f5:69:8e:e1:15:8e:06:61:65:e6:7c:da:
         de:82:b8:31:2c:ce:e0:ad:02:5e:9c:77:a0:a8:02:eb:3a:86:
         12:aa:98:e9:a1:1f:c3:7f:c1:cc:07:93:17:00:32:ec:53:36:
         f2:f8:f5:13:0b:03:51:8b:a8:f4:64:a4:6f:3d:fb:64:66:ee:
         bf:82:ee:e6:d8:82:fd:8d:c5:cc:f3:ac:ea:8a:86:a7:1c:db:
         bb:56:38:25:68:30:dd:87:fc:5e:74:4d:3d:9b:58:e6:33:d4:
         c2:95:5e:5c:15:a4:b9:df:d5:65:17:53:5e:3a:8a:7b:9b:36:
         d6:cb:bd:06:cb:6a:f6:2d:7d:6f:13:77:4d:fc:e9:f2:e6:13:
         3e:bb:8a:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt264XZGvOIUetWGexuYp3MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjYwMTAxMDAxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjZjYTQ5NmEzZDM2ZDk0OWMxMDJiYWYzZmNiMWRiNzBkNWRhODliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsI01wj1vEq5Dawjq7gs1o3d1z5CC
yN2CUa6tukLa75vdltkVXYyBMD5WlVS40W8JCifatgYM/Co0p68vMyJIErtOM3ib
zffq3DegBwh93jljxwSBRnnB1IUaCKnOfQusoQdi4O1vMxw7rADhWrmnKTszOOla
Nldx5OT2MxmXOx5J43aFeW94IuhQ1Btslry5Zhqx9u26s4p47LicjlfbIAdya0DL
MtfIXhMpLAirBjmg/WfxActtm53+2LZ4SO5ELiORMFhn4peASZXOgNfs2Z+cLwxA
0Gm9SBKiPNtVxIurBdWv91xT9e+iSJdc1fffUohZuHQqDukHNFo9iVTUNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ9spJaj022UnBArrz/LHbcNXaibMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvbjJ5a2xxUFRiWlNjRUN1dlA4c2R0dzFkcUpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPcXMA0G
CSqGSIb3DQEBCwUAA4IBAQCmAKdOIQw6Xq0C67omRLiiAkttd+DtsbTFAmVQiK5O
2ZfXs215RT+3m9imkE2/ec/aBmGcHH5mZKzVZ1R3Zxkv3z7cx3sVSj3sQTR8zARl
Ht+ueSEcyiEXNX++mzA8Hvxz1Nx5fSAb+ddlv3XsupQrHfr1aY7hFY4GYWXmfNre
grgxLM7grQJenHegqALrOoYSqpjpoR/Df8HMB5MXADLsUzby+PUTCwNRi6j0ZKRv
PftkZu6/gu7m2IL9jcXM86zqioanHNu7VjglaDDdh/xedE09m1jmM9TClV5cFaS5
39VlF1NeOop7mzbWy70Gy2r2LX1vE3dN/Ony5hM+u4rz
-----END CERTIFICATE-----