This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/2KT2czJmk8Z-8XJAZpmqhUgSsE8.roa
File:                     2KT2czJmk8Z-8XJAZpmqhUgSsE8.roa (raw, json)
Hash identifier:          nXNy2p661PctJ9afX7oXOhqLSx2PZn816PNlq251BLw=
Subject key identifier:   D8:A4:F6:73:32:66:93:C6:7E:F1:72:40:66:99:AA:85:48:12:B0:4F
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       019B7BA54CCF57D7D19A74250C6072DF2140
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/2KT2czJmk8Z-8XJAZpmqhUgSsE8.roa
Signing time:             Thu 01 Jan 2026 22:19:49 +0000
ROA not before:           Thu 01 Jan 2026 22:19:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206410
IP address blocks:        84.238.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:4c:cf:57:d7:d1:9a:74:25:0c:60:72:df:21:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 22:19:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d8a4f673326693c67ef172406699aa854812b04f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:2f:44:a4:83:a6:e4:15:ff:b3:4b:c1:76:7b:
                    38:26:b9:5f:eb:f9:a6:ac:2c:38:a0:a8:da:01:c7:
                    a6:a9:85:4f:85:df:dd:dd:f0:2a:6b:c7:19:74:a8:
                    0e:7f:06:d9:41:8c:69:6f:0e:fd:e9:03:71:c8:3d:
                    db:79:0e:aa:9e:28:90:25:3d:0c:c6:28:33:d4:7c:
                    17:fd:d5:bb:6d:35:29:00:95:38:95:3e:22:5f:46:
                    08:b6:a2:af:be:ca:bb:22:26:11:5a:ee:f5:35:a3:
                    c0:c7:bd:cd:99:71:fe:df:08:c8:fd:bc:c1:8e:32:
                    d7:9d:c9:f8:0c:23:fd:8f:92:5b:a2:c8:a3:8a:34:
                    ab:fd:ff:e3:81:39:54:ac:b6:fa:a9:af:35:20:3d:
                    73:d2:ef:c3:c8:ec:de:f0:30:28:1c:07:33:ac:20:
                    0d:c4:43:48:8f:f2:5a:f0:37:c9:e3:4c:d3:95:b5:
                    a9:7b:a3:23:a6:f5:fa:eb:a7:b9:53:5b:b6:43:3c:
                    7d:3a:95:f9:0d:e6:78:f1:cd:f6:f2:02:04:b2:03:
                    8a:18:bf:a6:71:d6:61:d6:42:0e:d1:d9:68:fe:a4:
                    aa:6a:e7:14:52:c4:cf:6a:5f:23:ca:53:f8:4e:64:
                    3f:3d:89:e5:4a:1f:d4:30:62:41:b1:b5:cf:0e:74:
                    99:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:A4:F6:73:32:66:93:C6:7E:F1:72:40:66:99:AA:85:48:12:B0:4F
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/2KT2czJmk8Z-8XJAZpmqhUgSsE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.238.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:28:c7:52:a7:78:28:38:40:1b:0a:b6:75:6c:52:44:46:bb:
         83:59:53:0c:00:87:69:f2:71:01:1b:52:da:6e:a0:99:d9:e6:
         f2:0c:f8:a7:3d:b9:65:c5:22:2b:74:8f:90:9e:e8:73:9d:6b:
         87:71:97:52:f2:b3:2a:1a:58:a8:b5:30:93:c9:5f:4c:f0:09:
         67:d8:57:c1:fd:8c:fb:4e:cd:e2:b4:35:37:af:1a:b5:e6:a2:
         5d:4f:35:7e:5c:4e:c6:23:2d:c4:a5:29:df:0d:a3:4b:b6:c4:
         24:72:56:23:e1:a7:2e:c1:1f:6a:64:98:57:76:97:e6:fa:17:
         e5:e3:de:a4:d7:d6:2f:d4:43:18:28:3e:b7:e9:88:6f:63:39:
         0e:00:03:3f:d2:e3:5a:03:56:51:62:c9:26:62:2a:ca:c3:2b:
         c9:8a:1d:91:26:56:84:24:96:df:e2:bb:dc:0f:7b:29:b0:c5:
         de:50:1d:93:a4:62:8e:a2:32:f2:85:60:4f:7b:35:5d:55:46:
         3b:9b:fd:72:cc:a8:8f:d9:05:42:d1:8c:b5:9c:a3:a1:57:32:
         73:72:3a:59:ad:0f:ac:4a:e2:c1:82:f3:63:8e:4f:11:6d:47:
         21:a2:66:d6:3e:f9:d6:8b:b7:48:11:25:6f:c0:5c:49:44:85:
         f6:9a:55:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pUzPV9fRmnQlDGBy3yFAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwMTAxMjIxOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGE0ZjY3MzMyNjY5M2M2N2VmMTcyNDA2Njk5YWE4NTQ4MTJiMDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjS9EpIOm5BX/s0vBdns4Jrlf6/mm
rCw4oKjaAcemqYVPhd/d3fAqa8cZdKgOfwbZQYxpbw796QNxyD3beQ6qniiQJT0M
xigz1HwX/dW7bTUpAJU4lT4iX0YItqKvvsq7IiYRWu71NaPAx73NmXH+3wjI/bzB
jjLXncn4DCP9j5JbosijijSr/f/jgTlUrLb6qa81ID1z0u/DyOze8DAoHAczrCAN
xENIj/Ja8DfJ40zTlbWpe6MjpvX666e5U1u2Qzx9OpX5DeZ48c328gIEsgOKGL+m
cdZh1kIO0dlo/qSqaucUUsTPal8jylP4TmQ/PYnlSh/UMGJBsbXPDnSZ6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNik9nMyZpPGfvFyQGaZqoVIErBPMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvMktUMmN6Sm1rOFotOFhKQVpwbXFoVWdTc0U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVO6lMA0G
CSqGSIb3DQEBCwUAA4IBAQBoKMdSp3goOEAbCrZ1bFJERruDWVMMAIdp8nEBG1La
bqCZ2ebyDPinPbllxSIrdI+QnuhznWuHcZdS8rMqGliotTCTyV9M8Aln2FfB/Yz7
Ts3itDU3rxq15qJdTzV+XE7GIy3EpSnfDaNLtsQkclYj4acuwR9qZJhXdpfm+hfl
496k19Yv1EMYKD636YhvYzkOAAM/0uNaA1ZRYskmYirKwyvJih2RJlaEJJbf4rvc
D3spsMXeUB2TpGKOojLyhWBPezVdVUY7m/1yzKiP2QVC0Yy1nKOhVzJzcjpZrQ+s
SuLBgvNjjk8RbUchombWPvnWi7dIESVvwFxJRIX2mlVp
-----END CERTIFICATE-----