This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/5c22c6-7dc3-4c8c-82ac-936175ad2eb0/1/r2Z0mF-ld7ejJHAo1JnNl0agdIw.roa
File:                     r2Z0mF-ld7ejJHAo1JnNl0agdIw.roa (raw, json)
Hash identifier:          fBq7MnnqEMG6p2yBeqITh+XzH9thl2M1F8ElvslUqpA=
Subject key identifier:   AF:66:74:98:5F:A5:77:B7:A3:24:70:28:D4:99:CD:97:46:A0:74:8C
Certificate issuer:       /CN=db25d03fc18f2f42cda503869de194fd8cc21aa9
Certificate serial:       019B7B36B2F36873FECDD4774F5197D5DE53
Authority key identifier: DB:25:D0:3F:C1:8F:2F:42:CD:A5:03:86:9D:E1:94:FD:8C:C2:1A:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2yXQP8GPL0LNpQOGneGU_YzCGqk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/5c22c6-7dc3-4c8c-82ac-936175ad2eb0/1/r2Z0mF-ld7ejJHAo1JnNl0agdIw.roa
Signing time:             Thu 01 Jan 2026 20:19:00 +0000
ROA not before:           Thu 01 Jan 2026 20:19:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197192
IP address blocks:        195.226.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/5c22c6-7dc3-4c8c-82ac-936175ad2eb0/1/2yXQP8GPL0LNpQOGneGU_YzCGqk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/5c22c6-7dc3-4c8c-82ac-936175ad2eb0/1/2yXQP8GPL0LNpQOGneGU_YzCGqk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2yXQP8GPL0LNpQOGneGU_YzCGqk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:b2:f3:68:73:fe:cd:d4:77:4f:51:97:d5:de:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db25d03fc18f2f42cda503869de194fd8cc21aa9
        Validity
            Not Before: Jan  1 20:19:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af6674985fa577b7a3247028d499cd9746a0748c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d3:c3:8a:ef:d7:b5:94:d8:72:64:a0:6b:fd:
                    fe:a4:b4:7c:44:8c:0e:a2:eb:67:05:e5:d4:1b:69:
                    68:c1:85:80:10:d3:b7:34:1d:83:e7:7d:7f:04:9e:
                    59:ff:78:1b:70:b7:9b:09:50:91:68:83:c3:09:15:
                    ba:b9:6b:b1:ad:11:f6:a4:53:42:cb:49:b2:d8:b3:
                    ad:54:10:cc:8e:41:69:ff:6f:37:f8:02:2f:1d:c6:
                    2d:f4:5d:b0:df:04:aa:f4:78:ef:00:54:42:e8:d8:
                    94:25:e5:26:0d:63:ff:4a:8d:c0:12:20:5c:7d:31:
                    c8:07:8c:4e:dd:85:46:2c:c7:5a:09:13:84:30:d3:
                    d1:5c:80:0c:1e:07:fb:c2:3d:fd:54:e9:56:ac:e1:
                    6e:c5:1d:73:4d:6b:57:ed:e1:91:56:22:d9:27:d9:
                    c9:29:f1:37:92:1c:c1:81:89:76:08:9b:11:78:ed:
                    79:b9:5e:0c:3d:42:57:45:06:43:2b:a1:6d:d8:97:
                    45:6a:0e:c5:8e:88:5d:5c:b4:2b:61:8a:6f:c1:28:
                    9f:ef:9a:3d:1e:df:13:2e:f4:6e:f9:03:75:73:2a:
                    f8:0c:2a:24:77:84:3f:5f:ee:2a:b9:e5:93:c6:f3:
                    5d:ff:72:7e:87:49:e8:69:51:01:8f:29:6c:49:31:
                    6c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:66:74:98:5F:A5:77:B7:A3:24:70:28:D4:99:CD:97:46:A0:74:8C
            X509v3 Authority Key Identifier:
                keyid:DB:25:D0:3F:C1:8F:2F:42:CD:A5:03:86:9D:E1:94:FD:8C:C2:1A:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2yXQP8GPL0LNpQOGneGU_YzCGqk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/5c22c6-7dc3-4c8c-82ac-936175ad2eb0/1/r2Z0mF-ld7ejJHAo1JnNl0agdIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/5c22c6-7dc3-4c8c-82ac-936175ad2eb0/1/2yXQP8GPL0LNpQOGneGU_YzCGqk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.226.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:84:e8:dc:3d:2f:00:54:67:45:85:7e:d0:d4:82:c4:32:e4:
         9e:9a:a1:bf:ea:5f:ba:9e:7d:d0:42:22:10:19:11:bc:de:5f:
         58:14:54:e3:5c:33:5b:16:b2:41:68:05:bb:45:30:ef:13:91:
         cf:3d:bb:8f:36:89:1c:1b:5c:48:2b:56:1a:09:00:7a:de:16:
         87:fc:17:54:02:6b:de:16:ff:de:30:3f:30:62:2c:12:92:27:
         df:c4:ba:c8:ab:56:b5:75:db:da:ef:56:98:0c:e8:2a:ea:a5:
         f6:82:8d:a3:6f:9f:71:30:be:9f:9e:d1:f2:08:8b:6b:2a:a0:
         4e:e3:58:c8:50:89:79:03:45:bc:d7:91:9c:e8:a0:29:7e:0d:
         c7:9e:26:68:98:c8:38:8c:ad:bb:db:48:26:d6:a9:13:ca:63:
         32:73:7b:d2:fd:83:80:af:b1:49:2d:21:77:3b:71:7f:b6:f2:
         6a:ce:16:15:c6:65:82:f0:a4:1c:95:98:a7:50:a3:2c:18:8e:
         3d:19:c6:65:40:16:71:db:67:8a:5b:32:c3:ac:7d:e6:26:a1:
         a9:be:1a:73:7d:a7:56:8b:d9:87:9e:71:ab:c0:63:6d:99:81:
         82:eb:5e:5e:8d:9b:94:d1:8f:3a:b9:1a:a2:d2:d4:ec:86:ca:
         1e:65:49:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NrLzaHP+zdR3T1GX1d5TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMjVkMDNmYzE4ZjJmNDJjZGE1MDM4NjlkZTE5NGZkOGNj
MjFhYTkwHhcNMjYwMTAxMjAxOTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjY2NzQ5ODVmYTU3N2I3YTMyNDcwMjhkNDk5Y2Q5NzQ2YTA3NDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNPDiu/XtZTYcmSga/3+pLR8RIwO
outnBeXUG2lowYWAENO3NB2D531/BJ5Z/3gbcLebCVCRaIPDCRW6uWuxrRH2pFNC
y0my2LOtVBDMjkFp/283+AIvHcYt9F2w3wSq9HjvAFRC6NiUJeUmDWP/So3AEiBc
fTHIB4xO3YVGLMdaCROEMNPRXIAMHgf7wj39VOlWrOFuxR1zTWtX7eGRViLZJ9nJ
KfE3khzBgYl2CJsReO15uV4MPUJXRQZDK6Ft2JdFag7FjohdXLQrYYpvwSif75o9
Ht8TLvRu+QN1cyr4DCokd4Q/X+4queWTxvNd/3J+h0noaVEBjylsSTFsuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK9mdJhfpXe3oyRwKNSZzZdGoHSMMB8GA1UdIwQY
MBaAFNsl0D/Bjy9CzaUDhp3hlP2MwhqpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnlYUVA4R1BMMExOcFFPR25lR1VfWXpDR3FrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC81YzIyYzYtN2RjMy00YzhjLTgyYWMt
OTM2MTc1YWQyZWIwLzEvcjJaMG1GLWxkN2VqSkhBbzFKbk5sMGFnZEl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC81YzIyYzYtN2RjMy00YzhjLTgyYWMtOTM2MTc1YWQyZWIw
LzEvMnlYUVA4R1BMMExOcFFPR25lR1VfWXpDR3FrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+LVMA0G
CSqGSIb3DQEBCwUAA4IBAQCLhOjcPS8AVGdFhX7Q1ILEMuSemqG/6l+6nn3QQiIQ
GRG83l9YFFTjXDNbFrJBaAW7RTDvE5HPPbuPNokcG1xIK1YaCQB63haH/BdUAmve
Fv/eMD8wYiwSkiffxLrIq1a1ddva71aYDOgq6qX2go2jb59xML6fntHyCItrKqBO
41jIUIl5A0W815Gc6KApfg3HniZomMg4jK2720gm1qkTymMyc3vS/YOAr7FJLSF3
O3F/tvJqzhYVxmWC8KQclZinUKMsGI49GcZlQBZx22eKWzLDrH3mJqGpvhpzfadW
i9mHnnGrwGNtmYGC615ejZuU0Y86uRqi0tTshsoeZUmC
-----END CERTIFICATE-----