This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/a14272-2794-4f38-9640-478ed7f8d05e/1/2i-4ee2wP9JCOqgKECftxH61WUM.roa
File:                     2i-4ee2wP9JCOqgKECftxH61WUM.roa (raw, json)
Hash identifier:          QQKwzJfgPGXePgVfTn1B7G5l+qkMGWhzUecnh31tn84=
Subject key identifier:   DA:2F:B8:79:ED:B0:3F:D2:42:3A:A8:0A:10:27:ED:C4:7E:B5:59:43
Certificate issuer:       /CN=8bd4bcbf35db7fe2ef663522a5a3a3979a4f1ff8
Certificate serial:       019B7BA5046E8561E92C872F1EDECFC2623C
Authority key identifier: 8B:D4:BC:BF:35:DB:7F:E2:EF:66:35:22:A5:A3:A3:97:9A:4F:1F:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i9S8vzXbf-LvZjUipaOjl5pPH_g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/a14272-2794-4f38-9640-478ed7f8d05e/1/2i-4ee2wP9JCOqgKECftxH61WUM.roa
Signing time:             Thu 01 Jan 2026 22:19:30 +0000
ROA not before:           Thu 01 Jan 2026 22:19:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60667
IP address blocks:        45.84.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/a14272-2794-4f38-9640-478ed7f8d05e/1/i9S8vzXbf-LvZjUipaOjl5pPH_g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/a14272-2794-4f38-9640-478ed7f8d05e/1/i9S8vzXbf-LvZjUipaOjl5pPH_g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i9S8vzXbf-LvZjUipaOjl5pPH_g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:04:6e:85:61:e9:2c:87:2f:1e:de:cf:c2:62:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bd4bcbf35db7fe2ef663522a5a3a3979a4f1ff8
        Validity
            Not Before: Jan  1 22:19:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da2fb879edb03fd2423aa80a1027edc47eb55943
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:da:6a:1b:d2:77:cd:30:48:c4:f6:4d:0f:34:
                    c4:ad:17:4f:47:57:2f:1e:ff:b8:c4:4c:23:8c:43:
                    68:34:51:4e:08:89:7f:3c:33:c0:7f:5d:30:ed:87:
                    36:de:15:c1:e9:77:5d:b4:7f:83:15:43:7a:2f:ee:
                    52:79:44:1f:1f:e0:b5:db:f5:44:67:9e:63:5c:95:
                    8c:3c:bf:b7:c1:68:89:24:9f:d7:23:bc:27:92:0d:
                    6d:3f:1d:f9:59:d7:d6:a7:4b:fb:bb:30:ce:f9:8a:
                    a5:2f:3b:ed:77:88:76:39:44:67:de:85:79:a4:86:
                    a5:77:71:63:e0:95:1b:d1:5d:ad:e4:11:76:89:01:
                    64:ff:2d:68:52:dc:60:1d:5f:41:fe:03:de:d8:50:
                    31:b7:0a:aa:cc:a4:14:23:d6:2c:11:d1:31:85:b6:
                    81:40:d3:f0:03:96:ee:4c:a2:8e:96:70:be:53:aa:
                    2d:57:54:de:00:0d:a3:19:0e:86:5e:5e:15:f1:90:
                    a8:56:ad:f6:e5:9c:b3:4a:b6:87:89:83:96:a4:70:
                    0c:cf:01:8d:50:d4:c9:4e:51:64:fe:44:8c:aa:3e:
                    b5:70:24:60:1e:c0:eb:f0:22:4c:60:3f:4a:32:16:
                    67:24:0a:3b:37:97:cb:d7:16:db:35:ec:53:9a:0e:
                    1f:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:2F:B8:79:ED:B0:3F:D2:42:3A:A8:0A:10:27:ED:C4:7E:B5:59:43
            X509v3 Authority Key Identifier:
                keyid:8B:D4:BC:BF:35:DB:7F:E2:EF:66:35:22:A5:A3:A3:97:9A:4F:1F:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i9S8vzXbf-LvZjUipaOjl5pPH_g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/a14272-2794-4f38-9640-478ed7f8d05e/1/2i-4ee2wP9JCOqgKECftxH61WUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/a14272-2794-4f38-9640-478ed7f8d05e/1/i9S8vzXbf-LvZjUipaOjl5pPH_g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:53:7c:91:6c:9d:56:c5:84:7e:48:cc:1f:26:d9:0c:87:7b:
         ec:bb:f0:66:01:8e:d4:15:9f:84:f3:21:d4:c9:a1:7e:68:0e:
         c1:f8:24:06:97:5e:98:9a:44:c1:02:15:12:aa:e1:0b:1d:f0:
         44:82:85:22:46:75:ee:a4:f1:81:fe:ab:cb:ad:ae:87:53:a7:
         d9:86:2a:aa:62:c3:69:af:ce:80:e8:95:ae:bb:eb:13:b6:33:
         75:da:d9:f7:06:b2:85:76:ea:8f:fd:09:c4:37:b0:46:7f:1c:
         8f:af:88:29:f3:fb:e4:e8:d8:99:8a:82:46:f5:23:e8:61:27:
         ae:de:b0:a4:2f:5a:b0:3b:f1:88:d6:2b:d5:1c:c5:71:09:a9:
         51:7b:bc:da:c7:55:72:8c:1e:88:3e:1e:8c:21:77:ce:da:dd:
         18:b0:7c:58:da:ad:81:94:77:07:64:59:6f:e3:4a:44:3b:88:
         8b:d2:94:ee:6e:c1:42:91:55:e2:f9:6d:66:ba:ac:79:fb:eb:
         93:e7:66:cc:38:19:23:58:d3:33:6b:31:c1:b5:57:f7:f5:c0:
         a2:1e:a2:1e:b8:f7:c0:74:3c:46:dc:92:93:ad:5c:c6:15:0d:
         ba:4a:89:9d:62:41:25:33:9d:3a:5d:34:37:c4:36:d2:f2:a3:
         70:b7:52:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pQRuhWHpLIcvHt7PwmI8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZDRiY2JmMzVkYjdmZTJlZjY2MzUyMmE1YTNhMzk3OWE0
ZjFmZjgwHhcNMjYwMTAxMjIxOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTJmYjg3OWVkYjAzZmQyNDIzYWE4MGExMDI3ZWRjNDdlYjU1OTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstpqG9J3zTBIxPZNDzTErRdPR1cv
Hv+4xEwjjENoNFFOCIl/PDPAf10w7Yc23hXB6XddtH+DFUN6L+5SeUQfH+C12/VE
Z55jXJWMPL+3wWiJJJ/XI7wnkg1tPx35WdfWp0v7uzDO+YqlLzvtd4h2OURn3oV5
pIald3Fj4JUb0V2t5BF2iQFk/y1oUtxgHV9B/gPe2FAxtwqqzKQUI9YsEdExhbaB
QNPwA5buTKKOlnC+U6otV1TeAA2jGQ6GXl4V8ZCoVq325ZyzSraHiYOWpHAMzwGN
UNTJTlFk/kSMqj61cCRgHsDr8CJMYD9KMhZnJAo7N5fL1xbbNexTmg4fsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNovuHntsD/SQjqoChAn7cR+tVlDMB8GA1UdIwQY
MBaAFIvUvL8123/i72Y1IqWjo5eaTx/4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTlTOHZ6WGJmLUx2WmpVaXBhT2psNXBQSF9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9hMTQyNzItMjc5NC00ZjM4LTk2NDAt
NDc4ZWQ3ZjhkMDVlLzEvMmktNGVlMndQOUpDT3FnS0VDZnR4SDYxV1VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9hMTQyNzItMjc5NC00ZjM4LTk2NDAtNDc4ZWQ3ZjhkMDVl
LzEvaTlTOHZ6WGJmLUx2WmpVaXBhT2psNXBQSF9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVTTMA0G
CSqGSIb3DQEBCwUAA4IBAQAwU3yRbJ1WxYR+SMwfJtkMh3vsu/BmAY7UFZ+E8yHU
yaF+aA7B+CQGl16YmkTBAhUSquELHfBEgoUiRnXupPGB/qvLra6HU6fZhiqqYsNp
r86A6JWuu+sTtjN12tn3BrKFduqP/QnEN7BGfxyPr4gp8/vk6NiZioJG9SPoYSeu
3rCkL1qwO/GI1ivVHMVxCalRe7zax1VyjB6IPh6MIXfO2t0YsHxY2q2BlHcHZFlv
40pEO4iL0pTubsFCkVXi+W1muqx5++uT52bMOBkjWNMzazHBtVf39cCiHqIeuPfA
dDxG3JKTrVzGFQ26SomdYkElM506XTQ3xDbS8qNwt1KI
-----END CERTIFICATE-----