This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/rwjTxAqZKPBlElgvDAU-f-vNVSU.roa
File:                     rwjTxAqZKPBlElgvDAU-f-vNVSU.roa (raw, json)
Hash identifier:          qZmPStnQqLnQ3VAKmwHpkw6F3Vb7MA3o3QuCx4OPObM=
Subject key identifier:   AF:08:D3:C4:0A:99:28:F0:65:12:58:2F:0C:05:3E:7F:EB:CD:55:25
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       019B797E42EFFBF59B3201CE75EBB70C80FE
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/rwjTxAqZKPBlElgvDAU-f-vNVSU.roa
Signing time:             Thu 01 Jan 2026 12:17:56 +0000
ROA not before:           Thu 01 Jan 2026 12:17:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213279
IP address blocks:        2.57.252.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 12:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:42:ef:fb:f5:9b:32:01:ce:75:eb:b7:0c:80:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  1 12:17:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af08d3c40a9928f06512582f0c053e7febcd5525
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:c0:26:a0:7e:37:04:89:ac:2c:a5:28:fd:54:
                    b8:95:37:a8:5d:67:b1:69:73:76:ca:2c:aa:83:67:
                    b7:6a:c8:0c:a9:a4:d8:d5:e8:9f:9b:7d:d4:65:d4:
                    4c:b8:9f:f5:d3:5e:47:49:a9:05:43:5b:eb:a8:fe:
                    0e:31:8c:5e:09:b1:f6:db:8c:71:d3:8c:0a:03:4e:
                    a2:1e:b1:7d:e5:20:ca:09:fb:c8:47:a6:37:2b:d9:
                    27:1b:f5:b4:6e:42:95:25:0d:34:fc:46:bb:97:34:
                    59:bb:70:11:01:4f:e6:87:c6:cc:2e:8a:f9:36:c9:
                    c9:49:01:fc:38:75:81:01:a1:20:80:96:58:18:92:
                    1b:79:55:bd:38:84:f9:4d:b9:1a:08:50:99:5b:0f:
                    64:7d:19:79:62:a8:af:fa:76:92:78:00:d0:72:44:
                    84:f6:09:b9:bc:11:65:9a:fd:f9:b6:10:cf:c0:39:
                    ab:4d:92:1b:89:8a:dd:90:2a:9f:fd:e5:5b:0e:8c:
                    fa:bb:ec:c6:5a:fd:84:d4:65:fd:35:03:25:b6:61:
                    59:60:c7:4a:84:75:76:49:5b:da:44:20:1d:bd:8e:
                    88:e6:6d:be:da:e8:27:3a:c4:a0:ab:9c:14:7a:32:
                    98:43:94:d7:ac:bc:f4:be:ab:d6:c0:36:eb:a9:50:
                    3b:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:08:D3:C4:0A:99:28:F0:65:12:58:2F:0C:05:3E:7F:EB:CD:55:25
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/rwjTxAqZKPBlElgvDAU-f-vNVSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:4c:ca:63:c5:f8:b3:f1:b2:85:ef:49:95:d3:9e:b6:2c:03:
         27:67:ea:a0:1e:43:f0:8e:73:b6:c4:e4:e3:f4:38:e9:23:20:
         bf:4f:72:82:22:99:f6:c0:fb:4b:e8:a9:b8:54:b2:f0:1a:fb:
         db:8d:18:bd:32:35:89:e1:68:35:11:e3:a7:7c:5a:9a:1f:90:
         1c:fe:b7:f5:37:d6:7d:0a:3a:8b:36:b6:34:32:a5:ac:46:ec:
         7b:fb:df:39:5f:2f:68:e1:48:c3:69:1a:4f:83:98:df:9a:6e:
         ea:bf:2a:9f:c4:f2:5b:f8:57:d6:17:43:b9:42:61:b4:0e:f5:
         fa:b6:88:ab:ad:cf:79:14:a9:04:93:0a:a7:5a:bb:31:99:36:
         bb:c7:43:c7:6d:d3:b4:5f:e9:55:40:d6:c6:b9:86:09:33:e6:
         91:31:c6:f0:a3:ce:de:20:04:fe:7f:99:5f:94:9f:3f:9c:e0:
         e8:36:4d:28:27:94:cb:41:ff:6f:63:75:0e:e2:ad:6a:78:a2:
         ab:58:62:c8:f7:8e:1b:22:fa:fc:6d:e0:73:c4:6f:4e:ce:d4:
         8f:bd:0f:0b:b0:1a:24:a2:4d:f8:a2:b8:54:c2:d3:0a:c7:d8:
         65:bf:a7:33:50:b9:d8:e0:8a:14:ba:86:20:99:38:53:17:1e:
         c8:23:21:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fkLv+/WbMgHOdeu3DID+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjYwMTAxMTIxNzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjA4ZDNjNDBhOTkyOGYwNjUxMjU4MmYwYzA1M2U3ZmViY2Q1NTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4cAmoH43BImsLKUo/VS4lTeoXWex
aXN2yiyqg2e3asgMqaTY1eifm33UZdRMuJ/1015HSakFQ1vrqP4OMYxeCbH224xx
04wKA06iHrF95SDKCfvIR6Y3K9knG/W0bkKVJQ00/Ea7lzRZu3ARAU/mh8bMLor5
NsnJSQH8OHWBAaEggJZYGJIbeVW9OIT5TbkaCFCZWw9kfRl5Yqiv+naSeADQckSE
9gm5vBFlmv35thDPwDmrTZIbiYrdkCqf/eVbDoz6u+zGWv2E1GX9NQMltmFZYMdK
hHV2SVvaRCAdvY6I5m2+2ugnOsSgq5wUejKYQ5TXrLz0vqvWwDbrqVA7fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8I08QKmSjwZRJYLwwFPn/rzVUlMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvcndqVHhBcVpLUEJsRWxndkRBVS1mLXZOVlNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjn8MA0G
CSqGSIb3DQEBCwUAA4IBAQBETMpjxfiz8bKF70mV0562LAMnZ+qgHkPwjnO2xOTj
9DjpIyC/T3KCIpn2wPtL6Km4VLLwGvvbjRi9MjWJ4Wg1EeOnfFqaH5Ac/rf1N9Z9
CjqLNrY0MqWsRux7+985Xy9o4UjDaRpPg5jfmm7qvyqfxPJb+FfWF0O5QmG0DvX6
toirrc95FKkEkwqnWrsxmTa7x0PHbdO0X+lVQNbGuYYJM+aRMcbwo87eIAT+f5lf
lJ8/nODoNk0oJ5TLQf9vY3UO4q1qeKKrWGLI944bIvr8beBzxG9OztSPvQ8LsBok
ok34orhUwtMKx9hlv6czULnY4IoUuoYgmThTFx7IIyHU
-----END CERTIFICATE-----