This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/bd7780-eb53-4c1d-acce-cfe7e3f9f92d/1/2oHiZnjzT420MbEkQGJ7v40Fe9I.roa
File:                     2oHiZnjzT420MbEkQGJ7v40Fe9I.roa (raw, json)
Hash identifier:          Czu1tA9q/Wmcp0lOrzTS/3SnNIxEWPYmLWHdzKOsNLk=
Subject key identifier:   DA:81:E2:66:78:F3:4F:8D:B4:31:B1:24:40:62:7B:BF:8D:05:7B:D2
Certificate issuer:       /CN=54ce2445a2e8874318bf249b73a654c990919ee0
Certificate serial:       019B77592DCEBD2D6DE62398F6C84ADA89A8
Authority key identifier: 54:CE:24:45:A2:E8:87:43:18:BF:24:9B:73:A6:54:C9:90:91:9E:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VM4kRaLoh0MYvySbc6ZUyZCRnuA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/bd7780-eb53-4c1d-acce-cfe7e3f9f92d/1/2oHiZnjzT420MbEkQGJ7v40Fe9I.roa
Signing time:             Thu 01 Jan 2026 02:18:11 +0000
ROA not before:           Thu 01 Jan 2026 02:18:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48154
IP address blocks:        94.125.152.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/bd7780-eb53-4c1d-acce-cfe7e3f9f92d/1/VM4kRaLoh0MYvySbc6ZUyZCRnuA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/bd7780-eb53-4c1d-acce-cfe7e3f9f92d/1/VM4kRaLoh0MYvySbc6ZUyZCRnuA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VM4kRaLoh0MYvySbc6ZUyZCRnuA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 20:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:2d:ce:bd:2d:6d:e6:23:98:f6:c8:4a:da:89:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54ce2445a2e8874318bf249b73a654c990919ee0
        Validity
            Not Before: Jan  1 02:18:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da81e26678f34f8db431b12440627bbf8d057bd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:5f:9f:68:94:f8:e6:dd:ec:00:c0:ad:35:4f:
                    85:8b:c8:cd:19:a6:c9:a8:9f:11:ab:9b:4f:68:b1:
                    6b:d5:73:b8:ca:0a:ab:9a:22:42:f7:c9:5c:6a:37:
                    20:a1:be:99:59:d6:06:ca:e7:2a:ee:7f:25:64:a3:
                    5e:38:f7:18:eb:36:2a:67:f1:ad:a1:98:a2:2e:29:
                    08:de:5c:08:ae:b2:1c:99:ab:51:84:f0:d0:5f:48:
                    19:8a:4a:bd:75:13:81:d2:dd:52:b3:d1:04:b0:77:
                    c9:99:83:2b:29:ff:b7:6c:39:2e:e8:29:f0:39:1c:
                    67:91:a1:4d:7b:57:66:e1:77:eb:ae:de:db:e6:ad:
                    2b:b1:d5:01:c8:9e:53:f9:2c:1f:45:aa:9f:d2:de:
                    5e:c7:e0:68:a6:fd:1c:e7:89:29:d3:6d:79:b6:58:
                    33:08:b7:77:99:ec:cb:e4:0e:1b:92:2f:ec:33:62:
                    cf:30:a2:63:5b:9e:b8:fe:f4:cf:c3:c1:5e:66:d6:
                    04:47:90:a3:89:87:f2:c1:a0:f3:dc:7d:76:9b:96:
                    1c:d1:8b:57:7d:c2:0b:2b:19:ed:67:26:82:67:8d:
                    79:44:ba:cd:f0:8d:ac:da:b7:75:7c:5c:38:7a:95:
                    3a:32:12:66:5b:7b:fa:fe:8f:13:f6:48:89:41:96:
                    83:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:81:E2:66:78:F3:4F:8D:B4:31:B1:24:40:62:7B:BF:8D:05:7B:D2
            X509v3 Authority Key Identifier:
                keyid:54:CE:24:45:A2:E8:87:43:18:BF:24:9B:73:A6:54:C9:90:91:9E:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VM4kRaLoh0MYvySbc6ZUyZCRnuA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/bd7780-eb53-4c1d-acce-cfe7e3f9f92d/1/2oHiZnjzT420MbEkQGJ7v40Fe9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/bd7780-eb53-4c1d-acce-cfe7e3f9f92d/1/VM4kRaLoh0MYvySbc6ZUyZCRnuA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.125.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         22:18:f3:9f:3f:be:49:c6:fd:02:a1:e3:b3:aa:1a:1d:ea:f3:
         1a:57:09:71:33:1b:2f:eb:54:df:d7:6b:8a:41:84:e4:3a:fe:
         46:72:12:96:07:be:08:d4:d7:2c:40:d3:4d:f0:c5:62:cd:78:
         e1:fc:1f:f9:fc:1d:8a:60:0f:21:d1:e9:fb:2a:e9:ec:27:00:
         4e:d0:9a:71:e8:b6:42:aa:c1:76:eb:c7:50:9a:ef:d7:e6:b5:
         d3:50:28:c9:75:11:9b:74:1a:a0:cb:fe:dc:46:7e:78:d3:02:
         db:3d:d8:71:f6:60:b4:cc:a1:dc:19:88:1f:9e:d3:d5:5d:76:
         93:d9:42:0d:30:e6:01:e0:f9:44:12:b7:b3:00:60:e0:60:bf:
         6e:7c:9b:48:9b:97:65:cc:c8:e9:73:94:25:c7:dd:cf:a4:25:
         a3:45:a5:0f:17:68:92:ec:6a:57:19:70:6f:4a:ab:3f:02:3b:
         aa:97:c8:a4:b5:1f:50:e1:a9:db:1e:eb:6e:cb:92:3f:a5:ee:
         c3:5d:9e:6c:06:85:8b:e5:f4:49:7a:1b:d6:51:c8:c5:03:5e:
         16:cb:e4:43:28:ae:fd:a7:92:56:bd:da:2d:43:a5:50:9e:7d:
         90:a1:56:5c:9d:09:f1:a0:76:e7:36:2e:42:16:ca:04:9a:e9:
         b6:65:fc:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WS3OvS1t5iOY9shK2omoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2UyNDQ1YTJlODg3NDMxOGJmMjQ5YjczYTY1NGM5OTA5
MTllZTAwHhcNMjYwMTAxMDIxODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTgxZTI2Njc4ZjM0ZjhkYjQzMWIxMjQ0MDYyN2JiZjhkMDU3YmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2F+faJT45t3sAMCtNU+Fi8jNGabJ
qJ8Rq5tPaLFr1XO4ygqrmiJC98lcajcgob6ZWdYGyucq7n8lZKNeOPcY6zYqZ/Gt
oZiiLikI3lwIrrIcmatRhPDQX0gZikq9dROB0t1Ss9EEsHfJmYMrKf+3bDku6Cnw
ORxnkaFNe1dm4Xfrrt7b5q0rsdUByJ5T+SwfRaqf0t5ex+Bopv0c54kp0215tlgz
CLd3mezL5A4bki/sM2LPMKJjW564/vTPw8FeZtYER5CjiYfywaDz3H12m5Yc0YtX
fcILKxntZyaCZ415RLrN8I2s2rd1fFw4epU6MhJmW3v6/o8T9kiJQZaDDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNqB4mZ480+NtDGxJEBie7+NBXvSMB8GA1UdIwQY
MBaAFFTOJEWi6IdDGL8km3OmVMmQkZ7gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk00a1JhTG9oME1ZdnlTYmM2WlV5WkNSbnVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9iZDc3ODAtZWI1My00YzFkLWFjY2Ut
Y2ZlN2UzZjlmOTJkLzEvMm9IaVpuanpUNDIwTWJFa1FHSjd2NDBGZTlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9iZDc3ODAtZWI1My00YzFkLWFjY2UtY2ZlN2UzZjlmOTJk
LzEvVk00a1JhTG9oME1ZdnlTYmM2WlV5WkNSbnVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXn2YMA0G
CSqGSIb3DQEBCwUAA4IBAQAiGPOfP75Jxv0CoeOzqhod6vMaVwlxMxsv61Tf12uK
QYTkOv5GchKWB74I1NcsQNNN8MVizXjh/B/5/B2KYA8h0en7KunsJwBO0Jpx6LZC
qsF268dQmu/X5rXTUCjJdRGbdBqgy/7cRn540wLbPdhx9mC0zKHcGYgfntPVXXaT
2UINMOYB4PlEErezAGDgYL9ufJtIm5dlzMjpc5Qlx93PpCWjRaUPF2iS7GpXGXBv
Sqs/Ajuql8iktR9Q4anbHutuy5I/pe7DXZ5sBoWL5fRJehvWUcjFA14Wy+RDKK79
p5JWvdotQ6VQnn2QoVZcnQnxoHbnNi5CFsoEmum2ZfxR
-----END CERTIFICATE-----