This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/2hKTftFtuQRMT1oaso9aJ2Fwbhs.roa
File:                     2hKTftFtuQRMT1oaso9aJ2Fwbhs.roa (raw, json)
Hash identifier:          yt73gkjCnEpWOl4mDI2UvWLYkd+MzKzlxXOQLXQ8/rg=
Subject key identifier:   DA:12:93:7E:D1:6D:B9:04:4C:4F:5A:1A:B2:8F:5A:27:61:70:6E:1B
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       019B77C6CB9ACA29DCCB11D058B58D75B49F
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/2hKTftFtuQRMT1oaso9aJ2Fwbhs.roa
Signing time:             Thu 01 Jan 2026 04:17:55 +0000
ROA not before:           Thu 01 Jan 2026 04:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203363
IP address blocks:        109.205.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:cb:9a:ca:29:dc:cb:11:d0:58:b5:8d:75:b4:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 04:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da12937ed16db9044c4f5a1ab28f5a2761706e1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ec:d8:ee:f7:e5:ff:16:1f:96:cb:86:70:22:
                    e7:1f:b0:ea:53:40:68:90:b3:05:4d:9e:6d:12:bb:
                    f9:b8:c2:b8:66:9b:83:38:01:cc:7c:46:36:5f:ef:
                    47:59:78:67:c1:7d:a4:0b:64:08:a3:db:7b:8b:1a:
                    52:f7:99:17:7e:99:b1:d4:01:0a:5b:68:24:62:1b:
                    0d:20:75:3f:ba:60:ff:87:a3:63:6e:43:cf:7a:7c:
                    43:28:7e:de:c0:4b:52:8c:4d:f9:42:a4:25:96:37:
                    84:8d:10:b5:04:ef:79:5b:40:72:b8:7b:21:1e:2f:
                    b6:55:3f:5f:a9:9b:68:9e:29:92:52:5f:8a:33:e6:
                    2e:67:7d:be:0e:e2:34:35:34:d3:c5:60:1a:08:76:
                    ed:c2:96:44:c0:98:15:1b:57:14:e0:ce:09:28:c9:
                    2c:59:bd:0d:a0:e7:78:bf:57:2c:6c:81:4a:52:7d:
                    e4:3d:3b:aa:c0:f4:8d:32:50:48:ed:e0:b9:5b:05:
                    fb:8c:b6:f3:c0:33:a3:32:5c:f4:83:2c:d2:cf:26:
                    05:7c:55:49:3f:e2:a8:86:c9:1b:70:81:64:88:b5:
                    44:7f:ad:d1:b6:a6:ef:0c:09:67:dd:1d:4e:4d:c9:
                    b7:ba:70:44:19:7f:14:94:27:bd:d8:be:e6:3f:45:
                    eb:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:12:93:7E:D1:6D:B9:04:4C:4F:5A:1A:B2:8F:5A:27:61:70:6E:1B
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/2hKTftFtuQRMT1oaso9aJ2Fwbhs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:e2:4d:4c:b6:b5:7d:15:be:9b:b5:ec:b5:75:c1:64:6a:a1:
         88:d6:cb:cb:47:a5:ef:7e:b6:84:c1:92:82:39:50:50:2b:42:
         a3:83:ba:4f:88:f7:1e:44:8d:a7:a9:44:e1:dc:36:cc:6e:01:
         b9:aa:73:67:7f:45:d4:97:73:f9:f8:57:c3:a9:76:e0:eb:94:
         41:13:6a:a7:3f:19:9e:92:7b:53:14:b8:d5:71:c1:d7:da:f6:
         e2:8d:39:f3:4c:77:44:bf:fb:c5:f2:14:cb:e3:c5:74:75:dc:
         09:cd:05:73:c8:c9:2c:15:3b:b5:cb:4c:9a:d2:16:1d:b4:46:
         de:1a:ea:5e:15:f2:d5:68:a5:1a:f5:ac:0a:90:89:70:4c:c4:
         e8:f4:3f:aa:99:a1:52:2f:32:82:05:12:fb:55:ce:7c:23:10:
         e0:e1:71:9d:61:e7:30:19:4a:3e:e1:a7:1a:69:0b:8e:15:de:
         f5:3f:db:b7:ae:66:03:89:af:07:6a:81:21:63:59:3a:2a:2a:
         89:1b:4d:d7:96:02:3f:0b:9c:f0:f3:0d:11:4e:08:6b:0c:cb:
         d3:e6:cb:e9:c3:4e:e2:e5:0e:2a:26:c1:01:d7:bd:f4:8b:5a:
         ca:98:4c:69:2a:27:47:54:fa:e2:2c:8a:1c:c6:86:21:4a:30:
         71:d3:2a:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xsuayincyxHQWLWNdbSfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjYwMTAxMDQxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTEyOTM3ZWQxNmRiOTA0NGM0ZjVhMWFiMjhmNWEyNzYxNzA2ZTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvezY7vfl/xYflsuGcCLnH7DqU0Bo
kLMFTZ5tErv5uMK4ZpuDOAHMfEY2X+9HWXhnwX2kC2QIo9t7ixpS95kXfpmx1AEK
W2gkYhsNIHU/umD/h6NjbkPPenxDKH7ewEtSjE35QqQlljeEjRC1BO95W0ByuHsh
Hi+2VT9fqZtonimSUl+KM+YuZ32+DuI0NTTTxWAaCHbtwpZEwJgVG1cU4M4JKMks
Wb0NoOd4v1csbIFKUn3kPTuqwPSNMlBI7eC5WwX7jLbzwDOjMlz0gyzSzyYFfFVJ
P+KohskbcIFkiLVEf63RtqbvDAln3R1OTcm3unBEGX8UlCe92L7mP0XrEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNoSk37RbbkETE9aGrKPWidhcG4bMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvMmhLVGZ0RnR1UVJNVDFvYXNvOWFKMkZ3YmhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc3WMA0G
CSqGSIb3DQEBCwUAA4IBAQC+4k1MtrV9Fb6btey1dcFkaqGI1svLR6XvfraEwZKC
OVBQK0Kjg7pPiPceRI2nqUTh3DbMbgG5qnNnf0XUl3P5+FfDqXbg65RBE2qnPxme
kntTFLjVccHX2vbijTnzTHdEv/vF8hTL48V0ddwJzQVzyMksFTu1y0ya0hYdtEbe
GupeFfLVaKUa9awKkIlwTMTo9D+qmaFSLzKCBRL7Vc58IxDg4XGdYecwGUo+4aca
aQuOFd71P9u3rmYDia8HaoEhY1k6KiqJG03XlgI/C5zw8w0RTghrDMvT5svpw07i
5Q4qJsEB1730i1rKmExpKidHVPriLIocxoYhSjBx0yoR
-----END CERTIFICATE-----