This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/408e37-fae2-48b5-bd15-73d94cb54526/1/2FWfjreR50s05nG8c3Epkp-QpOk.roa
File:                     2FWfjreR50s05nG8c3Epkp-QpOk.roa (raw, json)
Hash identifier:          QKVrsfHtk1frMC5gbyYQSs+jJV5TW9T1z5wCTl60joI=
Subject key identifier:   D8:55:9F:8E:B7:91:E7:4B:34:E6:71:BC:73:71:29:92:9F:90:A4:E9
Certificate issuer:       /CN=33306f83dd9c68d1bb5ae91b50c26e929c81d2fd
Certificate serial:       019B7CED12780AAE42BECA82572E48BFECAC
Authority key identifier: 33:30:6F:83:DD:9C:68:D1:BB:5A:E9:1B:50:C2:6E:92:9C:81:D2:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MzBvg92caNG7WukbUMJukpyB0v0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/408e37-fae2-48b5-bd15-73d94cb54526/1/2FWfjreR50s05nG8c3Epkp-QpOk.roa
Signing time:             Fri 02 Jan 2026 04:17:49 +0000
ROA not before:           Fri 02 Jan 2026 04:17:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396982
IP address blocks:        2a14:b580::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/408e37-fae2-48b5-bd15-73d94cb54526/1/MzBvg92caNG7WukbUMJukpyB0v0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/408e37-fae2-48b5-bd15-73d94cb54526/1/MzBvg92caNG7WukbUMJukpyB0v0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MzBvg92caNG7WukbUMJukpyB0v0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 21:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:12:78:0a:ae:42:be:ca:82:57:2e:48:bf:ec:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33306f83dd9c68d1bb5ae91b50c26e929c81d2fd
        Validity
            Not Before: Jan  2 04:17:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d8559f8eb791e74b34e671bc737129929f90a4e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:21:c5:20:5e:d4:3c:48:8c:22:1f:b3:07:cd:
                    e4:ee:3e:50:2f:0c:1b:55:59:f5:d1:2a:71:f6:11:
                    ea:f1:16:41:b9:99:03:5b:79:13:6e:70:76:ab:41:
                    89:16:e1:a9:31:2b:d6:80:b5:37:ae:8b:8c:68:2f:
                    f8:75:87:75:a3:53:b0:90:58:9b:c6:03:30:c6:f1:
                    9e:b0:2f:73:fc:82:88:be:d7:b3:01:ce:82:98:0e:
                    a9:9d:31:d4:d2:d0:59:2b:e8:e5:6a:87:6d:72:cc:
                    47:8b:db:84:2d:4e:a5:94:1a:70:44:89:eb:16:7f:
                    31:76:6e:0c:5d:ed:58:22:ab:e8:65:41:98:c5:44:
                    f0:5f:21:82:b7:3a:57:ca:b4:5e:97:58:01:4b:01:
                    4a:cd:81:db:52:34:9e:f1:41:04:4c:77:fd:be:c6:
                    de:e4:45:eb:ec:af:e8:f9:36:98:c5:b2:fa:48:3b:
                    26:b1:38:6e:e5:61:c0:da:a2:75:ff:c7:1b:d3:11:
                    cb:b8:c8:c5:ab:32:5b:5b:f3:ab:02:b1:e7:c5:17:
                    cf:e5:06:82:26:3b:13:8b:ba:99:90:bf:bc:33:8b:
                    ba:5a:4b:07:0e:4a:60:03:b0:2e:d2:08:80:d7:fc:
                    06:6f:66:f4:dd:2f:7d:33:36:b6:15:bc:f7:b5:61:
                    1d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:55:9F:8E:B7:91:E7:4B:34:E6:71:BC:73:71:29:92:9F:90:A4:E9
            X509v3 Authority Key Identifier:
                keyid:33:30:6F:83:DD:9C:68:D1:BB:5A:E9:1B:50:C2:6E:92:9C:81:D2:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MzBvg92caNG7WukbUMJukpyB0v0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/408e37-fae2-48b5-bd15-73d94cb54526/1/2FWfjreR50s05nG8c3Epkp-QpOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/408e37-fae2-48b5-bd15-73d94cb54526/1/MzBvg92caNG7WukbUMJukpyB0v0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:b580::/40

    Signature Algorithm: sha256WithRSAEncryption
         ca:1d:5e:26:94:c3:a7:7c:d4:d8:45:16:fe:ed:9f:3b:ad:14:
         3c:38:98:58:d8:a5:b3:a2:6a:d6:da:8a:4d:33:d0:a4:52:b4:
         08:22:54:ce:96:eb:b8:0b:65:a7:35:9e:b8:21:6c:02:c8:c6:
         3a:70:c0:99:78:7f:d0:74:81:ac:10:5f:e0:f5:0b:85:55:1e:
         0d:75:7a:76:6b:dc:aa:38:b8:13:33:b4:a0:07:42:d6:c7:bd:
         5b:00:b6:c4:64:ee:ed:73:e1:bc:93:65:91:1b:ad:6d:35:0f:
         12:40:a7:74:ce:04:82:57:32:39:fc:df:92:7c:43:8d:de:46:
         54:b6:70:a6:e1:f4:2f:d6:f0:31:ae:9e:f2:d5:73:1d:3d:31:
         44:78:68:a3:b8:b6:08:e4:26:85:ff:6c:86:94:42:b4:3d:11:
         e1:25:db:f0:dd:53:a6:b8:d0:c0:36:db:98:a5:03:77:cf:e9:
         1b:3d:da:84:0d:0e:43:67:ec:75:63:17:b9:e3:6a:b0:f3:44:
         1a:2d:4b:85:d9:2e:97:cc:c7:c1:12:2c:0f:f9:27:8d:b6:96:
         60:62:46:e6:e8:1c:a5:bc:c2:72:2f:bd:be:8a:87:c5:69:7d:
         14:dd:87:8b:53:44:55:29:d7:74:a5:f0:fd:12:0a:6e:1a:99:
         fd:95:26:bc
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt87RJ4Cq5CvsqCVy5Iv+ysMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMzA2ZjgzZGQ5YzY4ZDFiYjVhZTkxYjUwYzI2ZTkyOWM4
MWQyZmQwHhcNMjYwMTAyMDQxNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODU1OWY4ZWI3OTFlNzRiMzRlNjcxYmM3MzcxMjk5MjlmOTBhNGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSHFIF7UPEiMIh+zB83k7j5QLwwb
VVn10Spx9hHq8RZBuZkDW3kTbnB2q0GJFuGpMSvWgLU3rouMaC/4dYd1o1OwkFib
xgMwxvGesC9z/IKIvtezAc6CmA6pnTHU0tBZK+jlaodtcsxHi9uELU6llBpwRInr
Fn8xdm4MXe1YIqvoZUGYxUTwXyGCtzpXyrRel1gBSwFKzYHbUjSe8UEETHf9vsbe
5EXr7K/o+TaYxbL6SDsmsThu5WHA2qJ1/8cb0xHLuMjFqzJbW/OrArHnxRfP5QaC
JjsTi7qZkL+8M4u6WksHDkpgA7Au0giA1/wGb2b03S99Mza2Fbz3tWEdSQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNhVn463kedLNOZxvHNxKZKfkKTpMB8GA1UdIwQY
MBaAFDMwb4PdnGjRu1rpG1DCbpKcgdL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXpCdmc5MmNhTkc3V3VrYlVNSnVrcHlCMHYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80MDhlMzctZmFlMi00OGI1LWJkMTUt
NzNkOTRjYjU0NTI2LzEvMkZXZmpyZVI1MHMwNW5HOGMzRXBrcC1RcE9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80MDhlMzctZmFlMi00OGI1LWJkMTUtNzNkOTRjYjU0NTI2
LzEvTXpCdmc5MmNhTkc3V3VrYlVNSnVrcHlCMHYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhS1gAAw
DQYJKoZIhvcNAQELBQADggEBAModXiaUw6d81NhFFv7tnzutFDw4mFjYpbOiatba
ik0z0KRStAgiVM6W67gLZac1nrghbALIxjpwwJl4f9B0gawQX+D1C4VVHg11enZr
3Ko4uBMztKAHQtbHvVsAtsRk7u1z4byTZZEbrW01DxJAp3TOBIJXMjn835J8Q43e
RlS2cKbh9C/W8DGunvLVcx09MUR4aKO4tgjkJoX/bIaUQrQ9EeEl2/DdU6a40MA2
25ilA3fP6Rs92oQNDkNn7HVjF7njarDzRBotS4XZLpfMx8ESLA/5J422lmBiRubo
HKW8wnIvvb6Kh8VpfRTdh4tTRFUp13Sl8P0SCm4amf2VJrw=
-----END CERTIFICATE-----