This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/38b511-7547-4a48-8baf-7764584670fd/1/2wk8UskQOSnxqw7Oo7NOQFVMdPk.roa
File:                     2wk8UskQOSnxqw7Oo7NOQFVMdPk.roa (raw, json)
Hash identifier:          wAiBLEjJ/qsnMqj9/B2glZy/BgEewLbuD+HKTaBdnNM=
Subject key identifier:   DB:09:3C:52:C9:10:39:29:F1:AB:0E:CE:A3:B3:4E:40:55:4C:74:F9
Certificate issuer:       /CN=c2bf81ab950a18034630c25830749e650eb4e634
Certificate serial:       019B7DC9D98657113EFF334455E27ED1F467
Authority key identifier: C2:BF:81:AB:95:0A:18:03:46:30:C2:58:30:74:9E:65:0E:B4:E6:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wr-Bq5UKGANGMMJYMHSeZQ605jQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/38b511-7547-4a48-8baf-7764584670fd/1/2wk8UskQOSnxqw7Oo7NOQFVMdPk.roa
Signing time:             Fri 02 Jan 2026 08:18:58 +0000
ROA not before:           Fri 02 Jan 2026 08:18:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50623
IP address blocks:        195.191.154.0/24 maxlen: 24
                          195.191.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/38b511-7547-4a48-8baf-7764584670fd/1/wr-Bq5UKGANGMMJYMHSeZQ605jQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/38b511-7547-4a48-8baf-7764584670fd/1/wr-Bq5UKGANGMMJYMHSeZQ605jQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wr-Bq5UKGANGMMJYMHSeZQ605jQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 23:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:d9:86:57:11:3e:ff:33:44:55:e2:7e:d1:f4:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2bf81ab950a18034630c25830749e650eb4e634
        Validity
            Not Before: Jan  2 08:18:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db093c52c9103929f1ab0ecea3b34e40554c74f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:9b:a6:b6:20:8f:2c:be:83:8b:d9:e0:c9:2a:
                    dd:d4:de:be:e4:10:4e:59:8a:0e:e4:d0:ec:89:23:
                    dc:92:28:bd:37:f2:fb:5e:12:b6:11:a1:d6:a6:07:
                    d0:e6:1f:2a:b1:cc:4a:ef:55:c6:07:19:ad:cf:5e:
                    a6:aa:2d:ce:be:8a:1a:1b:a0:1f:20:13:c1:63:b3:
                    73:e7:09:52:18:48:fe:35:f9:39:fe:7d:e9:f4:2c:
                    3b:97:d4:2e:57:9f:5c:dd:57:07:59:6f:76:1d:a4:
                    73:e2:a3:99:b2:e3:77:07:20:75:8e:73:dc:ad:a5:
                    ac:dc:ac:c1:4d:ab:a4:46:06:eb:ae:15:8d:1f:79:
                    58:f1:8a:73:b4:14:f3:21:05:39:ee:9b:d7:52:05:
                    9b:f6:3d:95:e8:0a:b5:a6:55:ed:b7:2d:04:22:ef:
                    11:35:1e:8d:96:a7:2c:d3:94:0b:01:c0:0f:37:df:
                    94:68:45:f4:55:1a:71:da:cd:a3:91:47:f8:c7:c6:
                    b1:2b:15:07:98:0e:63:36:64:4e:51:a5:0f:53:f7:
                    b0:fa:12:e4:ea:c2:cc:be:96:64:c0:79:3a:98:41:
                    a2:c0:57:08:dc:2e:52:82:c4:27:ef:57:e4:ed:29:
                    13:7d:e2:c4:c2:78:95:2e:cb:60:73:5a:8e:32:f2:
                    13:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:09:3C:52:C9:10:39:29:F1:AB:0E:CE:A3:B3:4E:40:55:4C:74:F9
            X509v3 Authority Key Identifier:
                keyid:C2:BF:81:AB:95:0A:18:03:46:30:C2:58:30:74:9E:65:0E:B4:E6:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wr-Bq5UKGANGMMJYMHSeZQ605jQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/38b511-7547-4a48-8baf-7764584670fd/1/2wk8UskQOSnxqw7Oo7NOQFVMdPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/38b511-7547-4a48-8baf-7764584670fd/1/wr-Bq5UKGANGMMJYMHSeZQ605jQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:9c:56:d5:7f:24:53:cb:64:17:9a:13:26:60:6b:4a:9d:85:
         9c:84:25:e9:a4:84:90:7d:05:ff:6a:68:41:42:43:4f:cd:24:
         99:de:3c:14:ea:b5:69:ed:c9:c8:12:dc:d5:15:bd:44:3d:71:
         6c:bf:4d:0c:17:b8:6f:4d:a0:f4:bd:48:a5:b3:12:ca:27:c9:
         4b:22:ec:8a:0d:6d:4b:fd:ac:a9:6c:46:3d:f9:18:0d:17:57:
         1b:0d:96:81:86:44:70:3e:3b:ba:a4:80:74:43:fb:71:a1:2d:
         e3:53:a5:25:a0:ef:4d:c0:36:06:b2:be:aa:41:54:52:64:34:
         58:ac:6d:82:f7:84:02:c7:08:ec:62:d6:8d:ca:f8:e7:38:7a:
         44:1a:e9:7d:03:b8:67:00:4b:bc:b2:9c:85:19:a7:fd:36:5b:
         e0:b1:dd:ab:c3:a8:43:71:c1:9c:04:02:7e:5f:0e:f2:b2:3f:
         da:eb:d4:2a:7f:06:60:81:40:07:9e:de:ca:60:b9:31:32:ba:
         01:7d:8d:5b:02:94:9c:ee:0a:6c:c8:09:47:1b:0b:9b:09:fa:
         8a:22:0b:29:4c:95:ae:a1:c1:db:94:b6:0d:99:78:86:b6:58:
         ba:de:82:48:18:89:14:9f:cf:7b:1f:57:90:91:da:c1:62:85:
         9a:d9:32:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ydmGVxE+/zNEVeJ+0fRnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyYmY4MWFiOTUwYTE4MDM0NjMwYzI1ODMwNzQ5ZTY1MGVi
NGU2MzQwHhcNMjYwMTAyMDgxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjA5M2M1MmM5MTAzOTI5ZjFhYjBlY2VhM2IzNGU0MDU1NGM3NGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZumtiCPLL6Di9ngySrd1N6+5BBO
WYoO5NDsiSPckii9N/L7XhK2EaHWpgfQ5h8qscxK71XGBxmtz16mqi3OvooaG6Af
IBPBY7Nz5wlSGEj+Nfk5/n3p9Cw7l9QuV59c3VcHWW92HaRz4qOZsuN3ByB1jnPc
raWs3KzBTaukRgbrrhWNH3lY8YpztBTzIQU57pvXUgWb9j2V6Aq1plXtty0EIu8R
NR6Nlqcs05QLAcAPN9+UaEX0VRpx2s2jkUf4x8axKxUHmA5jNmROUaUPU/ew+hLk
6sLMvpZkwHk6mEGiwFcI3C5SgsQn71fk7SkTfeLEwniVLstgc1qOMvITOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNsJPFLJEDkp8asOzqOzTkBVTHT5MB8GA1UdIwQY
MBaAFMK/gauVChgDRjDCWDB0nmUOtOY0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3ItQnE1VUtHQU5HTU1KWU1IU2VaUTYwNWpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8zOGI1MTEtNzU0Ny00YTQ4LThiYWYt
Nzc2NDU4NDY3MGZkLzEvMndrOFVza1FPU254cXc3T283Tk9RRlZNZFBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8zOGI1MTEtNzU0Ny00YTQ4LThiYWYtNzc2NDU4NDY3MGZk
LzEvd3ItQnE1VUtHQU5HTU1KWU1IU2VaUTYwNWpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7+aMA0G
CSqGSIb3DQEBCwUAA4IBAQCJnFbVfyRTy2QXmhMmYGtKnYWchCXppISQfQX/amhB
QkNPzSSZ3jwU6rVp7cnIEtzVFb1EPXFsv00MF7hvTaD0vUilsxLKJ8lLIuyKDW1L
/aypbEY9+RgNF1cbDZaBhkRwPju6pIB0Q/txoS3jU6UloO9NwDYGsr6qQVRSZDRY
rG2C94QCxwjsYtaNyvjnOHpEGul9A7hnAEu8spyFGaf9Nlvgsd2rw6hDccGcBAJ+
Xw7ysj/a69QqfwZggUAHnt7KYLkxMroBfY1bApSc7gpsyAlHGwubCfqKIgspTJWu
ocHblLYNmXiGtli63oJIGIkUn897H1eQkdrBYoWa2TIT
-----END CERTIFICATE-----