This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/arHeDdPCjS_AVATAetTx45LL1Dk.roa
File:                     arHeDdPCjS_AVATAetTx45LL1Dk.roa (raw, json)
Hash identifier:          wzrmHuwOdDJUETKg+nffMJxHljjlvyXkAo4P+Hrjp2w=
Subject key identifier:   6A:B1:DE:0D:D3:C2:8D:2F:C0:54:04:C0:7A:D4:F1:E3:92:CB:D4:39
Certificate issuer:       /CN=a499903dab85f6a59772b3edfd4bf0e491af57c4
Certificate serial:       019B7AC868ED7820DE8EB565C8E095EA4E1A
Authority key identifier: A4:99:90:3D:AB:85:F6:A5:97:72:B3:ED:FD:4B:F0:E4:91:AF:57:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/arHeDdPCjS_AVATAetTx45LL1Dk.roa
Signing time:             Thu 01 Jan 2026 18:18:32 +0000
ROA not before:           Thu 01 Jan 2026 18:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42873
IP address blocks:        192.129.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:68:ed:78:20:de:8e:b5:65:c8:e0:95:ea:4e:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a499903dab85f6a59772b3edfd4bf0e491af57c4
        Validity
            Not Before: Jan  1 18:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6ab1de0dd3c28d2fc05404c07ad4f1e392cbd439
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:8b:af:b7:83:19:16:8f:3e:75:dc:dc:b9:83:
                    5d:02:6b:6d:c6:d5:b9:c1:73:df:d3:fe:cf:87:c0:
                    bd:50:b2:a7:a7:45:e7:87:04:a8:ca:a5:d8:28:0e:
                    bb:2a:c8:75:4c:4b:56:22:dd:57:49:55:35:90:d8:
                    29:91:24:0d:f1:f9:73:c1:d2:eb:0c:b0:0a:bd:d9:
                    ca:f5:83:ec:e8:3c:f9:35:35:c3:c4:5d:5a:e6:29:
                    15:65:bb:2f:46:45:e7:7d:f4:1d:c8:e7:68:02:77:
                    db:fc:3b:92:e3:3c:f0:15:bf:b7:07:65:3c:d5:df:
                    92:18:77:c1:e3:b9:96:ff:91:93:a7:59:df:5a:68:
                    b9:69:3e:f4:4e:6c:ee:f1:c1:43:1f:d6:55:c5:ee:
                    51:a1:26:41:df:ff:8d:75:07:07:b2:bf:98:29:cd:
                    f4:e1:0b:a9:19:09:98:45:23:e2:6b:fa:24:e3:f3:
                    27:17:86:e5:6c:d8:7f:f6:a5:7b:76:0a:62:07:49:
                    a2:33:f5:f5:16:67:6d:d5:dc:1c:bb:a6:85:95:85:
                    32:60:f4:1c:75:1b:72:eb:76:b2:48:ce:e1:d2:de:
                    40:21:a6:df:dd:67:c5:b3:4b:b6:da:55:68:2e:45:
                    6b:9e:22:70:56:48:9b:fd:3e:05:df:f9:f2:f1:76:
                    ee:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:B1:DE:0D:D3:C2:8D:2F:C0:54:04:C0:7A:D4:F1:E3:92:CB:D4:39
            X509v3 Authority Key Identifier:
                keyid:A4:99:90:3D:AB:85:F6:A5:97:72:B3:ED:FD:4B:F0:E4:91:AF:57:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/arHeDdPCjS_AVATAetTx45LL1Dk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.129.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:2d:b3:0d:24:01:1d:a5:9d:1d:12:36:44:c9:53:bd:8a:af:
         71:3f:55:f9:d3:14:35:df:aa:0f:c3:b3:9a:c1:ce:30:cf:3b:
         33:91:85:a8:c3:53:ad:6b:ea:de:ec:e1:28:55:bf:19:93:0c:
         6b:65:0c:5d:8a:f1:27:d7:07:52:3c:16:1f:a6:94:92:40:9b:
         49:19:7f:95:c6:8b:6e:b2:83:5b:ad:55:fd:3b:1a:2d:ba:db:
         76:a4:8b:99:14:bc:83:59:c1:a8:f4:c0:52:ed:be:02:28:76:
         4a:6b:6f:14:ae:fa:21:cd:92:5a:84:90:34:c7:d0:75:6c:01:
         80:47:db:60:a6:a7:7c:61:5a:5d:64:e5:1e:bc:ae:4e:3e:d6:
         a7:87:ed:28:d5:4d:bb:b7:85:4e:a1:27:9d:e4:dd:2b:86:8a:
         84:40:e6:47:4a:02:f9:d6:d3:24:f3:df:42:85:21:20:e9:c9:
         f0:93:47:d3:3c:10:0c:bd:bb:e1:5e:13:e2:2c:bf:5d:fa:1e:
         24:37:98:59:3f:a7:e9:a1:4d:33:60:f2:f9:7f:c6:42:fa:7e:
         ae:5e:f3:22:83:09:e3:57:4d:b4:b6:be:15:ab:15:aa:62:3a:
         2f:0e:4f:98:93:e5:8c:43:f1:ac:61:03:52:63:76:d7:4c:28:
         d9:f2:f9:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yGjteCDejrVlyOCV6k4aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OTk5MDNkYWI4NWY2YTU5NzcyYjNlZGZkNGJmMGU0OTFh
ZjU3YzQwHhcNMjYwMTAxMTgxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWIxZGUwZGQzYzI4ZDJmYzA1NDA0YzA3YWQ0ZjFlMzkyY2JkNDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArouvt4MZFo8+ddzcuYNdAmttxtW5
wXPf0/7Ph8C9ULKnp0XnhwSoyqXYKA67Ksh1TEtWIt1XSVU1kNgpkSQN8flzwdLr
DLAKvdnK9YPs6Dz5NTXDxF1a5ikVZbsvRkXnffQdyOdoAnfb/DuS4zzwFb+3B2U8
1d+SGHfB47mW/5GTp1nfWmi5aT70Tmzu8cFDH9ZVxe5RoSZB3/+NdQcHsr+YKc30
4QupGQmYRSPia/ok4/MnF4blbNh/9qV7dgpiB0miM/X1Fmdt1dwcu6aFlYUyYPQc
dRty63aySM7h0t5AIabf3WfFs0u22lVoLkVrniJwVkib/T4F3/ny8XbugQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqx3g3Two0vwFQEwHrU8eOSy9Q5MB8GA1UdIwQY
MBaAFKSZkD2rhfall3Kz7f1L8OSRr1fEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEptUVBhdUY5cVdYY3JQdF9Vdnc1Skd2VjhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC84ZWRhOWEtZDEzYy00NDMwLThjZjQt
NTdlYzEyZTg2NDFlLzEvYXJIZURkUENqU19BVkFUQWV0VHg0NUxMMURrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC84ZWRhOWEtZDEzYy00NDMwLThjZjQtNTdlYzEyZTg2NDFl
LzEvcEptUVBhdUY5cVdYY3JQdF9Vdnc1Skd2VjhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwIEeMA0G
CSqGSIb3DQEBCwUAA4IBAQCRLbMNJAEdpZ0dEjZEyVO9iq9xP1X50xQ136oPw7Oa
wc4wzzszkYWow1Ota+re7OEoVb8ZkwxrZQxdivEn1wdSPBYfppSSQJtJGX+Vxotu
soNbrVX9Oxotutt2pIuZFLyDWcGo9MBS7b4CKHZKa28UrvohzZJahJA0x9B1bAGA
R9tgpqd8YVpdZOUevK5OPtanh+0o1U27t4VOoSed5N0rhoqEQOZHSgL51tMk899C
hSEg6cnwk0fTPBAMvbvhXhPiLL9d+h4kN5hZP6fpoU0zYPL5f8ZC+n6uXvMigwnj
V020tr4VqxWqYjovDk+Yk+WMQ/GsYQNSY3bXTCjZ8vl3
-----END CERTIFICATE-----