This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/aHs-rF7InSlshvWZMPlqLeGf8BQ.roa
File:                     aHs-rF7InSlshvWZMPlqLeGf8BQ.roa (raw, json)
Hash identifier:          cnpHyXi6Xup8rUbntENTMIwHeI0OtwJDt5zJW7zxTYM=
Subject key identifier:   68:7B:3E:AC:5E:C8:9D:29:6C:86:F5:99:30:F9:6A:2D:E1:9F:F0:14
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       019B76EB58F45809BB299D885E1E03B83AAE
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/aHs-rF7InSlshvWZMPlqLeGf8BQ.roa
Signing time:             Thu 01 Jan 2026 00:18:13 +0000
ROA not before:           Thu 01 Jan 2026 00:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212161
IP address blocks:        2.188.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:58:f4:58:09:bb:29:9d:88:5e:1e:03:b8:3a:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  1 00:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=687b3eac5ec89d296c86f59930f96a2de19ff014
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:09:10:5d:a9:0e:b3:d1:ad:09:18:00:07:ff:
                    1d:06:5b:36:1b:e6:fc:8e:cd:6f:86:83:7d:f9:0f:
                    f5:66:87:cf:5f:f5:37:fd:4f:f3:06:f1:bc:3e:66:
                    17:0d:49:17:fa:e2:d5:f2:6e:e5:33:c5:47:b9:0f:
                    3d:f3:cd:d2:74:72:cd:44:07:82:fe:24:9c:f0:81:
                    55:c0:f6:7f:4f:70:61:6e:30:fa:ae:bb:02:9f:29:
                    96:58:3f:9c:66:c8:22:d3:29:b4:1d:45:07:fc:57:
                    a0:12:e1:bf:91:e6:0f:8e:bc:7c:ab:c3:47:be:5d:
                    47:ef:94:8b:69:bb:9c:e6:1b:10:f6:92:94:fe:7c:
                    cd:63:78:61:f3:71:6a:0b:64:8e:1d:93:94:99:cc:
                    ca:3a:ad:c9:43:e3:b5:f6:62:c5:ae:8f:e3:24:97:
                    4d:85:69:de:b5:e0:8b:ce:91:42:d8:21:82:97:ab:
                    a0:ad:79:8d:07:cc:26:d2:4d:86:9b:1c:6b:51:02:
                    93:97:18:2e:59:31:4e:af:81:60:80:a4:30:4b:bb:
                    51:90:52:b1:83:c0:ac:58:3c:c6:fd:e3:b5:7c:13:
                    45:26:60:cc:bf:ee:c2:ef:41:2f:13:8c:ca:bb:9c:
                    41:43:c9:b9:15:29:9d:71:d7:74:d0:90:c5:e0:8f:
                    44:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:7B:3E:AC:5E:C8:9D:29:6C:86:F5:99:30:F9:6A:2D:E1:9F:F0:14
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/aHs-rF7InSlshvWZMPlqLeGf8BQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.188.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:e5:e1:3a:f7:4a:18:8e:49:61:09:33:f1:d7:9c:04:b8:2b:
         ff:53:df:c0:43:5f:b0:06:74:81:97:c9:56:da:59:b9:9c:92:
         53:f8:0a:49:4a:aa:65:11:5c:08:92:38:33:ce:11:75:c2:df:
         e7:c4:63:f0:16:d8:49:e7:c2:bc:c0:73:cf:c1:30:0f:60:64:
         cc:fd:01:9e:11:7d:db:91:de:b7:69:c3:56:d1:39:9d:67:a6:
         52:97:4a:3c:cb:80:da:bb:84:b4:65:8d:70:07:4d:b6:4c:a1:
         44:f4:9a:e5:a6:19:aa:d2:9e:fd:77:3c:31:e0:c1:d6:96:6c:
         3c:e9:2e:a5:c6:b0:f6:79:e1:21:14:5f:14:0e:1c:59:93:ab:
         cd:c2:b4:26:d6:da:d5:75:35:c0:55:20:58:2a:18:d9:97:0a:
         10:2e:74:a2:21:21:1d:20:c1:4f:7e:07:78:4a:d7:5e:d4:21:
         aa:b0:4b:5e:81:8b:36:13:bb:46:72:ab:cf:f8:97:6a:d2:5b:
         40:87:3d:d3:53:be:4b:4a:d6:0c:65:4d:d5:c2:26:db:12:e6:
         ea:25:ba:4e:7a:39:21:d3:7c:20:73:13:e0:38:64:56:e6:c9:
         d9:3b:d3:74:e6:d5:ae:02:0e:1f:11:65:37:d2:87:3f:aa:79:
         2c:41:3c:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt261j0WAm7KZ2IXh4DuDquMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjYwMTAxMDAxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODdiM2VhYzVlYzg5ZDI5NmM4NmY1OTkzMGY5NmEyZGUxOWZmMDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQkQXakOs9GtCRgAB/8dBls2G+b8
js1vhoN9+Q/1ZofPX/U3/U/zBvG8PmYXDUkX+uLV8m7lM8VHuQ89883SdHLNRAeC
/iSc8IFVwPZ/T3BhbjD6rrsCnymWWD+cZsgi0ym0HUUH/FegEuG/keYPjrx8q8NH
vl1H75SLabuc5hsQ9pKU/nzNY3hh83FqC2SOHZOUmczKOq3JQ+O19mLFro/jJJdN
hWneteCLzpFC2CGCl6ugrXmNB8wm0k2GmxxrUQKTlxguWTFOr4FggKQwS7tRkFKx
g8CsWDzG/eO1fBNFJmDMv+7C70EvE4zKu5xBQ8m5FSmdcdd00JDF4I9E/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGh7PqxeyJ0pbIb1mTD5ai3hn/AUMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvYUhzLXJGN0luU2xzaHZXWk1QbHFMZUdmOEJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAArzlMA0G
CSqGSIb3DQEBCwUAA4IBAQAw5eE690oYjklhCTPx15wEuCv/U9/AQ1+wBnSBl8lW
2lm5nJJT+ApJSqplEVwIkjgzzhF1wt/nxGPwFthJ58K8wHPPwTAPYGTM/QGeEX3b
kd63acNW0TmdZ6ZSl0o8y4Dau4S0ZY1wB022TKFE9Jrlphmq0p79dzwx4MHWlmw8
6S6lxrD2eeEhFF8UDhxZk6vNwrQm1trVdTXAVSBYKhjZlwoQLnSiISEdIMFPfgd4
Stde1CGqsEtegYs2E7tGcqvP+Jdq0ltAhz3TU75LStYMZU3VwibbEubqJbpOejkh
03wgcxPgOGRW5snZO9N05tWuAg4fEWU30oc/qnksQTyC
-----END CERTIFICATE-----