This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/h0sYcCt0tlazHfxSPNewc82YrkI.roa
File:                     h0sYcCt0tlazHfxSPNewc82YrkI.roa (raw, json)
Hash identifier:          9p9P/zCe1LEWhaFj3WrwF0Ji1BPlUw7IHsk6bTEUDag=
Subject key identifier:   87:4B:18:70:2B:74:B6:56:B3:1D:FC:52:3C:D7:B0:73:CD:98:AE:42
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019B797F42881F6C3B3EED4F70B6BC323D3D
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/h0sYcCt0tlazHfxSPNewc82YrkI.roa
Signing time:             Thu 01 Jan 2026 12:19:01 +0000
ROA not before:           Thu 01 Jan 2026 12:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215540
IP address blocks:        170.168.136.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:42:88:1f:6c:3b:3e:ed:4f:70:b6:bc:32:3d:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Jan  1 12:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=874b18702b74b656b31dfc523cd7b073cd98ae42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:44:3b:69:20:64:1e:9a:a7:e8:2c:62:3a:aa:
                    f0:19:e7:a6:23:25:b2:10:93:0e:a5:c8:2d:b4:38:
                    64:06:0b:eb:80:fb:f2:ba:69:d1:ae:a0:0e:e3:a0:
                    77:ab:d2:6d:8e:ac:d0:d8:11:3e:0a:96:34:1e:b0:
                    d6:38:2d:36:f0:4e:db:a7:0b:e9:d3:ba:9d:4f:12:
                    36:95:31:38:c6:58:c3:3f:8e:10:49:31:22:3f:4c:
                    ca:2e:df:d9:cc:f0:64:c0:b6:09:d2:53:76:18:0f:
                    1f:a4:e1:31:6e:a3:57:24:e7:e5:da:51:3f:99:5b:
                    52:0f:be:a8:84:e3:99:74:7a:3f:f2:25:5e:f1:83:
                    19:fe:0c:05:0a:65:d3:37:22:34:4e:fd:88:19:61:
                    1c:2f:6a:48:3c:81:34:25:c0:3c:48:42:2a:3b:ed:
                    68:17:25:f2:c0:80:10:0b:64:3e:bd:49:ce:65:d9:
                    59:01:c2:46:e8:2d:0d:1c:d5:3e:1e:50:9a:e4:cd:
                    ca:00:b7:16:ce:1e:c6:ee:4a:d1:c6:38:1e:0d:0d:
                    55:11:0a:ce:e6:88:bb:cf:61:44:7f:1c:b1:fd:e3:
                    1e:11:48:6f:01:a2:64:91:bd:a6:3c:c1:54:9f:f6:
                    26:f8:f1:c2:b2:04:b1:7d:c4:b0:55:80:49:98:1d:
                    b8:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:4B:18:70:2B:74:B6:56:B3:1D:FC:52:3C:D7:B0:73:CD:98:AE:42
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/h0sYcCt0tlazHfxSPNewc82YrkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         51:00:5c:1d:4c:81:15:b3:00:94:12:c1:7e:c1:7b:1d:b7:6c:
         bd:82:7f:ef:5b:e5:8b:6f:fd:bb:a7:a5:62:d8:1b:e6:48:c1:
         45:40:d0:d2:ab:46:97:33:9d:cd:1d:9d:06:28:17:b4:93:4c:
         d5:3e:4b:79:74:46:2e:0f:28:32:97:4f:c0:22:c7:91:58:cd:
         03:bc:16:c8:1b:cb:1f:7d:3e:29:4d:6a:bf:ed:c2:a0:d7:26:
         b0:ab:2d:ab:bb:87:4e:d3:09:74:07:21:48:74:d6:9e:7d:69:
         b2:42:2e:1c:b8:88:4e:4c:54:4b:b3:76:a0:02:75:ad:24:b1:
         c6:6f:d0:5d:44:27:23:f4:5d:ed:b6:e9:99:48:af:93:39:24:
         8f:d7:e0:bf:4c:4f:97:4c:5a:8c:6d:46:57:49:b4:b6:ea:17:
         af:b3:a9:b2:b0:0a:4c:01:a8:ea:6f:e4:b8:4f:23:1a:33:95:
         c8:e3:54:25:85:e2:b8:7e:45:d8:b1:73:6c:bc:31:4a:c8:87:
         6a:e3:38:f7:60:7f:4d:b4:12:80:29:f1:43:da:a9:a1:c3:db:
         7f:10:07:c2:6a:40:82:ee:33:f1:b6:ee:ba:23:87:4b:02:29:
         53:2d:93:60:9d:d8:38:f4:b3:89:cb:68:f5:b7:2c:74:39:87:
         4e:e3:67:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5f0KIH2w7Pu1PcLa8Mj09MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwMTAxMTIxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzRiMTg3MDJiNzRiNjU2YjMxZGZjNTIzY2Q3YjA3M2NkOThhZTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEQ7aSBkHpqn6CxiOqrwGeemIyWy
EJMOpcgttDhkBgvrgPvyumnRrqAO46B3q9JtjqzQ2BE+CpY0HrDWOC028E7bpwvp
07qdTxI2lTE4xljDP44QSTEiP0zKLt/ZzPBkwLYJ0lN2GA8fpOExbqNXJOfl2lE/
mVtSD76ohOOZdHo/8iVe8YMZ/gwFCmXTNyI0Tv2IGWEcL2pIPIE0JcA8SEIqO+1o
FyXywIAQC2Q+vUnOZdlZAcJG6C0NHNU+HlCa5M3KALcWzh7G7krRxjgeDQ1VEQrO
5oi7z2FEfxyx/eMeEUhvAaJkkb2mPMFUn/Ym+PHCsgSxfcSwVYBJmB246wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIdLGHArdLZWsx38UjzXsHPNmK5CMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvaDBzWWNDdDB0bGF6SGZ4U1BOZXdjODJZcmtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCqqiIMA0G
CSqGSIb3DQEBCwUAA4IBAQBRAFwdTIEVswCUEsF+wXsdt2y9gn/vW+WLb/27p6Vi
2BvmSMFFQNDSq0aXM53NHZ0GKBe0k0zVPkt5dEYuDygyl0/AIseRWM0DvBbIG8sf
fT4pTWq/7cKg1yawqy2ru4dO0wl0ByFIdNaefWmyQi4cuIhOTFRLs3agAnWtJLHG
b9BdRCcj9F3ttumZSK+TOSSP1+C/TE+XTFqMbUZXSbS26hevs6mysApMAajqb+S4
TyMaM5XI41QlheK4fkXYsXNsvDFKyIdq4zj3YH9NtBKAKfFD2qmhw9t/EAfCakCC
7jPxtu66I4dLAilTLZNgndg49LOJy2j1tyx0OYdO42cx
-----END CERTIFICATE-----