This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/6kHXGgT89v6lDauvrrIDf_tZADI.roa
File:                     6kHXGgT89v6lDauvrrIDf_tZADI.roa (raw, json)
Hash identifier:          4Bzh7brDF5yrfdZSSwARwJRw98UbYl61jVu1+dOgNwM=
Subject key identifier:   EA:41:D7:1A:04:FC:F6:FE:A5:0D:AB:AF:AE:B2:03:7F:FB:59:00:32
Certificate issuer:       /CN=d98247d3f81472dbba06dbea9bd19c785d18babe
Certificate serial:       019B7BA4FCE622A7C556B68A69A22152D726
Authority key identifier: D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/6kHXGgT89v6lDauvrrIDf_tZADI.roa
Signing time:             Thu 01 Jan 2026 22:19:28 +0000
ROA not before:           Thu 01 Jan 2026 22:19:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400040
IP address blocks:        194.169.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:fc:e6:22:a7:c5:56:b6:8a:69:a2:21:52:d7:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d98247d3f81472dbba06dbea9bd19c785d18babe
        Validity
            Not Before: Jan  1 22:19:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ea41d71a04fcf6fea50dabafaeb2037ffb590032
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:8a:17:4c:86:b0:67:1a:0d:b3:c1:83:07:7f:
                    eb:bf:8a:3a:24:f3:f5:e2:b9:c1:cc:d9:42:97:3e:
                    ac:88:e5:3a:a9:88:3d:3e:49:ec:a7:a7:be:12:6a:
                    85:82:e3:78:97:d4:a0:51:c1:36:a0:21:7a:1a:24:
                    8a:6a:72:25:9e:cf:38:b0:8d:30:bb:74:8d:8b:11:
                    4a:4e:90:ab:7d:85:78:cc:45:80:5a:ac:56:b5:90:
                    39:e2:73:bd:61:81:73:c0:e0:b8:eb:31:45:b2:05:
                    47:79:30:fb:e7:a7:85:ec:2d:82:e1:c7:0c:7f:2c:
                    00:7f:d7:69:6f:95:4d:c8:ba:3d:83:90:43:ef:26:
                    7c:29:45:59:14:5c:3f:56:b9:25:cb:45:0f:c0:a6:
                    01:a1:c2:35:56:cb:c9:e0:f4:fd:c4:d7:a9:de:2e:
                    ad:f3:87:9f:e5:7d:ab:bb:08:63:72:71:58:f9:16:
                    75:d8:0f:4b:17:57:bc:89:cb:32:4a:18:d5:b9:7d:
                    92:8f:33:39:76:51:de:3f:ef:84:1b:e8:2a:ea:e7:
                    03:dc:65:e2:02:cb:7a:aa:d0:b9:e1:6a:54:fb:a6:
                    e6:1c:11:f4:ff:59:29:31:eb:2f:b7:dc:95:99:a1:
                    a0:d1:eb:ec:c6:94:f5:02:33:25:74:f0:e3:e5:8b:
                    9d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:41:D7:1A:04:FC:F6:FE:A5:0D:AB:AF:AE:B2:03:7F:FB:59:00:32
            X509v3 Authority Key Identifier:
                keyid:D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/6kHXGgT89v6lDauvrrIDf_tZADI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:39:1a:cf:1f:6d:05:c9:be:3d:09:bb:83:4a:3c:42:47:5b:
         f6:05:51:1a:c6:92:2d:b4:6a:0e:ed:bf:43:00:b4:76:20:2d:
         31:f8:af:d0:d3:2a:db:23:2e:66:bc:17:0a:73:6a:f8:3d:eb:
         ef:97:97:ab:0e:c0:aa:f5:c1:29:ec:28:cc:12:b8:d8:f6:d6:
         5c:99:4f:b4:b6:ba:43:a5:36:57:91:69:30:ac:a1:a6:ec:40:
         cd:69:9d:00:0b:a1:f8:30:4d:23:cc:11:13:6a:5b:6d:c1:ad:
         38:fd:e6:36:a1:19:74:e3:5b:cf:9b:13:9e:f3:00:62:42:e7:
         f6:67:12:90:83:b0:70:08:61:de:bf:07:74:16:ad:d9:f0:c7:
         39:2a:39:aa:aa:68:d7:f4:78:23:5c:e4:00:86:c3:64:81:12:
         0e:d7:68:8f:fc:4e:e8:71:56:a9:0f:dd:78:78:67:b5:b3:c1:
         7e:c2:73:4b:aa:bb:a9:c2:6f:55:e7:8b:dc:83:d4:91:69:6c:
         b6:12:7a:ed:c3:77:e8:0d:48:22:86:b1:14:b6:df:f7:a9:7e:
         42:38:37:b9:d5:cf:0d:20:13:7a:ee:eb:b6:75:40:76:92:e4:
         60:28:89:85:e3:34:00:a2:7a:e2:58:13:c4:63:5d:ef:0e:d7:
         e6:d9:6f:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pPzmIqfFVraKaaIhUtcmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ODI0N2QzZjgxNDcyZGJiYTA2ZGJlYTliZDE5Yzc4NWQx
OGJhYmUwHhcNMjYwMTAxMjIxOTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTQxZDcxYTA0ZmNmNmZlYTUwZGFiYWZhZWIyMDM3ZmZiNTkwMDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtooXTIawZxoNs8GDB3/rv4o6JPP1
4rnBzNlClz6siOU6qYg9Pknsp6e+EmqFguN4l9SgUcE2oCF6GiSKanIlns84sI0w
u3SNixFKTpCrfYV4zEWAWqxWtZA54nO9YYFzwOC46zFFsgVHeTD756eF7C2C4ccM
fywAf9dpb5VNyLo9g5BD7yZ8KUVZFFw/Vrkly0UPwKYBocI1VsvJ4PT9xNep3i6t
84ef5X2ruwhjcnFY+RZ12A9LF1e8icsyShjVuX2SjzM5dlHeP++EG+gq6ucD3GXi
Ast6qtC54WpU+6bmHBH0/1kpMesvt9yVmaGg0evsxpT1AjMldPDj5YudFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOpB1xoE/Pb+pQ2rr66yA3/7WQAyMB8GA1UdIwQY
MBaAFNmCR9P4FHLbugbb6pvRnHhdGLq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgt
YTMwMzI2MTU2NjBjLzEvNmtIWEdnVDg5djZsRGF1dnJySURmX3RaQURJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgtYTMwMzI2MTU2NjBj
LzEvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqkxMA0G
CSqGSIb3DQEBCwUAA4IBAQBZORrPH20Fyb49CbuDSjxCR1v2BVEaxpIttGoO7b9D
ALR2IC0x+K/Q0yrbIy5mvBcKc2r4Pevvl5erDsCq9cEp7CjMErjY9tZcmU+0trpD
pTZXkWkwrKGm7EDNaZ0AC6H4ME0jzBETalttwa04/eY2oRl041vPmxOe8wBiQuf2
ZxKQg7BwCGHevwd0Fq3Z8Mc5KjmqqmjX9HgjXOQAhsNkgRIO12iP/E7ocVapD914
eGe1s8F+wnNLqrupwm9V54vcg9SRaWy2Enrtw3foDUgihrEUtt/3qX5CODe51c8N
IBN67uu2dUB2kuRgKImF4zQAonriWBPEY13vDtfm2W+D
-----END CERTIFICATE-----