This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/2f5f22-7439-4208-8b39-7d11fcf17123/1/R2homvSPlS0ZNmTrlajY_zO_3zQ.roa
File:                     R2homvSPlS0ZNmTrlajY_zO_3zQ.roa (raw, json)
Hash identifier:          up0EjA2CeJ2YIvafcu9UiDmzcn/ykgETYaqOziBtni8=
Subject key identifier:   47:68:68:9A:F4:8F:95:2D:19:36:64:EB:95:A8:D8:FF:33:BF:DF:34
Certificate issuer:       /CN=b0701346bad55df7f5dc818bbbbcfbb7db1070ab
Certificate serial:       019B7F151044A28E939C978EF8DACEF0EE2F
Authority key identifier: B0:70:13:46:BA:D5:5D:F7:F5:DC:81:8B:BB:BC:FB:B7:DB:10:70:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sHATRrrVXff13IGLu7z7t9sQcKs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/2f5f22-7439-4208-8b39-7d11fcf17123/1/R2homvSPlS0ZNmTrlajY_zO_3zQ.roa
Signing time:             Fri 02 Jan 2026 14:20:45 +0000
ROA not before:           Fri 02 Jan 2026 14:20:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        195.38.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/2f5f22-7439-4208-8b39-7d11fcf17123/1/sHATRrrVXff13IGLu7z7t9sQcKs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/2f5f22-7439-4208-8b39-7d11fcf17123/1/sHATRrrVXff13IGLu7z7t9sQcKs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sHATRrrVXff13IGLu7z7t9sQcKs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:10:44:a2:8e:93:9c:97:8e:f8:da:ce:f0:ee:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0701346bad55df7f5dc818bbbbcfbb7db1070ab
        Validity
            Not Before: Jan  2 14:20:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4768689af48f952d193664eb95a8d8ff33bfdf34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:e7:27:25:bf:74:55:a2:ed:89:c3:0a:3d:95:
                    70:7c:e8:b7:15:d4:ca:2a:a0:da:2e:29:0f:a0:64:
                    46:23:bc:97:33:57:ea:3e:e3:b8:0a:8d:62:1f:7d:
                    55:db:dd:90:07:72:de:11:56:84:50:d4:c7:55:c9:
                    e3:a6:06:01:0c:be:e5:f9:13:60:87:22:39:37:43:
                    be:77:90:8b:f8:3c:58:41:6c:8d:91:da:56:fd:df:
                    83:77:f3:27:6e:b2:b3:ed:48:cb:18:55:74:aa:4b:
                    8d:1c:71:53:97:3a:6a:21:96:4f:8a:96:f7:00:3c:
                    cd:bc:75:a8:84:ab:20:77:a7:88:1c:16:f5:c0:7f:
                    2e:05:f7:69:e3:cc:4c:0c:a3:29:cf:73:9d:6d:23:
                    da:fd:ab:32:6b:fc:a8:b4:24:65:51:4f:60:92:b7:
                    d5:37:46:aa:7d:5d:b4:8d:bf:4f:eb:e3:ee:05:bc:
                    4c:ae:a7:68:8a:00:ec:27:e9:c5:a6:74:3f:e0:c8:
                    e6:5c:10:6d:21:5c:19:96:02:63:9f:a4:4e:c9:b4:
                    d5:81:4a:de:66:aa:45:fd:17:65:3d:32:d0:51:f9:
                    f2:e4:52:06:91:6d:aa:65:36:03:f1:8f:86:43:fd:
                    c0:9c:55:89:d9:fd:85:5a:32:25:ab:67:96:f7:73:
                    fe:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:68:68:9A:F4:8F:95:2D:19:36:64:EB:95:A8:D8:FF:33:BF:DF:34
            X509v3 Authority Key Identifier:
                keyid:B0:70:13:46:BA:D5:5D:F7:F5:DC:81:8B:BB:BC:FB:B7:DB:10:70:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHATRrrVXff13IGLu7z7t9sQcKs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/2f5f22-7439-4208-8b39-7d11fcf17123/1/R2homvSPlS0ZNmTrlajY_zO_3zQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/2f5f22-7439-4208-8b39-7d11fcf17123/1/sHATRrrVXff13IGLu7z7t9sQcKs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.38.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:ef:8f:ed:47:01:fb:57:4a:10:bf:bf:33:e9:0b:64:be:57:
         68:13:76:af:9c:4b:cf:4d:87:ae:0a:bb:da:9e:05:4e:25:fe:
         9a:e4:e0:ab:cd:04:bb:35:4e:c0:58:69:c9:12:63:c5:30:6d:
         66:b1:17:83:2e:99:1a:7f:2c:2b:e1:61:99:9a:1a:2b:4e:9f:
         41:1b:b8:70:bb:83:4b:1a:e2:73:da:c4:9c:b4:ab:6d:cf:a8:
         4f:54:29:2d:9d:9f:87:59:fe:20:79:63:d5:97:fb:92:cd:d2:
         f6:c4:cf:58:19:72:5e:88:3a:0e:f1:d0:dc:22:d9:90:8d:2d:
         82:0c:ff:6f:26:0e:f1:c9:0b:0d:0a:cb:6e:5a:05:49:f5:fe:
         07:21:da:4e:96:f4:fa:e1:0a:f8:df:8e:78:50:41:1b:76:6a:
         80:ef:f3:83:bd:04:f7:82:f2:e3:46:6f:40:30:03:6d:31:ed:
         7a:a2:7b:30:a6:05:36:d9:73:f6:0e:41:d1:f3:6b:fa:bd:8e:
         42:42:be:41:6a:69:85:41:35:66:ef:b0:2a:60:8e:e9:de:6a:
         8c:91:cc:f7:a7:85:37:0c:f6:22:ff:4f:36:38:0f:ee:aa:9f:
         75:86:fc:45:e8:02:09:95:ef:9c:5e:58:90:22:d2:7c:d9:ac:
         dd:4d:df:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FRBEoo6TnJeO+NrO8O4vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNzAxMzQ2YmFkNTVkZjdmNWRjODE4YmJiYmNmYmI3ZGIx
MDcwYWIwHhcNMjYwMTAyMTQyMDQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzY4Njg5YWY0OGY5NTJkMTkzNjY0ZWI5NWE4ZDhmZjMzYmZkZjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9ucnJb90VaLticMKPZVwfOi3FdTK
KqDaLikPoGRGI7yXM1fqPuO4Co1iH31V292QB3LeEVaEUNTHVcnjpgYBDL7l+RNg
hyI5N0O+d5CL+DxYQWyNkdpW/d+Dd/MnbrKz7UjLGFV0qkuNHHFTlzpqIZZPipb3
ADzNvHWohKsgd6eIHBb1wH8uBfdp48xMDKMpz3OdbSPa/asya/yotCRlUU9gkrfV
N0aqfV20jb9P6+PuBbxMrqdoigDsJ+nFpnQ/4MjmXBBtIVwZlgJjn6ROybTVgUre
ZqpF/RdlPTLQUfny5FIGkW2qZTYD8Y+GQ/3AnFWJ2f2FWjIlq2eW93P+nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdoaJr0j5UtGTZk65Wo2P8zv980MB8GA1UdIwQY
MBaAFLBwE0a61V339dyBi7u8+7fbEHCrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hBVFJyclZYZmYxM0lHTHU3ejd0OXNRY0tzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8yZjVmMjItNzQzOS00MjA4LThiMzkt
N2QxMWZjZjE3MTIzLzEvUjJob212U1BsUzBaTm1Ucmxhallfek9fM3pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8yZjVmMjItNzQzOS00MjA4LThiMzktN2QxMWZjZjE3MTIz
LzEvc0hBVFJyclZYZmYxM0lHTHU3ejd0OXNRY0tzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyYTMA0G
CSqGSIb3DQEBCwUAA4IBAQAk74/tRwH7V0oQv78z6QtkvldoE3avnEvPTYeuCrva
ngVOJf6a5OCrzQS7NU7AWGnJEmPFMG1msReDLpkafywr4WGZmhorTp9BG7hwu4NL
GuJz2sSctKttz6hPVCktnZ+HWf4geWPVl/uSzdL2xM9YGXJeiDoO8dDcItmQjS2C
DP9vJg7xyQsNCstuWgVJ9f4HIdpOlvT64Qr43454UEEbdmqA7/ODvQT3gvLjRm9A
MANtMe16onswpgU22XP2DkHR82v6vY5CQr5BammFQTVm77AqYI7p3mqMkcz3p4U3
DPYi/082OA/uqp91hvxF6AIJle+cXliQItJ82azdTd/u
-----END CERTIFICATE-----