This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/H2T8PA1785l6gX-iVp9IuPaA4Nc.roa
File:                     H2T8PA1785l6gX-iVp9IuPaA4Nc.roa (raw, json)
Hash identifier:          6faWeYIv5Ai9qI/fX55pW1xZn22WZewYCnXhS25+v6I=
Subject key identifier:   1F:64:FC:3C:0D:7B:F3:99:7A:81:7F:A2:56:9F:48:B8:F6:80:E0:D7
Certificate issuer:       /CN=a8e75802e7efb8653e3af59cbf1bc06538bca671
Certificate serial:       019B79113754D0987BAE209A37D220032113
Authority key identifier: A8:E7:58:02:E7:EF:B8:65:3E:3A:F5:9C:BF:1B:C0:65:38:BC:A6:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qOdYAufvuGU-OvWcvxvAZTi8pnE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/H2T8PA1785l6gX-iVp9IuPaA4Nc.roa
Signing time:             Thu 01 Jan 2026 10:18:49 +0000
ROA not before:           Thu 01 Jan 2026 10:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12357
IP address blocks:        185.111.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/qOdYAufvuGU-OvWcvxvAZTi8pnE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/qOdYAufvuGU-OvWcvxvAZTi8pnE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qOdYAufvuGU-OvWcvxvAZTi8pnE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:37:54:d0:98:7b:ae:20:9a:37:d2:20:03:21:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8e75802e7efb8653e3af59cbf1bc06538bca671
        Validity
            Not Before: Jan  1 10:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f64fc3c0d7bf3997a817fa2569f48b8f680e0d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:7b:f7:03:d1:73:81:47:b0:2c:25:39:0a:2d:
                    43:cc:dc:b5:c4:9d:6e:aa:52:73:0a:a9:36:a8:bd:
                    4a:09:e8:1d:1b:a3:4d:43:6b:54:76:53:e0:68:39:
                    dd:43:5b:a1:22:88:4a:17:8f:5c:c1:3b:d9:1d:59:
                    78:82:4d:c3:ba:4f:d1:1e:6f:53:c0:2b:a0:c3:1b:
                    b3:81:df:b9:83:6e:d5:d8:44:de:5a:86:98:0e:4e:
                    cd:3e:d1:9a:d4:83:f4:63:6b:34:25:d4:bd:d8:31:
                    8a:2f:56:36:db:68:d2:22:3d:cb:e7:7d:74:a1:7c:
                    07:12:4e:ec:8c:dd:3b:1c:f3:23:6b:e7:bc:93:4f:
                    96:f3:3a:37:a0:2c:15:27:9b:a1:33:ad:fb:42:27:
                    36:47:c4:c3:0b:93:ab:23:1d:ae:91:70:f0:37:f2:
                    fd:ff:90:63:d4:24:cd:a2:18:9a:40:fb:b1:87:40:
                    43:79:e2:fc:b6:92:e5:04:20:2b:bf:72:c4:42:d4:
                    b5:96:2d:03:bb:27:1f:d6:70:c8:f1:be:bf:b5:34:
                    4e:d0:a5:41:78:a9:1d:c0:79:5c:0b:a1:b0:b2:6f:
                    52:da:7d:a7:2e:d5:35:9f:8f:a3:eb:4b:b0:6a:a9:
                    86:b6:e8:eb:c0:1f:f3:e5:78:52:60:cb:54:08:4d:
                    9c:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:64:FC:3C:0D:7B:F3:99:7A:81:7F:A2:56:9F:48:B8:F6:80:E0:D7
            X509v3 Authority Key Identifier:
                keyid:A8:E7:58:02:E7:EF:B8:65:3E:3A:F5:9C:BF:1B:C0:65:38:BC:A6:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qOdYAufvuGU-OvWcvxvAZTi8pnE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/H2T8PA1785l6gX-iVp9IuPaA4Nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/qOdYAufvuGU-OvWcvxvAZTi8pnE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:a0:a6:b9:4e:58:47:4b:04:86:61:84:21:66:16:a0:40:c6:
         41:71:a1:19:b7:7e:20:83:d5:9f:7e:4f:b4:d2:0d:87:f5:e6:
         e8:be:f3:98:fe:6d:b9:3d:ce:99:1a:19:a9:e9:6b:2e:fe:59:
         11:da:d1:15:1e:48:f5:32:37:46:18:e8:55:da:03:28:8f:b0:
         00:92:81:e6:1f:5b:eb:9a:01:ad:08:6b:da:ee:a4:c5:7c:c9:
         97:18:8a:1b:ed:33:3a:a1:0d:de:84:09:e8:2c:04:d6:82:ae:
         0e:23:52:28:c3:6d:4c:38:28:a3:0b:c8:db:e2:8a:ae:52:98:
         b6:d1:61:bd:47:3a:c5:1c:c3:3a:f0:c1:2d:4b:e8:d7:c3:6f:
         52:87:39:1e:b2:9f:83:f2:20:46:6a:fb:9d:2c:ca:00:14:98:
         86:00:76:bd:02:8a:59:6c:c2:9e:7f:dd:f4:59:17:26:4f:4f:
         72:fa:db:9b:e6:80:4f:3e:c7:6a:b9:f7:12:e6:aa:9a:a5:1a:
         fa:b6:d0:e8:28:91:3b:32:8d:e3:b9:41:5a:a0:60:4e:43:9e:
         59:68:7b:31:69:17:95:6c:b2:cb:59:8c:49:df:42:b5:39:7f:
         7d:dd:e1:b5:84:67:30:31:17:25:0b:54:16:4e:a0:56:2d:70:
         b6:c7:ec:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ETdU0Jh7riCaN9IgAyETMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ZTc1ODAyZTdlZmI4NjUzZTNhZjU5Y2JmMWJjMDY1Mzhi
Y2E2NzEwHhcNMjYwMTAxMTAxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjY0ZmMzYzBkN2JmMzk5N2E4MTdmYTI1NjlmNDhiOGY2ODBlMGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnv3A9FzgUewLCU5Ci1DzNy1xJ1u
qlJzCqk2qL1KCegdG6NNQ2tUdlPgaDndQ1uhIohKF49cwTvZHVl4gk3Duk/RHm9T
wCugwxuzgd+5g27V2ETeWoaYDk7NPtGa1IP0Y2s0JdS92DGKL1Y222jSIj3L5310
oXwHEk7sjN07HPMja+e8k0+W8zo3oCwVJ5uhM637Qic2R8TDC5OrIx2ukXDwN/L9
/5Bj1CTNohiaQPuxh0BDeeL8tpLlBCArv3LEQtS1li0Duycf1nDI8b6/tTRO0KVB
eKkdwHlcC6Gwsm9S2n2nLtU1n4+j60uwaqmGtujrwB/z5XhSYMtUCE2cdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB9k/DwNe/OZeoF/olafSLj2gODXMB8GA1UdIwQY
MBaAFKjnWALn77hlPjr1nL8bwGU4vKZxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU9kWUF1ZnZ1R1UtT3ZXY3Z4dkFaVGk4cG5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82MjU2YjYtMzZhMS00ZjJmLWEwYjkt
NDExZjU4MzdmZWZhLzEvSDJUOFBBMTc4NWw2Z1gtaVZwOUl1UGFBNE5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82MjU2YjYtMzZhMS00ZjJmLWEwYjktNDExZjU4MzdmZWZh
LzEvcU9kWUF1ZnZ1R1UtT3ZXY3Z4dkFaVGk4cG5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuW/8MA0G
CSqGSIb3DQEBCwUAA4IBAQBroKa5TlhHSwSGYYQhZhagQMZBcaEZt34gg9Wffk+0
0g2H9ebovvOY/m25Pc6ZGhmp6Wsu/lkR2tEVHkj1MjdGGOhV2gMoj7AAkoHmH1vr
mgGtCGva7qTFfMmXGIob7TM6oQ3ehAnoLATWgq4OI1Iow21MOCijC8jb4oquUpi2
0WG9RzrFHMM68MEtS+jXw29Shzkesp+D8iBGavudLMoAFJiGAHa9AopZbMKef930
WRcmT09y+tub5oBPPsdqufcS5qqapRr6ttDoKJE7Mo3juUFaoGBOQ55ZaHsxaReV
bLLLWYxJ30K1OX993eG1hGcwMRclC1QWTqBWLXC2x+w9
-----END CERTIFICATE-----