This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/d814b4-02b1-4fb3-acef-1601d41fdc1f/1/2KUHS5LVkDhMjwhw1VzfC6cPGAc.roa
File:                     2KUHS5LVkDhMjwhw1VzfC6cPGAc.roa (raw, json)
Hash identifier:          1jH7/SA5/GdwWT+Ps3WcqV+9OYqbYvLUuoLuw+3ezww=
Subject key identifier:   D8:A5:07:4B:92:D5:90:38:4C:8F:08:70:D5:5C:DF:0B:A7:0F:18:07
Certificate issuer:       /CN=8b4db87a497a15ba79a706d12ee904c4449d1b55
Certificate serial:       019B7EA7185C1286322A0F5F2E1742855982
Authority key identifier: 8B:4D:B8:7A:49:7A:15:BA:79:A7:06:D1:2E:E9:04:C4:44:9D:1B:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i024ekl6Fbp5pwbRLukExESdG1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/d814b4-02b1-4fb3-acef-1601d41fdc1f/1/2KUHS5LVkDhMjwhw1VzfC6cPGAc.roa
Signing time:             Fri 02 Jan 2026 12:20:38 +0000
ROA not before:           Fri 02 Jan 2026 12:20:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198115
IP address blocks:        194.126.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/d814b4-02b1-4fb3-acef-1601d41fdc1f/1/i024ekl6Fbp5pwbRLukExESdG1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/d814b4-02b1-4fb3-acef-1601d41fdc1f/1/i024ekl6Fbp5pwbRLukExESdG1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i024ekl6Fbp5pwbRLukExESdG1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:18:5c:12:86:32:2a:0f:5f:2e:17:42:85:59:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b4db87a497a15ba79a706d12ee904c4449d1b55
        Validity
            Not Before: Jan  2 12:20:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d8a5074b92d590384c8f0870d55cdf0ba70f1807
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:50:a8:be:e4:3c:94:76:ed:00:44:68:fa:93:
                    f4:7e:b8:a6:e3:bf:34:9c:af:33:78:de:fa:a5:ac:
                    06:f3:f1:78:2c:07:00:6a:ae:b2:1e:16:99:9c:50:
                    63:89:9a:1e:4b:00:34:42:44:1e:b7:63:51:87:c4:
                    cb:7d:1d:0b:65:21:88:3a:e1:b0:11:fa:ec:8d:53:
                    16:bd:17:b1:e3:2b:25:be:0c:aa:67:78:f6:bf:4a:
                    22:99:63:db:83:28:74:97:f7:ba:5b:fb:90:1a:9b:
                    55:03:4a:6f:0d:09:79:23:84:d8:fe:ae:a9:34:ff:
                    13:9c:8d:e7:9f:27:61:a9:9c:b0:f2:49:e8:b3:cf:
                    f9:d5:7d:1e:0d:1e:ca:d8:ea:46:58:53:d7:11:7a:
                    fb:70:ce:a3:71:de:8a:31:2c:dd:c3:d2:87:55:d1:
                    11:98:e9:4e:db:ea:47:5f:9a:4d:a2:2b:2b:bb:2b:
                    da:f5:cb:99:56:87:54:6a:1d:47:7e:3b:47:07:2e:
                    06:5a:58:ad:7d:f1:97:10:6b:ed:b1:7e:77:d4:c4:
                    4c:cc:cb:aa:84:6b:30:af:65:3c:de:fc:ee:5c:1b:
                    4d:43:2f:98:ea:f8:98:94:a7:f0:73:c2:70:b6:67:
                    fd:26:0d:bb:9f:4b:d9:35:7a:28:c2:c7:0f:04:dd:
                    e6:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:A5:07:4B:92:D5:90:38:4C:8F:08:70:D5:5C:DF:0B:A7:0F:18:07
            X509v3 Authority Key Identifier:
                keyid:8B:4D:B8:7A:49:7A:15:BA:79:A7:06:D1:2E:E9:04:C4:44:9D:1B:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i024ekl6Fbp5pwbRLukExESdG1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/d814b4-02b1-4fb3-acef-1601d41fdc1f/1/2KUHS5LVkDhMjwhw1VzfC6cPGAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/d814b4-02b1-4fb3-acef-1601d41fdc1f/1/i024ekl6Fbp5pwbRLukExESdG1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:93:27:14:7a:de:03:9a:3c:7a:8a:b1:86:17:be:f5:58:af:
         fa:11:5b:24:e3:7c:61:d1:88:ec:7c:c3:60:67:41:b7:16:07:
         66:59:9a:27:18:fe:cf:a3:ec:5c:66:3c:58:c2:a4:e2:87:d0:
         24:5d:e2:cf:a8:88:ef:29:0a:a6:d3:cf:3c:e7:af:82:70:5e:
         e4:64:21:87:59:ba:3c:b8:9c:d0:2b:eb:34:61:f0:87:ab:a5:
         ee:72:bb:e5:ba:d6:d4:f3:cf:56:b6:43:a7:96:0a:b5:f3:ca:
         a3:2e:d6:5e:d0:d4:8c:21:f8:bc:c2:08:0f:22:4e:15:f4:ba:
         a3:d1:0d:e4:44:ac:60:5f:2f:42:4c:b5:f5:90:86:aa:5d:cc:
         80:01:7d:db:e0:e2:6f:59:db:57:5d:20:3b:bf:f5:d1:b4:ec:
         dd:fa:7c:6c:7e:56:21:e2:a8:58:64:20:f5:25:7c:f3:d4:5a:
         27:a4:b4:32:b5:8c:53:e8:3b:3a:ec:f4:4b:72:22:c3:63:e0:
         f8:bf:20:26:63:c6:7f:93:2b:f2:4e:d4:45:a9:73:c7:19:94:
         61:4f:06:d7:70:c8:aa:88:dc:45:2a:5f:4d:8f:10:66:45:28:
         02:8c:2e:e9:10:06:c0:53:02:83:a8:36:99:d6:e0:21:74:c7:
         f6:39:69:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pxhcEoYyKg9fLhdChVmCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNGRiODdhNDk3YTE1YmE3OWE3MDZkMTJlZTkwNGM0NDQ5
ZDFiNTUwHhcNMjYwMTAyMTIyMDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGE1MDc0YjkyZDU5MDM4NGM4ZjA4NzBkNTVjZGYwYmE3MGYxODA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1CovuQ8lHbtAERo+pP0frim4780
nK8zeN76pawG8/F4LAcAaq6yHhaZnFBjiZoeSwA0QkQet2NRh8TLfR0LZSGIOuGw
EfrsjVMWvRex4yslvgyqZ3j2v0oimWPbgyh0l/e6W/uQGptVA0pvDQl5I4TY/q6p
NP8TnI3nnydhqZyw8knos8/51X0eDR7K2OpGWFPXEXr7cM6jcd6KMSzdw9KHVdER
mOlO2+pHX5pNoisruyva9cuZVodUah1HfjtHBy4GWlitffGXEGvtsX531MRMzMuq
hGswr2U83vzuXBtNQy+Y6viYlKfwc8Jwtmf9Jg27n0vZNXoowscPBN3mFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNilB0uS1ZA4TI8IcNVc3wunDxgHMB8GA1UdIwQY
MBaAFItNuHpJehW6eacG0S7pBMREnRtVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTAyNGVrbDZGYnA1cHdiUkx1a0V4RVNkRzFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9kODE0YjQtMDJiMS00ZmIzLWFjZWYt
MTYwMWQ0MWZkYzFmLzEvMktVSFM1TFZrRGhNandodzFWemZDNmNQR0FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9kODE0YjQtMDJiMS00ZmIzLWFjZWYtMTYwMWQ0MWZkYzFm
LzEvaTAyNGVrbDZGYnA1cHdiUkx1a0V4RVNkRzFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn7oMA0G
CSqGSIb3DQEBCwUAA4IBAQDGkycUet4Dmjx6irGGF771WK/6EVsk43xh0YjsfMNg
Z0G3FgdmWZonGP7Po+xcZjxYwqTih9AkXeLPqIjvKQqm088856+CcF7kZCGHWbo8
uJzQK+s0YfCHq6XucrvlutbU889WtkOnlgq188qjLtZe0NSMIfi8wggPIk4V9Lqj
0Q3kRKxgXy9CTLX1kIaqXcyAAX3b4OJvWdtXXSA7v/XRtOzd+nxsflYh4qhYZCD1
JXzz1FonpLQytYxT6Ds67PRLciLDY+D4vyAmY8Z/kyvyTtRFqXPHGZRhTwbXcMiq
iNxFKl9NjxBmRSgCjC7pEAbAUwKDqDaZ1uAhdMf2OWkK
-----END CERTIFICATE-----