This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/AWHaORGX24I0sdCluLMaVOvK0FY.roa
File:                     AWHaORGX24I0sdCluLMaVOvK0FY.roa (raw, json)
Hash identifier:          mCxXxun1/CuTlNEsrpeFvjxJV7ObtfJSNghx6IMERP0=
Subject key identifier:   01:61:DA:39:11:97:DB:82:34:B1:D0:A5:B8:B3:1A:54:EB:CA:D0:56
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019B7E37B12F530EAFA147C39414DFAA4C78
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/AWHaORGX24I0sdCluLMaVOvK0FY.roa
Signing time:             Fri 02 Jan 2026 10:18:57 +0000
ROA not before:           Fri 02 Jan 2026 10:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14178
IP address blocks:        185.70.112.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 00:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:b1:2f:53:0e:af:a1:47:c3:94:14:df:aa:4c:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jan  2 10:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0161da391197db8234b1d0a5b8b31a54ebcad056
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:bc:fa:ff:29:9b:15:6a:12:94:41:4e:47:6d:
                    96:66:f3:69:b6:1d:df:79:f0:4c:d1:7a:6f:2e:ec:
                    c3:df:52:ec:60:be:55:42:0b:0b:a9:da:13:10:5a:
                    37:23:f9:2b:fe:94:da:c2:79:fa:0b:33:71:0e:1b:
                    f2:1d:9e:54:b1:1c:ac:c4:bf:e3:c8:3c:21:5e:eb:
                    55:3f:72:86:be:63:fc:dc:29:55:c0:70:25:fe:ed:
                    7f:30:ef:88:c0:5a:bb:1c:7c:6e:a9:62:5e:1a:ef:
                    f0:f1:9d:b6:a3:3f:a9:56:56:5f:a4:a7:80:db:f2:
                    0c:ac:96:18:ad:e9:2a:5d:29:e6:7f:95:6c:a2:6b:
                    b7:dc:a2:95:46:af:1d:bf:de:30:8e:6f:94:c0:25:
                    5c:62:4f:41:99:10:82:10:6b:0c:b5:2b:76:6c:7a:
                    e9:43:15:77:9b:68:bf:37:67:25:be:51:74:51:7d:
                    e6:a2:45:a3:39:2f:0a:14:2c:59:88:c3:32:32:75:
                    40:40:bd:86:64:19:c0:ae:bd:1f:78:96:33:7f:bc:
                    e1:8f:08:59:4f:9f:d1:7b:ae:b9:db:a3:1f:a0:3c:
                    f4:1d:a0:1e:3f:71:82:48:31:12:b2:a9:ee:90:21:
                    ae:66:ab:0c:4a:3f:83:4a:ae:f5:72:b3:d1:52:41:
                    75:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:61:DA:39:11:97:DB:82:34:B1:D0:A5:B8:B3:1A:54:EB:CA:D0:56
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/AWHaORGX24I0sdCluLMaVOvK0FY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.70.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:72:f8:c7:02:b8:1e:74:43:1f:ad:d7:65:30:21:12:98:8a:
         d7:ea:9e:5f:4a:5d:9f:da:ba:8c:8e:44:ee:28:0f:02:28:f8:
         08:4b:0e:b1:47:62:d2:71:8f:66:47:c4:58:37:c7:73:83:ae:
         65:d3:48:0e:07:5d:58:c4:42:db:76:bc:84:31:05:55:8c:c6:
         24:51:18:3e:7b:66:10:0b:a3:8f:64:85:6f:30:e0:84:16:78:
         e3:d8:c1:d1:da:19:ff:3e:3f:16:51:f2:f0:a1:55:20:d5:69:
         3c:98:8e:d9:94:d6:cf:e9:9c:5f:ea:46:8f:7b:90:e4:d0:f9:
         a7:68:28:5e:d8:54:f0:ee:0a:0d:78:df:64:68:67:ce:ab:46:
         58:e7:37:a2:55:52:28:96:59:5a:bb:9b:15:29:1a:d5:6a:5e:
         1c:35:ce:d5:16:1c:08:22:17:d1:95:cb:5d:d7:c7:37:d3:55:
         a0:77:45:c4:36:07:f1:60:bd:09:98:aa:f5:8f:29:dc:f7:d6:
         e1:b6:0c:f0:33:d2:a1:97:54:28:25:a2:ca:9b:79:8e:01:1d:
         e5:2a:e8:6d:4b:99:6f:76:7f:cf:1f:9b:a1:c0:c0:7c:20:8d:
         52:79:75:b7:0b:5d:1e:71:30:95:73:ef:48:13:4b:38:60:4a:
         db:9d:2c:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N7EvUw6voUfDlBTfqkx4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMTAyMTAxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTYxZGEzOTExOTdkYjgyMzRiMWQwYTViOGIzMWE1NGViY2FkMDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrz6/ymbFWoSlEFOR22WZvNpth3f
efBM0XpvLuzD31LsYL5VQgsLqdoTEFo3I/kr/pTawnn6CzNxDhvyHZ5UsRysxL/j
yDwhXutVP3KGvmP83ClVwHAl/u1/MO+IwFq7HHxuqWJeGu/w8Z22oz+pVlZfpKeA
2/IMrJYYrekqXSnmf5Vsomu33KKVRq8dv94wjm+UwCVcYk9BmRCCEGsMtSt2bHrp
QxV3m2i/N2clvlF0UX3mokWjOS8KFCxZiMMyMnVAQL2GZBnArr0feJYzf7zhjwhZ
T5/Re66526MfoDz0HaAeP3GCSDESsqnukCGuZqsMSj+DSq71crPRUkF1ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAFh2jkRl9uCNLHQpbizGlTrytBWMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvQVdIYU9SR1gyNEkwc2RDbHVMTWFWT3ZLMEZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUZwMA0G
CSqGSIb3DQEBCwUAA4IBAQA3cvjHArgedEMfrddlMCESmIrX6p5fSl2f2rqMjkTu
KA8CKPgISw6xR2LScY9mR8RYN8dzg65l00gOB11YxELbdryEMQVVjMYkURg+e2YQ
C6OPZIVvMOCEFnjj2MHR2hn/Pj8WUfLwoVUg1Wk8mI7ZlNbP6Zxf6kaPe5Dk0Pmn
aChe2FTw7goNeN9kaGfOq0ZY5zeiVVIolllau5sVKRrVal4cNc7VFhwIIhfRlctd
18c301Wgd0XENgfxYL0JmKr1jync99bhtgzwM9Khl1QoJaLKm3mOAR3lKuhtS5lv
dn/PH5uhwMB8II1SeXW3C10ecTCVc+9IE0s4YErbnSxC
-----END CERTIFICATE-----
Generated at Fri Jan 23 04:39:16 2026 by rpki-client