This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/IHKCG0B2hQhlM_PkEtpSJ6eU8eQ.roa
File:                     IHKCG0B2hQhlM_PkEtpSJ6eU8eQ.roa (raw, json)
Hash identifier:          gA90HHxFEUxgQv2WSqejUraen109Hm10bTVio9aiVu0=
Subject key identifier:   20:72:82:1B:40:76:85:08:65:33:F3:E4:12:DA:52:27:A7:94:F1:E4
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       019B7C12F37CD677EDFB178DE4130FE2B347
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/IHKCG0B2hQhlM_PkEtpSJ6eU8eQ.roa
Signing time:             Fri 02 Jan 2026 00:19:35 +0000
ROA not before:           Fri 02 Jan 2026 00:19:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31141
IP address blocks:        194.6.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:f3:7c:d6:77:ed:fb:17:8d:e4:13:0f:e2:b3:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  2 00:19:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2072821b407685086533f3e412da5227a794f1e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:47:eb:91:69:b6:f0:ac:72:96:74:34:29:a1:
                    a4:71:cb:df:17:78:1f:9f:fa:e8:d1:a7:07:45:de:
                    6c:e4:85:ec:19:0f:f7:4c:59:35:98:a9:87:6c:f2:
                    4b:58:b9:c4:00:97:7e:b1:43:6e:76:09:fe:59:02:
                    ad:b8:57:d3:da:eb:ac:f1:ef:49:dc:95:d3:89:f6:
                    69:0b:d1:9c:6c:15:be:9c:62:5d:f6:f6:42:98:c3:
                    8a:6b:2b:d2:da:ba:56:b4:bb:95:7d:2e:80:d7:02:
                    b2:62:99:c1:ab:6e:8c:8d:12:e6:26:7b:51:92:3c:
                    fd:f7:7f:60:bf:cb:71:77:90:ab:d9:93:22:8c:23:
                    95:86:d8:d4:78:b5:e2:ab:97:87:47:9f:45:c1:61:
                    60:e6:36:8e:2c:f8:82:c7:84:2b:98:fb:54:eb:2c:
                    2a:a5:2b:e5:5e:60:62:38:ef:a1:0a:1f:cf:41:aa:
                    e9:2f:82:7a:df:d1:43:c5:85:fd:3d:c3:b7:e2:34:
                    eb:d4:57:71:5a:82:59:0c:c8:65:00:ab:49:f3:46:
                    5e:42:bf:32:26:2b:50:71:d2:84:b1:a3:53:98:1b:
                    87:87:e1:93:d3:e2:b4:cd:b2:ec:a7:03:07:47:c7:
                    8c:1d:b2:db:8c:6a:eb:fb:e1:19:d6:1c:44:57:77:
                    ac:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:72:82:1B:40:76:85:08:65:33:F3:E4:12:DA:52:27:A7:94:F1:E4
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/IHKCG0B2hQhlM_PkEtpSJ6eU8eQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.6.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:bf:f6:a0:7e:3d:a4:da:4d:48:a2:02:d1:bc:b3:bd:d6:04:
         1b:3b:ca:35:46:db:7c:d7:bd:dd:0c:f6:9f:3e:a0:f0:84:4e:
         80:3a:45:5e:6c:60:24:b7:93:2f:31:26:fb:b2:bc:bf:15:c9:
         18:8c:62:a3:2f:dd:12:d6:e9:ef:b6:6d:4a:21:77:3d:7d:b9:
         4e:34:c2:55:28:74:bf:f8:d9:35:0b:0f:7e:e0:70:e5:85:68:
         93:58:7d:43:bf:4e:ab:9f:b3:ba:27:63:8f:40:de:be:88:5e:
         ab:e4:5c:48:62:48:56:da:36:4a:71:6a:fb:36:13:fe:a2:b4:
         e1:12:d7:3e:0f:b9:d5:d1:69:6d:76:65:95:de:c3:75:d7:2d:
         de:ca:39:a2:86:14:d9:bf:26:6f:52:3a:93:49:24:9a:01:b8:
         0f:4b:de:a2:34:1e:74:df:61:8d:65:44:4f:f4:20:92:62:f2:
         6c:8b:c8:4c:65:5b:2c:e6:e9:41:29:cb:2f:14:b6:47:11:79:
         17:20:6a:67:ea:2a:73:55:4c:a2:80:a7:ee:af:f8:a7:dd:ee:
         53:08:35:61:55:d2:a1:bb:42:69:90:3e:36:16:b3:4a:43:43:
         26:e8:83:18:40:1c:e2:f6:ea:ea:1b:33:f8:f4:10:71:3c:d6:
         df:6d:91:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EvN81nft+xeN5BMP4rNHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjYwMTAyMDAxOTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDcyODIxYjQwNzY4NTA4NjUzM2YzZTQxMmRhNTIyN2E3OTRmMWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUfrkWm28KxylnQ0KaGkccvfF3gf
n/ro0acHRd5s5IXsGQ/3TFk1mKmHbPJLWLnEAJd+sUNudgn+WQKtuFfT2uus8e9J
3JXTifZpC9GcbBW+nGJd9vZCmMOKayvS2rpWtLuVfS6A1wKyYpnBq26MjRLmJntR
kjz9939gv8txd5Cr2ZMijCOVhtjUeLXiq5eHR59FwWFg5jaOLPiCx4QrmPtU6ywq
pSvlXmBiOO+hCh/PQarpL4J639FDxYX9PcO34jTr1FdxWoJZDMhlAKtJ80ZeQr8y
JitQcdKEsaNTmBuHh+GT0+K0zbLspwMHR8eMHbLbjGrr++EZ1hxEV3es3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCByghtAdoUIZTPz5BLaUienlPHkMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvSUhLQ0cwQjJoUWhsTV9Qa0V0cFNKNmVVOGVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwga8MA0G
CSqGSIb3DQEBCwUAA4IBAQCjv/agfj2k2k1IogLRvLO91gQbO8o1Rtt8173dDPaf
PqDwhE6AOkVebGAkt5MvMSb7sry/FckYjGKjL90S1unvtm1KIXc9fblONMJVKHS/
+Nk1Cw9+4HDlhWiTWH1Dv06rn7O6J2OPQN6+iF6r5FxIYkhW2jZKcWr7NhP+orTh
Etc+D7nV0WltdmWV3sN11y3eyjmihhTZvyZvUjqTSSSaAbgPS96iNB5032GNZURP
9CCSYvJsi8hMZVss5ulBKcsvFLZHEXkXIGpn6ipzVUyigKfur/in3e5TCDVhVdKh
u0JpkD42FrNKQ0Mm6IMYQBzi9urqGzP49BBxPNbfbZFr
-----END CERTIFICATE-----