This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/hG7korJHdX3J-VQRQpsautEAs5k.roa
File:                     hG7korJHdX3J-VQRQpsautEAs5k.roa (raw, json)
Hash identifier:          Iemgb9cSM4wP9xZ65kMEtq49P3Moq93S8ieRnN38Nu4=
Subject key identifier:   84:6E:E4:A2:B2:47:75:7D:C9:F9:54:11:42:9B:1A:BA:D1:00:B3:99
Certificate issuer:       /CN=4c911324e869bc4ca5ec8bad0d3ddff685441979
Certificate serial:       019B7B36CD6CCA1D5ECB83BBDD7BD55F6319
Authority key identifier: 4C:91:13:24:E8:69:BC:4C:A5:EC:8B:AD:0D:3D:DF:F6:85:44:19:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TJETJOhpvEyl7IutDT3f9oVEGXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/hG7korJHdX3J-VQRQpsautEAs5k.roa
Signing time:             Thu 01 Jan 2026 20:19:07 +0000
ROA not before:           Thu 01 Jan 2026 20:19:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7018
IP address blocks:        185.194.188.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/TJETJOhpvEyl7IutDT3f9oVEGXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/TJETJOhpvEyl7IutDT3f9oVEGXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TJETJOhpvEyl7IutDT3f9oVEGXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:cd:6c:ca:1d:5e:cb:83:bb:dd:7b:d5:5f:63:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c911324e869bc4ca5ec8bad0d3ddff685441979
        Validity
            Not Before: Jan  1 20:19:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=846ee4a2b247757dc9f95411429b1abad100b399
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:70:d1:f9:a6:a4:f8:37:68:7a:56:b2:f1:6a:
                    d7:29:b1:17:47:b3:4c:8c:9d:18:b3:99:65:ae:02:
                    58:7b:c1:51:37:53:ff:fb:1e:43:e4:0c:29:32:f9:
                    15:23:eb:bf:aa:03:df:0f:6a:53:b9:36:91:67:53:
                    99:a8:10:20:b6:01:df:59:c7:a4:19:be:b2:3a:67:
                    e1:14:c7:79:a3:17:d0:ad:15:d9:4d:99:52:d6:4c:
                    80:82:a2:80:59:66:fd:01:ec:70:27:a2:e7:74:67:
                    a0:a2:e0:1e:bc:aa:90:6c:20:3b:6b:c9:1a:03:e3:
                    11:d8:b4:e1:80:10:c3:5a:40:8a:bb:70:67:78:b6:
                    58:55:0a:ed:0b:9f:13:48:40:1b:26:92:ce:d7:63:
                    b8:9f:eb:36:3c:2d:52:c3:6c:a8:85:48:91:1e:96:
                    ff:39:44:37:73:0d:4a:0e:bf:0f:28:03:5c:de:3d:
                    be:dc:ce:58:04:e0:02:82:b4:04:4a:72:ca:ad:28:
                    82:61:c6:0b:f4:f4:24:91:3e:7c:7a:dd:b9:21:e7:
                    02:bc:35:42:26:f6:c0:80:22:e4:ff:b7:96:35:60:
                    ee:a7:59:ac:80:d8:c0:8b:12:f8:72:de:56:cb:b8:
                    41:26:6f:bf:d7:ec:27:db:17:f1:66:84:42:b1:30:
                    78:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:6E:E4:A2:B2:47:75:7D:C9:F9:54:11:42:9B:1A:BA:D1:00:B3:99
            X509v3 Authority Key Identifier:
                keyid:4C:91:13:24:E8:69:BC:4C:A5:EC:8B:AD:0D:3D:DF:F6:85:44:19:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TJETJOhpvEyl7IutDT3f9oVEGXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/hG7korJHdX3J-VQRQpsautEAs5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/TJETJOhpvEyl7IutDT3f9oVEGXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:66:fe:bd:78:e0:f9:df:c2:f0:1e:d4:2d:6b:a8:a9:e3:de:
         4f:d7:6e:a1:9d:5e:b1:0f:47:66:4c:06:ea:78:03:e9:1d:92:
         1b:6c:f0:7d:60:8e:59:e2:e0:33:62:41:b7:2f:64:77:22:a8:
         e3:4d:91:d4:a9:34:12:4d:8d:bd:0b:b4:9a:7a:bd:21:77:b4:
         ed:35:6a:4a:56:95:c2:bd:8c:ad:f1:2d:e3:c9:39:8a:85:d7:
         5d:ff:2c:de:d0:30:8a:77:0a:85:a3:75:ed:57:bd:0d:3c:d8:
         5d:f6:29:b1:63:65:02:38:0d:75:5b:3e:45:34:f8:f0:53:36:
         0b:c3:35:c7:6f:5d:37:05:61:54:b0:bc:3b:5c:f0:2b:c4:34:
         38:15:98:df:cb:d4:97:74:37:ff:6a:ad:6b:d4:a4:3f:71:5b:
         97:81:69:06:ad:db:57:bc:e1:5c:1e:3b:f8:b6:3f:78:00:f1:
         2f:1d:f0:23:7f:7b:90:e6:87:c3:cc:94:51:ef:53:81:c8:5a:
         3f:2b:c0:35:56:8c:a7:1b:4f:65:8f:2d:3d:f0:30:d5:94:7f:
         ad:ab:95:0b:9f:47:46:d3:c9:44:4b:88:55:6e:4a:69:08:a8:
         b5:9d:09:34:07:47:01:92:9a:4b:b2:19:5d:28:4c:65:b5:85:
         db:5e:44:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Ns1syh1ey4O73XvVX2MZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjOTExMzI0ZTg2OWJjNGNhNWVjOGJhZDBkM2RkZmY2ODU0
NDE5NzkwHhcNMjYwMTAxMjAxOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDZlZTRhMmIyNDc3NTdkYzlmOTU0MTE0MjliMWFiYWQxMDBiMzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnDR+aak+Ddoelay8WrXKbEXR7NM
jJ0Ys5llrgJYe8FRN1P/+x5D5AwpMvkVI+u/qgPfD2pTuTaRZ1OZqBAgtgHfWcek
Gb6yOmfhFMd5oxfQrRXZTZlS1kyAgqKAWWb9AexwJ6LndGegouAevKqQbCA7a8ka
A+MR2LThgBDDWkCKu3BneLZYVQrtC58TSEAbJpLO12O4n+s2PC1Sw2yohUiRHpb/
OUQ3cw1KDr8PKANc3j2+3M5YBOACgrQESnLKrSiCYcYL9PQkkT58et25IecCvDVC
JvbAgCLk/7eWNWDup1msgNjAixL4ct5Wy7hBJm+/1+wn2xfxZoRCsTB4SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIRu5KKyR3V9yflUEUKbGrrRALOZMB8GA1UdIwQY
MBaAFEyREyToabxMpeyLrQ093/aFRBl5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEpFVEpPaHB2RXlsN0l1dERUM2Y5b1ZFR1hrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8yYjM4YjMtMTJmMS00MjQyLWFkYWUt
YjdkMWNhYzUxZTBjLzEvaEc3a29ySkhkWDNKLVZRUlFwc2F1dEVBczVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8yYjM4YjMtMTJmMS00MjQyLWFkYWUtYjdkMWNhYzUxZTBj
LzEvVEpFVEpPaHB2RXlsN0l1dERUM2Y5b1ZFR1hrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucK8MA0G
CSqGSIb3DQEBCwUAA4IBAQBfZv69eOD538LwHtQta6ip495P126hnV6xD0dmTAbq
eAPpHZIbbPB9YI5Z4uAzYkG3L2R3IqjjTZHUqTQSTY29C7Saer0hd7TtNWpKVpXC
vYyt8S3jyTmKhddd/yze0DCKdwqFo3XtV70NPNhd9imxY2UCOA11Wz5FNPjwUzYL
wzXHb103BWFUsLw7XPArxDQ4FZjfy9SXdDf/aq1r1KQ/cVuXgWkGrdtXvOFcHjv4
tj94APEvHfAjf3uQ5ofDzJRR71OByFo/K8A1VoynG09ljy098DDVlH+tq5ULn0dG
08lES4hVbkppCKi1nQk0B0cBkppLshldKExltYXbXkRb
-----END CERTIFICATE-----