This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/h2A4IvIcxRFa1JJuHZI1sAnmrig.roa
File:                     h2A4IvIcxRFa1JJuHZI1sAnmrig.roa (raw, json)
Hash identifier:          LY0M16Kx8WxVQ+952wod9DVNs/KlcrAeqPDuxhRnexQ=
Subject key identifier:   87:60:38:22:F2:1C:C5:11:5A:D4:92:6E:1D:92:35:B0:09:E6:AE:28
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019B7E388DC8E07BBBC0B8A45BE08B091F09
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/h2A4IvIcxRFa1JJuHZI1sAnmrig.roa
Signing time:             Fri 02 Jan 2026 10:19:54 +0000
ROA not before:           Fri 02 Jan 2026 10:19:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5511
IP address blocks:        188.66.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:8d:c8:e0:7b:bb:c0:b8:a4:5b:e0:8b:09:1f:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  2 10:19:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=87603822f21cc5115ad4926e1d9235b009e6ae28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6a:63:ce:e6:dc:6d:ec:76:51:73:6d:fe:54:
                    98:f0:9c:30:52:07:f3:59:46:29:f1:85:3b:ae:d3:
                    98:c7:bb:19:fd:fd:76:51:db:c3:50:9f:b0:b6:28:
                    72:86:9f:9a:69:17:a8:56:aa:c3:9d:3c:aa:6d:f2:
                    3f:70:a5:0b:95:91:92:d0:5b:7e:c4:96:b1:62:bf:
                    41:98:9f:89:17:eb:2c:f9:d9:37:e3:e8:86:b6:36:
                    32:44:36:5b:3e:ad:a3:de:10:dd:05:34:73:25:29:
                    26:4c:01:c0:3a:d9:3f:50:3e:5e:18:2d:b6:5a:6e:
                    1c:90:bf:79:36:2a:b0:ef:5c:e8:16:d0:7a:cd:82:
                    ec:1e:b5:ce:5e:51:31:34:97:e6:54:b9:ec:aa:7f:
                    44:0a:6b:4e:44:4a:63:de:fe:dd:40:c5:17:5e:2b:
                    7d:21:3c:7a:31:10:41:66:39:4a:95:98:07:31:4b:
                    94:2a:a3:f5:d4:65:b9:fc:de:07:33:27:7e:5f:99:
                    e0:83:dd:c7:38:9c:1e:1e:08:e5:04:09:62:b1:51:
                    2d:0a:ba:df:bb:fa:e3:3e:95:ed:c8:da:3b:36:f4:
                    30:67:1d:47:45:39:b9:17:81:b6:0a:65:3c:e9:35:
                    c8:a0:77:53:d4:50:b5:cb:3d:ba:fa:77:2f:d5:b1:
                    f7:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:60:38:22:F2:1C:C5:11:5A:D4:92:6E:1D:92:35:B0:09:E6:AE:28
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/h2A4IvIcxRFa1JJuHZI1sAnmrig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.66.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:81:c8:fa:75:88:85:8d:83:73:c4:d3:8d:76:d8:2a:89:94:
         de:4c:8c:86:ca:62:24:b6:1f:f3:17:37:31:29:a1:88:6f:ed:
         17:5b:2f:c1:9e:17:6a:b0:36:7e:8f:7e:e0:31:3f:29:95:7c:
         1c:5e:9a:58:45:66:f4:f4:54:95:2c:88:be:12:a2:f0:3c:e8:
         13:ab:a5:2b:e0:c5:a9:bd:db:62:64:93:1b:6d:79:04:e4:67:
         1f:40:3b:6a:9f:38:97:6f:29:cf:43:28:ae:f0:2a:0f:f5:78:
         0d:ec:22:1c:f1:6f:24:2b:e5:96:ae:c8:48:ea:18:7e:ee:2c:
         9c:0c:cf:dc:03:ee:5a:1f:ce:d2:d8:b6:3f:09:c3:70:8b:4c:
         a4:1e:b6:eb:40:78:bc:e5:d5:28:67:70:25:a1:9f:55:6d:23:
         50:2b:a1:a7:41:17:f5:50:c6:da:3e:0d:f5:9f:7d:94:f8:45:
         73:60:85:4a:01:9c:86:86:c6:d4:a1:7a:a2:da:8c:46:01:df:
         6a:c9:6b:ed:42:72:41:0d:93:bb:2f:ff:07:a1:60:5b:b2:22:
         41:61:b9:e8:fd:a2:d7:66:7c:2c:70:49:93:8a:0b:36:ed:06:
         c2:08:37:81:99:86:8c:e3:10:9e:18:ea:d9:b6:59:36:da:55:
         73:7f:5b:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OI3I4Hu7wLikW+CLCR8JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjYwMTAyMTAxOTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzYwMzgyMmYyMWNjNTExNWFkNDkyNmUxZDkyMzViMDA5ZTZhZTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2pjzubcbex2UXNt/lSY8JwwUgfz
WUYp8YU7rtOYx7sZ/f12UdvDUJ+wtihyhp+aaReoVqrDnTyqbfI/cKULlZGS0Ft+
xJaxYr9BmJ+JF+ss+dk34+iGtjYyRDZbPq2j3hDdBTRzJSkmTAHAOtk/UD5eGC22
Wm4ckL95Niqw71zoFtB6zYLsHrXOXlExNJfmVLnsqn9ECmtOREpj3v7dQMUXXit9
ITx6MRBBZjlKlZgHMUuUKqP11GW5/N4HMyd+X5ngg93HOJweHgjlBAlisVEtCrrf
u/rjPpXtyNo7NvQwZx1HRTm5F4G2CmU86TXIoHdT1FC1yz26+ncv1bH3kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIdgOCLyHMURWtSSbh2SNbAJ5q4oMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvaDJBNEl2SWN4UkZhMUpKdUhaSTFzQW5tcmlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEIbMA0G
CSqGSIb3DQEBCwUAA4IBAQCVgcj6dYiFjYNzxNONdtgqiZTeTIyGymIkth/zFzcx
KaGIb+0XWy/BnhdqsDZ+j37gMT8plXwcXppYRWb09FSVLIi+EqLwPOgTq6Ur4MWp
vdtiZJMbbXkE5GcfQDtqnziXbynPQyiu8CoP9XgN7CIc8W8kK+WWrshI6hh+7iyc
DM/cA+5aH87S2LY/CcNwi0ykHrbrQHi85dUoZ3AloZ9VbSNQK6GnQRf1UMbaPg31
n32U+EVzYIVKAZyGhsbUoXqi2oxGAd9qyWvtQnJBDZO7L/8HoWBbsiJBYbno/aLX
ZnwscEmTigs27QbCCDeBmYaM4xCeGOrZtlk22lVzf1tS
-----END CERTIFICATE-----