This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/h_aNMTHSod3zvEv_zlqSsdV20TQ.roa
File:                     h_aNMTHSod3zvEv_zlqSsdV20TQ.roa (raw, json)
Hash identifier:          GccHbmvEFlhiHjnJ+i3nG2pD81e9dD/oLrnSrArj6ig=
Subject key identifier:   87:F6:8D:31:31:D2:A1:DD:F3:BC:4B:FF:CE:5A:92:B1:D5:76:D1:34
Certificate issuer:       /CN=a124ccdd70f3ec762cbd65e04dd6f76be236a8a7
Certificate serial:       019B7758A6F52D70A1B11BEF2F4E82D15B48
Authority key identifier: A1:24:CC:DD:70:F3:EC:76:2C:BD:65:E0:4D:D6:F7:6B:E2:36:A8:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/h_aNMTHSod3zvEv_zlqSsdV20TQ.roa
Signing time:             Thu 01 Jan 2026 02:17:37 +0000
ROA not before:           Thu 01 Jan 2026 02:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204508
IP address blocks:        2a13:aac4:1000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 15:22:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:a6:f5:2d:70:a1:b1:1b:ef:2f:4e:82:d1:5b:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a124ccdd70f3ec762cbd65e04dd6f76be236a8a7
        Validity
            Not Before: Jan  1 02:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=87f68d3131d2a1ddf3bc4bffce5a92b1d576d134
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:41:09:49:49:ec:06:33:d8:25:95:76:88:be:
                    93:3e:5d:44:86:d1:7f:f9:d5:6b:7a:69:93:69:31:
                    70:26:20:ac:bb:90:1f:ee:dd:af:ae:d5:91:45:6c:
                    eb:5b:4a:a8:b0:ba:fd:35:26:07:b1:cc:4e:ff:ff:
                    2a:f8:d9:8b:12:14:1c:9a:8e:b2:30:89:84:a4:30:
                    23:de:f7:55:2f:13:be:b3:eb:23:bb:fd:94:35:4a:
                    57:bf:09:e8:8e:5a:b0:e9:ee:ea:d6:3a:f5:52:74:
                    3f:bc:89:81:1d:76:4b:d9:e2:ca:18:d2:71:a1:1b:
                    b5:1e:aa:eb:d6:04:28:49:e1:7b:a4:9f:55:76:6c:
                    df:64:f5:6d:f3:61:9b:65:4d:85:99:8f:50:f6:b4:
                    2c:29:1f:28:8b:33:19:85:27:da:93:77:53:c0:f2:
                    56:ee:5a:1e:14:1c:d3:19:d0:c8:2d:11:0a:52:5e:
                    ef:d0:dc:be:f2:5d:b4:dc:b7:8c:ba:22:95:e9:a3:
                    89:bc:5e:49:30:10:b0:ec:de:3a:0c:e2:48:4b:d2:
                    85:4d:b0:f6:78:2f:db:1b:60:e5:b7:fa:49:b2:f8:
                    66:c3:78:0f:25:98:ed:e3:c1:4b:e2:74:fe:4c:a2:
                    94:f2:86:1c:aa:57:d4:46:77:dd:d8:94:b8:12:37:
                    69:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:F6:8D:31:31:D2:A1:DD:F3:BC:4B:FF:CE:5A:92:B1:D5:76:D1:34
            X509v3 Authority Key Identifier:
                keyid:A1:24:CC:DD:70:F3:EC:76:2C:BD:65:E0:4D:D6:F7:6B:E2:36:A8:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/h_aNMTHSod3zvEv_zlqSsdV20TQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:aac4:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         83:6b:24:dd:2f:4a:24:46:69:6f:32:3c:8f:3a:7c:98:a5:a7:
         82:ea:6e:3d:94:57:bd:a7:e3:b6:f7:23:32:98:39:8a:e7:42:
         5c:e5:4e:6f:41:a3:e3:05:5e:7a:eb:a6:24:9b:ee:6a:99:24:
         13:d9:85:cd:52:88:d6:e5:ac:dd:db:34:18:94:93:b5:4d:fe:
         42:6d:1f:d9:d7:d6:07:63:dc:a2:35:94:09:94:43:a7:a8:1a:
         0b:2c:fc:f9:62:f4:cd:1d:02:59:58:f8:9e:a1:d2:46:63:12:
         24:b7:6c:48:54:a2:0c:af:97:e3:a5:75:3a:65:93:9a:2b:07:
         56:7f:cd:da:2e:32:0d:4b:0b:a7:d5:f3:18:09:1e:45:e1:a3:
         af:f7:bd:74:6c:c0:19:59:a6:1f:b6:02:b1:8d:27:71:85:20:
         b1:80:33:ee:6a:20:c8:8f:6a:ce:52:0d:02:72:fb:1a:31:72:
         7b:d1:4b:a7:dc:62:42:dd:24:95:de:50:e3:26:6a:29:8f:aa:
         47:a3:d5:b9:48:d9:93:e8:13:71:87:4c:8e:02:79:f8:0d:ca:
         de:87:d1:4a:57:13:1a:aa:0c:cb:cd:d7:59:e0:26:f7:fd:aa:
         46:45:09:46:1b:38:85:f8:2a:47:79:f0:e9:ff:19:c0:5d:0b:
         99:c1:91:87
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt3WKb1LXChsRvvL06C0VtIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExMjRjY2RkNzBmM2VjNzYyY2JkNjVlMDRkZDZmNzZiZTIz
NmE4YTcwHhcNMjYwMTAxMDIxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2Y2OGQzMTMxZDJhMWRkZjNiYzRiZmZjZTVhOTJiMWQ1NzZkMTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskEJSUnsBjPYJZV2iL6TPl1EhtF/
+dVremmTaTFwJiCsu5Af7t2vrtWRRWzrW0qosLr9NSYHscxO//8q+NmLEhQcmo6y
MImEpDAj3vdVLxO+s+sju/2UNUpXvwnojlqw6e7q1jr1UnQ/vImBHXZL2eLKGNJx
oRu1Hqrr1gQoSeF7pJ9VdmzfZPVt82GbZU2FmY9Q9rQsKR8oizMZhSfak3dTwPJW
7loeFBzTGdDILREKUl7v0Ny+8l203LeMuiKV6aOJvF5JMBCw7N46DOJIS9KFTbD2
eC/bG2Dlt/pJsvhmw3gPJZjt48FL4nT+TKKU8oYcqlfURnfd2JS4Ejdp2wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIf2jTEx0qHd87xL/85akrHVdtE0MB8GA1UdIwQY
MBaAFKEkzN1w8+x2LL1l4E3W92viNqinMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1NUTTNYRHo3SFlzdldYZ1RkYjNhLUkycUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9iNjk0YjgtODIxMS00YzA2LTljODEt
N2IzNTM5N2FmMmY3LzEvaF9hTk1USFNvZDN6dkV2X3pscVNzZFYyMFRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9iNjk0YjgtODIxMS00YzA2LTljODEtN2IzNTM5N2FmMmY3
LzEvb1NUTTNYRHo3SFlzdldYZ1RkYjNhLUkycUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhOqxBAw
DQYJKoZIhvcNAQELBQADggEBAINrJN0vSiRGaW8yPI86fJilp4Lqbj2UV72n47b3
IzKYOYrnQlzlTm9Bo+MFXnrrpiSb7mqZJBPZhc1SiNblrN3bNBiUk7VN/kJtH9nX
1gdj3KI1lAmUQ6eoGgss/Pli9M0dAllY+J6h0kZjEiS3bEhUogyvl+OldTplk5or
B1Z/zdouMg1LC6fV8xgJHkXho6/3vXRswBlZph+2ArGNJ3GFILGAM+5qIMiPas5S
DQJy+xoxcnvRS6fcYkLdJJXeUOMmaimPqkej1blI2ZPoE3GHTI4CefgNyt6H0UpX
ExqqDMvN11ngJvf9qkZFCUYbOIX4Kkd58On/GcBdC5nBkYc=
-----END CERTIFICATE-----