This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/0e766a-72fe-47d2-a435-9035b0836243/1/PK2HVjD3GmdLB06ij0s7w3X0wCo.roa
File:                     PK2HVjD3GmdLB06ij0s7w3X0wCo.roa (raw, json)
Hash identifier:          1RKfa7PhpjR33QDEm1HWDfBtwC3Ch5Bq/qvovHpolJ0=
Subject key identifier:   3C:AD:87:56:30:F7:1A:67:4B:07:4E:A2:8F:4B:3B:C3:75:F4:C0:2A
Certificate issuer:       /CN=6819db81b49aba12b1810cb3a299eee4632dd720
Certificate serial:       019B7759542F7439D4EFFAC6CFE2830A7685
Authority key identifier: 68:19:DB:81:B4:9A:BA:12:B1:81:0C:B3:A2:99:EE:E4:63:2D:D7:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aBnbgbSauhKxgQyzopnu5GMt1yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/0e766a-72fe-47d2-a435-9035b0836243/1/PK2HVjD3GmdLB06ij0s7w3X0wCo.roa
Signing time:             Thu 01 Jan 2026 02:18:21 +0000
ROA not before:           Thu 01 Jan 2026 02:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     553
IP address blocks:        161.42.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/0e766a-72fe-47d2-a435-9035b0836243/1/aBnbgbSauhKxgQyzopnu5GMt1yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/0e766a-72fe-47d2-a435-9035b0836243/1/aBnbgbSauhKxgQyzopnu5GMt1yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aBnbgbSauhKxgQyzopnu5GMt1yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Feb 2026 21:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:54:2f:74:39:d4:ef:fa:c6:cf:e2:83:0a:76:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6819db81b49aba12b1810cb3a299eee4632dd720
        Validity
            Not Before: Jan  1 02:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3cad875630f71a674b074ea28f4b3bc375f4c02a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ac:cb:8c:1c:16:bc:5b:55:10:7a:47:be:a9:
                    a0:d3:93:6b:16:cc:ce:7c:05:4c:2e:42:18:de:f4:
                    9b:e8:b7:c5:a9:69:d8:0e:ec:6a:db:d2:c4:a6:37:
                    b2:43:71:66:bd:48:a5:a7:bc:b2:b7:90:80:70:34:
                    15:4d:b6:0c:65:ab:b6:2d:1b:9c:85:cf:75:65:34:
                    36:c0:4c:87:89:be:82:d6:a3:1c:b3:d1:1f:42:e8:
                    e1:87:58:82:02:43:74:10:37:7a:98:2c:5a:46:c1:
                    68:dc:fd:96:59:f8:f3:60:ac:65:16:b3:95:49:28:
                    61:ca:52:cb:fc:9e:f9:19:7c:92:6b:8f:e9:79:9e:
                    73:56:ce:55:64:b3:f7:97:16:e3:a5:84:4b:69:a4:
                    35:fb:38:ca:62:31:97:9c:88:20:40:fc:23:94:7f:
                    4a:f6:66:0d:0b:00:cc:5d:15:5e:f6:82:96:6a:b9:
                    62:2f:dc:63:b1:a4:1a:c2:4f:92:5b:a1:a4:20:c0:
                    0f:6e:58:cb:80:1d:b9:24:95:5b:5b:f8:a5:a7:07:
                    fd:66:0c:6c:c4:f3:66:8f:92:6b:3b:2c:62:d7:03:
                    16:b3:55:d1:d8:77:8c:43:09:ed:6e:97:20:a9:6d:
                    52:26:c0:12:3b:9b:5f:cf:38:36:4a:b0:f9:db:d7:
                    b7:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:AD:87:56:30:F7:1A:67:4B:07:4E:A2:8F:4B:3B:C3:75:F4:C0:2A
            X509v3 Authority Key Identifier:
                keyid:68:19:DB:81:B4:9A:BA:12:B1:81:0C:B3:A2:99:EE:E4:63:2D:D7:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aBnbgbSauhKxgQyzopnu5GMt1yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/0e766a-72fe-47d2-a435-9035b0836243/1/PK2HVjD3GmdLB06ij0s7w3X0wCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/0e766a-72fe-47d2-a435-9035b0836243/1/aBnbgbSauhKxgQyzopnu5GMt1yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.42.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         41:9f:48:a2:fc:ea:03:7d:60:0a:dc:e1:a0:3a:82:05:5c:94:
         89:ad:c2:a2:cc:40:f8:c4:03:34:1d:b8:a3:b7:9a:ef:29:df:
         52:54:2c:db:87:95:db:bf:97:36:83:88:55:37:01:9b:b3:8f:
         bd:d8:80:5a:2a:37:38:c2:b6:ca:4c:f7:e3:4a:7e:d0:fc:0f:
         4a:ee:06:5b:e3:1c:1a:24:fa:a0:b6:21:d6:0b:a6:3e:b0:9b:
         74:2b:d4:9c:90:a3:c6:02:2a:18:6d:51:a3:9f:03:c2:bc:44:
         89:fc:82:15:40:29:a2:64:8c:77:6c:da:56:61:da:6d:da:8f:
         ef:6c:dd:88:c9:c1:5b:03:c2:50:d5:67:01:5c:f7:cd:13:22:
         dc:67:96:93:fb:96:bf:19:43:02:a2:5d:86:5c:04:18:e6:23:
         8b:5e:e7:6e:4c:36:3c:e4:69:db:18:4a:e8:cb:07:27:d6:95:
         1b:51:41:aa:45:83:bc:5a:3d:e6:f0:69:c2:5a:d7:a3:96:e9:
         df:63:00:57:83:36:74:be:25:ec:63:63:44:4e:e5:65:9a:fe:
         8b:15:ec:89:1b:c1:88:62:e0:62:8f:94:71:61:65:e9:f0:51:
         1f:fd:e6:9e:c9:34:17:69:3b:5a:79:d7:db:f8:be:ff:16:cb:
         80:a3:09:9d
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt3WVQvdDnU7/rGz+KDCnaFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MTlkYjgxYjQ5YWJhMTJiMTgxMGNiM2EyOTllZWU0NjMy
ZGQ3MjAwHhcNMjYwMTAxMDIxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2FkODc1NjMwZjcxYTY3NGIwNzRlYTI4ZjRiM2JjMzc1ZjRjMDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoazLjBwWvFtVEHpHvqmg05NrFszO
fAVMLkIY3vSb6LfFqWnYDuxq29LEpjeyQ3FmvUilp7yyt5CAcDQVTbYMZau2LRuc
hc91ZTQ2wEyHib6C1qMcs9EfQujhh1iCAkN0EDd6mCxaRsFo3P2WWfjzYKxlFrOV
SShhylLL/J75GXySa4/peZ5zVs5VZLP3lxbjpYRLaaQ1+zjKYjGXnIggQPwjlH9K
9mYNCwDMXRVe9oKWarliL9xjsaQawk+SW6GkIMAPbljLgB25JJVbW/ilpwf9Zgxs
xPNmj5JrOyxi1wMWs1XR2HeMQwntbpcgqW1SJsASO5tfzzg2SrD529e3ewIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFDyth1Yw9xpnSwdOoo9LO8N19MAqMB8GA1UdIwQY
MBaAFGgZ24G0mroSsYEMs6KZ7uRjLdcgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUJuYmdiU2F1aEt4Z1F5em9wbnU1R010MXlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8wZTc2NmEtNzJmZS00N2QyLWE0MzUt
OTAzNWIwODM2MjQzLzEvUEsySFZqRDNHbWRMQjA2aWowczd3M1gwd0NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8wZTc2NmEtNzJmZS00N2QyLWE0MzUtOTAzNWIwODM2MjQz
LzEvYUJuYmdiU2F1aEt4Z1F5em9wbnU1R010MXlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAoSowDQYJ
KoZIhvcNAQELBQADggEBAEGfSKL86gN9YArc4aA6ggVclImtwqLMQPjEAzQduKO3
mu8p31JULNuHldu/lzaDiFU3AZuzj73YgFoqNzjCtspM9+NKftD8D0ruBlvjHBok
+qC2IdYLpj6wm3Qr1JyQo8YCKhhtUaOfA8K8RIn8ghVAKaJkjHds2lZh2m3aj+9s
3YjJwVsDwlDVZwFc980TItxnlpP7lr8ZQwKiXYZcBBjmI4te525MNjzkadsYSujL
ByfWlRtRQapFg7xaPebwacJa16OW6d9jAFeDNnS+JexjY0RO5WWa/osV7IkbwYhi
4GKPlHFhZenwUR/95p7JNBdpO1p519v4vv8Wy4CjCZ0=
-----END CERTIFICATE-----