This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/k2mYxgsw8XIPG_a4G1AK9O-6mcs.roa
File:                     k2mYxgsw8XIPG_a4G1AK9O-6mcs.roa (raw, json)
Hash identifier:          3idmagoZhptSmnjc/zTrMK0W1fkuB92DOzhgaSv9mvI=
Subject key identifier:   93:69:98:C6:0B:30:F1:72:0F:1B:F6:B8:1B:50:0A:F4:EF:BA:99:CB
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019B7AC785D536B11D8A98048100FF27E99F
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/k2mYxgsw8XIPG_a4G1AK9O-6mcs.roa
Signing time:             Thu 01 Jan 2026 18:17:34 +0000
ROA not before:           Thu 01 Jan 2026 18:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8100
IP address blocks:        194.93.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:85:d5:36:b1:1d:8a:98:04:81:00:ff:27:e9:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 18:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=936998c60b30f1720f1bf6b81b500af4efba99cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ac:2c:80:e5:70:04:d1:af:93:dc:b8:92:66:
                    b5:0a:5e:fa:88:59:b0:75:f0:bb:a5:74:db:eb:1a:
                    87:b4:50:09:f2:a0:c9:dd:6f:4d:06:cb:99:9d:e5:
                    20:f9:d8:82:f7:27:67:ea:13:2e:6f:29:0a:57:6e:
                    32:68:88:fa:9a:4c:e9:18:6d:3f:f0:77:3f:88:55:
                    ce:da:de:7f:15:d5:43:47:93:19:57:23:c6:c0:c7:
                    42:08:1d:72:d1:8e:ef:7c:01:d2:9f:89:78:67:48:
                    00:15:d5:9e:d9:d0:39:9d:74:bc:34:2f:82:38:29:
                    bb:b1:95:42:00:4f:1f:a0:82:cd:29:85:08:97:bf:
                    ae:8f:03:2f:d8:ee:eb:17:b6:7c:77:bd:3e:1c:d0:
                    92:2c:89:b3:cd:48:b5:fd:43:1f:89:3b:39:42:b0:
                    17:7d:e4:e8:e1:16:c7:c6:88:98:79:c2:bb:e0:73:
                    5d:fe:c6:45:2f:fb:de:4c:23:6b:ed:99:ec:cb:0b:
                    45:b0:c4:63:c4:f7:77:30:f5:59:75:b6:04:5c:4f:
                    28:21:8d:8b:30:67:95:63:39:ff:bb:f4:f1:af:42:
                    94:82:0c:80:b1:41:76:ea:64:fb:d4:5a:6d:3b:bd:
                    57:17:0d:88:4c:e8:07:c8:d9:54:c9:a5:4c:d6:07:
                    3f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:69:98:C6:0B:30:F1:72:0F:1B:F6:B8:1B:50:0A:F4:EF:BA:99:CB
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/k2mYxgsw8XIPG_a4G1AK9O-6mcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.93.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:7d:dd:00:94:8d:d2:5c:0a:b1:92:ae:de:9e:c4:48:16:cb:
         a5:f8:e7:cf:ef:ea:7e:6e:16:f6:fa:51:e0:56:43:45:5b:8e:
         ac:f8:1b:2e:7e:a0:54:63:dc:b2:17:93:fe:47:54:bb:84:a6:
         58:02:c5:31:dd:e3:fc:6e:8f:d4:03:1d:9a:32:b6:29:6d:77:
         43:20:1e:30:62:79:e6:df:49:bc:c7:5c:53:81:c1:8f:ef:35:
         2b:6d:af:8f:c8:c5:dc:78:08:94:05:f0:d2:63:70:db:17:38:
         be:07:33:3e:d7:94:a3:57:1c:b9:47:3e:6c:70:3e:91:32:0a:
         cc:3a:80:1e:1f:b1:30:fa:93:3e:34:86:6a:59:01:ba:ff:8e:
         39:67:6c:d6:1d:5b:e0:ec:32:ce:ba:89:2f:cc:5d:9f:69:e3:
         f3:08:15:0b:a9:b7:9a:45:53:6b:e5:20:18:e3:77:73:80:be:
         4a:fb:44:df:fe:61:88:d2:42:ea:c0:42:84:a3:76:62:72:f3:
         13:7d:40:d1:4a:a6:12:6f:5d:16:a7:66:11:1a:88:12:90:3b:
         18:c6:79:e9:4c:a9:1a:0a:42:16:35:f2:0c:83:3a:0c:42:19:
         f1:b3:47:bd:12:a0:ad:d2:28:68:b3:08:fe:9d:01:8a:44:3e:
         d6:a0:75:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x4XVNrEdipgEgQD/J+mfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwMTAxMTgxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzY5OThjNjBiMzBmMTcyMGYxYmY2YjgxYjUwMGFmNGVmYmE5OWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqwsgOVwBNGvk9y4kma1Cl76iFmw
dfC7pXTb6xqHtFAJ8qDJ3W9NBsuZneUg+diC9ydn6hMubykKV24yaIj6mkzpGG0/
8Hc/iFXO2t5/FdVDR5MZVyPGwMdCCB1y0Y7vfAHSn4l4Z0gAFdWe2dA5nXS8NC+C
OCm7sZVCAE8foILNKYUIl7+ujwMv2O7rF7Z8d70+HNCSLImzzUi1/UMfiTs5QrAX
feTo4RbHxoiYecK74HNd/sZFL/veTCNr7ZnsywtFsMRjxPd3MPVZdbYEXE8oIY2L
MGeVYzn/u/Txr0KUggyAsUF26mT71FptO71XFw2ITOgHyNlUyaVM1gc/jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJNpmMYLMPFyDxv2uBtQCvTvupnLMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvazJtWXhnc3c4WElQR19hNEcxQUs5Ty02bWNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwl06MA0G
CSqGSIb3DQEBCwUAA4IBAQBJfd0AlI3SXAqxkq7ensRIFsul+OfP7+p+bhb2+lHg
VkNFW46s+BsufqBUY9yyF5P+R1S7hKZYAsUx3eP8bo/UAx2aMrYpbXdDIB4wYnnm
30m8x1xTgcGP7zUrba+PyMXceAiUBfDSY3DbFzi+BzM+15SjVxy5Rz5scD6RMgrM
OoAeH7Ew+pM+NIZqWQG6/445Z2zWHVvg7DLOuokvzF2faePzCBULqbeaRVNr5SAY
43dzgL5K+0Tf/mGI0kLqwEKEo3ZicvMTfUDRSqYSb10Wp2YRGogSkDsYxnnpTKka
CkIWNfIMgzoMQhnxs0e9EqCt0ihoswj+nQGKRD7WoHXD
-----END CERTIFICATE-----