This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/hMCrIUKHXGHOtkHZ8Y6eI3UIeCw.roa
File:                     hMCrIUKHXGHOtkHZ8Y6eI3UIeCw.roa (raw, json)
Hash identifier:          rMGJFYfVplpRpoCAdt4v/1BCKdLOOcSLzsmFWHhqGnQ=
Subject key identifier:   84:C0:AB:21:42:87:5C:61:CE:B6:41:D9:F1:8E:9E:23:75:08:78:2C
Certificate issuer:       /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial:       019B7F83F98DC892DE93CE96DF12F9768020
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/hMCrIUKHXGHOtkHZ8Y6eI3UIeCw.roa
Signing time:             Fri 02 Jan 2026 16:21:54 +0000
ROA not before:           Fri 02 Jan 2026 16:21:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     52000
IP address blocks:        2a0e:9846::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 16:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:f9:8d:c8:92:de:93:ce:96:df:12:f9:76:80:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
        Validity
            Not Before: Jan  2 16:21:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=84c0ab2142875c61ceb641d9f18e9e237508782c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:8a:60:99:75:cd:b6:50:17:ad:3a:77:c3:47:
                    c3:35:a7:86:73:c5:32:60:28:1b:bd:ba:4f:a6:14:
                    85:18:19:bd:53:c8:24:53:0d:57:0f:5b:58:12:95:
                    7a:99:74:37:b9:dc:7e:bd:9e:d9:11:0f:2f:32:c2:
                    97:b1:55:c0:c5:1a:f0:db:02:51:4b:df:8a:45:b0:
                    3f:cc:64:62:cf:c2:5d:62:58:08:88:80:80:8d:cf:
                    0c:85:da:52:d7:10:48:1e:78:83:c8:89:bb:aa:6d:
                    14:1a:87:87:ea:c7:72:33:f8:cc:06:c6:21:c9:0b:
                    21:ed:a2:04:30:d1:6a:c9:6a:5b:b0:c9:65:96:1c:
                    27:57:35:f5:48:9f:e9:d2:04:23:2a:64:94:bd:d6:
                    55:f9:b1:eb:67:f1:02:db:44:05:a5:51:82:25:6f:
                    ac:bb:a7:6b:b8:ce:07:42:e3:92:ab:42:ea:7d:3c:
                    72:fe:0f:4f:dc:1c:ca:bd:16:af:86:63:43:1c:8c:
                    aa:72:19:58:4a:79:32:a9:d2:82:d9:b3:07:1a:bf:
                    62:5a:3d:2a:04:8e:06:32:70:b5:b0:95:ad:09:6d:
                    14:63:8c:df:05:d5:7e:7c:e2:de:a6:65:73:20:ab:
                    7c:5d:4e:f7:1a:ae:08:3b:a7:c7:a0:3d:17:cd:13:
                    ef:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:C0:AB:21:42:87:5C:61:CE:B6:41:D9:F1:8E:9E:23:75:08:78:2C
            X509v3 Authority Key Identifier:
                keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/hMCrIUKHXGHOtkHZ8Y6eI3UIeCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:9846::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:ba:5e:8e:4a:2c:71:82:f5:d6:c5:f3:7e:23:b6:e3:6b:31:
         00:f7:4c:5b:38:8d:08:e8:ad:43:fb:af:46:1b:9b:4b:d1:ec:
         b8:b9:13:98:15:2e:4d:cf:99:bb:76:33:a6:e1:fe:64:6c:55:
         97:43:50:57:b0:87:5e:46:22:78:0e:c7:d9:86:c1:86:7d:cf:
         43:1d:d4:4f:fb:68:8c:37:93:52:fe:05:dd:86:b7:04:89:9e:
         6f:fd:e2:1b:ec:66:31:c2:6a:95:87:aa:2f:d3:6b:31:fb:ae:
         3a:a7:15:a5:f5:e7:27:26:ab:7c:18:77:9f:a6:e2:17:15:2c:
         3b:b9:21:32:08:a7:61:36:d5:1a:b8:0d:09:0b:fc:8e:cb:bc:
         5a:46:87:8a:91:43:c5:1a:11:06:bc:89:cb:53:b0:9e:a1:9e:
         20:b9:2a:80:64:ba:15:a8:bb:af:99:82:90:6e:b8:4b:4d:6f:
         cd:54:26:8c:e9:c3:e5:37:d8:5e:5e:e2:1c:3b:10:e5:12:f8:
         e7:ab:a9:00:84:6d:7f:ca:d4:32:a5:b3:1a:a9:40:3a:ed:56:
         d8:32:60:be:73:a9:a6:41:95:24:57:48:1d:90:aa:b0:a4:93:
         29:49:42:5e:7d:81:e8:91:f6:0a:fd:58:69:aa:f9:74:c8:09:
         6d:3b:fb:2b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt/g/mNyJLek86W3xL5doAgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjYwMTAyMTYyMTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGMwYWIyMTQyODc1YzYxY2ViNjQxZDlmMThlOWUyMzc1MDg3ODJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IpgmXXNtlAXrTp3w0fDNaeGc8Uy
YCgbvbpPphSFGBm9U8gkUw1XD1tYEpV6mXQ3udx+vZ7ZEQ8vMsKXsVXAxRrw2wJR
S9+KRbA/zGRiz8JdYlgIiICAjc8MhdpS1xBIHniDyIm7qm0UGoeH6sdyM/jMBsYh
yQsh7aIEMNFqyWpbsMlllhwnVzX1SJ/p0gQjKmSUvdZV+bHrZ/EC20QFpVGCJW+s
u6druM4HQuOSq0LqfTxy/g9P3BzKvRavhmNDHIyqchlYSnkyqdKC2bMHGr9iWj0q
BI4GMnC1sJWtCW0UY4zfBdV+fOLepmVzIKt8XU73Gq4IO6fHoD0XzRPviQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFITAqyFCh1xhzrZB2fGOniN1CHgsMB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvaE1DcklVS0hYR0hPdGtIWjhZNmVJM1VJZUN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg6YRjAN
BgkqhkiG9w0BAQsFAAOCAQEAK7pejkoscYL11sXzfiO242sxAPdMWziNCOitQ/uv
RhubS9HsuLkTmBUuTc+Zu3YzpuH+ZGxVl0NQV7CHXkYieA7H2YbBhn3PQx3UT/to
jDeTUv4F3Ya3BImeb/3iG+xmMcJqlYeqL9NrMfuuOqcVpfXnJyarfBh3n6biFxUs
O7khMginYTbVGrgNCQv8jsu8WkaHipFDxRoRBryJy1OwnqGeILkqgGS6Fai7r5mC
kG64S01vzVQmjOnD5TfYXl7iHDsQ5RL456upAIRtf8rUMqWzGqlAOu1W2DJgvnOp
pkGVJFdIHZCqsKSTKUlCXn2B6JH2Cv1Yaar5dMgJbTv7Kw==
-----END CERTIFICATE-----