This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/638d88-4952-4960-8774-c1c4d8cbf459/1/h2Nk51GuKgghBJnfq43oIlhnlQU.roa
File:                     h2Nk51GuKgghBJnfq43oIlhnlQU.roa (raw, json)
Hash identifier:          7U6ydDPGZOGz+9K+gyHhz/1ZK19NLUr8kgoPbn/12NY=
Subject key identifier:   87:63:64:E7:51:AE:2A:08:21:04:99:DF:AB:8D:E8:22:58:67:95:05
Certificate issuer:       /CN=2a6f8ffbe098922071f0c9c3a60f5dfdcde46da4
Certificate serial:       019B7D5C4B0D37E61544863299148A497DED
Authority key identifier: 2A:6F:8F:FB:E0:98:92:20:71:F0:C9:C3:A6:0F:5D:FD:CD:E4:6D:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Km-P--CYkiBx8MnDpg9d_c3kbaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/638d88-4952-4960-8774-c1c4d8cbf459/1/h2Nk51GuKgghBJnfq43oIlhnlQU.roa
Signing time:             Fri 02 Jan 2026 06:19:18 +0000
ROA not before:           Fri 02 Jan 2026 06:19:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     32787
IP address blocks:        193.194.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/638d88-4952-4960-8774-c1c4d8cbf459/1/Km-P--CYkiBx8MnDpg9d_c3kbaQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/638d88-4952-4960-8774-c1c4d8cbf459/1/Km-P--CYkiBx8MnDpg9d_c3kbaQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Km-P--CYkiBx8MnDpg9d_c3kbaQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:4b:0d:37:e6:15:44:86:32:99:14:8a:49:7d:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a6f8ffbe098922071f0c9c3a60f5dfdcde46da4
        Validity
            Not Before: Jan  2 06:19:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=876364e751ae2a08210499dfab8de82258679505
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:00:7e:36:a5:02:81:02:dd:b9:71:df:0a:69:
                    8b:54:1c:16:05:c4:a9:23:c8:ee:be:76:cb:fc:63:
                    5e:0f:72:42:79:55:60:82:3c:b7:3b:39:1f:0d:f1:
                    b6:5e:da:7b:89:49:8c:0f:64:98:15:ab:bf:be:fb:
                    a6:a2:5b:ab:de:2e:e8:93:f9:c0:ba:16:55:80:5b:
                    9a:1a:d9:9b:62:b2:1b:af:a4:01:95:bd:d9:50:80:
                    98:e5:f8:4f:13:d2:90:02:67:af:e2:6f:a0:60:cd:
                    dd:34:89:79:ea:26:c0:47:47:d6:e4:ca:a0:07:96:
                    6c:52:07:ac:d1:71:18:ef:c7:be:59:40:f0:cc:86:
                    ef:3b:01:54:c6:4a:78:22:2b:37:a8:6e:4f:3c:91:
                    33:3f:ba:68:fe:67:ed:51:ea:25:95:aa:5f:ba:a7:
                    ea:73:ad:7f:fe:66:50:c1:ee:bf:17:48:bc:46:fe:
                    ac:da:5f:ba:80:c7:f0:8a:9c:06:71:75:4d:21:98:
                    2d:fc:aa:a0:c4:17:bb:4a:c9:4a:ef:0e:71:1d:22:
                    1b:da:0a:c9:29:95:f0:3c:ff:f8:75:00:a9:3c:28:
                    a1:8f:7c:8c:a0:80:80:72:c7:e7:93:5a:96:95:34:
                    3e:af:45:7d:a1:98:57:41:07:34:eb:3e:f2:eb:9d:
                    3d:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:63:64:E7:51:AE:2A:08:21:04:99:DF:AB:8D:E8:22:58:67:95:05
            X509v3 Authority Key Identifier:
                keyid:2A:6F:8F:FB:E0:98:92:20:71:F0:C9:C3:A6:0F:5D:FD:CD:E4:6D:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Km-P--CYkiBx8MnDpg9d_c3kbaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/638d88-4952-4960-8774-c1c4d8cbf459/1/h2Nk51GuKgghBJnfq43oIlhnlQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/638d88-4952-4960-8774-c1c4d8cbf459/1/Km-P--CYkiBx8MnDpg9d_c3kbaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.194.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:29:ae:6a:77:cb:97:0a:14:55:87:61:fe:9d:2e:e1:04:32:
         ed:2d:cf:91:f3:c4:32:0e:d8:50:a8:3b:0d:5d:4e:aa:d5:40:
         e3:a0:a9:c8:2f:f4:af:a5:12:3e:a7:aa:4c:17:20:3e:9e:92:
         22:f8:e2:0d:84:f3:67:d1:de:e2:1c:78:b7:6b:17:dc:12:a9:
         a4:40:cd:4e:fb:d4:23:53:a6:4c:9c:f9:78:11:a2:53:f5:34:
         1e:e8:f2:78:82:14:10:8a:dc:35:36:a8:aa:f0:5b:f6:cc:8e:
         a8:01:5a:0b:13:6a:1c:e3:d4:fc:22:c6:28:91:80:db:0b:10:
         e6:66:45:9f:73:28:80:6f:bc:cf:50:2e:54:80:4e:c7:ed:5e:
         d0:73:08:73:fe:4e:10:a9:cf:ce:65:76:95:c7:05:90:75:f2:
         13:99:04:ca:8b:0b:ee:f5:87:b4:36:da:5b:ea:6d:21:33:04:
         54:75:48:4e:14:51:a3:00:7d:70:82:37:a5:33:11:95:3a:bd:
         00:5d:a6:1d:3b:b5:6f:70:5f:5e:33:4b:37:56:c7:9b:29:3d:
         b0:3f:07:cc:f6:3e:c8:15:70:7a:e0:86:4e:50:b7:54:0e:4f:
         ac:83:06:56:66:33:a2:b1:21:d0:1e:f5:31:9b:d3:32:9c:44:
         b6:9f:bb:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XEsNN+YVRIYymRSKSX3tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhNmY4ZmZiZTA5ODkyMjA3MWYwYzljM2E2MGY1ZGZkY2Rl
NDZkYTQwHhcNMjYwMTAyMDYxOTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzYzNjRlNzUxYWUyYTA4MjEwNDk5ZGZhYjhkZTgyMjU4Njc5NTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwB+NqUCgQLduXHfCmmLVBwWBcSp
I8juvnbL/GNeD3JCeVVggjy3OzkfDfG2Xtp7iUmMD2SYFau/vvumolur3i7ok/nA
uhZVgFuaGtmbYrIbr6QBlb3ZUICY5fhPE9KQAmev4m+gYM3dNIl56ibAR0fW5Mqg
B5ZsUges0XEY78e+WUDwzIbvOwFUxkp4Iis3qG5PPJEzP7po/mftUeollapfuqfq
c61//mZQwe6/F0i8Rv6s2l+6gMfwipwGcXVNIZgt/KqgxBe7SslK7w5xHSIb2grJ
KZXwPP/4dQCpPCihj3yMoICAcsfnk1qWlTQ+r0V9oZhXQQc06z7y6509aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIdjZOdRrioIIQSZ36uN6CJYZ5UFMB8GA1UdIwQY
MBaAFCpvj/vgmJIgcfDJw6YPXf3N5G2kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS20tUC0tQ1lraUJ4OE1uRHBnOWRfYzNrYmFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82MzhkODgtNDk1Mi00OTYwLTg3NzQt
YzFjNGQ4Y2JmNDU5LzEvaDJOazUxR3VLZ2doQkpuZnE0M29JbGhubFFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My82MzhkODgtNDk1Mi00OTYwLTg3NzQtYzFjNGQ4Y2JmNDU5
LzEvS20tUC0tQ1lraUJ4OE1uRHBnOWRfYzNrYmFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcJ6MA0G
CSqGSIb3DQEBCwUAA4IBAQA+Ka5qd8uXChRVh2H+nS7hBDLtLc+R88QyDthQqDsN
XU6q1UDjoKnIL/SvpRI+p6pMFyA+npIi+OINhPNn0d7iHHi3axfcEqmkQM1O+9Qj
U6ZMnPl4EaJT9TQe6PJ4ghQQitw1Nqiq8Fv2zI6oAVoLE2oc49T8IsYokYDbCxDm
ZkWfcyiAb7zPUC5UgE7H7V7Qcwhz/k4Qqc/OZXaVxwWQdfITmQTKiwvu9Ye0Ntpb
6m0hMwRUdUhOFFGjAH1wgjelMxGVOr0AXaYdO7VvcF9eM0s3VsebKT2wPwfM9j7I
FXB64IZOULdUDk+sgwZWZjOisSHQHvUxm9MynES2n7tK
-----END CERTIFICATE-----