This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/ead6c4-9fe1-4fee-9760-047cbc310ccb/1/hE7_1eUP4ATkoyOOP-i0vzG4-1w.roa
File:                     hE7_1eUP4ATkoyOOP-i0vzG4-1w.roa (raw, json)
Hash identifier:          zBuduVQjj/QP+i0lFDnpUqeCE6ciPhxfEuFUyQ8aeOA=
Subject key identifier:   84:4E:FF:D5:E5:0F:E0:04:E4:A3:23:8E:3F:E8:B4:BF:31:B8:FB:5C
Certificate issuer:       /CN=2f6f07cead06a4f811547600bac02faf0cc084c9
Certificate serial:       019B78A2BF92F053EC73C4D760116F5CC106
Authority key identifier: 2F:6F:07:CE:AD:06:A4:F8:11:54:76:00:BA:C0:2F:AF:0C:C0:84:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L28Hzq0GpPgRVHYAusAvrwzAhMk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/ead6c4-9fe1-4fee-9760-047cbc310ccb/1/hE7_1eUP4ATkoyOOP-i0vzG4-1w.roa
Signing time:             Thu 01 Jan 2026 08:18:10 +0000
ROA not before:           Thu 01 Jan 2026 08:18:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3356
IP address blocks:        149.3.172.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/ead6c4-9fe1-4fee-9760-047cbc310ccb/1/L28Hzq0GpPgRVHYAusAvrwzAhMk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/ead6c4-9fe1-4fee-9760-047cbc310ccb/1/L28Hzq0GpPgRVHYAusAvrwzAhMk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L28Hzq0GpPgRVHYAusAvrwzAhMk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:bf:92:f0:53:ec:73:c4:d7:60:11:6f:5c:c1:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f6f07cead06a4f811547600bac02faf0cc084c9
        Validity
            Not Before: Jan  1 08:18:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=844effd5e50fe004e4a3238e3fe8b4bf31b8fb5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:36:cc:52:3d:20:9e:2c:68:61:5c:f2:78:0e:
                    ce:16:d8:57:f9:cc:74:a2:7a:43:47:a0:b6:26:60:
                    c2:52:3c:4c:3e:28:2e:80:89:e9:f9:af:d7:31:30:
                    40:7c:32:7a:06:a4:ed:9e:8c:7d:42:91:ee:23:45:
                    b1:92:7a:99:2c:8a:56:02:21:ff:12:cb:df:c2:a5:
                    b9:c3:73:cd:7e:6b:e5:7e:01:60:9b:c9:3a:2e:36:
                    90:29:3a:15:7c:d9:f5:14:dd:c8:e3:5e:c0:72:34:
                    12:a5:d2:ee:db:3d:9f:0a:a7:83:2f:98:ac:bf:78:
                    50:06:1e:5b:c8:fe:9c:56:7a:84:3c:ba:fd:ac:b5:
                    c0:72:5f:52:8e:f6:66:35:dd:bc:4a:6e:b6:e8:09:
                    7e:c5:ad:b7:75:80:a8:ea:b7:71:d5:e8:76:1e:62:
                    44:9e:27:6b:30:5f:b1:27:82:e3:42:c0:3e:a2:fc:
                    9e:f6:8a:b6:f8:39:5e:13:22:76:74:80:c9:51:d9:
                    72:8e:c0:60:f4:d5:e4:8e:94:3e:94:cf:9f:b4:d0:
                    cd:7a:29:d4:dd:9a:e7:9d:fc:fb:86:a7:89:21:07:
                    4f:ae:35:18:55:e8:ec:16:29:06:77:d4:e7:16:a3:
                    15:0f:d1:65:74:0b:ee:21:9f:b6:c1:c8:52:e0:5c:
                    df:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:4E:FF:D5:E5:0F:E0:04:E4:A3:23:8E:3F:E8:B4:BF:31:B8:FB:5C
            X509v3 Authority Key Identifier:
                keyid:2F:6F:07:CE:AD:06:A4:F8:11:54:76:00:BA:C0:2F:AF:0C:C0:84:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L28Hzq0GpPgRVHYAusAvrwzAhMk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/ead6c4-9fe1-4fee-9760-047cbc310ccb/1/hE7_1eUP4ATkoyOOP-i0vzG4-1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/ead6c4-9fe1-4fee-9760-047cbc310ccb/1/L28Hzq0GpPgRVHYAusAvrwzAhMk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.3.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:97:1c:44:74:70:60:3c:c8:4c:86:56:04:74:a2:31:fd:e1:
         6a:c6:30:07:97:51:bc:b4:b9:f0:19:ea:8a:da:33:a2:47:75:
         8f:53:1d:7b:e1:be:9b:87:e9:6b:99:6c:e3:e9:86:a6:12:25:
         40:ac:ef:3d:d3:8e:9a:74:f5:0d:f7:dc:5e:d9:05:bb:a3:9f:
         7a:16:e4:8d:ea:1e:df:86:33:ef:e9:02:18:01:01:cc:70:35:
         ac:b3:a3:5f:8f:05:e3:65:39:6e:87:aa:3d:11:bb:9c:60:5e:
         5f:71:e6:e8:7d:bf:7e:51:00:de:4f:bd:ee:70:5f:88:ce:9a:
         ab:fb:07:0f:87:6e:45:e7:8b:b2:fe:53:aa:3c:73:8d:0e:b3:
         5e:42:27:e6:af:77:71:ac:94:b5:44:6d:49:3a:58:f6:2f:23:
         31:68:67:ff:3f:09:16:73:9a:7e:51:4e:36:26:82:ac:e4:66:
         78:2d:bd:49:64:57:fc:0b:e4:4c:e8:3d:ca:57:9e:c0:a8:96:
         49:b3:9b:8a:35:ba:6d:b3:c5:32:f6:ec:80:d8:bf:9e:f6:ca:
         6e:3d:6d:30:18:36:fa:48:bb:5e:21:98:35:67:5b:d8:98:af:
         e0:ea:cb:fe:7f:d0:9b:69:da:d3:40:c5:d2:66:40:3e:e8:a9:
         f2:66:96:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4or+S8FPsc8TXYBFvXMEGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNmYwN2NlYWQwNmE0ZjgxMTU0NzYwMGJhYzAyZmFmMGNj
MDg0YzkwHhcNMjYwMTAxMDgxODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDRlZmZkNWU1MGZlMDA0ZTRhMzIzOGUzZmU4YjRiZjMxYjhmYjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1TbMUj0gnixoYVzyeA7OFthX+cx0
onpDR6C2JmDCUjxMPigugInp+a/XMTBAfDJ6BqTtnox9QpHuI0WxknqZLIpWAiH/
EsvfwqW5w3PNfmvlfgFgm8k6LjaQKToVfNn1FN3I417AcjQSpdLu2z2fCqeDL5is
v3hQBh5byP6cVnqEPLr9rLXAcl9SjvZmNd28Sm626Al+xa23dYCo6rdx1eh2HmJE
nidrMF+xJ4LjQsA+ovye9oq2+DleEyJ2dIDJUdlyjsBg9NXkjpQ+lM+ftNDNeinU
3Zrnnfz7hqeJIQdPrjUYVejsFikGd9TnFqMVD9FldAvuIZ+2wchS4FzfHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIRO/9XlD+AE5KMjjj/otL8xuPtcMB8GA1UdIwQY
MBaAFC9vB86tBqT4EVR2ALrAL68MwITJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDI4SHpxMEdwUGdSVkhZQXVzQXZyd3pBaE1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9lYWQ2YzQtOWZlMS00ZmVlLTk3NjAt
MDQ3Y2JjMzEwY2NiLzEvaEU3XzFlVVA0QVRrb3lPT1AtaTB2ekc0LTF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9lYWQ2YzQtOWZlMS00ZmVlLTk3NjAtMDQ3Y2JjMzEwY2Ni
LzEvTDI4SHpxMEdwUGdSVkhZQXVzQXZyd3pBaE1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQClQOsMA0G
CSqGSIb3DQEBCwUAA4IBAQBflxxEdHBgPMhMhlYEdKIx/eFqxjAHl1G8tLnwGeqK
2jOiR3WPUx174b6bh+lrmWzj6YamEiVArO89046adPUN99xe2QW7o596FuSN6h7f
hjPv6QIYAQHMcDWss6NfjwXjZTluh6o9EbucYF5fcebofb9+UQDeT73ucF+Izpqr
+wcPh25F54uy/lOqPHONDrNeQifmr3dxrJS1RG1JOlj2LyMxaGf/PwkWc5p+UU42
JoKs5GZ4Lb1JZFf8C+RM6D3KV57AqJZJs5uKNbpts8Uy9uyA2L+e9spuPW0wGDb6
SLteIZg1Z1vYmK/g6sv+f9CbadrTQMXSZkA+6KnyZpZv
-----END CERTIFICATE-----