This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hsvGdTF9YaiPhO_ACQR-CxPKoJk.roa
File:                     hsvGdTF9YaiPhO_ACQR-CxPKoJk.roa (raw, json)
Hash identifier:          Ady3A4dEzU30cTi8iuuhzyxlqsHn1jKEZrJGLvvMfdY=
Subject key identifier:   86:CB:C6:75:31:7D:61:A8:8F:84:EF:C0:09:04:7E:0B:13:CA:A0:99
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F8579C886BB2A8610EF26C516584EA0
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hsvGdTF9YaiPhO_ACQR-CxPKoJk.roa
Signing time:             Fri 02 Jan 2026 16:23:32 +0000
ROA not before:           Fri 02 Jan 2026 16:23:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216366
IP address blocks:        62.76.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:79:c8:86:bb:2a:86:10:ef:26:c5:16:58:4e:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86cbc675317d61a88f84efc009047e0b13caa099
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:db:a1:b4:4d:63:70:a2:d7:59:5b:97:b7:b5:
                    5a:69:80:14:60:89:2a:32:ba:8d:55:bb:a2:a7:65:
                    1c:03:21:45:a1:56:42:f2:eb:d5:58:c5:79:09:6b:
                    3f:4e:8c:ad:90:a4:13:33:e8:4d:66:2a:66:eb:7c:
                    aa:c5:c9:a7:a8:b3:ae:9d:52:9b:83:7a:0a:2e:09:
                    ea:dc:d6:37:d4:d7:6d:a6:3e:62:61:f9:35:3d:50:
                    f8:42:ca:e5:f0:af:bc:aa:80:ac:36:1d:57:36:66:
                    dc:2b:ba:86:5a:76:c6:83:68:b7:0b:cd:40:f6:4b:
                    6d:85:db:44:06:b6:88:0c:8e:fe:9e:47:10:52:94:
                    03:f5:d4:ec:ec:02:cc:c4:bf:22:4c:27:cc:34:05:
                    31:13:7f:eb:9e:28:9e:52:e1:5b:8e:90:23:c8:78:
                    42:3c:8c:eb:db:26:50:e3:f3:c2:39:53:68:38:d2:
                    f4:9c:da:9c:1c:e7:5b:91:59:10:7e:e3:dc:a1:be:
                    cd:86:8b:05:49:27:5c:72:2c:5c:46:5c:c5:64:fe:
                    50:4d:7e:de:04:53:d5:73:48:e5:15:5a:42:93:e6:
                    c3:95:60:8a:9a:bf:2f:b8:60:42:10:3a:ff:8c:84:
                    9f:2d:d4:8b:e0:8a:d4:81:54:fe:f4:55:fd:6e:ae:
                    1a:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:CB:C6:75:31:7D:61:A8:8F:84:EF:C0:09:04:7E:0B:13:CA:A0:99
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hsvGdTF9YaiPhO_ACQR-CxPKoJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:17:6b:d1:fb:4b:89:a0:4a:39:97:b1:b4:d3:15:31:cb:4f:
         3e:00:b8:39:52:f7:91:e9:51:16:17:c3:2a:fa:51:31:ed:44:
         e7:7c:73:ee:ac:4e:79:9a:b1:e7:9e:d2:b8:33:ff:c7:1b:f7:
         d0:a6:fc:7b:e6:36:ee:33:10:20:b2:af:c1:17:5f:3f:97:51:
         c4:b0:48:1e:e6:7b:2f:8d:2a:fe:86:75:90:1a:ec:ca:43:77:
         a7:18:75:ce:66:e9:86:93:57:92:f7:0f:3a:23:c8:1b:3c:d5:
         03:76:10:6c:f2:31:7b:6b:e0:91:25:24:a7:0d:c9:4c:61:03:
         2e:30:80:e6:a5:9f:54:34:a6:fb:f4:7a:5f:3a:33:1c:04:40:
         6f:45:6c:84:5c:5e:c6:5a:51:11:a7:96:ab:03:44:17:73:bc:
         00:2a:fd:05:36:4a:1e:92:09:19:fc:d9:7e:1c:ab:a0:70:86:
         96:9b:d8:04:32:28:84:23:b3:1d:f9:53:af:55:6f:f1:c8:54:
         48:d5:16:29:d8:2f:bc:2f:ca:c0:79:61:52:f8:21:43:4c:6e:
         9d:2b:03:57:4f:26:36:37:3e:e8:b0:be:32:b1:db:15:69:3d:
         1c:fe:20:8f:61:c8:df:d7:87:1f:2c:9e:68:cd:d4:f7:6e:3f:
         f8:a4:8f:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hXnIhrsqhhDvJsUWWE6gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmNiYzY3NTMxN2Q2MWE4OGY4NGVmYzAwOTA0N2UwYjEzY2FhMDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9uhtE1jcKLXWVuXt7VaaYAUYIkq
MrqNVbuip2UcAyFFoVZC8uvVWMV5CWs/ToytkKQTM+hNZipm63yqxcmnqLOunVKb
g3oKLgnq3NY31Ndtpj5iYfk1PVD4Qsrl8K+8qoCsNh1XNmbcK7qGWnbGg2i3C81A
9ktthdtEBraIDI7+nkcQUpQD9dTs7ALMxL8iTCfMNAUxE3/rniieUuFbjpAjyHhC
PIzr2yZQ4/PCOVNoONL0nNqcHOdbkVkQfuPcob7NhosFSSdccixcRlzFZP5QTX7e
BFPVc0jlFVpCk+bDlWCKmr8vuGBCEDr/jISfLdSL4IrUgVT+9FX9bq4aNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbLxnUxfWGoj4TvwAkEfgsTyqCZMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvaHN2R2RURjlZYWlQaE9fQUNRUi1DeFBLb0prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkzhMA0G
CSqGSIb3DQEBCwUAA4IBAQAHF2vR+0uJoEo5l7G00xUxy08+ALg5UveR6VEWF8Mq
+lEx7UTnfHPurE55mrHnntK4M//HG/fQpvx75jbuMxAgsq/BF18/l1HEsEge5nsv
jSr+hnWQGuzKQ3enGHXOZumGk1eS9w86I8gbPNUDdhBs8jF7a+CRJSSnDclMYQMu
MIDmpZ9UNKb79HpfOjMcBEBvRWyEXF7GWlERp5arA0QXc7wAKv0FNkoekgkZ/Nl+
HKugcIaWm9gEMiiEI7Md+VOvVW/xyFRI1RYp2C+8L8rAeWFS+CFDTG6dKwNXTyY2
Nz7osL4ysdsVaT0c/iCPYcjf14cfLJ5ozdT3bj/4pI98
-----END CERTIFICATE-----