This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/df96a5-3157-4883-8083-212f893fc835/1/HG7ydsUTNCZ_p5tjqM9MAsrHmMo.roa
File:                     HG7ydsUTNCZ_p5tjqM9MAsrHmMo.roa (raw, json)
Hash identifier:          YwMcAmzd1JHv5zjJMKIlR+Jtl9zncuOvMBHEZcetMIA=
Subject key identifier:   1C:6E:F2:76:C5:13:34:26:7F:A7:9B:63:A8:CF:4C:02:CA:C7:98:CA
Certificate issuer:       /CN=1f94d1354e72306a9f7f951f93f52e8d13a40abf
Certificate serial:       019B122406ABD6AC0DAC0D75987D5B37721A
Authority key identifier: 1F:94:D1:35:4E:72:30:6A:9F:7F:95:1F:93:F5:2E:8D:13:A4:0A:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H5TRNU5yMGqff5Ufk_UujROkCr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/df96a5-3157-4883-8083-212f893fc835/1/HG7ydsUTNCZ_p5tjqM9MAsrHmMo.roa
Signing time:             Fri 12 Dec 2025 10:38:29 +0000
ROA not before:           Fri 12 Dec 2025 10:38:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56327
IP address blocks:        185.204.84.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/df96a5-3157-4883-8083-212f893fc835/1/H5TRNU5yMGqff5Ufk_UujROkCr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/df96a5-3157-4883-8083-212f893fc835/1/H5TRNU5yMGqff5Ufk_UujROkCr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H5TRNU5yMGqff5Ufk_UujROkCr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Dec 2025 04:02:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:12:24:06:ab:d6:ac:0d:ac:0d:75:98:7d:5b:37:72:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f94d1354e72306a9f7f951f93f52e8d13a40abf
        Validity
            Not Before: Dec 12 10:38:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c6ef276c51334267fa79b63a8cf4c02cac798ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:4e:73:b8:c4:d8:ff:81:f1:3f:d9:91:69:1c:
                    ba:5f:3e:35:d2:c2:88:1d:73:aa:8b:3e:c2:e4:94:
                    00:f6:ac:6e:2d:af:f9:a7:f6:eb:91:82:b0:89:37:
                    36:b3:ea:d0:38:61:2a:24:4e:ab:8b:d8:c5:c1:dd:
                    28:ab:fe:70:41:35:b0:c0:57:74:b3:85:2f:73:fb:
                    74:aa:9d:22:c4:eb:83:63:a9:61:e8:49:50:d7:f9:
                    c6:02:a2:84:e3:99:26:b9:4d:93:3c:82:7e:8b:45:
                    11:05:5e:1f:b5:69:c8:7b:fa:8d:ae:30:de:ac:04:
                    78:63:3b:7d:c9:aa:4a:8b:7a:9f:c7:73:42:6a:3e:
                    56:6d:f0:dc:14:32:bd:91:0d:c5:b9:49:df:1b:55:
                    e8:77:39:11:3c:fa:bc:b3:33:fd:75:a5:b3:e7:2e:
                    e3:83:42:cd:d6:8d:d5:33:82:37:47:77:d2:68:ea:
                    be:86:43:0a:e8:b9:3a:1e:36:97:8e:95:4f:cc:70:
                    92:5e:a4:dd:8b:d4:63:c9:68:ed:b9:dd:ef:71:a3:
                    aa:88:5e:3a:be:42:a6:88:80:89:e8:2b:4f:8a:cc:
                    f3:6c:e3:7b:53:57:53:7d:6f:69:7e:3f:a9:cc:ee:
                    6d:9f:ba:93:3e:cc:09:c3:f7:ba:8a:a3:b9:80:9e:
                    ac:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:6E:F2:76:C5:13:34:26:7F:A7:9B:63:A8:CF:4C:02:CA:C7:98:CA
            X509v3 Authority Key Identifier:
                keyid:1F:94:D1:35:4E:72:30:6A:9F:7F:95:1F:93:F5:2E:8D:13:A4:0A:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H5TRNU5yMGqff5Ufk_UujROkCr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/df96a5-3157-4883-8083-212f893fc835/1/HG7ydsUTNCZ_p5tjqM9MAsrHmMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/df96a5-3157-4883-8083-212f893fc835/1/H5TRNU5yMGqff5Ufk_UujROkCr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.204.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:96:ab:24:d6:f9:ea:eb:70:04:fc:dd:b0:7e:71:ce:ac:f0:
         b5:70:8d:67:e8:71:ac:bf:00:53:2c:45:db:83:8d:2f:0c:08:
         d3:b4:c1:bb:e0:8c:33:42:69:8a:ad:4d:31:0e:c3:ff:27:da:
         c1:6b:83:d3:a2:85:fd:58:19:03:5d:ff:1b:a4:62:d2:9c:9a:
         aa:15:9d:df:71:e3:0c:44:cf:7f:24:98:e9:a0:f7:bd:19:8f:
         85:69:77:af:e9:4d:6c:13:7a:80:2b:19:d7:8a:85:00:f7:5e:
         62:bd:8a:5a:2e:e8:fb:1c:50:bb:eb:8e:b0:4e:4f:37:14:13:
         e3:af:dd:1d:ab:f2:54:54:8d:5b:39:59:ba:a2:03:5c:5d:e2:
         f8:3c:e5:2a:26:f3:04:16:8c:fe:7c:f3:c6:14:d5:f6:c0:06:
         5b:18:8e:84:a0:5a:3e:fd:dd:5c:0b:f8:7b:03:f3:d9:50:af:
         10:2b:27:d3:52:04:58:fd:67:c6:22:95:74:f7:10:7d:7e:8c:
         42:9c:f3:78:d2:a1:87:e4:b4:a2:0f:d8:6d:61:7f:9a:82:90:
         7e:af:be:15:3e:f5:f5:de:79:60:d1:7d:f3:0e:c4:45:b5:bc:
         27:50:4c:c2:31:57:c8:69:03:1c:59:1d:8a:4e:a2:ee:71:c8:
         4b:c1:97:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsSJAar1qwNrA11mH1bN3IaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmOTRkMTM1NGU3MjMwNmE5ZjdmOTUxZjkzZjUyZThkMTNh
NDBhYmYwHhcNMjUxMjEyMTAzODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzZlZjI3NmM1MTMzNDI2N2ZhNzliNjNhOGNmNGMwMmNhYzc5OGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4E5zuMTY/4HxP9mRaRy6Xz410sKI
HXOqiz7C5JQA9qxuLa/5p/brkYKwiTc2s+rQOGEqJE6ri9jFwd0oq/5wQTWwwFd0
s4Uvc/t0qp0ixOuDY6lh6ElQ1/nGAqKE45kmuU2TPIJ+i0URBV4ftWnIe/qNrjDe
rAR4Yzt9yapKi3qfx3NCaj5WbfDcFDK9kQ3FuUnfG1XodzkRPPq8szP9daWz5y7j
g0LN1o3VM4I3R3fSaOq+hkMK6Lk6HjaXjpVPzHCSXqTdi9RjyWjtud3vcaOqiF46
vkKmiICJ6CtPiszzbON7U1dTfW9pfj+pzO5tn7qTPswJw/e6iqO5gJ6sKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBxu8nbFEzQmf6ebY6jPTALKx5jKMB8GA1UdIwQY
MBaAFB+U0TVOcjBqn3+VH5P1Lo0TpAq/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDVUUk5VNXlNR3FmZjVVZmtfVXVqUk9rQ3I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9kZjk2YTUtMzE1Ny00ODgzLTgwODMt
MjEyZjg5M2ZjODM1LzEvSEc3eWRzVVROQ1pfcDV0anFNOU1Bc3JIbU1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9kZjk2YTUtMzE1Ny00ODgzLTgwODMtMjEyZjg5M2ZjODM1
LzEvSDVUUk5VNXlNR3FmZjVVZmtfVXVqUk9rQ3I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucxUMA0G
CSqGSIb3DQEBCwUAA4IBAQCblqsk1vnq63AE/N2wfnHOrPC1cI1n6HGsvwBTLEXb
g40vDAjTtMG74IwzQmmKrU0xDsP/J9rBa4PTooX9WBkDXf8bpGLSnJqqFZ3fceMM
RM9/JJjpoPe9GY+FaXev6U1sE3qAKxnXioUA915ivYpaLuj7HFC7646wTk83FBPj
r90dq/JUVI1bOVm6ogNcXeL4POUqJvMEFoz+fPPGFNX2wAZbGI6EoFo+/d1cC/h7
A/PZUK8QKyfTUgRY/WfGIpV09xB9foxCnPN40qGH5LSiD9htYX+agpB+r74VPvX1
3nlg0X3zDsRFtbwnUEzCMVfIaQMcWR2KTqLucchLwZcp
-----END CERTIFICATE-----