This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/Hv2YRVYv7Z8AR8dCPVtr57sXJF8.roa
File:                     Hv2YRVYv7Z8AR8dCPVtr57sXJF8.roa (raw, json)
Hash identifier:          ofYgaGP1LV5MUlg5Nl52wgXMuZZaXQIahwgOP2WTrCg=
Subject key identifier:   1E:FD:98:45:56:2F:ED:9F:00:47:C7:42:3D:5B:6B:E7:BB:17:24:5F
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       019B791086F664A8D521B41D4AAD75B9D8B1
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/Hv2YRVYv7Z8AR8dCPVtr57sXJF8.roa
Signing time:             Thu 01 Jan 2026 10:18:04 +0000
ROA not before:           Thu 01 Jan 2026 10:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198461
IP address blocks:        81.93.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 Jan 2026 03:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:86:f6:64:a8:d5:21:b4:1d:4a:ad:75:b9:d8:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  1 10:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1efd9845562fed9f0047c7423d5b6be7bb17245f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d8:75:4f:fc:28:84:35:80:d7:24:55:c6:f6:
                    bd:85:f0:0a:49:41:7d:38:b4:9d:a4:fb:7b:2d:e9:
                    75:cc:0d:97:3f:92:17:07:d4:f7:b8:61:c8:2d:39:
                    76:b5:26:d8:1f:10:5a:49:76:40:8d:d4:5d:bf:11:
                    70:09:09:51:d1:d5:ba:e9:9a:e5:e8:27:bd:44:fa:
                    e9:6a:c6:14:c9:88:d7:99:6b:12:bd:d6:ca:50:49:
                    d7:f6:0b:78:a1:ad:16:71:46:0c:77:3f:f9:8e:eb:
                    79:16:87:fb:4e:dd:e4:3b:ae:d2:18:49:7f:0c:71:
                    43:4b:b5:c1:f5:a6:d8:1a:aa:5d:14:f2:ed:90:39:
                    49:c6:95:2a:4f:b2:82:31:75:3f:85:0b:04:e7:d8:
                    81:59:64:42:85:9d:4c:1c:e4:7f:05:a0:de:f4:ce:
                    c9:c1:5a:b1:f1:83:e3:ab:3a:8a:a3:39:1e:09:a4:
                    57:8d:8d:ea:b5:b2:02:22:2e:52:d1:c7:a8:5f:4e:
                    05:7d:75:c5:b8:f8:c7:45:f2:c2:eb:34:5b:84:c2:
                    4a:63:84:b9:c2:d5:3f:d9:f5:cf:a4:bd:fa:aa:b6:
                    70:33:bc:fd:23:cf:a0:29:24:4f:99:1a:37:2c:f2:
                    60:1e:19:5e:c3:3c:1a:cc:9b:86:d1:ca:39:09:bf:
                    f6:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:FD:98:45:56:2F:ED:9F:00:47:C7:42:3D:5B:6B:E7:BB:17:24:5F
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/Hv2YRVYv7Z8AR8dCPVtr57sXJF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.93.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:dc:9c:95:6e:a8:bf:16:57:e9:09:d4:9b:39:ee:e9:4d:d0:
         27:ad:94:c6:57:03:5e:6a:dd:31:6e:6a:47:be:6b:66:a0:6c:
         d5:68:9f:bf:6d:61:6a:00:5b:c1:2e:55:16:11:c5:58:15:50:
         1f:fb:90:4d:01:61:3e:b9:6e:83:1d:18:34:f0:22:9c:1b:ca:
         b8:48:94:a1:ac:b8:41:ae:fa:9d:f3:c8:18:80:81:63:14:b6:
         1c:c9:8a:9f:56:da:e7:88:d0:b1:2f:53:1e:d5:f4:fc:97:84:
         89:19:60:ad:8e:f1:72:9c:f4:1d:2f:59:49:a4:90:5c:d2:eb:
         56:36:67:aa:21:36:9b:c6:b6:3a:fd:f3:e6:7c:28:47:c4:3f:
         15:4a:7e:92:e1:84:fe:a3:51:31:c1:32:12:8e:5d:62:82:88:
         fc:22:ba:05:e6:28:bb:48:b2:ec:e8:9b:96:da:a1:5c:a8:03:
         8e:35:92:34:af:ec:2d:28:d8:4d:cf:88:10:f8:60:c4:60:77:
         75:74:cb:96:9b:ee:a5:21:ce:9c:6f:71:b7:d8:61:02:0d:b5:
         71:a9:c1:d0:60:bf:c2:7a:13:96:14:96:5a:df:8c:d7:df:8f:
         de:d0:d4:d2:b3:e6:e6:e2:00:d3:f5:61:c9:5f:aa:36:61:3a:
         7e:96:4f:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EIb2ZKjVIbQdSq11udixMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjYwMTAxMTAxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWZkOTg0NTU2MmZlZDlmMDA0N2M3NDIzZDViNmJlN2JiMTcyNDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdh1T/wohDWA1yRVxva9hfAKSUF9
OLSdpPt7Lel1zA2XP5IXB9T3uGHILTl2tSbYHxBaSXZAjdRdvxFwCQlR0dW66Zrl
6Ce9RPrpasYUyYjXmWsSvdbKUEnX9gt4oa0WcUYMdz/5jut5Fof7Tt3kO67SGEl/
DHFDS7XB9abYGqpdFPLtkDlJxpUqT7KCMXU/hQsE59iBWWRChZ1MHOR/BaDe9M7J
wVqx8YPjqzqKozkeCaRXjY3qtbICIi5S0ceoX04FfXXFuPjHRfLC6zRbhMJKY4S5
wtU/2fXPpL36qrZwM7z9I8+gKSRPmRo3LPJgHhlewzwazJuG0co5Cb/2nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB79mEVWL+2fAEfHQj1ba+e7FyRfMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvSHYyWVJWWXY3WjhBUjhkQ1BWdHI1N3NYSkY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUV3bMA0G
CSqGSIb3DQEBCwUAA4IBAQBT3JyVbqi/FlfpCdSbOe7pTdAnrZTGVwNeat0xbmpH
vmtmoGzVaJ+/bWFqAFvBLlUWEcVYFVAf+5BNAWE+uW6DHRg08CKcG8q4SJShrLhB
rvqd88gYgIFjFLYcyYqfVtrniNCxL1Me1fT8l4SJGWCtjvFynPQdL1lJpJBc0utW
NmeqITabxrY6/fPmfChHxD8VSn6S4YT+o1ExwTISjl1igoj8IroF5ii7SLLs6JuW
2qFcqAOONZI0r+wtKNhNz4gQ+GDEYHd1dMuWm+6lIc6cb3G32GECDbVxqcHQYL/C
ehOWFJZa34zX34/e0NTSs+bm4gDT9WHJX6o2YTp+lk8k
-----END CERTIFICATE-----