This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/tHgxF9deJs8XSo1a8WKMnVTxV8o.roa
File:                     tHgxF9deJs8XSo1a8WKMnVTxV8o.roa (raw, json)
Hash identifier:          Ih9+SyDtlU1sqb8OkoVqi1/0lPS9UMNLtlFAvlr+hQA=
Subject key identifier:   B4:78:31:17:D7:5E:26:CF:17:4A:8D:5A:F1:62:8C:9D:54:F1:57:CA
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       019B797ED33FE1D0E3A593800AD046FE54A1
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/tHgxF9deJs8XSo1a8WKMnVTxV8o.roa
Signing time:             Thu 01 Jan 2026 12:18:33 +0000
ROA not before:           Thu 01 Jan 2026 12:18:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202043
IP address blocks:        84.252.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:d3:3f:e1:d0:e3:a5:93:80:0a:d0:46:fe:54:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 12:18:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4783117d75e26cf174a8d5af1628c9d54f157ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:98:98:86:c4:3f:9c:92:e4:bb:d8:1a:f0:aa:
                    49:33:f9:cb:a4:e5:9f:73:cc:68:30:b3:d1:37:7a:
                    e4:94:7f:c0:33:e0:74:4c:c4:ef:49:48:b2:ec:ec:
                    02:6a:94:8d:d6:74:ca:3b:2a:4d:ce:ed:e7:78:e3:
                    ac:e1:21:db:17:ec:86:84:c6:56:a2:b5:5d:f9:75:
                    f1:32:07:b8:65:50:f6:84:b8:08:1f:b6:fa:83:08:
                    07:bc:25:98:0a:07:1c:8e:c1:06:54:78:27:30:48:
                    dd:9a:58:d3:f0:44:fb:ea:05:b4:e7:c0:cf:f9:aa:
                    9f:8f:8d:7e:10:57:6c:21:8f:97:ae:f0:0f:a6:03:
                    99:7f:f2:77:1e:02:e9:89:45:5b:67:72:1c:5a:66:
                    80:cc:1a:e9:ae:8b:8b:ec:9b:dc:c9:3e:02:c0:bf:
                    85:26:d1:ea:da:47:c7:d0:88:66:15:8c:41:c4:48:
                    da:af:45:86:c2:58:6a:4a:0f:48:37:98:48:bd:0a:
                    d5:5e:38:9f:8e:d6:43:ea:90:bb:71:a2:db:60:14:
                    85:e9:1b:9a:0e:18:cd:ac:db:ee:ff:15:22:8f:d9:
                    b9:ab:cd:eb:71:c1:b9:d2:1f:7a:c4:34:24:47:16:
                    ae:77:93:45:fb:01:1e:70:a2:c2:ef:3f:69:7e:8f:
                    b1:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:78:31:17:D7:5E:26:CF:17:4A:8D:5A:F1:62:8C:9D:54:F1:57:CA
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/tHgxF9deJs8XSo1a8WKMnVTxV8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.252.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:d9:c0:d7:84:fb:52:3f:60:80:37:06:c3:ea:dd:0c:0b:06:
         b6:42:94:93:a9:fb:45:fb:48:8f:1f:15:34:89:01:94:54:8a:
         29:4e:67:d1:dc:c3:62:9d:7b:65:47:be:9f:04:b8:27:8d:97:
         3b:f6:a5:e8:e2:e2:5c:be:b8:d9:ac:e3:43:ea:41:ae:d2:23:
         d7:92:28:bd:a4:41:84:d7:dd:e0:28:1d:b2:8a:dd:fa:7b:39:
         8c:37:88:d7:e7:77:17:df:53:04:93:1b:df:57:d2:c5:8f:75:
         9f:0f:36:f1:78:60:5e:28:fc:40:04:2a:a8:f4:2f:73:11:c9:
         c5:b1:da:0f:b2:e2:83:d3:7d:1f:68:bc:52:14:b9:9f:74:5d:
         a2:ab:73:1f:45:9b:1a:c6:29:6f:cc:b5:a4:cb:c2:96:4e:00:
         fc:51:70:da:23:ec:9b:cf:52:4a:52:39:d0:ea:fb:9d:b5:ed:
         0b:a7:38:68:2e:8f:0c:28:15:ef:3b:c6:13:4a:44:20:03:53:
         be:88:81:ba:a3:08:3e:44:bf:38:5e:ef:d6:93:46:cb:18:f0:
         65:52:93:69:ce:09:93:9c:98:ae:b2:f4:ae:00:59:08:e8:61:
         9b:bb:c7:75:26:ff:c8:6b:90:9c:49:c1:76:67:38:65:01:ba:
         7d:4b:9c:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ftM/4dDjpZOACtBG/lShMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjYwMTAxMTIxODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDc4MzExN2Q3NWUyNmNmMTc0YThkNWFmMTYyOGM5ZDU0ZjE1N2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpiYhsQ/nJLku9ga8KpJM/nLpOWf
c8xoMLPRN3rklH/AM+B0TMTvSUiy7OwCapSN1nTKOypNzu3neOOs4SHbF+yGhMZW
orVd+XXxMge4ZVD2hLgIH7b6gwgHvCWYCgccjsEGVHgnMEjdmljT8ET76gW058DP
+aqfj41+EFdsIY+XrvAPpgOZf/J3HgLpiUVbZ3IcWmaAzBrprouL7JvcyT4CwL+F
JtHq2kfH0IhmFYxBxEjar0WGwlhqSg9IN5hIvQrVXjifjtZD6pC7caLbYBSF6Rua
DhjNrNvu/xUij9m5q83rccG50h96xDQkRxaud5NF+wEecKLC7z9pfo+xbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLR4MRfXXibPF0qNWvFijJ1U8VfKMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvdEhneEY5ZGVKczhYU28xYThXS01uVlR4VjhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPw3MA0G
CSqGSIb3DQEBCwUAA4IBAQCE2cDXhPtSP2CANwbD6t0MCwa2QpSTqftF+0iPHxU0
iQGUVIopTmfR3MNinXtlR76fBLgnjZc79qXo4uJcvrjZrOND6kGu0iPXkii9pEGE
193gKB2yit36ezmMN4jX53cX31MEkxvfV9LFj3WfDzbxeGBeKPxABCqo9C9zEcnF
sdoPsuKD030faLxSFLmfdF2iq3MfRZsaxilvzLWky8KWTgD8UXDaI+ybz1JKUjnQ
6vudte0LpzhoLo8MKBXvO8YTSkQgA1O+iIG6owg+RL84Xu/Wk0bLGPBlUpNpzgmT
nJiusvSuAFkI6GGbu8d1Jv/Ia5CcScF2ZzhlAbp9S5z3
-----END CERTIFICATE-----