This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/1HVSXKZv4V4Dk6jTAERYf1cyKI0.roa
File:                     1HVSXKZv4V4Dk6jTAERYf1cyKI0.roa (raw, json)
Hash identifier:          PWnNkKaqr6A8sthZozzDI9qbbuU1uuzwUBUhchSexB4=
Subject key identifier:   D4:75:52:5C:A6:6F:E1:5E:03:93:A8:D3:00:44:58:7F:57:32:28:8D
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019B7F146ACEDE480C8E245181901790CC3C
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/1HVSXKZv4V4Dk6jTAERYf1cyKI0.roa
Signing time:             Fri 02 Jan 2026 14:20:03 +0000
ROA not before:           Fri 02 Jan 2026 14:20:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213843
IP address blocks:        147.45.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:6a:ce:de:48:0c:8e:24:51:81:90:17:90:cc:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 14:20:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d475525ca66fe15e0393a8d30044587f5732288d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c8:a6:b8:65:6c:35:e8:18:c6:11:37:cb:1a:
                    80:1c:7a:3d:87:9a:46:72:a2:ad:6f:1a:3f:f4:7b:
                    b2:67:5d:f2:cd:3b:d1:58:fc:09:cf:51:63:b6:b3:
                    60:1d:58:1c:f0:d6:84:5e:d0:e2:6b:29:63:aa:f8:
                    aa:a3:1a:20:8e:16:42:0d:29:ea:ac:01:d3:2e:0f:
                    92:0c:95:6e:59:d5:92:3c:e2:ad:5e:05:00:45:d5:
                    ee:36:fe:18:90:cf:9b:32:5e:9d:94:e2:6f:39:bd:
                    ca:78:b3:30:d0:4a:95:66:3c:fe:3f:33:ed:0b:62:
                    ec:6a:60:d3:37:63:50:91:25:bc:77:81:fa:b8:d4:
                    b2:9c:40:f3:d5:26:bd:e2:ff:40:90:ad:58:be:5b:
                    98:be:e5:70:3a:80:17:7a:67:87:8c:86:ae:75:5b:
                    7f:39:e0:61:1c:4a:21:ab:05:8d:15:15:91:bb:52:
                    95:42:bd:75:f5:f2:11:67:29:89:26:1f:61:69:f6:
                    32:c9:56:a9:bb:fb:ea:38:0c:2b:aa:7c:d1:01:7e:
                    66:c6:91:88:8c:1e:23:72:bd:36:f1:2f:0a:9c:31:
                    4d:d9:24:7b:03:d1:10:67:12:d0:4c:4d:4b:27:d7:
                    1b:28:63:c6:96:03:fe:16:fc:0f:63:d2:67:a9:12:
                    cf:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:75:52:5C:A6:6F:E1:5E:03:93:A8:D3:00:44:58:7F:57:32:28:8D
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/1HVSXKZv4V4Dk6jTAERYf1cyKI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:29:29:06:37:41:91:6d:00:8c:9f:27:81:b7:45:3d:d4:21:
         05:5a:f0:3b:33:9d:a3:e5:0a:2b:39:50:d1:82:dc:b2:3f:34:
         49:93:e5:29:06:7a:3e:ad:b4:0d:21:a2:8d:80:96:00:a5:fa:
         df:d9:f7:a0:95:ac:f4:eb:eb:0a:bb:04:35:58:8e:da:9e:2c:
         06:4e:c5:fc:25:99:71:cd:16:db:40:f6:09:f3:e8:0c:9d:6c:
         f0:a8:51:59:08:32:e8:4e:ee:13:cb:6d:8d:e9:9d:ff:43:b5:
         6f:e2:99:4c:0c:7b:eb:f1:3d:f2:d9:1a:d5:34:6e:ab:7b:4d:
         e5:8d:c4:1c:bf:06:31:0d:e7:da:07:3c:de:38:e0:70:71:e3:
         35:f4:e2:cf:71:97:5d:f6:99:5c:64:cc:22:d7:29:a6:35:b3:
         89:d8:85:31:f2:5d:01:da:bb:40:8d:ea:5e:6b:be:38:e4:ce:
         05:03:f0:9e:f4:8b:11:24:f4:0f:e6:08:1d:9d:13:fc:31:92:
         f6:29:3e:86:42:6d:33:8c:81:1b:06:d4:a7:6f:62:42:5c:2f:
         1b:c7:e0:42:6e:49:69:28:9d:58:3f:a2:62:1f:a2:dd:f6:d2:
         da:c2:0f:fd:c9:cb:80:c6:61:5e:95:86:13:80:17:2a:ab:57:
         ac:00:40:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FGrO3kgMjiRRgZAXkMw8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjYwMTAyMTQyMDAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDc1NTI1Y2E2NmZlMTVlMDM5M2E4ZDMwMDQ0NTg3ZjU3MzIyODhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MimuGVsNegYxhE3yxqAHHo9h5pG
cqKtbxo/9HuyZ13yzTvRWPwJz1FjtrNgHVgc8NaEXtDiayljqviqoxogjhZCDSnq
rAHTLg+SDJVuWdWSPOKtXgUARdXuNv4YkM+bMl6dlOJvOb3KeLMw0EqVZjz+PzPt
C2LsamDTN2NQkSW8d4H6uNSynEDz1Sa94v9AkK1YvluYvuVwOoAXemeHjIaudVt/
OeBhHEohqwWNFRWRu1KVQr119fIRZymJJh9hafYyyVapu/vqOAwrqnzRAX5mxpGI
jB4jcr028S8KnDFN2SR7A9EQZxLQTE1LJ9cbKGPGlgP+FvwPY9JnqRLPlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNR1Ulymb+FeA5Oo0wBEWH9XMiiNMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvMUhWU1hLWnY0VjREazZqVEFFUllmMWN5S0kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAky3YMA0G
CSqGSIb3DQEBCwUAA4IBAQABKSkGN0GRbQCMnyeBt0U91CEFWvA7M52j5QorOVDR
gtyyPzRJk+UpBno+rbQNIaKNgJYApfrf2feglaz06+sKuwQ1WI7aniwGTsX8JZlx
zRbbQPYJ8+gMnWzwqFFZCDLoTu4Ty22N6Z3/Q7Vv4plMDHvr8T3y2RrVNG6re03l
jcQcvwYxDefaBzzeOOBwceM19OLPcZdd9plcZMwi1ymmNbOJ2IUx8l0B2rtAjepe
a7445M4FA/Ce9IsRJPQP5ggdnRP8MZL2KT6GQm0zjIEbBtSnb2JCXC8bx+BCbklp
KJ1YP6JiH6Ld9tLawg/9ycuAxmFelYYTgBcqq1esAEDf
-----END CERTIFICATE-----