This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/H46XO9XSJTU4CNyAsgALoMBjFts.roa
File:                     H46XO9XSJTU4CNyAsgALoMBjFts.roa (raw, json)
Hash identifier:          SKCNezoPV4d80/b8RqvkEzIMIaDX9hLKNwB+Qms+qr4=
Subject key identifier:   1F:8E:97:3B:D5:D2:25:35:38:08:DC:80:B2:00:0B:A0:C0:63:16:DB
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019AD58191B3BD9A3252437B9967E801E9A0
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/H46XO9XSJTU4CNyAsgALoMBjFts.roa
Signing time:             Sun 30 Nov 2025 16:03:49 +0000
ROA not before:           Sun 30 Nov 2025 16:03:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212165
IP address blocks:        193.233.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 17:27:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:d5:81:91:b3:bd:9a:32:52:43:7b:99:67:e8:01:e9:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Nov 30 16:03:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f8e973bd5d225353808dc80b2000ba0c06316db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ec:9e:55:8d:be:1c:87:25:89:44:57:7d:82:
                    40:9f:ea:77:06:53:b2:1b:3d:93:74:88:30:b5:5a:
                    b8:33:13:67:cb:a1:e9:02:ed:c2:8f:c2:b6:14:4b:
                    d0:1b:66:bb:b6:36:dc:8f:a9:8f:3e:9a:a8:42:7a:
                    11:6b:da:cf:a3:d8:e1:00:1a:a2:8e:5a:fe:43:4d:
                    7c:29:26:96:b4:44:93:4a:70:1d:5a:84:f4:af:be:
                    24:dd:ec:43:d5:50:6b:1e:70:c6:51:69:5e:32:e8:
                    eb:3f:cd:c5:21:30:e9:32:67:83:d3:c8:3b:49:2a:
                    80:ba:8b:6a:a9:fb:14:12:14:c6:ea:22:c4:40:e4:
                    eb:73:0a:d9:44:57:35:26:d5:e0:9c:c6:d1:de:06:
                    d1:45:ef:e6:70:ca:64:68:52:d6:63:16:1e:fe:a2:
                    01:3c:13:b3:c0:6c:49:68:94:9c:07:38:5b:db:8c:
                    89:c4:16:5f:d6:b5:0b:d9:41:80:57:c9:6f:fd:cb:
                    c9:59:4e:ee:8c:74:fa:52:2b:8a:0c:be:41:6d:06:
                    e1:1c:03:69:3c:b5:e8:f8:10:1f:f0:18:f6:e5:51:
                    6b:e8:8d:6e:5c:f3:aa:47:2b:da:de:b6:62:91:ab:
                    d9:37:dd:ef:e5:6b:6d:93:d6:83:17:b4:00:bc:b9:
                    e7:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:8E:97:3B:D5:D2:25:35:38:08:DC:80:B2:00:0B:A0:C0:63:16:DB
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/H46XO9XSJTU4CNyAsgALoMBjFts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:52:61:be:84:ba:30:78:34:11:8c:01:03:0a:59:25:35:7f:
         99:92:a1:ea:a3:15:bc:6f:d8:b1:4d:24:bb:37:e9:2e:cd:9d:
         43:c7:02:51:71:74:1c:06:39:b4:07:5b:88:f8:e9:fd:e0:04:
         ec:53:66:0b:3c:9b:61:1e:1e:85:58:9e:b2:b0:10:09:0d:0f:
         f2:bb:66:a8:c8:8d:d7:4e:37:40:9d:d5:6d:19:23:81:12:dd:
         ca:6f:a2:e7:84:ea:7b:87:61:93:a7:f4:f8:a9:9b:72:eb:0f:
         cf:1e:c9:cc:6c:ea:4d:d2:b8:0d:8e:8c:10:fe:60:73:40:8a:
         2e:59:0c:e5:e7:66:13:a1:19:f6:1c:30:21:76:2d:a0:37:17:
         f1:b0:b9:9b:75:0b:b1:01:b6:e5:6e:4c:c2:ac:3e:c9:64:e5:
         90:16:a3:a2:8b:7f:06:6f:5f:f2:55:e2:ca:c6:6b:ac:2f:a2:
         dd:d2:47:dc:6f:f6:66:cc:38:1c:2c:11:c1:cf:8a:70:f3:c5:
         51:0d:9a:f5:2b:ee:a9:eb:bc:be:73:91:5a:7e:e1:98:27:4a:
         13:35:4a:e5:90:27:64:f4:18:ae:72:c2:95:73:b1:9c:24:f4:
         c3:69:de:da:19:20:05:75:12:0a:05:59:31:7c:76:4e:ea:16:
         a9:a9:ad:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrVgZGzvZoyUkN7mWfoAemgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUxMTMwMTYwMzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjhlOTczYmQ1ZDIyNTM1MzgwOGRjODBiMjAwMGJhMGMwNjMxNmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAteyeVY2+HIcliURXfYJAn+p3BlOy
Gz2TdIgwtVq4MxNny6HpAu3Cj8K2FEvQG2a7tjbcj6mPPpqoQnoRa9rPo9jhABqi
jlr+Q018KSaWtESTSnAdWoT0r74k3exD1VBrHnDGUWleMujrP83FITDpMmeD08g7
SSqAuotqqfsUEhTG6iLEQOTrcwrZRFc1JtXgnMbR3gbRRe/mcMpkaFLWYxYe/qIB
PBOzwGxJaJScBzhb24yJxBZf1rUL2UGAV8lv/cvJWU7ujHT6UiuKDL5BbQbhHANp
PLXo+BAf8Bj25VFr6I1uXPOqRyva3rZikavZN93v5Wttk9aDF7QAvLnnUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+OlzvV0iU1OAjcgLIAC6DAYxbbMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvSDQ2WE85WFNKVFU0Q055QXNnQUxvTUJqRnRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwekUMA0G
CSqGSIb3DQEBCwUAA4IBAQCXUmG+hLoweDQRjAEDClklNX+ZkqHqoxW8b9ixTSS7
N+kuzZ1DxwJRcXQcBjm0B1uI+On94ATsU2YLPJthHh6FWJ6ysBAJDQ/yu2aoyI3X
TjdAndVtGSOBEt3Kb6LnhOp7h2GTp/T4qZty6w/PHsnMbOpN0rgNjowQ/mBzQIou
WQzl52YToRn2HDAhdi2gNxfxsLmbdQuxAbblbkzCrD7JZOWQFqOii38Gb1/yVeLK
xmusL6Ld0kfcb/ZmzDgcLBHBz4pw88VRDZr1K+6p67y+c5FafuGYJ0oTNUrlkCdk
9BiucsKVc7GcJPTDad7aGSAFdRIKBVkxfHZO6hapqa20
-----END CERTIFICATE-----