This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/hi5-Bqz7JG0WbAuPqPS5AbjeiO8.roa
File:                     hi5-Bqz7JG0WbAuPqPS5AbjeiO8.roa (raw, json)
Hash identifier:          eQUZA8o3t/D8wdR2RGbcviTpLEuCJnnTudK92+op89I=
Subject key identifier:   86:2E:7E:06:AC:FB:24:6D:16:6C:0B:8F:A8:F4:B9:01:B8:DE:88:EF
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019B7F1452C51A01F1E0B066A9F2B4B4BE60
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/hi5-Bqz7JG0WbAuPqPS5AbjeiO8.roa
Signing time:             Fri 02 Jan 2026 14:19:56 +0000
ROA not before:           Fri 02 Jan 2026 14:19:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62904
IP address blocks:        147.45.126.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:52:c5:1a:01:f1:e0:b0:66:a9:f2:b4:b4:be:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 14:19:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=862e7e06acfb246d166c0b8fa8f4b901b8de88ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:bd:91:39:48:05:2e:ff:6e:b3:f7:ff:3e:de:
                    96:5e:b5:de:39:83:0b:f6:15:96:4d:9b:01:94:81:
                    01:e1:6b:f8:1d:da:1f:1d:a5:01:fc:50:6d:2a:cd:
                    bd:5c:67:08:26:60:16:1f:82:4d:fb:88:4c:a6:4d:
                    57:8d:79:8b:b1:23:ee:ff:fb:c9:28:b5:4b:65:90:
                    21:49:49:aa:73:c3:37:6f:cd:59:ba:01:15:30:60:
                    19:1f:95:c5:f1:84:de:03:3d:20:62:91:4d:77:48:
                    8e:cc:d6:b1:b6:f9:25:5e:c6:96:57:06:a8:4a:38:
                    a2:aa:a1:ad:5e:51:33:dc:f1:b8:b9:52:99:dc:5a:
                    74:4b:46:88:e6:85:f3:89:de:5e:cd:97:48:90:25:
                    ce:9e:d5:e6:32:2f:ee:dd:07:f9:ef:24:20:8a:74:
                    c1:8d:0a:99:93:05:b1:f2:6a:04:f1:23:d2:11:07:
                    2b:de:0c:c5:4a:88:b4:64:80:91:97:8b:c9:af:89:
                    09:ce:b0:04:24:0c:8b:65:58:43:52:c4:ff:3a:af:
                    56:7e:14:17:2a:e9:28:2f:ba:84:bb:8a:ff:78:32:
                    07:5a:ef:ba:da:f0:40:88:a2:56:9c:47:73:14:53:
                    67:e0:84:69:4a:0e:93:2c:8a:03:56:d8:ca:a0:9d:
                    4f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:2E:7E:06:AC:FB:24:6D:16:6C:0B:8F:A8:F4:B9:01:B8:DE:88:EF
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/hi5-Bqz7JG0WbAuPqPS5AbjeiO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:27:7e:af:df:b3:68:75:c2:06:0b:cb:4c:50:f2:99:b3:8a:
         fb:52:d8:bf:93:c7:0e:fb:c0:cb:db:9e:6f:b7:4f:d8:f9:6f:
         33:3b:44:12:e8:99:57:14:f6:e3:44:32:04:7f:61:86:6d:ee:
         4e:17:e7:52:e3:89:97:7e:77:9b:66:9f:f9:17:a1:f2:cf:8e:
         81:e7:66:94:bf:b9:e5:67:e2:8f:17:95:68:bf:a2:e3:31:30:
         05:56:df:f3:b3:1f:64:2b:ef:cb:87:23:5f:aa:d4:c6:2f:67:
         85:74:7b:6d:aa:c2:29:dc:f8:23:cb:59:86:3f:13:8e:3c:d4:
         ab:c4:74:a8:b9:8d:3a:8c:31:c2:2d:f4:c2:cc:24:ea:c8:c4:
         5d:3b:fa:79:ca:fc:93:cd:05:4d:e9:4c:65:fd:7f:07:7d:cd:
         d9:fb:01:be:67:66:1c:a0:2e:8e:3a:4e:79:ab:d9:49:d8:0d:
         35:d8:36:b2:06:5c:e6:40:bc:32:72:d3:d7:49:06:43:1a:3e:
         30:39:78:09:df:bf:0b:49:a5:3c:a3:52:fc:85:b0:a8:94:3b:
         1c:4a:da:de:bf:8d:f3:e4:fe:a9:81:bc:fd:47:5c:dc:06:d8:
         68:f0:be:04:ac:c7:56:62:a7:ab:a9:df:1f:f2:6c:3f:ca:44:
         7d:d4:0a:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FFLFGgHx4LBmqfK0tL5gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjYwMTAyMTQxOTU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjJlN2UwNmFjZmIyNDZkMTY2YzBiOGZhOGY0YjkwMWI4ZGU4OGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtL2ROUgFLv9us/f/Pt6WXrXeOYML
9hWWTZsBlIEB4Wv4HdofHaUB/FBtKs29XGcIJmAWH4JN+4hMpk1XjXmLsSPu//vJ
KLVLZZAhSUmqc8M3b81ZugEVMGAZH5XF8YTeAz0gYpFNd0iOzNaxtvklXsaWVwao
SjiiqqGtXlEz3PG4uVKZ3Fp0S0aI5oXzid5ezZdIkCXOntXmMi/u3Qf57yQginTB
jQqZkwWx8moE8SPSEQcr3gzFSoi0ZICRl4vJr4kJzrAEJAyLZVhDUsT/Oq9WfhQX
KukoL7qEu4r/eDIHWu+62vBAiKJWnEdzFFNn4IRpSg6TLIoDVtjKoJ1P1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYufgas+yRtFmwLj6j0uQG43ojvMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvaGk1LUJxejdKRzBXYkF1UHFQUzVBYmplaU84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBky1+MA0G
CSqGSIb3DQEBCwUAA4IBAQAqJ36v37NodcIGC8tMUPKZs4r7Uti/k8cO+8DL255v
t0/Y+W8zO0QS6JlXFPbjRDIEf2GGbe5OF+dS44mXfnebZp/5F6Hyz46B52aUv7nl
Z+KPF5Vov6LjMTAFVt/zsx9kK+/LhyNfqtTGL2eFdHttqsIp3Pgjy1mGPxOOPNSr
xHSouY06jDHCLfTCzCTqyMRdO/p5yvyTzQVN6Uxl/X8Hfc3Z+wG+Z2YcoC6OOk55
q9lJ2A012DayBlzmQLwyctPXSQZDGj4wOXgJ378LSaU8o1L8hbColDscStrev43z
5P6pgbz9R1zcBtho8L4ErMdWYqerqd8f8mw/ykR91ArC
-----END CERTIFICATE-----