This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/hLVnBuf3u_JFi21jPT8scSeq55o.roa
File:                     hLVnBuf3u_JFi21jPT8scSeq55o.roa (raw, json)
Hash identifier:          9Kl/ni4B9iNPukEzlMtSOKbm3FCZbPlEMODKtlh8/eY=
Subject key identifier:   84:B5:67:06:E7:F7:BB:F2:45:8B:6D:63:3D:3F:2C:71:27:AA:E7:9A
Certificate issuer:       /CN=7dc8911682bc5ca71cece1efe3ac135bfdb59dd6
Certificate serial:       019B7B35BDCAEB3CA2DBE5C0FECEF81666C1
Authority key identifier: 7D:C8:91:16:82:BC:5C:A7:1C:EC:E1:EF:E3:AC:13:5B:FD:B5:9D:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fciRFoK8XKcc7OHv46wTW_21ndY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/hLVnBuf3u_JFi21jPT8scSeq55o.roa
Signing time:             Thu 01 Jan 2026 20:17:58 +0000
ROA not before:           Thu 01 Jan 2026 20:17:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     53786
IP address blocks:        146.255.120.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/fciRFoK8XKcc7OHv46wTW_21ndY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/fciRFoK8XKcc7OHv46wTW_21ndY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fciRFoK8XKcc7OHv46wTW_21ndY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 15:22:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:bd:ca:eb:3c:a2:db:e5:c0:fe:ce:f8:16:66:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dc8911682bc5ca71cece1efe3ac135bfdb59dd6
        Validity
            Not Before: Jan  1 20:17:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=84b56706e7f7bbf2458b6d633d3f2c7127aae79a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:a4:bb:4a:ec:12:3d:e9:d2:05:9b:40:8a:86:
                    c2:46:58:16:1e:fe:bf:a7:a2:6d:9e:6e:ea:2a:9e:
                    3a:ae:50:ac:d0:48:fd:cf:df:bf:66:40:d2:30:8b:
                    b0:6c:c5:62:2b:25:24:e5:71:d2:4d:f9:c5:e9:9a:
                    c5:18:b4:65:01:47:13:07:b5:1f:5b:98:80:e4:24:
                    d3:d1:65:56:c7:83:90:e9:60:00:99:c6:c9:fa:30:
                    53:41:74:f2:0e:d4:1a:0f:d2:e0:3a:5a:48:12:c2:
                    c4:2f:33:75:3d:6d:0e:c5:62:ec:8f:c5:c7:48:a4:
                    1d:1c:b5:25:9a:7a:94:9e:5a:f8:58:5c:54:34:1f:
                    b7:66:97:77:d3:88:26:c6:fc:5d:ff:a2:6a:bc:c1:
                    1f:c3:38:08:ff:5c:c4:41:49:49:1a:9f:f8:95:9b:
                    65:18:94:4d:21:84:7e:98:d9:8f:55:d9:da:c0:25:
                    a6:9a:49:d7:bc:1a:89:fc:2e:af:2f:a9:e0:68:3f:
                    63:cd:ee:d0:50:77:bb:96:d7:5c:39:68:96:b0:44:
                    83:ae:58:90:b1:1d:e4:8c:18:ae:c7:cb:74:fe:79:
                    c3:be:4f:68:79:9b:1a:fd:68:e8:2e:66:a7:67:b1:
                    ab:b8:41:39:1c:19:53:d8:9c:51:12:be:18:f3:27:
                    7e:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:B5:67:06:E7:F7:BB:F2:45:8B:6D:63:3D:3F:2C:71:27:AA:E7:9A
            X509v3 Authority Key Identifier:
                keyid:7D:C8:91:16:82:BC:5C:A7:1C:EC:E1:EF:E3:AC:13:5B:FD:B5:9D:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fciRFoK8XKcc7OHv46wTW_21ndY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/hLVnBuf3u_JFi21jPT8scSeq55o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/fciRFoK8XKcc7OHv46wTW_21ndY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.255.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:7f:68:d1:9d:c7:f5:00:f0:01:78:25:b4:28:6b:dc:2d:ea:
         c6:c1:e1:e8:bb:3f:8e:7a:f4:1c:37:4f:73:f7:3c:72:79:cf:
         d6:d4:b3:6c:26:76:53:0b:86:e9:97:bf:3f:4a:5b:7d:19:b1:
         9d:d1:fd:82:ab:10:ec:ca:9a:32:93:88:d4:8b:47:3f:be:c8:
         fe:0c:21:92:18:9d:b8:8e:94:e4:54:3b:23:0a:5c:fc:e9:52:
         6b:3d:7f:67:ee:d3:99:3a:ca:0e:9c:e5:00:f9:47:09:6e:b1:
         b4:54:f3:c7:13:16:19:94:ce:ff:9b:f5:c4:93:94:36:50:d5:
         7e:7a:5b:02:70:ae:a2:fd:b2:ab:8f:f0:fb:a5:fe:9a:bc:c6:
         8f:10:4f:16:28:46:a1:7e:ed:86:27:4d:65:13:c9:f1:e1:09:
         2c:3c:31:da:5d:a8:74:a5:de:5d:af:90:71:79:67:ad:42:5d:
         72:65:da:58:70:98:62:f4:90:c4:60:15:fc:3e:4f:a2:8f:3e:
         f5:3d:ed:61:b0:43:67:bb:15:c8:9c:1c:57:08:8e:22:ea:9d:
         3b:5c:8b:56:2c:9b:d4:08:90:61:8a:45:4f:d2:81:cc:61:2c:
         1c:12:94:d9:3d:df:97:b8:1b:32:72:1d:ab:15:8b:27:98:93:
         08:29:1f:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Nb3K6zyi2+XA/s74FmbBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYzg5MTE2ODJiYzVjYTcxY2VjZTFlZmUzYWMxMzViZmRi
NTlkZDYwHhcNMjYwMTAxMjAxNzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGI1NjcwNmU3ZjdiYmYyNDU4YjZkNjMzZDNmMmM3MTI3YWFlNzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7qS7SuwSPenSBZtAiobCRlgWHv6/
p6Jtnm7qKp46rlCs0Ej9z9+/ZkDSMIuwbMViKyUk5XHSTfnF6ZrFGLRlAUcTB7Uf
W5iA5CTT0WVWx4OQ6WAAmcbJ+jBTQXTyDtQaD9LgOlpIEsLELzN1PW0OxWLsj8XH
SKQdHLUlmnqUnlr4WFxUNB+3Zpd304gmxvxd/6JqvMEfwzgI/1zEQUlJGp/4lZtl
GJRNIYR+mNmPVdnawCWmmknXvBqJ/C6vL6ngaD9jze7QUHe7ltdcOWiWsESDrliQ
sR3kjBiux8t0/nnDvk9oeZsa/WjoLmanZ7GruEE5HBlT2JxREr4Y8yd+gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIS1Zwbn97vyRYttYz0/LHEnqueaMB8GA1UdIwQY
MBaAFH3IkRaCvFynHOzh7+OsE1v9tZ3WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmNpUkZvSzhYS2NjN09IdjQ2d1RXXzIxbmRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wODMxYmYtMTE4Yy00ZWNlLTkzNGQt
NzUyOTUyNTFiMWU4LzEvaExWbkJ1ZjN1X0pGaTIxalBUOHNjU2VxNTVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wODMxYmYtMTE4Yy00ZWNlLTkzNGQtNzUyOTUyNTFiMWU4
LzEvZmNpUkZvSzhYS2NjN09IdjQ2d1RXXzIxbmRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkv94MA0G
CSqGSIb3DQEBCwUAA4IBAQAUf2jRncf1APABeCW0KGvcLerGweHouz+OevQcN09z
9zxyec/W1LNsJnZTC4bpl78/Slt9GbGd0f2CqxDsypoyk4jUi0c/vsj+DCGSGJ24
jpTkVDsjClz86VJrPX9n7tOZOsoOnOUA+UcJbrG0VPPHExYZlM7/m/XEk5Q2UNV+
elsCcK6i/bKrj/D7pf6avMaPEE8WKEahfu2GJ01lE8nx4QksPDHaXah0pd5dr5Bx
eWetQl1yZdpYcJhi9JDEYBX8Pk+ijz71Pe1hsENnuxXInBxXCI4i6p07XItWLJvU
CJBhikVP0oHMYSwcEpTZPd+XuBsych2rFYsnmJMIKR9b
-----END CERTIFICATE-----