This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/tHxTnzVpW4CYvqPjzoEYrTWFQDI.roa
File:                     tHxTnzVpW4CYvqPjzoEYrTWFQDI.roa (raw, json)
Hash identifier:          3BDqXRHdfk/YuwIHADZOIiO+uAzSsr5L4Xyb+c9E1UE=
Subject key identifier:   B4:7C:53:9F:35:69:5B:80:98:BE:A3:E3:CE:81:18:AD:35:85:40:32
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019B7B35A46E9A73C3CBF0B6084FB01E90FB
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/tHxTnzVpW4CYvqPjzoEYrTWFQDI.roa
Signing time:             Thu 01 Jan 2026 20:17:51 +0000
ROA not before:           Thu 01 Jan 2026 20:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216137
IP address blocks:        81.180.72.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:a4:6e:9a:73:c3:cb:f0:b6:08:4f:b0:1e:90:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 20:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b47c539f35695b8098bea3e3ce8118ad35854032
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:21:e5:0c:b0:19:50:fc:63:c0:ea:41:63:5e:
                    a9:78:4a:2d:cb:7e:68:92:7a:25:7e:ab:3f:ac:48:
                    8f:bb:8c:73:be:9f:a2:33:d5:89:cc:2f:fd:c7:e1:
                    3c:f8:7c:be:0e:d5:5b:6e:6b:19:db:37:65:f9:9c:
                    9e:b4:e7:00:82:2f:4d:ec:54:64:66:40:0c:72:e6:
                    aa:58:d5:d1:76:7e:53:da:bd:99:6f:e1:b9:5e:e6:
                    70:95:41:50:c8:db:32:50:9a:06:03:bb:b2:28:e2:
                    19:f2:ae:bb:53:1a:ca:55:b0:4b:35:ef:08:5b:bc:
                    a1:15:58:ae:72:9d:43:03:15:72:d7:9b:29:47:04:
                    72:83:ac:a7:c0:f1:27:30:76:90:d6:f6:ef:73:b7:
                    2f:33:44:82:f2:4d:8b:71:57:6b:4c:22:ef:02:5d:
                    52:28:a9:34:f6:a1:5e:b8:57:1a:6d:8f:86:55:e9:
                    f1:52:da:af:96:59:5a:c5:3f:f4:78:6c:84:0d:08:
                    b4:5d:04:cb:4b:42:b0:39:0e:fd:b2:40:e9:e8:c0:
                    55:04:eb:62:bb:79:65:a6:e6:18:0c:56:f3:69:99:
                    c2:79:b2:2c:03:17:36:57:f9:a8:e2:93:f0:95:7d:
                    5a:83:dc:37:82:d2:1c:d5:a1:76:9c:aa:25:db:13:
                    b0:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:7C:53:9F:35:69:5B:80:98:BE:A3:E3:CE:81:18:AD:35:85:40:32
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/tHxTnzVpW4CYvqPjzoEYrTWFQDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.180.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:51:fa:a8:9f:6c:92:cc:b7:c4:9c:da:d7:33:05:ab:81:06:
         35:e1:ba:7c:da:9c:07:b0:12:12:11:e1:92:77:e6:ea:d3:1d:
         ce:57:a5:51:49:a7:4f:ba:06:7c:bd:cc:ad:15:19:c5:23:58:
         40:1f:96:c7:08:ff:fd:e5:0c:ed:30:8f:ac:8c:2c:6d:61:d3:
         10:ea:2d:28:9f:81:83:95:cf:16:93:83:dd:88:69:08:42:7c:
         5c:50:e9:a2:23:da:79:0a:78:5d:05:2a:21:8a:86:6b:a1:d4:
         89:a3:15:f9:00:4f:78:fc:e3:50:76:75:3a:ec:0d:5d:8c:41:
         d6:83:83:82:8b:88:c8:87:eb:be:09:60:21:2d:ae:60:7f:32:
         cf:aa:93:79:8d:e0:ed:22:24:53:6e:1d:c1:94:94:87:4d:0a:
         e6:fc:52:fd:e8:ea:4f:25:f4:a1:54:b9:a9:65:00:47:96:93:
         20:e1:95:60:5c:59:d6:5c:25:8e:3c:82:78:d0:73:e4:02:d5:
         4a:b4:d1:e1:85:28:05:d6:2a:85:de:f5:07:12:81:08:16:64:
         f2:47:43:b7:20:86:cc:73:01:10:ac:bf:77:c9:d5:0c:f9:03:
         41:55:22:fe:70:16:56:dd:21:48:a5:c4:6f:a5:1a:8c:3c:60:
         04:01:e6:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NaRumnPDy/C2CE+wHpD7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMTAxMjAxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDdjNTM5ZjM1Njk1YjgwOThiZWEzZTNjZTgxMThhZDM1ODU0MDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSHlDLAZUPxjwOpBY16peEoty35o
knolfqs/rEiPu4xzvp+iM9WJzC/9x+E8+Hy+DtVbbmsZ2zdl+ZyetOcAgi9N7FRk
ZkAMcuaqWNXRdn5T2r2Zb+G5XuZwlUFQyNsyUJoGA7uyKOIZ8q67UxrKVbBLNe8I
W7yhFViucp1DAxVy15spRwRyg6ynwPEnMHaQ1vbvc7cvM0SC8k2LcVdrTCLvAl1S
KKk09qFeuFcabY+GVenxUtqvlllaxT/0eGyEDQi0XQTLS0KwOQ79skDp6MBVBOti
u3llpuYYDFbzaZnCebIsAxc2V/mo4pPwlX1ag9w3gtIc1aF2nKol2xOw2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLR8U581aVuAmL6j486BGK01hUAyMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvdEh4VG56VnBXNENZdnFQanpvRVlyVFdGUURJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUbRIMA0G
CSqGSIb3DQEBCwUAA4IBAQBPUfqon2ySzLfEnNrXMwWrgQY14bp82pwHsBISEeGS
d+bq0x3OV6VRSadPugZ8vcytFRnFI1hAH5bHCP/95QztMI+sjCxtYdMQ6i0on4GD
lc8Wk4PdiGkIQnxcUOmiI9p5CnhdBSohioZrodSJoxX5AE94/ONQdnU67A1djEHW
g4OCi4jIh+u+CWAhLa5gfzLPqpN5jeDtIiRTbh3BlJSHTQrm/FL96OpPJfShVLmp
ZQBHlpMg4ZVgXFnWXCWOPIJ40HPkAtVKtNHhhSgF1iqF3vUHEoEIFmTyR0O3IIbM
cwEQrL93ydUM+QNBVSL+cBZW3SFIpcRvpRqMPGAEAeZq
-----END CERTIFICATE-----