This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/0157c9-3488-4fb8-9b4f-9909ee2f33b2/1/72huANhGHbmrRv6vwHaFuRxH93o.roa
File:                     72huANhGHbmrRv6vwHaFuRxH93o.roa (raw, json)
Hash identifier:          6k3oTSasmHujZ7G15o1f502jXxJRPUSaLMNOAO2t2nc=
Subject key identifier:   EF:68:6E:00:D8:46:1D:B9:AB:46:FE:AF:C0:76:85:B9:1C:47:F7:7A
Certificate issuer:       /CN=85860273eb271922b9f7ec8f4a591016356d732b
Certificate serial:       019B7A5A8728190A8470FA7113635A453872
Authority key identifier: 85:86:02:73:EB:27:19:22:B9:F7:EC:8F:4A:59:10:16:35:6D:73:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hYYCc-snGSK59-yPSlkQFjVtcys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/0157c9-3488-4fb8-9b4f-9909ee2f33b2/1/72huANhGHbmrRv6vwHaFuRxH93o.roa
Signing time:             Thu 01 Jan 2026 16:18:31 +0000
ROA not before:           Thu 01 Jan 2026 16:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207989
IP address blocks:        84.38.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/0157c9-3488-4fb8-9b4f-9909ee2f33b2/1/hYYCc-snGSK59-yPSlkQFjVtcys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/0157c9-3488-4fb8-9b4f-9909ee2f33b2/1/hYYCc-snGSK59-yPSlkQFjVtcys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hYYCc-snGSK59-yPSlkQFjVtcys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:87:28:19:0a:84:70:fa:71:13:63:5a:45:38:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85860273eb271922b9f7ec8f4a591016356d732b
        Validity
            Not Before: Jan  1 16:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ef686e00d8461db9ab46feafc07685b91c47f77a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:11:af:15:17:96:66:6a:84:c9:e4:04:bc:7d:
                    aa:73:9b:68:22:2b:0b:1d:76:cc:68:51:e9:ce:6a:
                    3a:79:3d:1b:55:3c:e6:3a:22:51:71:fb:82:6e:50:
                    8e:d7:6d:10:f0:91:a1:86:0e:b0:38:c7:30:94:89:
                    2e:bf:43:60:bc:b8:48:e2:08:45:09:4c:44:41:92:
                    ee:ba:92:4d:3c:cf:b0:9e:01:81:88:b1:82:57:36:
                    f1:71:e4:59:c6:ac:0d:af:b0:8b:ad:92:93:77:44:
                    9a:ce:df:f6:dd:64:f0:3c:47:b3:69:d9:37:94:52:
                    ae:25:d9:ce:3e:ea:15:67:0d:83:51:78:2f:29:a5:
                    06:9b:49:c3:3d:01:f1:00:c3:f3:d3:83:a3:c5:77:
                    92:68:9f:2f:d3:64:a1:29:6d:af:c4:76:7b:a3:db:
                    be:13:fc:55:0d:15:16:30:d8:34:52:40:09:21:ff:
                    41:69:5c:a6:84:ee:2c:ab:32:fb:04:87:38:0a:55:
                    20:2b:e5:d7:f9:39:b4:c3:48:8b:5d:d5:ae:c4:70:
                    8c:97:ac:1b:ea:4f:44:d5:33:e3:ee:80:64:3e:3d:
                    fa:3f:ef:40:c1:69:1d:c1:17:0e:0b:c9:1a:b3:36:
                    f8:8e:92:1b:0a:36:e4:b7:6d:cc:59:b8:d2:b1:2e:
                    7d:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:68:6E:00:D8:46:1D:B9:AB:46:FE:AF:C0:76:85:B9:1C:47:F7:7A
            X509v3 Authority Key Identifier:
                keyid:85:86:02:73:EB:27:19:22:B9:F7:EC:8F:4A:59:10:16:35:6D:73:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hYYCc-snGSK59-yPSlkQFjVtcys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/0157c9-3488-4fb8-9b4f-9909ee2f33b2/1/72huANhGHbmrRv6vwHaFuRxH93o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/0157c9-3488-4fb8-9b4f-9909ee2f33b2/1/hYYCc-snGSK59-yPSlkQFjVtcys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:03:96:61:66:a4:cd:5b:20:85:cb:4e:17:1a:0e:61:fe:03:
         f1:9d:7d:da:07:88:9b:4c:f7:b5:18:e1:56:c5:1e:9c:1b:7f:
         fc:8a:22:8f:74:24:04:1b:27:62:62:f2:38:82:23:54:2d:08:
         35:ad:f2:c3:a7:52:ae:d5:e2:5b:42:78:b3:75:c5:4f:fc:ed:
         a5:be:00:b2:65:d7:c9:c9:fe:88:16:68:27:9f:36:bf:b0:a6:
         2a:46:e2:86:16:28:ec:ad:78:12:b6:8d:56:48:6b:6a:18:e4:
         bc:af:11:1b:85:bd:ec:da:53:95:f9:dc:5c:84:b9:db:39:16:
         2c:f2:51:0a:79:21:fb:11:38:78:2a:96:77:0d:92:e0:86:67:
         c0:d4:eb:19:e1:51:87:ad:30:99:ac:14:58:23:d0:cd:ab:8f:
         8f:0a:eb:20:de:d6:a2:f5:04:2a:00:b5:4a:d9:f9:d7:a6:7d:
         b8:09:9b:41:0b:c2:47:3f:1b:41:80:f0:2f:aa:e0:54:5e:03:
         24:95:8a:fe:84:bb:78:b2:6a:e9:26:89:7e:95:57:1d:66:d6:
         97:07:e6:cc:74:a7:e2:a8:5b:b6:a6:d7:8a:6f:8f:75:e0:23:
         c0:f5:d1:af:32:4c:f7:71:6d:84:e3:11:e5:b6:ad:de:5a:cb:
         a4:12:f1:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WocoGQqEcPpxE2NaRThyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ODYwMjczZWIyNzE5MjJiOWY3ZWM4ZjRhNTkxMDE2MzU2
ZDczMmIwHhcNMjYwMTAxMTYxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjY4NmUwMGQ4NDYxZGI5YWI0NmZlYWZjMDc2ODViOTFjNDdmNzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3RGvFReWZmqEyeQEvH2qc5toIisL
HXbMaFHpzmo6eT0bVTzmOiJRcfuCblCO120Q8JGhhg6wOMcwlIkuv0NgvLhI4ghF
CUxEQZLuupJNPM+wngGBiLGCVzbxceRZxqwNr7CLrZKTd0Sazt/23WTwPEezadk3
lFKuJdnOPuoVZw2DUXgvKaUGm0nDPQHxAMPz04OjxXeSaJ8v02ShKW2vxHZ7o9u+
E/xVDRUWMNg0UkAJIf9BaVymhO4sqzL7BIc4ClUgK+XX+Tm0w0iLXdWuxHCMl6wb
6k9E1TPj7oBkPj36P+9AwWkdwRcOC8kaszb4jpIbCjbkt23MWbjSsS59CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO9obgDYRh25q0b+r8B2hbkcR/d6MB8GA1UdIwQY
MBaAFIWGAnPrJxkiuffsj0pZEBY1bXMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFlZQ2Mtc25HU0s1OS15UFNsa1FGalZ0Y3lzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wMTU3YzktMzQ4OC00ZmI4LTliNGYt
OTkwOWVlMmYzM2IyLzEvNzJodUFOaEdIYm1yUnY2dndIYUZ1UnhIOTNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wMTU3YzktMzQ4OC00ZmI4LTliNGYtOTkwOWVlMmYzM2Iy
LzEvaFlZQ2Mtc25HU0s1OS15UFNsa1FGalZ0Y3lzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCb7MA0G
CSqGSIb3DQEBCwUAA4IBAQCaA5ZhZqTNWyCFy04XGg5h/gPxnX3aB4ibTPe1GOFW
xR6cG3/8iiKPdCQEGydiYvI4giNULQg1rfLDp1Ku1eJbQnizdcVP/O2lvgCyZdfJ
yf6IFmgnnza/sKYqRuKGFijsrXgSto1WSGtqGOS8rxEbhb3s2lOV+dxchLnbORYs
8lEKeSH7ETh4KpZ3DZLghmfA1OsZ4VGHrTCZrBRYI9DNq4+PCusg3tai9QQqALVK
2fnXpn24CZtBC8JHPxtBgPAvquBUXgMklYr+hLt4smrpJol+lVcdZtaXB+bMdKfi
qFu2pteKb4914CPA9dGvMkz3cW2E4xHltq3eWsukEvFr
-----END CERTIFICATE-----