This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/hGFaHcwrovzGAIYRLQIthoUbz9I.roa
File:                     hGFaHcwrovzGAIYRLQIthoUbz9I.roa (raw, json)
Hash identifier:          EW//8vzHeEI6MBxbWRLHvlhu2IW8hbQriarbUOI8bI4=
Subject key identifier:   84:61:5A:1D:CC:2B:A2:FC:C6:00:86:11:2D:02:2D:86:85:1B:CF:D2
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       019B7D5A98DF6593091A9399B43F2A33CA2B
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/hGFaHcwrovzGAIYRLQIthoUbz9I.roa
Signing time:             Fri 02 Jan 2026 06:17:27 +0000
ROA not before:           Fri 02 Jan 2026 06:17:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47216
IP address blocks:        213.176.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5a:98:df:65:93:09:1a:93:99:b4:3f:2a:33:ca:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jan  2 06:17:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=84615a1dcc2ba2fcc60086112d022d86851bcfd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:76:b6:1c:0f:2d:a5:06:8c:23:e5:d4:2b:d7:
                    7b:db:9d:aa:f8:6a:14:b8:7c:a2:db:5d:51:13:f8:
                    66:19:54:8f:47:d6:05:13:e7:86:d6:d1:a5:e6:c1:
                    aa:50:82:ce:d4:53:75:c7:08:b0:24:a1:20:27:de:
                    0c:1a:31:d4:09:ba:33:38:ff:2e:de:16:aa:60:e6:
                    a0:ea:f2:b0:70:89:f0:d4:59:07:71:48:be:c9:af:
                    5f:f3:ef:38:be:ce:ee:0b:b7:15:8e:05:7b:14:8a:
                    0e:9c:97:88:a9:c0:52:fc:4c:1f:0e:58:3e:c4:7f:
                    68:be:29:fe:60:70:38:8f:3e:6c:23:26:b9:b7:43:
                    90:d9:4c:22:cc:8c:55:6c:14:8b:eb:08:6a:04:4d:
                    6d:62:b3:62:c5:a5:8f:ee:c2:03:96:95:ac:a8:da:
                    eb:58:8f:01:79:d5:c3:10:f1:af:23:3b:ae:05:15:
                    f6:60:21:37:ee:83:5f:6f:ef:f4:1b:e1:e0:78:e5:
                    95:b3:97:78:c2:0b:f3:6e:a4:30:ee:ab:bf:2f:4e:
                    ca:65:94:c6:6e:00:aa:20:cc:86:85:45:f2:5b:ff:
                    6b:ff:dc:47:0e:72:d9:68:3b:80:4b:f0:aa:d0:33:
                    b9:74:22:47:3f:47:a1:ce:49:13:05:25:2f:5a:13:
                    d2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:61:5A:1D:CC:2B:A2:FC:C6:00:86:11:2D:02:2D:86:85:1B:CF:D2
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/hGFaHcwrovzGAIYRLQIthoUbz9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.176.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:07:6e:e1:57:fc:5b:a8:74:51:8c:2d:87:e9:3d:4b:33:ad:
         34:2c:e3:7b:fb:b5:9e:34:19:7a:6d:6b:46:8a:3a:ac:26:c0:
         f8:90:41:df:bd:f5:93:64:77:2d:46:2d:5a:0d:96:8b:e8:1e:
         e1:b3:9c:59:8d:c7:f5:e8:18:25:16:a8:a3:9c:d8:f2:29:1a:
         f3:b6:ab:5a:b8:5a:c6:18:fe:1f:82:bf:29:e5:e1:78:eb:f1:
         e9:a9:56:97:1f:a3:29:20:33:9a:0b:e7:37:18:0b:c2:2c:f1:
         91:47:81:67:b7:a8:d4:03:9e:54:04:5a:f6:79:e8:eb:30:a7:
         49:d7:d1:bd:46:01:ba:92:12:6c:43:05:bd:2a:f0:3e:f4:aa:
         f7:a9:4d:42:a4:00:0f:ec:15:c5:ac:4c:74:67:aa:45:97:73:
         3e:8b:32:7d:45:87:36:cb:3a:47:c3:66:0a:c1:8f:99:7a:bb:
         91:07:a6:3a:71:83:30:dd:0f:ab:6b:af:a4:a3:97:b3:9e:06:
         fe:ea:76:c9:e1:5a:2a:7c:a9:60:af:8e:79:76:c2:de:6c:d4:
         98:51:4c:e8:cb:58:62:03:25:97:71:dc:a4:cf:6d:36:86:a5:
         87:05:15:b1:b1:06:9e:0b:80:e9:d5:37:04:54:0d:90:3b:fe:
         f7:45:79:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WpjfZZMJGpOZtD8qM8orMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjYwMTAyMDYxNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDYxNWExZGNjMmJhMmZjYzYwMDg2MTEyZDAyMmQ4Njg1MWJjZmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Ha2HA8tpQaMI+XUK9d7252q+GoU
uHyi211RE/hmGVSPR9YFE+eG1tGl5sGqUILO1FN1xwiwJKEgJ94MGjHUCbozOP8u
3haqYOag6vKwcInw1FkHcUi+ya9f8+84vs7uC7cVjgV7FIoOnJeIqcBS/EwfDlg+
xH9ovin+YHA4jz5sIya5t0OQ2UwizIxVbBSL6whqBE1tYrNixaWP7sIDlpWsqNrr
WI8BedXDEPGvIzuuBRX2YCE37oNfb+/0G+HgeOWVs5d4wgvzbqQw7qu/L07KZZTG
bgCqIMyGhUXyW/9r/9xHDnLZaDuAS/Cq0DO5dCJHP0ehzkkTBSUvWhPSAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIRhWh3MK6L8xgCGES0CLYaFG8/SMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvaEdGYUhjd3JvdnpHQUlZUkxRSXRob1ViejlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bAGMA0G
CSqGSIb3DQEBCwUAA4IBAQA9B27hV/xbqHRRjC2H6T1LM600LON7+7WeNBl6bWtG
ijqsJsD4kEHfvfWTZHctRi1aDZaL6B7hs5xZjcf16BglFqijnNjyKRrztqtauFrG
GP4fgr8p5eF46/HpqVaXH6MpIDOaC+c3GAvCLPGRR4Fnt6jUA55UBFr2eejrMKdJ
19G9RgG6khJsQwW9KvA+9Kr3qU1CpAAP7BXFrEx0Z6pFl3M+izJ9RYc2yzpHw2YK
wY+ZeruRB6Y6cYMw3Q+ra6+ko5ezngb+6nbJ4VoqfKlgr455dsLebNSYUUzoy1hi
AyWXcdykz202hqWHBRWxsQaeC4Dp1TcEVA2QO/73RXkB
-----END CERTIFICATE-----