This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/HXaoaGbpsVwIKc7Z3xDq1FFDMF8.roa
File:                     HXaoaGbpsVwIKc7Z3xDq1FFDMF8.roa (raw, json)
Hash identifier:          L+H/+WASkeXo8rY3B/Oh3KXss1YCnh/aJ/OUDO60P5o=
Subject key identifier:   1D:76:A8:68:66:E9:B1:5C:08:29:CE:D9:DF:10:EA:D4:51:43:30:5F
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       019B7F82E27C3AE219EEFD4C7324917CB42E
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/HXaoaGbpsVwIKc7Z3xDq1FFDMF8.roa
Signing time:             Fri 02 Jan 2026 16:20:42 +0000
ROA not before:           Fri 02 Jan 2026 16:20:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215931
IP address blocks:        89.190.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 07:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:e2:7c:3a:e2:19:ee:fd:4c:73:24:91:7c:b4:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 16:20:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1d76a86866e9b15c0829ced9df10ead45143305f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:02:39:f5:77:f9:ca:bd:4a:54:9d:0b:b9:a6:
                    70:7c:36:5b:3b:85:0e:c1:93:53:e6:16:c7:69:91:
                    3a:37:d1:fa:42:44:a6:d3:93:ea:d6:d5:3b:54:f2:
                    24:54:75:40:20:21:1c:fa:7d:2c:76:96:50:03:47:
                    e6:18:34:8d:ea:19:22:5b:2b:28:4c:f3:63:a1:cf:
                    05:7a:c7:c5:c8:ed:90:fc:06:38:77:b2:71:d2:cf:
                    7b:76:0c:50:e5:57:88:6c:34:ec:78:7c:46:b3:fc:
                    76:7d:24:df:c5:70:c9:27:ca:fd:83:dc:95:15:00:
                    2b:20:b8:59:17:4e:89:4c:25:1f:96:40:95:a0:91:
                    e9:d2:30:4d:7e:e4:a0:63:e4:a3:27:23:55:eb:31:
                    80:dc:91:55:0e:e1:3d:10:b3:9c:9b:37:ee:e5:23:
                    d4:99:c2:3c:91:62:48:b1:86:82:37:82:19:e4:ef:
                    ef:41:2f:d0:39:94:9b:48:0e:2b:a4:a2:d1:6e:1f:
                    00:d8:e5:1e:02:3c:11:bb:04:f9:25:3f:ea:7f:47:
                    33:19:d4:d5:ab:0b:27:bf:60:1b:61:7e:d1:a2:85:
                    b9:43:1b:b1:d5:f1:f3:cf:02:d8:46:36:27:12:97:
                    2d:39:51:11:45:19:d7:9a:b8:c7:2c:72:aa:43:ff:
                    8f:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:76:A8:68:66:E9:B1:5C:08:29:CE:D9:DF:10:EA:D4:51:43:30:5F
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/HXaoaGbpsVwIKc7Z3xDq1FFDMF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.190.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:d7:a1:83:3b:d4:e2:41:a5:07:a1:b8:f4:0c:d0:15:29:ea:
         f0:c3:18:bd:56:b2:e5:ab:eb:1c:89:2a:4a:21:5f:df:d0:b7:
         77:5f:33:70:2b:97:66:8a:ee:85:3f:17:e9:96:b1:a4:e3:9a:
         2a:2b:f3:f7:84:54:6d:94:d2:cb:53:31:43:05:58:d9:58:71:
         86:ca:13:9c:9c:ff:a8:67:65:d5:20:7a:fb:16:d1:aa:e1:14:
         bc:dc:b2:6a:57:7a:94:c7:bc:3d:ef:ea:85:20:ad:f2:dc:34:
         c6:fb:80:fb:1e:07:fe:0c:e7:9c:da:94:48:f9:1f:72:e1:6d:
         cc:d5:97:69:67:21:1f:d4:b1:ce:b6:31:50:86:b4:35:1b:e2:
         02:15:38:53:f5:c8:77:e1:c3:90:e4:90:ac:fd:8a:d5:13:8f:
         b7:53:96:1d:b4:1d:6d:30:7c:cb:8e:dc:3d:9c:a8:3e:88:5a:
         52:cb:4d:7e:c2:ea:d3:55:b2:9d:d2:05:f7:c4:a1:c8:1e:75:
         22:8e:2a:2b:75:f7:cc:10:8e:29:a6:9e:df:2a:6b:e4:f5:e9:
         b1:ed:dd:5a:e7:d4:10:d1:3c:e6:55:d9:ae:38:e0:da:10:5b:
         0e:12:fb:0c:b7:48:e4:04:1c:23:f6:8e:35:41:d7:6b:e1:5e:
         94:cd:22:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/guJ8OuIZ7v1McySRfLQuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjYwMTAyMTYyMDQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDc2YTg2ODY2ZTliMTVjMDgyOWNlZDlkZjEwZWFkNDUxNDMzMDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1QI59Xf5yr1KVJ0LuaZwfDZbO4UO
wZNT5hbHaZE6N9H6QkSm05Pq1tU7VPIkVHVAICEc+n0sdpZQA0fmGDSN6hkiWyso
TPNjoc8FesfFyO2Q/AY4d7Jx0s97dgxQ5VeIbDTseHxGs/x2fSTfxXDJJ8r9g9yV
FQArILhZF06JTCUflkCVoJHp0jBNfuSgY+SjJyNV6zGA3JFVDuE9ELOcmzfu5SPU
mcI8kWJIsYaCN4IZ5O/vQS/QOZSbSA4rpKLRbh8A2OUeAjwRuwT5JT/qf0czGdTV
qwsnv2AbYX7RooW5Qxux1fHzzwLYRjYnEpctOVERRRnXmrjHLHKqQ/+PTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB12qGhm6bFcCCnO2d8Q6tRRQzBfMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvSFhhb2FHYnBzVndJS2M3WjN4RHExRkZETUY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWb6dMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ16GDO9TiQaUHobj0DNAVKerwwxi9VrLlq+sciSpK
IV/f0Ld3XzNwK5dmiu6FPxfplrGk45oqK/P3hFRtlNLLUzFDBVjZWHGGyhOcnP+o
Z2XVIHr7FtGq4RS83LJqV3qUx7w97+qFIK3y3DTG+4D7Hgf+DOec2pRI+R9y4W3M
1ZdpZyEf1LHOtjFQhrQ1G+ICFThT9ch34cOQ5JCs/YrVE4+3U5YdtB1tMHzLjtw9
nKg+iFpSy01+wurTVbKd0gX3xKHIHnUijiordffMEI4ppp7fKmvk9emx7d1a59QQ
0TzmVdmuOODaEFsOEvsMt0jkBBwj9o41Qddr4V6UzSI0
-----END CERTIFICATE-----