This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/He5fNkGeZrWyWTR4U2PFeuP4bL0.roa
File:                     He5fNkGeZrWyWTR4U2PFeuP4bL0.roa (raw, json)
Hash identifier:          R4WSlZd12ihSI5dwjUoGl8qpIkJDDrR/oH2+HTCkNaQ=
Subject key identifier:   1D:EE:5F:36:41:9E:66:B5:B2:59:34:78:53:63:C5:7A:E3:F8:6C:BD
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       019B7F82E2FA9CDEFAA213AC7F435927AD6E
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/He5fNkGeZrWyWTR4U2PFeuP4bL0.roa
Signing time:             Fri 02 Jan 2026 16:20:42 +0000
ROA not before:           Fri 02 Jan 2026 16:20:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216141
IP address blocks:        185.186.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 07:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:e2:fa:9c:de:fa:a2:13:ac:7f:43:59:27:ad:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 16:20:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1dee5f36419e66b5b25934785363c57ae3f86cbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:05:39:71:4a:76:4e:56:86:b7:64:81:6c:44:
                    fa:b1:4b:ec:b5:b3:e2:18:49:a1:d4:c2:8a:a8:3f:
                    f0:08:21:fe:42:0d:f2:bb:67:66:fc:b9:d6:58:0a:
                    26:73:44:5d:fa:9f:74:e6:d2:67:05:b1:28:77:f3:
                    fe:d6:f2:3b:f8:b6:20:f7:30:18:19:32:7e:e3:e2:
                    e0:89:7a:b1:44:ae:91:fe:b8:4e:2d:0d:b0:13:7e:
                    c1:42:82:94:75:00:f7:f0:99:3c:52:99:9f:5e:f0:
                    71:e9:5d:4a:d6:95:04:e4:46:52:99:4f:b3:b4:17:
                    ca:b0:bf:e0:6e:7d:10:8f:e3:25:b9:99:3c:5d:27:
                    c1:ca:0f:06:c0:93:a6:37:d9:51:13:f8:cd:a0:6f:
                    f6:e5:70:af:46:eb:0a:62:c3:61:67:e4:0e:e8:6f:
                    b3:a2:bc:bf:7d:24:c9:7e:1c:38:9d:c5:38:f2:45:
                    98:f8:32:4c:da:80:c7:e2:11:78:2e:a7:a0:6c:0c:
                    e0:83:e0:61:c6:f6:df:82:4a:d5:79:b8:5e:3b:2e:
                    92:ab:66:3b:a8:35:fd:a7:7a:33:e7:2e:4e:f5:49:
                    d3:88:11:40:d4:58:83:76:f1:56:0f:d7:71:10:f7:
                    a5:4c:7f:64:06:97:1b:ee:45:3a:9a:03:42:b9:c4:
                    90:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:EE:5F:36:41:9E:66:B5:B2:59:34:78:53:63:C5:7A:E3:F8:6C:BD
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/He5fNkGeZrWyWTR4U2PFeuP4bL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:0a:7b:8d:bc:2e:ee:ee:60:36:2a:05:ea:25:c6:93:2c:17:
         54:96:7c:f6:16:51:54:31:29:fa:1a:0a:5c:66:5d:1b:c4:4a:
         6a:1a:69:5f:a8:c9:a0:91:f9:d0:36:ae:41:67:8d:5e:71:0a:
         0a:e1:10:9e:cc:42:4c:27:29:75:c9:7b:02:b6:6f:36:fd:e6:
         29:4e:42:b7:c9:7d:a9:f9:e1:48:48:27:71:8e:6b:2d:16:76:
         d4:60:2d:5b:e0:cb:6a:70:02:3e:e5:38:c2:af:b0:b7:73:38:
         9e:e9:05:05:54:3e:a7:e1:e5:c0:02:1e:ff:98:88:04:39:38:
         bb:d9:e0:7a:39:7d:1a:16:8d:08:dc:59:cb:4f:da:1f:40:06:
         43:99:6a:ad:af:e0:37:35:e4:15:f7:15:5c:49:28:d9:05:0b:
         d9:be:88:8c:57:85:b3:95:93:24:b3:01:84:84:af:fb:26:4a:
         93:bd:14:64:df:18:64:2e:65:e9:08:1b:94:6d:a8:40:1b:9d:
         24:ea:d0:2d:71:c0:85:3e:1c:72:a9:3b:ab:cd:e5:43:4a:e6:
         c2:cc:14:db:4f:95:57:0d:0f:fa:a4:d1:07:fb:37:a8:aa:66:
         3c:cd:31:06:5c:23:68:2b:7e:dc:49:75:34:48:78:e0:a0:e9:
         ee:35:18:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/guL6nN76ohOsf0NZJ61uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjYwMTAyMTYyMDQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGVlNWYzNjQxOWU2NmI1YjI1OTM0Nzg1MzYzYzU3YWUzZjg2Y2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAU5cUp2TlaGt2SBbET6sUvstbPi
GEmh1MKKqD/wCCH+Qg3yu2dm/LnWWAomc0Rd+p905tJnBbEod/P+1vI7+LYg9zAY
GTJ+4+LgiXqxRK6R/rhOLQ2wE37BQoKUdQD38Jk8UpmfXvBx6V1K1pUE5EZSmU+z
tBfKsL/gbn0Qj+MluZk8XSfByg8GwJOmN9lRE/jNoG/25XCvRusKYsNhZ+QO6G+z
ory/fSTJfhw4ncU48kWY+DJM2oDH4hF4LqegbAzgg+BhxvbfgkrVebheOy6Sq2Y7
qDX9p3oz5y5O9UnTiBFA1FiDdvFWD9dxEPelTH9kBpcb7kU6mgNCucSQjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3uXzZBnma1slk0eFNjxXrj+Gy9MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvSGU1Zk5rR2Vacld5V1RSNFUyUEZldVA0YkwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubpDMA0G
CSqGSIb3DQEBCwUAA4IBAQAlCnuNvC7u7mA2KgXqJcaTLBdUlnz2FlFUMSn6Ggpc
Zl0bxEpqGmlfqMmgkfnQNq5BZ41ecQoK4RCezEJMJyl1yXsCtm82/eYpTkK3yX2p
+eFISCdxjmstFnbUYC1b4MtqcAI+5TjCr7C3czie6QUFVD6n4eXAAh7/mIgEOTi7
2eB6OX0aFo0I3FnLT9ofQAZDmWqtr+A3NeQV9xVcSSjZBQvZvoiMV4WzlZMkswGE
hK/7JkqTvRRk3xhkLmXpCBuUbahAG50k6tAtccCFPhxyqTurzeVDSubCzBTbT5VX
DQ/6pNEH+zeoqmY8zTEGXCNoK37cSXU0SHjgoOnuNRh6
-----END CERTIFICATE-----