This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/HQJmpAkNAw1AqZ0b48w_YH827nk.roa
File:                     HQJmpAkNAw1AqZ0b48w_YH827nk.roa (raw, json)
Hash identifier:          7qIcvQ4TbN25SPRVWssmjozD9Nk/d25r5V3RF5LK48w=
Subject key identifier:   1D:02:66:A4:09:0D:03:0D:40:A9:9D:1B:E3:CC:3F:60:7F:36:EE:79
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       019B791084D58A999886A1C3F78CA9261A5C
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/HQJmpAkNAw1AqZ0b48w_YH827nk.roa
Signing time:             Thu 01 Jan 2026 10:18:04 +0000
ROA not before:           Thu 01 Jan 2026 10:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21700
IP address blocks:        194.195.48.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:84:d5:8a:99:98:86:a1:c3:f7:8c:a9:26:1a:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Jan  1 10:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1d0266a4090d030d40a99d1be3cc3f607f36ee79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:27:8a:79:1a:ed:54:52:ba:ee:62:af:32:4b:
                    d1:20:2c:4b:76:57:63:e3:17:25:8a:bf:96:18:b2:
                    b5:fe:01:31:f9:0d:68:73:22:84:ab:4f:c2:49:e1:
                    09:e3:20:36:53:24:a2:6a:8f:32:28:49:85:20:1b:
                    4f:21:8b:2e:cd:f1:9c:24:63:36:df:cb:cf:c9:10:
                    a0:b4:87:78:c7:55:8a:ac:02:be:10:44:de:15:dc:
                    92:7c:3e:ec:eb:05:67:d3:10:03:bd:0a:ee:6e:fd:
                    39:cf:d4:d8:06:ee:a2:5b:30:c7:61:7d:92:52:be:
                    2b:d0:d5:b9:98:dc:f3:81:8c:16:fa:90:c1:33:aa:
                    3e:d9:2f:88:dc:bd:4b:4d:d8:ed:25:9b:ab:1b:be:
                    63:e4:89:db:97:26:c3:d3:88:27:68:24:47:c3:cc:
                    47:de:3f:c0:6d:b5:b4:09:70:49:bd:d7:ae:c8:20:
                    5a:e0:dc:b0:b6:45:91:0f:e9:a2:12:67:a2:43:b6:
                    0f:e3:b4:25:c3:ec:f0:b4:6f:cc:0b:98:a7:ef:c1:
                    62:86:39:9d:73:ec:50:cf:11:9f:78:62:79:61:1f:
                    72:35:35:df:d4:65:64:e2:4b:f8:44:53:ed:b8:1c:
                    6e:cc:f4:fc:66:40:6c:03:b5:38:b3:95:78:1e:92:
                    84:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:02:66:A4:09:0D:03:0D:40:A9:9D:1B:E3:CC:3F:60:7F:36:EE:79
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/HQJmpAkNAw1AqZ0b48w_YH827nk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.195.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         87:5f:57:90:b2:4d:f2:88:96:b6:e1:bd:16:43:bb:68:09:6b:
         70:ff:40:1d:ad:fe:9b:85:46:8c:49:13:3f:df:38:96:9e:06:
         11:91:0e:6e:fd:65:82:dc:a2:a8:41:6c:61:2d:a9:c4:4e:6e:
         ec:8e:cd:b4:f6:ae:4e:57:a2:11:36:93:f3:4b:7b:98:c4:b8:
         2a:87:c2:33:2f:cf:45:ee:25:5b:08:56:12:1c:ef:34:08:10:
         52:c2:37:e4:7d:d1:17:e4:d9:64:c8:e6:d3:f9:dc:f7:00:5e:
         0a:05:9a:bd:63:71:51:b6:d1:f0:4a:f3:4a:73:24:65:47:ba:
         04:d3:d6:61:af:93:4d:9c:db:bc:e9:85:83:b8:eb:c2:dd:ea:
         78:02:60:21:69:87:9f:5b:6c:1c:8d:0a:da:94:bb:0b:a4:78:
         ca:d5:7e:99:b4:34:6c:85:3b:d5:57:b3:cd:60:e7:6d:1d:bd:
         66:9e:51:a7:51:d2:10:d2:e5:07:f4:4e:e6:a5:c6:d4:00:6c:
         ec:e2:14:2a:18:3a:6a:36:a7:80:dd:4b:58:93:d0:ef:1b:2f:
         75:7b:b1:1a:aa:bd:bf:71:2c:22:fe:8b:88:31:97:ee:48:90:
         75:b2:bc:16:f1:05:79:77:e4:bd:7e:a7:f9:90:64:7b:c7:a9:
         16:6d:53:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EITVipmYhqHD94ypJhpcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjYwMTAxMTAxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDAyNjZhNDA5MGQwMzBkNDBhOTlkMWJlM2NjM2Y2MDdmMzZlZTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyeKeRrtVFK67mKvMkvRICxLdldj
4xclir+WGLK1/gEx+Q1ocyKEq0/CSeEJ4yA2UySiao8yKEmFIBtPIYsuzfGcJGM2
38vPyRCgtId4x1WKrAK+EETeFdySfD7s6wVn0xADvQrubv05z9TYBu6iWzDHYX2S
Ur4r0NW5mNzzgYwW+pDBM6o+2S+I3L1LTdjtJZurG75j5InblybD04gnaCRHw8xH
3j/AbbW0CXBJvdeuyCBa4NywtkWRD+miEmeiQ7YP47Qlw+zwtG/MC5in78Fihjmd
c+xQzxGfeGJ5YR9yNTXf1GVk4kv4RFPtuBxuzPT8ZkBsA7U4s5V4HpKEZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB0CZqQJDQMNQKmdG+PMP2B/Nu55MB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvSFFKbXBBa05BdzFBcVowYjQ4d19ZSDgyN25rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwsMwMA0G
CSqGSIb3DQEBCwUAA4IBAQCHX1eQsk3yiJa24b0WQ7toCWtw/0Adrf6bhUaMSRM/
3ziWngYRkQ5u/WWC3KKoQWxhLanETm7sjs209q5OV6IRNpPzS3uYxLgqh8IzL89F
7iVbCFYSHO80CBBSwjfkfdEX5NlkyObT+dz3AF4KBZq9Y3FRttHwSvNKcyRlR7oE
09Zhr5NNnNu86YWDuOvC3ep4AmAhaYefW2wcjQralLsLpHjK1X6ZtDRshTvVV7PN
YOdtHb1mnlGnUdIQ0uUH9E7mpcbUAGzs4hQqGDpqNqeA3UtYk9DvGy91e7Eaqr2/
cSwi/ouIMZfuSJB1srwW8QV5d+S9fqf5kGR7x6kWbVNi
-----END CERTIFICATE-----