This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/hqyVh5uSNGv6oPq-ySkWMkpOfJI.roa
File:                     hqyVh5uSNGv6oPq-ySkWMkpOfJI.roa (raw, json)
Hash identifier:          9uo7Dr3rNeaWbB2bhw59ptP5zn/rAYme62Z6JZk+FHE=
Subject key identifier:   86:AC:95:87:9B:92:34:6B:FA:A0:FA:BE:C9:29:16:32:4A:4E:7C:92
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019B7E381BEF185E231AC1EC0C12193B6459
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/hqyVh5uSNGv6oPq-ySkWMkpOfJI.roa
Signing time:             Fri 02 Jan 2026 10:19:24 +0000
ROA not before:           Fri 02 Jan 2026 10:19:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34866
IP address blocks:        146.185.254.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:1b:ef:18:5e:23:1a:c1:ec:0c:12:19:3b:64:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  2 10:19:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86ac95879b92346bfaa0fabec92916324a4e7c92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f2:f3:32:22:44:66:31:d0:8d:42:82:69:29:
                    ee:a4:96:67:9b:6f:25:8c:22:1a:b0:d6:ea:7b:5a:
                    ab:e8:ca:97:a8:9f:37:c8:bf:e3:93:50:a2:35:ff:
                    a9:5b:0e:ed:42:60:5e:98:fe:f5:1b:a4:63:7d:9f:
                    bd:a5:b3:76:58:c3:58:7e:09:4b:e9:65:04:e3:ed:
                    80:88:84:42:10:90:f2:2f:d1:6c:58:e2:1a:22:1d:
                    90:74:02:eb:d1:43:58:c6:40:b1:ad:25:98:30:7d:
                    3b:bc:3e:93:ce:04:8d:98:71:9c:7f:2f:13:95:ef:
                    1c:ed:f9:aa:f7:4c:e6:49:a4:2f:10:33:35:17:46:
                    f9:ff:d9:27:5c:74:1c:61:f2:52:9f:11:40:44:05:
                    62:d3:c4:7a:26:44:52:c1:2e:80:5f:b7:91:fc:7d:
                    eb:b0:c1:44:28:83:8c:81:d1:b0:1c:81:5c:70:b2:
                    c9:5f:f6:5f:0a:40:57:a2:99:6a:24:d4:b6:33:2f:
                    78:b2:77:db:61:c8:a7:2c:b6:d5:8a:86:92:72:0f:
                    a2:74:11:25:93:0f:6e:4d:8e:2d:64:a2:c9:35:35:
                    25:4b:10:38:c8:0a:e4:35:3d:dc:92:9b:78:4e:b9:
                    8e:3d:af:a1:ad:10:c4:36:ad:bc:d9:d1:3f:68:05:
                    a0:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:AC:95:87:9B:92:34:6B:FA:A0:FA:BE:C9:29:16:32:4A:4E:7C:92
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/hqyVh5uSNGv6oPq-ySkWMkpOfJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.185.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:0c:51:84:d5:db:3e:19:63:02:58:40:80:ba:08:72:1b:c6:
         ea:28:26:9f:1b:ec:1d:f2:89:a6:d4:17:ee:22:78:7e:23:df:
         86:e0:e0:6d:ed:fd:00:93:31:25:30:34:bd:29:ca:f3:82:e5:
         3d:74:3a:c0:2f:ca:26:03:59:25:5d:c1:ac:3c:3b:09:d8:c9:
         77:dc:4a:38:63:37:fa:61:fe:7d:b4:7b:02:f0:9a:a2:60:65:
         3c:fa:d0:07:d0:7a:2d:a7:49:e6:b7:c8:95:06:53:3c:37:0d:
         d8:a1:99:17:00:9f:6c:cb:3f:58:c3:ca:ee:72:b0:21:09:d2:
         6b:39:af:9f:82:22:07:8f:d8:6b:cf:a3:6d:17:56:e6:c3:94:
         5d:e3:76:8c:27:76:ce:dd:61:e8:47:33:5e:26:e9:41:d7:de:
         9a:12:26:19:55:e2:77:85:4a:6f:bb:55:bc:9f:59:c5:e5:c7:
         06:90:77:f0:66:c0:ae:e6:3d:c0:dc:95:7a:15:e0:c3:08:f4:
         32:32:68:c1:f8:b8:6c:c9:c5:e1:f3:34:01:9e:f3:e0:1c:74:
         9a:1f:1b:6e:31:55:2b:98:a4:dc:65:82:07:08:1e:95:83:0a:
         fe:b9:f3:56:8d:1a:91:ee:84:46:5c:a2:f6:ef:04:66:20:f1:
         e2:07:5c:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OBvvGF4jGsHsDBIZO2RZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjYwMTAyMTAxOTI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmFjOTU4NzliOTIzNDZiZmFhMGZhYmVjOTI5MTYzMjRhNGU3YzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPLzMiJEZjHQjUKCaSnupJZnm28l
jCIasNbqe1qr6MqXqJ83yL/jk1CiNf+pWw7tQmBemP71G6RjfZ+9pbN2WMNYfglL
6WUE4+2AiIRCEJDyL9FsWOIaIh2QdALr0UNYxkCxrSWYMH07vD6TzgSNmHGcfy8T
le8c7fmq90zmSaQvEDM1F0b5/9knXHQcYfJSnxFARAVi08R6JkRSwS6AX7eR/H3r
sMFEKIOMgdGwHIFccLLJX/ZfCkBXoplqJNS2My94snfbYcinLLbVioaScg+idBEl
kw9uTY4tZKLJNTUlSxA4yArkNT3ckpt4TrmOPa+hrRDENq282dE/aAWgZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIaslYebkjRr+qD6vskpFjJKTnySMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvaHF5Vmg1dVNOR3Y2b1BxLXlTa1dNa3BPZkpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBkrn+MA0G
CSqGSIb3DQEBCwUAA4IBAQB0DFGE1ds+GWMCWECAughyG8bqKCafG+wd8omm1Bfu
Inh+I9+G4OBt7f0AkzElMDS9KcrzguU9dDrAL8omA1klXcGsPDsJ2Ml33Eo4Yzf6
Yf59tHsC8JqiYGU8+tAH0Hotp0nmt8iVBlM8Nw3YoZkXAJ9syz9Yw8rucrAhCdJr
Oa+fgiIHj9hrz6NtF1bmw5Rd43aMJ3bO3WHoRzNeJulB196aEiYZVeJ3hUpvu1W8
n1nF5ccGkHfwZsCu5j3A3JV6FeDDCPQyMmjB+LhsycXh8zQBnvPgHHSaHxtuMVUr
mKTcZYIHCB6Vgwr+ufNWjRqR7oRGXKL27wRmIPHiB1xe
-----END CERTIFICATE-----