This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/h-YKHLBpdlMPlGTD2x8ny3EBvoE.roa
File:                     h-YKHLBpdlMPlGTD2x8ny3EBvoE.roa (raw, json)
Hash identifier:          kaocMh2GRL2VpSQbIazDPnOu2/38Foo0BooOmaJVLx8=
Subject key identifier:   87:E6:0A:1C:B0:69:76:53:0F:94:64:C3:DB:1F:27:CB:71:01:BE:81
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       019B7C12BDD38670E27D778088604854FDBB
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/h-YKHLBpdlMPlGTD2x8ny3EBvoE.roa
Signing time:             Fri 02 Jan 2026 00:19:21 +0000
ROA not before:           Fri 02 Jan 2026 00:19:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215683
IP address blocks:        2a0a:280:2900::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 13:16:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:bd:d3:86:70:e2:7d:77:80:88:60:48:54:fd:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 00:19:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=87e60a1cb06976530f9464c3db1f27cb7101be81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:41:bc:2e:2a:ef:d5:1d:54:e7:7e:21:9b:f6:
                    e0:e9:0c:5c:fd:e4:c7:97:58:19:55:77:c7:bf:0f:
                    45:a9:8a:48:03:b2:b9:67:31:37:f8:70:34:5b:fd:
                    e9:2f:0a:f7:2d:05:bb:bf:f2:69:2c:38:78:df:83:
                    8c:33:5a:24:04:a7:9a:ce:2c:2f:39:a7:f7:93:50:
                    6d:10:1a:15:83:b5:50:56:bc:92:c5:de:42:e5:d4:
                    30:92:d5:4b:72:b3:f5:67:24:3b:40:43:65:20:50:
                    05:19:32:23:25:52:90:1d:ce:ca:29:c7:c3:09:4f:
                    86:1f:95:76:66:8d:02:59:7e:44:8b:35:fe:a0:67:
                    cd:2b:cc:6f:ed:b6:df:bd:bd:17:ec:36:55:d4:84:
                    bf:ee:22:02:9b:01:9b:d4:46:3e:b5:16:e0:5e:fc:
                    83:8e:4f:d5:c0:4f:7e:8c:1f:d1:a9:70:34:59:2f:
                    18:d8:22:04:f1:1e:ed:9c:3b:3b:fd:6c:ab:31:76:
                    b2:f2:ba:cf:95:7a:80:1a:cd:bf:7a:c2:2f:2b:7a:
                    c7:d4:f1:f5:7f:f9:1d:3c:6e:ea:e6:60:6b:ef:a3:
                    83:c5:20:a8:84:af:90:85:d1:a0:de:0b:18:81:4a:
                    07:6d:11:3a:b4:22:ed:2f:1e:5f:20:fd:7c:19:33:
                    47:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:E6:0A:1C:B0:69:76:53:0F:94:64:C3:DB:1F:27:CB:71:01:BE:81
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/h-YKHLBpdlMPlGTD2x8ny3EBvoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:2900::/40

    Signature Algorithm: sha256WithRSAEncryption
         04:54:fb:0f:8f:7c:5f:f1:67:75:ce:3b:ab:08:22:c4:55:d9:
         f7:67:0e:c2:04:f5:e0:90:76:4d:4c:0d:09:b7:2b:09:1c:87:
         85:f6:64:d7:47:c2:39:c1:3e:45:af:bf:15:8f:c1:e3:f9:a7:
         3b:f0:c9:53:bc:af:d1:34:61:48:de:13:a6:08:4b:0e:86:38:
         48:c3:14:01:cd:4f:1b:62:f3:cc:82:2e:c7:47:f7:fd:19:d7:
         52:c9:5c:c3:9b:ae:82:5a:62:d8:4e:ef:a2:b5:7f:9e:92:04:
         4b:52:07:6d:64:1b:a5:be:17:bd:f0:80:f0:f3:a2:05:4e:6a:
         88:c4:a5:c7:80:1f:5b:88:68:85:7d:f1:e2:73:ff:78:46:af:
         d2:a0:45:5a:7d:f2:ea:f3:8b:76:fc:63:e4:3a:0b:f2:aa:ab:
         6e:98:45:15:d8:e3:73:70:58:17:10:c2:14:af:66:8a:66:e0:
         71:30:a7:3e:f4:0a:27:7b:6b:90:6a:5d:c4:cf:09:96:51:6f:
         6a:99:12:a0:50:44:27:fc:e6:cf:46:e3:57:e0:fc:41:36:d8:
         34:d6:23:08:d0:b1:bf:62:ff:4d:dd:01:36:65:1c:bc:46:f2:
         be:a9:b4:07:8c:a8:7c:95:a0:0a:dd:1a:06:5f:d3:58:44:29:
         3e:f3:12:c1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt8Er3ThnDifXeAiGBIVP27MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjYwMTAyMDAxOTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2U2MGExY2IwNjk3NjUzMGY5NDY0YzNkYjFmMjdjYjcxMDFiZTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0G8Lirv1R1U534hm/bg6Qxc/eTH
l1gZVXfHvw9FqYpIA7K5ZzE3+HA0W/3pLwr3LQW7v/JpLDh434OMM1okBKeaziwv
Oaf3k1BtEBoVg7VQVrySxd5C5dQwktVLcrP1ZyQ7QENlIFAFGTIjJVKQHc7KKcfD
CU+GH5V2Zo0CWX5EizX+oGfNK8xv7bbfvb0X7DZV1IS/7iICmwGb1EY+tRbgXvyD
jk/VwE9+jB/RqXA0WS8Y2CIE8R7tnDs7/WyrMXay8rrPlXqAGs2/esIvK3rH1PH1
f/kdPG7q5mBr76ODxSCohK+QhdGg3gsYgUoHbRE6tCLtLx5fIP18GTNHTwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIfmChywaXZTD5Rkw9sfJ8txAb6BMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvaC1ZS0hMQnBkbE1QbEdURDJ4OG55M0VCdm9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgCkw
DQYJKoZIhvcNAQELBQADggEBAARU+w+PfF/xZ3XOO6sIIsRV2fdnDsIE9eCQdk1M
DQm3Kwkch4X2ZNdHwjnBPkWvvxWPweP5pzvwyVO8r9E0YUjeE6YISw6GOEjDFAHN
Txti88yCLsdH9/0Z11LJXMObroJaYthO76K1f56SBEtSB21kG6W+F73wgPDzogVO
aojEpceAH1uIaIV98eJz/3hGr9KgRVp98urzi3b8Y+Q6C/Kqq26YRRXY43NwWBcQ
whSvZopm4HEwpz70Cid7a5BqXcTPCZZRb2qZEqBQRCf85s9G41fg/EE22DTWIwjQ
sb9i/03dATZlHLxG8r6ptAeMqHyVoArdGgZf01hEKT7zEsE=
-----END CERTIFICATE-----