This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/aa9d4e-1226-40e7-a9c1-469d3a51d47d/1/HvbqYPMAVepvi6ZtkrW2fUxUxMM.roa
File:                     HvbqYPMAVepvi6ZtkrW2fUxUxMM.roa (raw, json)
Hash identifier:          kj2P3vyd4ShtsXAZbQsRTziSHIgT6QC6RQY8zqv9EFQ=
Subject key identifier:   1E:F6:EA:60:F3:00:55:EA:6F:8B:A6:6D:92:B5:B6:7D:4C:54:C4:C3
Certificate issuer:       /CN=d47e62cbf5fef3377f9e7cd58558f44e2eea9bce
Certificate serial:       019B7AC79C95FBF839A8FB879B08020980EA
Authority key identifier: D4:7E:62:CB:F5:FE:F3:37:7F:9E:7C:D5:85:58:F4:4E:2E:EA:9B:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1H5iy_X-8zd_nnzVhVj0Ti7qm84.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/aa9d4e-1226-40e7-a9c1-469d3a51d47d/1/HvbqYPMAVepvi6ZtkrW2fUxUxMM.roa
Signing time:             Thu 01 Jan 2026 18:17:40 +0000
ROA not before:           Thu 01 Jan 2026 18:17:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49556
IP address blocks:        91.207.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/aa9d4e-1226-40e7-a9c1-469d3a51d47d/1/1H5iy_X-8zd_nnzVhVj0Ti7qm84.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/aa9d4e-1226-40e7-a9c1-469d3a51d47d/1/1H5iy_X-8zd_nnzVhVj0Ti7qm84.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1H5iy_X-8zd_nnzVhVj0Ti7qm84.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 12:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:9c:95:fb:f8:39:a8:fb:87:9b:08:02:09:80:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d47e62cbf5fef3377f9e7cd58558f44e2eea9bce
        Validity
            Not Before: Jan  1 18:17:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1ef6ea60f30055ea6f8ba66d92b5b67d4c54c4c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:bb:f8:b3:ea:5f:7c:d0:f4:be:90:a7:e6:67:
                    99:9a:9d:9e:54:ed:bd:bb:8b:b5:3b:05:3d:a8:97:
                    e7:eb:5c:9a:40:60:2d:e8:d0:a0:22:fa:ac:b6:fe:
                    41:c3:d9:22:a6:d0:74:e0:c6:94:f6:b6:9a:e4:37:
                    e4:6b:b8:df:19:65:d0:46:da:e0:a5:d6:d3:b3:b2:
                    07:42:9c:9c:c2:7f:44:83:3b:e7:bc:e8:8f:b3:e3:
                    84:05:9c:e2:e7:43:9d:4c:c6:c5:22:b2:f3:f4:37:
                    a5:b4:37:14:dd:90:d0:32:16:cc:40:f0:7d:3e:1a:
                    68:fe:d6:5c:2f:6a:6d:2e:27:a1:db:64:44:25:d0:
                    ae:d5:49:72:2d:ed:1d:f8:cf:f6:20:e5:5c:77:49:
                    a8:67:57:27:48:69:8a:63:ce:fa:49:a0:75:7a:0b:
                    37:d9:20:be:66:79:95:2d:e7:6b:9d:af:84:13:8c:
                    84:6a:f4:53:0e:9a:7f:d4:69:b1:a4:61:cf:c5:0e:
                    13:2e:d3:01:4a:4a:4d:ad:ff:f9:21:48:9d:d1:19:
                    a5:81:ef:8f:8a:b7:e7:d5:ef:c8:32:38:1e:69:95:
                    c6:3f:bb:03:43:ff:78:2a:49:18:af:87:f7:c1:00:
                    50:c1:2f:53:f5:f7:5a:4e:9e:88:bc:90:bf:7c:77:
                    6d:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:F6:EA:60:F3:00:55:EA:6F:8B:A6:6D:92:B5:B6:7D:4C:54:C4:C3
            X509v3 Authority Key Identifier:
                keyid:D4:7E:62:CB:F5:FE:F3:37:7F:9E:7C:D5:85:58:F4:4E:2E:EA:9B:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1H5iy_X-8zd_nnzVhVj0Ti7qm84.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/aa9d4e-1226-40e7-a9c1-469d3a51d47d/1/HvbqYPMAVepvi6ZtkrW2fUxUxMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/aa9d4e-1226-40e7-a9c1-469d3a51d47d/1/1H5iy_X-8zd_nnzVhVj0Ti7qm84.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:7f:c9:d2:db:3e:fe:8b:ab:8b:bc:40:10:bd:e5:a6:74:91:
         2c:c5:fe:00:ad:89:7e:aa:10:d4:ab:82:b7:da:06:f9:4b:a7:
         0b:03:6d:bd:76:da:44:95:b6:ea:cb:a6:34:0b:35:67:63:b1:
         58:73:1d:c4:15:72:70:ad:58:c7:97:28:be:c9:66:dd:c5:d1:
         e1:6f:05:16:4a:80:cc:03:96:b7:1c:00:a2:0e:8b:2b:da:6e:
         52:1b:d5:ff:c7:a5:b4:64:62:a6:28:ba:d5:7a:82:1c:46:b4:
         c8:4f:a0:44:2b:21:d9:36:0e:7f:4f:f9:38:f0:50:f4:09:c5:
         48:dc:2d:a7:6a:3b:82:7d:0c:7c:f2:d0:53:fc:05:1f:0a:e7:
         9c:04:24:8c:4b:00:f4:85:11:1c:f8:cc:e7:1c:13:63:c2:aa:
         41:ee:94:88:6d:ee:c9:df:a1:9b:00:39:3d:ec:ba:09:ee:26:
         96:b4:60:a9:41:a1:95:f7:70:b7:a6:a2:06:a6:3d:88:79:f3:
         87:58:f1:56:60:4c:a2:ac:7e:24:83:e3:2d:a0:9b:e0:98:e3:
         27:f6:d8:df:8f:35:c3:0a:63:11:65:a9:ce:f1:47:d6:cc:f9:
         d0:bf:8a:d5:4b:07:24:81:56:41:25:d4:32:c8:d2:67:6f:fc:
         81:3a:fc:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x5yV+/g5qPuHmwgCCYDqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0N2U2MmNiZjVmZWYzMzc3ZjllN2NkNTg1NThmNDRlMmVl
YTliY2UwHhcNMjYwMTAxMTgxNzQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWY2ZWE2MGYzMDA1NWVhNmY4YmE2NmQ5MmI1YjY3ZDRjNTRjNGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbv4s+pffND0vpCn5meZmp2eVO29
u4u1OwU9qJfn61yaQGAt6NCgIvqstv5Bw9kiptB04MaU9raa5Dfka7jfGWXQRtrg
pdbTs7IHQpycwn9EgzvnvOiPs+OEBZzi50OdTMbFIrLz9DeltDcU3ZDQMhbMQPB9
Phpo/tZcL2ptLieh22REJdCu1UlyLe0d+M/2IOVcd0moZ1cnSGmKY876SaB1egs3
2SC+ZnmVLedrna+EE4yEavRTDpp/1GmxpGHPxQ4TLtMBSkpNrf/5IUid0Rmlge+P
irfn1e/IMjgeaZXGP7sDQ/94KkkYr4f3wQBQwS9T9fdaTp6IvJC/fHdtbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB726mDzAFXqb4umbZK1tn1MVMTDMB8GA1UdIwQY
MBaAFNR+Ysv1/vM3f5581YVY9E4u6pvOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUg1aXlfWC04emRfbm56VmhWajBUaTdxbTg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9hYTlkNGUtMTIyNi00MGU3LWE5YzEt
NDY5ZDNhNTFkNDdkLzEvSHZicVlQTUFWZXB2aTZadGtyVzJmVXhVeE1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9hYTlkNGUtMTIyNi00MGU3LWE5YzEtNDY5ZDNhNTFkNDdk
LzEvMUg1aXlfWC04emRfbm56VmhWajBUaTdxbTg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW88SMA0G
CSqGSIb3DQEBCwUAA4IBAQCOf8nS2z7+i6uLvEAQveWmdJEsxf4ArYl+qhDUq4K3
2gb5S6cLA229dtpElbbqy6Y0CzVnY7FYcx3EFXJwrVjHlyi+yWbdxdHhbwUWSoDM
A5a3HACiDosr2m5SG9X/x6W0ZGKmKLrVeoIcRrTIT6BEKyHZNg5/T/k48FD0CcVI
3C2najuCfQx88tBT/AUfCuecBCSMSwD0hREc+MznHBNjwqpB7pSIbe7J36GbADk9
7LoJ7iaWtGCpQaGV93C3pqIGpj2IefOHWPFWYEyirH4kg+MtoJvgmOMn9tjfjzXD
CmMRZanO8UfWzPnQv4rVSwckgVZBJdQyyNJnb/yBOvzK
-----END CERTIFICATE-----