This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/HbFfIklAl4oNJEW3tSfeRyIftMs.roa
File:                     HbFfIklAl4oNJEW3tSfeRyIftMs.roa (raw, json)
Hash identifier:          CYzFmEyjLgI3RehTp/D2riIHZTiL7xdsmj2ixKwS0Ek=
Subject key identifier:   1D:B1:5F:22:49:40:97:8A:0D:24:45:B7:B5:27:DE:47:22:1F:B4:CB
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       019B7C12F4A6004256F4A0F7C5B7BBA43069
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/HbFfIklAl4oNJEW3tSfeRyIftMs.roa
Signing time:             Fri 02 Jan 2026 00:19:35 +0000
ROA not before:           Fri 02 Jan 2026 00:19:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35610
IP address blocks:        194.209.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:f4:a6:00:42:56:f4:a0:f7:c5:b7:bb:a4:30:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  2 00:19:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1db15f224940978a0d2445b7b527de47221fb4cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:23:c7:54:e5:e6:5b:2c:e9:34:69:6f:63:08:
                    ad:be:f1:88:af:d0:c4:a9:9c:da:f2:12:b4:32:df:
                    13:88:d2:87:f4:8a:12:71:ff:30:04:47:5f:d6:45:
                    1e:c6:f5:27:91:37:9a:73:39:1c:40:e2:7f:a9:7e:
                    4e:10:3f:2c:0f:4d:f0:9b:d4:61:29:e3:00:e3:c7:
                    7b:7a:5c:c7:01:09:6f:2b:5c:a4:fc:29:8f:2e:e3:
                    b5:0d:c2:52:01:d6:e0:5f:e6:da:9a:9d:73:18:50:
                    74:a4:6e:72:c4:39:9f:54:76:e4:84:d2:05:ad:3d:
                    32:7c:00:8f:02:ae:aa:e0:ea:fe:2b:a7:25:ba:3a:
                    78:06:5e:72:70:0e:b9:46:c4:b6:1c:af:3f:cf:a5:
                    22:0e:de:68:45:a9:bc:7f:fc:b0:00:e8:c2:bf:e2:
                    77:80:b1:08:18:e0:64:93:13:2e:cc:64:9f:df:21:
                    e6:4d:75:a5:dd:d5:47:4d:eb:ad:4d:62:cc:f9:a1:
                    87:a1:1f:fc:99:99:00:f0:a5:7a:a7:99:55:e1:99:
                    ba:51:95:c8:ed:2d:90:e9:27:ad:00:b4:93:48:9b:
                    87:b3:c0:6b:e1:53:54:a2:47:c7:28:15:10:89:dd:
                    ea:6f:ce:a0:4a:13:80:b0:73:67:36:bc:01:81:51:
                    dc:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:B1:5F:22:49:40:97:8A:0D:24:45:B7:B5:27:DE:47:22:1F:B4:CB
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/HbFfIklAl4oNJEW3tSfeRyIftMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:00:5d:3b:b5:06:ac:39:98:bd:af:f5:c0:70:11:9f:ba:f1:
         61:8c:21:7f:7e:75:53:17:6e:e0:84:ed:d0:76:02:01:79:87:
         72:6d:1e:47:62:13:be:e8:5d:7a:6d:68:b7:19:9d:ac:cf:c7:
         8d:a2:f3:7a:ae:1c:70:e3:f8:00:c2:92:dc:91:33:4d:4b:0b:
         11:6b:88:59:0f:0d:07:39:37:17:8c:03:88:73:db:ec:1a:d2:
         40:87:38:27:f3:66:73:15:89:f3:40:da:c9:8c:8a:5b:cc:0c:
         94:1e:82:de:22:2a:d8:0f:8d:85:5e:a5:83:7a:b7:50:70:65:
         bb:43:84:52:2c:e9:db:89:f1:90:76:c5:c4:13:3f:c1:75:66:
         dc:f9:e2:cc:36:f8:51:35:09:25:5e:be:c4:36:b0:3d:27:d8:
         27:e7:72:14:19:33:4f:63:83:0a:b3:4a:64:7d:99:ae:b1:b2:
         fa:c8:81:35:9d:b5:12:ef:e6:3f:b2:2b:ea:c3:79:99:f4:ea:
         9d:55:f1:ac:99:bc:34:13:bb:82:e9:64:d7:7b:85:4b:3d:f9:
         98:f8:08:32:9e:dc:de:51:07:76:58:e1:db:db:45:16:ea:ee:
         da:9a:17:92:0c:4f:86:2e:0e:23:13:7b:c4:5c:bc:86:3d:12:
         15:87:bb:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EvSmAEJW9KD3xbe7pDBpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjYwMTAyMDAxOTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGIxNWYyMjQ5NDA5NzhhMGQyNDQ1YjdiNTI3ZGU0NzIyMWZiNGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSPHVOXmWyzpNGlvYwitvvGIr9DE
qZza8hK0Mt8TiNKH9IoScf8wBEdf1kUexvUnkTeaczkcQOJ/qX5OED8sD03wm9Rh
KeMA48d7elzHAQlvK1yk/CmPLuO1DcJSAdbgX+bamp1zGFB0pG5yxDmfVHbkhNIF
rT0yfACPAq6q4Or+K6clujp4Bl5ycA65RsS2HK8/z6UiDt5oRam8f/ywAOjCv+J3
gLEIGOBkkxMuzGSf3yHmTXWl3dVHTeutTWLM+aGHoR/8mZkA8KV6p5lV4Zm6UZXI
7S2Q6SetALSTSJuHs8Br4VNUokfHKBUQid3qb86gShOAsHNnNrwBgVHcjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2xXyJJQJeKDSRFt7Un3kciH7TLMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvSGJGZklrbEFsNG9OSkVXM3RTZmVSeUlmdE1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtE0MA0G
CSqGSIb3DQEBCwUAA4IBAQAfAF07tQasOZi9r/XAcBGfuvFhjCF/fnVTF27ghO3Q
dgIBeYdybR5HYhO+6F16bWi3GZ2sz8eNovN6rhxw4/gAwpLckTNNSwsRa4hZDw0H
OTcXjAOIc9vsGtJAhzgn82ZzFYnzQNrJjIpbzAyUHoLeIirYD42FXqWDerdQcGW7
Q4RSLOnbifGQdsXEEz/BdWbc+eLMNvhRNQklXr7ENrA9J9gn53IUGTNPY4MKs0pk
fZmusbL6yIE1nbUS7+Y/sivqw3mZ9OqdVfGsmbw0E7uC6WTXe4VLPfmY+Agyntze
UQd2WOHb20UW6u7amheSDE+GLg4jE3vEXLyGPRIVh7tD
-----END CERTIFICATE-----