This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/hJ_DSrWaO3ObBm5-hhe295ZUGZU.roa
File:                     hJ_DSrWaO3ObBm5-hhe295ZUGZU.roa (raw, json)
Hash identifier:          sBGo0ebfgaJ7zl4GXpc60jYy9/bgceVEOmE1IuNRiO8=
Subject key identifier:   84:9F:C3:4A:B5:9A:3B:73:9B:06:6E:7E:86:17:B6:F7:96:54:19:95
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       019B7C11F51B338105F3385E9F64446E4CCE
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/hJ_DSrWaO3ObBm5-hhe295ZUGZU.roa
Signing time:             Fri 02 Jan 2026 00:18:30 +0000
ROA not before:           Fri 02 Jan 2026 00:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13068
IP address blocks:        213.164.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:f5:1b:33:81:05:f3:38:5e:9f:64:44:6e:4c:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  2 00:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=849fc34ab59a3b739b066e7e8617b6f796541995
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:62:33:61:36:23:dc:b9:c5:0d:42:64:d1:78:
                    18:07:9c:da:e3:0d:87:7d:fb:5c:44:35:7a:6b:f2:
                    43:99:c8:b6:1f:50:0b:af:db:ae:94:d0:60:4a:ae:
                    a3:1f:0c:7d:8a:5c:3c:64:6a:18:d0:46:ec:1a:16:
                    75:ee:5b:4f:47:03:5f:44:43:ef:2d:6c:21:c5:9a:
                    f7:c4:e9:ca:78:ec:03:82:e7:67:43:3b:37:49:b5:
                    58:1b:0e:fa:b6:78:05:19:de:87:2a:90:2f:98:33:
                    77:aa:8f:a6:77:2c:e0:80:dc:16:33:05:ee:1b:c2:
                    20:a5:41:15:0b:7e:76:10:34:5f:8f:fc:dd:0f:62:
                    48:a3:ca:7d:ee:18:1c:3b:9f:9b:2b:19:38:17:20:
                    c1:69:b6:04:7c:ec:5a:cf:9b:89:1f:be:b2:12:6d:
                    0a:d0:0c:be:11:af:7d:97:df:cf:e1:7a:6d:0d:7c:
                    41:83:a7:bc:3c:03:d8:da:84:bc:ed:0c:8a:fa:12:
                    44:f3:6b:f2:fd:32:e5:3c:24:36:c0:22:b7:92:5e:
                    a4:00:49:f1:71:7b:c4:de:2a:3f:f8:ce:a3:cb:66:
                    d7:3b:bf:06:65:16:9f:3a:02:a6:22:49:7d:c9:89:
                    65:0f:e8:ec:87:db:5b:c2:37:aa:6a:ea:1a:48:87:
                    b0:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:9F:C3:4A:B5:9A:3B:73:9B:06:6E:7E:86:17:B6:F7:96:54:19:95
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/hJ_DSrWaO3ObBm5-hhe295ZUGZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.164.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:03:2e:7c:7e:09:63:4a:7e:fa:7c:5f:23:97:3b:f5:41:3b:
         17:5f:ce:57:fd:51:ea:79:68:60:a2:52:5a:4b:ae:2e:0a:9f:
         9f:37:c0:ac:be:3b:2a:6e:fd:c9:1b:08:38:e5:d1:92:11:d9:
         97:28:5c:f9:3d:c8:33:a2:76:05:59:31:b3:03:a6:4b:70:0d:
         c3:bf:43:15:c9:36:5c:79:34:88:31:ce:48:d4:37:30:27:50:
         06:01:cf:1a:74:af:e2:ca:77:ce:90:8d:63:de:8e:33:35:08:
         f1:a2:39:7a:76:86:b4:fa:0a:67:fa:cf:25:55:49:af:10:09:
         ed:0e:e9:57:50:ab:cd:e8:4e:93:d1:26:73:15:b3:73:75:94:
         dd:0f:16:4f:39:7d:6e:4d:c4:21:eb:f4:7b:fb:ca:5a:65:c4:
         19:86:0f:b9:23:0d:16:ae:74:7a:ed:66:69:5b:75:16:49:03:
         02:6c:ac:31:49:ac:65:3c:f5:d2:19:82:27:92:1a:ed:0e:7a:
         5a:44:6f:4f:c7:ce:ca:0b:41:03:04:9c:54:21:69:5c:5b:d3:
         b5:e5:8b:86:23:4c:eb:0f:8e:29:b4:e1:0f:29:41:16:57:e8:
         b4:dd:69:18:7c:a1:b3:82:07:4b:4a:15:03:8a:00:82:03:09:
         1b:73:ff:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EfUbM4EF8zhen2REbkzOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjYwMTAyMDAxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDlmYzM0YWI1OWEzYjczOWIwNjZlN2U4NjE3YjZmNzk2NTQxOTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2WIzYTYj3LnFDUJk0XgYB5za4w2H
fftcRDV6a/JDmci2H1ALr9uulNBgSq6jHwx9ilw8ZGoY0EbsGhZ17ltPRwNfREPv
LWwhxZr3xOnKeOwDgudnQzs3SbVYGw76tngFGd6HKpAvmDN3qo+mdyzggNwWMwXu
G8IgpUEVC352EDRfj/zdD2JIo8p97hgcO5+bKxk4FyDBabYEfOxaz5uJH76yEm0K
0Ay+Ea99l9/P4XptDXxBg6e8PAPY2oS87QyK+hJE82vy/TLlPCQ2wCK3kl6kAEnx
cXvE3io/+M6jy2bXO78GZRafOgKmIkl9yYllD+jsh9tbwjeqauoaSIewqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFISfw0q1mjtzmwZufoYXtveWVBmVMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvaEpfRFNyV2FPM09iQm01LWhoZTI5NVpVR1pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1aQJMA0G
CSqGSIb3DQEBCwUAA4IBAQA8Ay58fgljSn76fF8jlzv1QTsXX85X/VHqeWhgolJa
S64uCp+fN8Csvjsqbv3JGwg45dGSEdmXKFz5PcgzonYFWTGzA6ZLcA3Dv0MVyTZc
eTSIMc5I1DcwJ1AGAc8adK/iynfOkI1j3o4zNQjxojl6doa0+gpn+s8lVUmvEAnt
DulXUKvN6E6T0SZzFbNzdZTdDxZPOX1uTcQh6/R7+8paZcQZhg+5Iw0WrnR67WZp
W3UWSQMCbKwxSaxlPPXSGYInkhrtDnpaRG9Px87KC0EDBJxUIWlcW9O15YuGI0zr
D44ptOEPKUEWV+i03WkYfKGzggdLShUDigCCAwkbc/98
-----END CERTIFICATE-----