This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/HxqrkEJ9L24GUbsga2iDXgZbRXw.roa
File:                     HxqrkEJ9L24GUbsga2iDXgZbRXw.roa (raw, json)
Hash identifier:          mgpzz4wjLoFyZ/wUQMXyCEvV/wDxHO1KoZMqdu3gtfc=
Subject key identifier:   1F:1A:AB:90:42:7D:2F:6E:06:51:BB:20:6B:68:83:5E:06:5B:45:7C
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       019B7910638E2C1F08D03A7A7438B5657B5E
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/HxqrkEJ9L24GUbsga2iDXgZbRXw.roa
Signing time:             Thu 01 Jan 2026 10:17:55 +0000
ROA not before:           Thu 01 Jan 2026 10:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207633
IP address blocks:        188.132.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:63:8e:2c:1f:08:d0:3a:7a:74:38:b5:65:7b:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  1 10:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f1aab90427d2f6e0651bb206b68835e065b457c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:6c:4f:e7:7d:e7:50:b2:d4:f4:31:c9:36:6c:
                    d1:fa:7b:81:ea:c0:4a:3d:da:b0:5c:50:37:c4:35:
                    42:da:28:6b:58:4d:73:63:65:7b:c9:09:ba:50:83:
                    51:71:09:2b:45:83:aa:72:d5:bf:d7:cc:02:1f:7f:
                    06:fb:70:8c:1f:e0:ca:ae:77:40:07:50:69:d8:7b:
                    1f:0f:6e:80:29:52:16:f9:02:64:05:d0:8c:64:e2:
                    8e:84:85:87:0b:cc:ef:41:5f:ff:e6:f3:c0:50:b4:
                    c9:7b:50:ca:a3:ab:a3:4c:f8:3f:75:f8:53:9e:d1:
                    7f:64:f6:d3:33:f6:dc:df:53:4f:a1:4f:e3:0c:2a:
                    20:37:16:f0:18:41:e4:ad:43:db:b5:7f:77:ec:da:
                    74:b1:ec:50:75:4e:d8:d7:43:ab:a4:f0:71:62:79:
                    5c:bd:71:69:a9:31:a7:96:4d:96:9d:af:5a:95:07:
                    e1:87:88:09:58:94:66:e7:8d:b2:30:4d:b9:57:4d:
                    27:86:d5:f9:ea:ee:84:fe:27:39:0a:fe:d2:2c:80:
                    e6:17:e6:18:42:1e:a2:d7:29:2e:35:f1:f9:f4:21:
                    28:90:71:d7:e5:2b:cb:6a:2b:a6:b3:24:32:15:2f:
                    47:2f:44:b2:65:f8:fb:e7:e6:d9:7e:80:f1:77:78:
                    a6:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:1A:AB:90:42:7D:2F:6E:06:51:BB:20:6B:68:83:5E:06:5B:45:7C
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/HxqrkEJ9L24GUbsga2iDXgZbRXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:4b:46:dc:f4:66:b9:87:dc:81:b7:c9:46:ac:a5:fc:26:74:
         a3:bc:b7:48:7c:94:98:46:84:9e:f2:6a:53:5f:9d:b7:f5:b7:
         fc:24:b7:59:bb:2d:08:46:30:04:4e:e0:00:ef:f9:6d:d8:88:
         4d:6f:49:19:7d:0b:b8:15:d8:5e:75:fa:3f:92:64:a2:66:ef:
         67:3f:2b:7d:0f:9b:8b:2f:38:b4:76:a7:19:f9:30:b9:0f:d2:
         70:3a:4d:67:42:0d:19:1f:7b:bc:ec:86:f0:73:52:1c:5d:5d:
         a4:f6:ae:76:ea:75:d5:68:c6:06:d4:62:52:c8:f7:18:0e:0c:
         64:aa:1f:41:73:5a:92:eb:a7:6e:40:ac:a7:73:fc:d1:8f:49:
         b5:c5:94:31:e1:72:ff:2b:ef:4e:c9:f8:96:91:ec:dd:9b:3c:
         31:44:ac:2c:01:22:bc:20:93:19:e4:5f:da:69:6f:fa:cc:32:
         7c:03:e8:23:83:7c:73:5c:5b:ac:f6:f0:1a:a0:48:e3:45:31:
         72:52:9b:e1:20:93:07:57:d7:0f:40:c9:ea:2b:d0:2a:32:5f:
         eb:f0:2e:d6:ef:6b:4f:6a:e9:66:85:06:b3:c7:9a:16:5c:3f:
         ec:b8:14:e4:b6:7c:69:e0:52:39:82:db:6d:c1:9c:fb:d3:1f:
         d1:45:27:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EGOOLB8I0Dp6dDi1ZXteMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjYwMTAxMTAxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjFhYWI5MDQyN2QyZjZlMDY1MWJiMjA2YjY4ODM1ZTA2NWI0NTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWxP533nULLU9DHJNmzR+nuB6sBK
PdqwXFA3xDVC2ihrWE1zY2V7yQm6UINRcQkrRYOqctW/18wCH38G+3CMH+DKrndA
B1Bp2HsfD26AKVIW+QJkBdCMZOKOhIWHC8zvQV//5vPAULTJe1DKo6ujTPg/dfhT
ntF/ZPbTM/bc31NPoU/jDCogNxbwGEHkrUPbtX937Np0sexQdU7Y10OrpPBxYnlc
vXFpqTGnlk2Wna9alQfhh4gJWJRm542yME25V00nhtX56u6E/ic5Cv7SLIDmF+YY
Qh6i1ykuNfH59CEokHHX5SvLaiumsyQyFS9HL0SyZfj75+bZfoDxd3imWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB8aq5BCfS9uBlG7IGtog14GW0V8MB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvSHhxcmtFSjlMMjRHVWJzZ2EyaURYZ1piUlh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvISoMA0G
CSqGSIb3DQEBCwUAA4IBAQBtS0bc9Ga5h9yBt8lGrKX8JnSjvLdIfJSYRoSe8mpT
X5239bf8JLdZuy0IRjAETuAA7/lt2IhNb0kZfQu4Fdhedfo/kmSiZu9nPyt9D5uL
Lzi0dqcZ+TC5D9JwOk1nQg0ZH3u87Ibwc1IcXV2k9q526nXVaMYG1GJSyPcYDgxk
qh9Bc1qS66duQKync/zRj0m1xZQx4XL/K+9OyfiWkezdmzwxRKwsASK8IJMZ5F/a
aW/6zDJ8A+gjg3xzXFus9vAaoEjjRTFyUpvhIJMHV9cPQMnqK9AqMl/r8C7W72tP
aulmhQazx5oWXD/suBTktnxp4FI5gtttwZz70x/RRScK
-----END CERTIFICATE-----