This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/06f515-5f77-48aa-8905-f5a86cbd44ce/1/hphZeFHfi_kyciuoqV7fUm3Dht8.roa
File:                     hphZeFHfi_kyciuoqV7fUm3Dht8.roa (raw, json)
Hash identifier:          AEuhgXiumBto93ZbZHfzAPUERMbrKkfc9/R3pmgN1Dc=
Subject key identifier:   86:98:59:78:51:DF:8B:F9:32:72:2B:A8:A9:5E:DF:52:6D:C3:86:DF
Certificate issuer:       /CN=4155087a81848bf7b37ff8be59751d79440d8116
Certificate serial:       019B7C11CAC1D6C7467A907C2F9A9DE96940
Authority key identifier: 41:55:08:7A:81:84:8B:F7:B3:7F:F8:BE:59:75:1D:79:44:0D:81:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QVUIeoGEi_ezf_i-WXUdeUQNgRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/06f515-5f77-48aa-8905-f5a86cbd44ce/1/hphZeFHfi_kyciuoqV7fUm3Dht8.roa
Signing time:             Fri 02 Jan 2026 00:18:19 +0000
ROA not before:           Fri 02 Jan 2026 00:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198098
IP address blocks:        91.231.118.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/06f515-5f77-48aa-8905-f5a86cbd44ce/1/QVUIeoGEi_ezf_i-WXUdeUQNgRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/06f515-5f77-48aa-8905-f5a86cbd44ce/1/QVUIeoGEi_ezf_i-WXUdeUQNgRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QVUIeoGEi_ezf_i-WXUdeUQNgRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:ca:c1:d6:c7:46:7a:90:7c:2f:9a:9d:e9:69:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4155087a81848bf7b37ff8be59751d79440d8116
        Validity
            Not Before: Jan  2 00:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8698597851df8bf932722ba8a95edf526dc386df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:5c:fb:10:bc:be:62:27:d6:37:21:40:0e:01:
                    62:6e:1c:cf:67:79:5d:34:ca:ed:33:fb:79:9e:a0:
                    70:f2:6c:79:d9:8f:13:a9:de:50:8e:e2:c8:c6:b6:
                    7d:45:11:1f:c3:14:c7:94:50:5c:a6:12:37:14:e9:
                    36:c1:fb:9a:a1:98:e2:6f:b2:42:cd:70:c3:d8:58:
                    33:d8:7f:04:37:7d:53:42:b8:1c:3a:8f:40:0e:3a:
                    cc:d2:de:f8:60:de:de:47:d0:be:9e:29:2f:1b:52:
                    45:16:51:f9:c7:14:00:04:9a:92:a4:f2:73:94:5f:
                    05:0c:6c:45:57:eb:fe:4b:56:37:10:62:fa:19:1e:
                    fd:c6:b6:be:ed:ec:c9:6f:bc:e4:1a:31:7e:23:b9:
                    04:b8:4c:0d:98:e0:29:ed:e9:3b:ce:a3:aa:58:d0:
                    76:da:94:be:98:aa:12:43:15:fe:4e:45:16:fd:4c:
                    c3:ea:d8:54:58:01:b5:a9:88:17:ae:a0:00:81:90:
                    8d:ec:e2:11:1f:5c:f7:0d:03:50:43:72:6a:3e:06:
                    d3:29:79:8d:40:ce:88:49:75:cc:22:eb:61:a1:aa:
                    23:9a:e8:1f:12:3b:92:f9:ae:39:e8:ea:88:67:96:
                    e0:db:a5:a9:84:e6:90:f0:d7:8b:3f:81:ea:8b:d8:
                    8f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:98:59:78:51:DF:8B:F9:32:72:2B:A8:A9:5E:DF:52:6D:C3:86:DF
            X509v3 Authority Key Identifier:
                keyid:41:55:08:7A:81:84:8B:F7:B3:7F:F8:BE:59:75:1D:79:44:0D:81:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QVUIeoGEi_ezf_i-WXUdeUQNgRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/06f515-5f77-48aa-8905-f5a86cbd44ce/1/hphZeFHfi_kyciuoqV7fUm3Dht8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/06f515-5f77-48aa-8905-f5a86cbd44ce/1/QVUIeoGEi_ezf_i-WXUdeUQNgRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:45:0a:43:c5:be:93:5b:52:7a:59:03:6a:5b:0e:1c:67:ec:
         bf:02:48:5f:03:81:9c:7c:22:a2:81:06:dd:24:77:0b:43:a3:
         b6:a5:29:fb:53:95:0c:7c:be:57:47:42:7f:3d:a5:71:ab:c6:
         72:65:b9:1f:d3:85:50:c8:09:c2:79:58:b6:d2:31:48:1e:ec:
         d0:c6:a4:f7:c5:59:70:03:80:ea:71:b3:03:19:f0:13:f5:ca:
         32:f2:d1:66:a3:c4:a2:c7:e3:28:cb:46:3a:5c:ea:af:62:cf:
         02:6e:e4:f8:0e:ab:2c:01:f1:35:6b:c1:75:ab:50:46:e5:7e:
         bc:d8:06:2d:0d:d5:42:66:94:62:14:3b:55:d5:7c:53:4e:6e:
         56:cb:10:86:cb:2d:79:31:0b:66:09:04:1a:40:0d:fd:78:35:
         02:fc:8f:a1:2f:f8:dd:55:65:22:2e:ab:3c:b7:b3:ef:92:d9:
         32:0e:3f:f9:8e:12:2c:4d:e7:d3:c2:6c:fd:ab:3f:27:b5:dd:
         49:18:ae:d2:02:ee:9c:86:dc:29:04:c0:5a:01:e1:12:c8:1c:
         31:6a:fd:5c:5e:7d:d2:f4:b4:59:2e:91:71:63:37:92:6f:9c:
         2a:df:62:77:d5:f2:ce:a6:2b:f1:0b:8a:04:ec:11:c6:a6:f6:
         1a:04:25:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EcrB1sdGepB8L5qd6WlAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNTUwODdhODE4NDhiZjdiMzdmZjhiZTU5NzUxZDc5NDQw
ZDgxMTYwHhcNMjYwMTAyMDAxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njk4NTk3ODUxZGY4YmY5MzI3MjJiYThhOTVlZGY1MjZkYzM4NmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklz7ELy+YifWNyFADgFibhzPZ3ld
NMrtM/t5nqBw8mx52Y8Tqd5QjuLIxrZ9RREfwxTHlFBcphI3FOk2wfuaoZjib7JC
zXDD2Fgz2H8EN31TQrgcOo9ADjrM0t74YN7eR9C+nikvG1JFFlH5xxQABJqSpPJz
lF8FDGxFV+v+S1Y3EGL6GR79xra+7ezJb7zkGjF+I7kEuEwNmOAp7ek7zqOqWNB2
2pS+mKoSQxX+TkUW/UzD6thUWAG1qYgXrqAAgZCN7OIRH1z3DQNQQ3JqPgbTKXmN
QM6ISXXMIuthoaojmugfEjuS+a456OqIZ5bg26WphOaQ8NeLP4Hqi9iPywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIaYWXhR34v5MnIrqKle31Jtw4bfMB8GA1UdIwQY
MBaAFEFVCHqBhIv3s3/4vll1HXlEDYEWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVZVSWVvR0VpX2V6Zl9pLVdYVWRlVVFOZ1JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8wNmY1MTUtNWY3Ny00OGFhLTg5MDUt
ZjVhODZjYmQ0NGNlLzEvaHBoWmVGSGZpX2t5Y2l1b3FWN2ZVbTNEaHQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8wNmY1MTUtNWY3Ny00OGFhLTg5MDUtZjVhODZjYmQ0NGNl
LzEvUVZVSWVvR0VpX2V6Zl9pLVdYVWRlVVFOZ1JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+d2MA0G
CSqGSIb3DQEBCwUAA4IBAQCmRQpDxb6TW1J6WQNqWw4cZ+y/AkhfA4GcfCKigQbd
JHcLQ6O2pSn7U5UMfL5XR0J/PaVxq8ZyZbkf04VQyAnCeVi20jFIHuzQxqT3xVlw
A4DqcbMDGfAT9coy8tFmo8Six+Moy0Y6XOqvYs8CbuT4DqssAfE1a8F1q1BG5X68
2AYtDdVCZpRiFDtV1XxTTm5WyxCGyy15MQtmCQQaQA39eDUC/I+hL/jdVWUiLqs8
t7PvktkyDj/5jhIsTefTwmz9qz8ntd1JGK7SAu6chtwpBMBaAeESyBwxav1cXn3S
9LRZLpFxYzeSb5wq32J31fLOpivxC4oE7BHGpvYaBCVP
-----END CERTIFICATE-----