This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/H5n8y-hjXK24thn7egOUXJVZq0U.roa
File:                     H5n8y-hjXK24thn7egOUXJVZq0U.roa (raw, json)
Hash identifier:          7e4HU9h3i7rv/jpYmlCXJPYTMbRgwEsVE53RAePC3yc=
Subject key identifier:   1F:99:FC:CB:E8:63:5C:AD:B8:B6:19:FB:7A:03:94:5C:95:59:AB:45
Certificate issuer:       /CN=202f4c1a37e9313cdd2eea7750ae028d18cd5aae
Certificate serial:       019B76EB20BDCFF5F290FE52AAD9C92BD63F
Authority key identifier: 20:2F:4C:1A:37:E9:31:3C:DD:2E:EA:77:50:AE:02:8D:18:CD:5A:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IC9MGjfpMTzdLup3UK4CjRjNWq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/H5n8y-hjXK24thn7egOUXJVZq0U.roa
Signing time:             Thu 01 Jan 2026 00:17:59 +0000
ROA not before:           Thu 01 Jan 2026 00:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209619
IP address blocks:        156.17.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/IC9MGjfpMTzdLup3UK4CjRjNWq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/IC9MGjfpMTzdLup3UK4CjRjNWq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IC9MGjfpMTzdLup3UK4CjRjNWq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 12:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:20:bd:cf:f5:f2:90:fe:52:aa:d9:c9:2b:d6:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=202f4c1a37e9313cdd2eea7750ae028d18cd5aae
        Validity
            Not Before: Jan  1 00:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f99fccbe8635cadb8b619fb7a03945c9559ab45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ad:d4:8e:d2:d0:ce:e9:76:54:cd:df:eb:0d:
                    c2:83:b9:36:e8:cf:c4:1b:27:e7:ed:22:7b:65:6f:
                    db:4f:e5:d2:7e:17:da:de:0e:1b:d1:bd:2a:8e:57:
                    7f:c6:37:2d:0d:99:ad:51:47:9d:fc:57:51:c6:f9:
                    48:2f:2a:0c:72:ca:23:95:89:51:a0:4e:1b:eb:d8:
                    1e:de:c1:5c:81:d6:81:45:51:ab:69:ed:90:1e:48:
                    35:fe:d8:ba:b1:40:cd:50:8e:df:74:91:40:21:df:
                    08:be:00:d6:12:83:d0:1a:8d:2a:6b:82:38:a6:c7:
                    7b:81:89:c9:ea:9f:12:79:50:e4:5c:f7:67:b4:d2:
                    5f:35:d5:5c:d1:4c:f2:cb:62:d3:3b:23:cc:d2:25:
                    69:41:c3:a2:94:8e:77:4f:fa:d3:ff:f0:53:f0:9a:
                    b0:df:96:ab:e4:da:13:99:87:c4:30:53:73:88:b1:
                    a8:1d:67:d0:d8:da:3c:9c:49:55:fe:06:1b:a9:3f:
                    27:82:b6:9e:bc:ff:35:fa:54:4e:32:e0:29:db:6a:
                    8c:c2:e2:05:92:3b:de:9f:d0:1f:30:97:e9:30:74:
                    52:10:a7:4e:88:fe:b1:37:b3:fd:e1:18:0b:ef:92:
                    a3:c7:57:92:55:d9:45:63:44:c4:72:6e:82:2b:3c:
                    a3:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:99:FC:CB:E8:63:5C:AD:B8:B6:19:FB:7A:03:94:5C:95:59:AB:45
            X509v3 Authority Key Identifier:
                keyid:20:2F:4C:1A:37:E9:31:3C:DD:2E:EA:77:50:AE:02:8D:18:CD:5A:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IC9MGjfpMTzdLup3UK4CjRjNWq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/H5n8y-hjXK24thn7egOUXJVZq0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/IC9MGjfpMTzdLup3UK4CjRjNWq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.17.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:8f:a6:49:29:29:ea:57:a4:2e:6d:da:50:9b:81:03:83:48:
         fb:48:ee:0b:b6:1b:b9:35:a4:11:3c:43:51:7c:a4:01:49:1c:
         66:25:03:94:36:a1:45:ff:53:9b:c1:c3:e3:95:7d:41:4c:05:
         d7:8a:6b:c0:c7:a9:3f:a2:9c:fb:b1:86:39:a5:7f:26:21:3f:
         b0:12:08:4b:48:48:71:51:b8:a9:88:81:0f:86:67:35:35:f2:
         5a:19:13:63:ae:ee:33:7d:7c:10:c3:a4:52:35:20:f4:4b:93:
         c0:8f:55:07:74:4d:60:eb:c5:8b:1a:a7:da:05:a0:fd:11:9f:
         57:c4:82:23:fa:fc:46:1f:c7:ba:06:12:4f:1f:5a:00:bb:e1:
         d1:f9:68:72:6d:cf:6b:c6:f7:81:77:65:44:0c:b9:f3:16:71:
         12:8a:b4:4c:84:5f:98:31:a8:cc:9c:cc:72:b9:f7:ba:18:d7:
         f6:74:7f:1d:9d:f2:1a:ed:a6:25:73:52:30:8d:13:3c:94:f8:
         5c:45:df:97:05:c0:a6:d4:c4:d9:0c:3d:82:96:dc:02:4d:cb:
         1e:a1:70:a0:7a:5a:8f:4b:62:2e:e6:17:c3:07:84:bc:d3:02:
         9c:16:ea:b1:f7:13:2a:94:34:20:5f:b7:99:6e:8e:2f:8f:b0:
         d4:2f:ae:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26yC9z/XykP5SqtnJK9Y/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMmY0YzFhMzdlOTMxM2NkZDJlZWE3NzUwYWUwMjhkMThj
ZDVhYWUwHhcNMjYwMTAxMDAxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjk5ZmNjYmU4NjM1Y2FkYjhiNjE5ZmI3YTAzOTQ1Yzk1NTlhYjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAra3UjtLQzul2VM3f6w3Cg7k26M/E
Gyfn7SJ7ZW/bT+XSfhfa3g4b0b0qjld/xjctDZmtUUed/FdRxvlILyoMcsojlYlR
oE4b69ge3sFcgdaBRVGrae2QHkg1/ti6sUDNUI7fdJFAId8IvgDWEoPQGo0qa4I4
psd7gYnJ6p8SeVDkXPdntNJfNdVc0Uzyy2LTOyPM0iVpQcOilI53T/rT//BT8Jqw
35ar5NoTmYfEMFNziLGoHWfQ2No8nElV/gYbqT8ngraevP81+lROMuAp22qMwuIF
kjven9AfMJfpMHRSEKdOiP6xN7P94RgL75Kjx1eSVdlFY0TEcm6CKzyjfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+Z/MvoY1ytuLYZ+3oDlFyVWatFMB8GA1UdIwQY
MBaAFCAvTBo36TE83S7qd1CuAo0YzVquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUM5TUdqZnBNVHpkTHVwM1VLNENqUmpOV3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9lZGI4Y2QtMDAzZC00ODNhLTkwNmEt
ZjZiNzhlMmIxN2ExLzEvSDVuOHktaGpYSzI0dGhuN2VnT1VYSlZacTBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9lZGI4Y2QtMDAzZC00ODNhLTkwNmEtZjZiNzhlMmIxN2Ex
LzEvSUM5TUdqZnBNVHpkTHVwM1VLNENqUmpOV3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnBHMMA0G
CSqGSIb3DQEBCwUAA4IBAQB1j6ZJKSnqV6QubdpQm4EDg0j7SO4Lthu5NaQRPENR
fKQBSRxmJQOUNqFF/1ObwcPjlX1BTAXXimvAx6k/opz7sYY5pX8mIT+wEghLSEhx
UbipiIEPhmc1NfJaGRNjru4zfXwQw6RSNSD0S5PAj1UHdE1g68WLGqfaBaD9EZ9X
xIIj+vxGH8e6BhJPH1oAu+HR+Whybc9rxveBd2VEDLnzFnESirRMhF+YMajMnMxy
ufe6GNf2dH8dnfIa7aYlc1IwjRM8lPhcRd+XBcCm1MTZDD2CltwCTcseoXCgelqP
S2Iu5hfDB4S80wKcFuqx9xMqlDQgX7eZbo4vj7DUL67m
-----END CERTIFICATE-----