This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/hnzPcfA-WTbRE5DU83lcya93NtI.roa
File:                     hnzPcfA-WTbRE5DU83lcya93NtI.roa (raw, json)
Hash identifier:          eJY1ydfJH0OH+/eaUrXt46LOHtMoo4DttqnkB8iWeQI=
Subject key identifier:   86:7C:CF:71:F0:3E:59:36:D1:13:90:D4:F3:79:5C:C9:AF:77:36:D2
Certificate issuer:       /CN=b9f4779575cb9bf058243287e98234deca911fc9
Certificate serial:       019B797E877316CAF19265583DD0FFB975E8
Authority key identifier: B9:F4:77:95:75:CB:9B:F0:58:24:32:87:E9:82:34:DE:CA:91:1F:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ufR3lXXLm_BYJDKH6YI03sqRH8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/hnzPcfA-WTbRE5DU83lcya93NtI.roa
Signing time:             Thu 01 Jan 2026 12:18:13 +0000
ROA not before:           Thu 01 Jan 2026 12:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57935
IP address blocks:        45.89.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/ufR3lXXLm_BYJDKH6YI03sqRH8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/ufR3lXXLm_BYJDKH6YI03sqRH8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ufR3lXXLm_BYJDKH6YI03sqRH8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:87:73:16:ca:f1:92:65:58:3d:d0:ff:b9:75:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9f4779575cb9bf058243287e98234deca911fc9
        Validity
            Not Before: Jan  1 12:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=867ccf71f03e5936d11390d4f3795cc9af7736d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:bb:7c:43:7c:fd:c2:7c:6e:4a:73:98:ad:51:
                    cb:16:b3:13:5c:0a:4a:94:c3:f7:66:e0:a6:2f:a9:
                    7b:e2:4f:54:f7:93:05:ab:1e:57:bc:cb:51:c7:b1:
                    2d:34:f2:17:07:d2:8a:da:de:5e:71:f5:81:05:38:
                    be:73:9f:e9:b1:6a:0b:62:40:f2:50:80:75:f0:f7:
                    6f:3a:95:93:d1:f4:08:f6:61:f3:83:40:39:0c:f7:
                    b4:bc:e0:69:28:13:32:57:8a:a4:a5:68:27:a5:2e:
                    34:74:81:47:a7:77:9a:0a:5b:7c:0d:7f:45:71:b8:
                    c5:67:22:42:2b:51:33:7c:17:1c:16:43:16:99:44:
                    7d:89:75:f1:f8:96:77:1c:7a:0c:d5:33:e5:61:1b:
                    6f:f6:b1:93:23:37:da:82:a8:ed:ed:53:0c:52:bc:
                    31:58:60:3d:a7:0a:e7:d9:62:75:a1:0a:66:91:93:
                    70:ff:73:f6:e5:a7:a3:e7:4e:53:66:4f:a7:ac:e1:
                    8f:1c:15:14:dc:31:aa:ac:65:a0:6b:01:0d:5b:35:
                    5a:43:06:7f:50:88:7b:db:b6:94:dd:a9:7e:1f:8d:
                    c1:8a:fd:0e:62:5a:37:bd:ec:de:0d:07:24:1a:41:
                    88:ab:09:28:52:f4:11:06:8f:8d:ac:ad:3a:fa:e6:
                    42:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:7C:CF:71:F0:3E:59:36:D1:13:90:D4:F3:79:5C:C9:AF:77:36:D2
            X509v3 Authority Key Identifier:
                keyid:B9:F4:77:95:75:CB:9B:F0:58:24:32:87:E9:82:34:DE:CA:91:1F:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufR3lXXLm_BYJDKH6YI03sqRH8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/hnzPcfA-WTbRE5DU83lcya93NtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/ufR3lXXLm_BYJDKH6YI03sqRH8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:29:64:0a:91:3a:66:b6:7c:7a:a0:4b:68:a9:5c:55:ed:1b:
         f7:8d:07:18:86:7f:dc:6d:ab:97:f7:a2:ec:11:44:07:7f:e8:
         f8:ad:86:03:6d:5d:2f:0b:73:fd:9a:63:26:b2:ab:58:64:a5:
         ad:2c:2e:be:8a:2c:69:70:74:bc:89:60:af:97:cc:df:53:52:
         d4:86:f1:cc:6a:8f:85:39:92:46:0b:ac:a5:eb:26:d7:ce:44:
         de:e0:f3:37:96:a9:3c:10:f6:3d:35:2c:f9:6b:8c:19:8e:53:
         1a:91:78:f0:61:16:44:2f:0e:65:6d:e6:56:dc:e0:45:c7:93:
         f1:2b:38:4b:c3:bf:91:6a:23:44:b8:ea:fd:05:58:d7:65:ea:
         1d:2d:d5:90:3c:ef:fc:4d:87:e7:a9:a8:be:73:b7:b8:50:48:
         e2:4d:1c:5c:62:44:dc:2d:b9:8b:d0:8c:46:b2:14:f6:64:cc:
         9a:12:5e:62:2d:2f:f7:2d:c1:1e:ca:2f:23:de:6e:1a:ed:c1:
         c4:19:d5:4b:88:ad:e2:cf:20:41:fc:a4:5a:e6:87:fc:7b:b2:
         4f:23:88:2a:bc:68:3c:bd:45:69:4d:eb:90:5e:22:35:43:8d:
         92:b6:84:2a:cd:3f:1c:ce:83:7c:4f:af:d8:94:f0:02:48:df:
         05:d0:7f:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fodzFsrxkmVYPdD/uXXoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjQ3Nzk1NzVjYjliZjA1ODI0MzI4N2U5ODIzNGRlY2E5
MTFmYzkwHhcNMjYwMTAxMTIxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjdjY2Y3MWYwM2U1OTM2ZDExMzkwZDRmMzc5NWNjOWFmNzczNmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4bt8Q3z9wnxuSnOYrVHLFrMTXApK
lMP3ZuCmL6l74k9U95MFqx5XvMtRx7EtNPIXB9KK2t5ecfWBBTi+c5/psWoLYkDy
UIB18PdvOpWT0fQI9mHzg0A5DPe0vOBpKBMyV4qkpWgnpS40dIFHp3eaClt8DX9F
cbjFZyJCK1EzfBccFkMWmUR9iXXx+JZ3HHoM1TPlYRtv9rGTIzfagqjt7VMMUrwx
WGA9pwrn2WJ1oQpmkZNw/3P25aej505TZk+nrOGPHBUU3DGqrGWgawENWzVaQwZ/
UIh727aU3al+H43Biv0OYlo3vezeDQckGkGIqwkoUvQRBo+NrK06+uZCVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZ8z3HwPlk20ROQ1PN5XMmvdzbSMB8GA1UdIwQY
MBaAFLn0d5V1y5vwWCQyh+mCNN7KkR/JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZSM2xYWExtX0JZSkRLSDZZSTAzc3FSSDhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9mNmQyZGQtMDNhNy00ZjFmLWI4OTAt
Y2Q5ZmYwNTUyZjkyLzEvaG56UGNmQS1XVGJSRTVEVTgzbGN5YTkzTnRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9mNmQyZGQtMDNhNy00ZjFmLWI4OTAtY2Q5ZmYwNTUyZjky
LzEvdWZSM2xYWExtX0JZSkRLSDZZSTAzc3FSSDhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVmIMA0G
CSqGSIb3DQEBCwUAA4IBAQA2KWQKkTpmtnx6oEtoqVxV7Rv3jQcYhn/cbauX96Ls
EUQHf+j4rYYDbV0vC3P9mmMmsqtYZKWtLC6+iixpcHS8iWCvl8zfU1LUhvHMao+F
OZJGC6yl6ybXzkTe4PM3lqk8EPY9NSz5a4wZjlMakXjwYRZELw5lbeZW3OBFx5Px
KzhLw7+RaiNEuOr9BVjXZeodLdWQPO/8TYfnqai+c7e4UEjiTRxcYkTcLbmL0IxG
shT2ZMyaEl5iLS/3LcEeyi8j3m4a7cHEGdVLiK3izyBB/KRa5of8e7JPI4gqvGg8
vUVpTeuQXiI1Q42StoQqzT8czoN8T6/YlPACSN8F0H+V
-----END CERTIFICATE-----