This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/hzFa5HcRt_SuJXTYDbBlnXBrlms.roa
File:                     hzFa5HcRt_SuJXTYDbBlnXBrlms.roa (raw, json)
Hash identifier:          HYZRCL8yIsfCy/2+UYnMYcElAtbPqegy+2PrFnMr9pY=
Subject key identifier:   87:31:5A:E4:77:11:B7:F4:AE:25:74:D8:0D:B0:65:9D:70:6B:96:6B
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019B7CEDE8B1C63B5AC37FF3EC77AAAC1573
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/hzFa5HcRt_SuJXTYDbBlnXBrlms.roa
Signing time:             Fri 02 Jan 2026 04:18:45 +0000
ROA not before:           Fri 02 Jan 2026 04:18:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207515
IP address blocks:        62.72.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:e8:b1:c6:3b:5a:c3:7f:f3:ec:77:aa:ac:15:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  2 04:18:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=87315ae47711b7f4ae2574d80db0659d706b966b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:c5:81:d6:6f:e7:de:f3:60:94:90:52:99:45:
                    41:0b:d0:a9:e3:e9:b1:6b:71:e3:48:48:92:ee:4e:
                    df:5e:04:e0:cd:5c:40:1e:0f:f7:52:56:f5:74:c7:
                    5e:71:b9:57:5b:4f:89:ed:a9:f2:ad:ff:1b:cb:4d:
                    07:4b:f6:ce:86:7c:d7:15:50:55:55:4d:60:c9:a3:
                    9c:ae:96:72:20:d1:4c:2f:4b:83:72:30:cd:03:14:
                    61:d5:9f:db:05:ba:09:1d:11:3e:63:3a:58:3b:2e:
                    a4:d9:13:a0:d6:32:de:50:66:6d:b6:7e:28:f7:38:
                    8d:37:25:c8:34:65:6b:6f:31:b3:7b:30:a4:61:76:
                    b3:0a:06:b7:5a:58:50:15:db:75:4b:bd:38:c5:9d:
                    dc:01:c8:9e:90:32:d1:60:8e:ae:6b:7a:a8:04:d2:
                    0c:d5:4f:4f:6d:1f:e9:81:93:c9:4a:45:4d:cf:20:
                    e1:14:63:9b:53:aa:12:ff:93:ef:8a:e0:ad:6d:13:
                    c3:5a:3c:43:8b:c0:ad:e6:f8:b5:25:ec:0e:56:61:
                    16:07:53:ef:88:86:5c:2a:a8:92:d4:45:b2:b6:05:
                    af:46:b0:a3:2a:3f:3b:80:49:df:c4:21:f5:27:43:
                    80:9a:50:8b:58:c3:70:e9:9f:a7:28:4a:59:f5:62:
                    a6:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:31:5A:E4:77:11:B7:F4:AE:25:74:D8:0D:B0:65:9D:70:6B:96:6B
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/hzFa5HcRt_SuJXTYDbBlnXBrlms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:71:0b:47:37:13:8f:60:63:8e:13:95:2e:81:44:4e:50:1f:
         90:6b:a9:a1:3b:92:66:b7:01:e5:ff:34:b4:d9:f8:eb:79:7b:
         e6:2a:c1:fc:39:42:ad:c4:d9:66:bc:98:47:df:ff:14:41:48:
         f9:02:87:6f:e4:b9:b6:a9:a3:0d:82:92:e1:e5:1c:ba:fa:87:
         2f:1d:79:6e:f5:b6:0b:4e:56:5f:e8:ad:46:0b:b9:a2:71:8d:
         cd:b5:a1:d4:88:c1:03:aa:d4:74:b7:7c:f3:fa:17:fb:83:b0:
         3b:1d:c2:a3:3a:ab:69:08:0a:c0:01:cf:46:ff:02:b9:fa:9b:
         92:03:e8:22:27:eb:02:53:70:30:9c:8f:ff:35:d7:f3:78:bf:
         b2:29:4f:de:58:b5:29:2f:c8:ca:31:1f:63:af:bb:81:d8:47:
         4b:96:13:11:ab:3f:61:d0:49:3e:ec:b0:7a:b1:72:b9:39:4f:
         69:0f:a8:40:e9:42:99:b4:5f:c3:5c:d9:1d:4e:5f:62:5c:07:
         de:3b:71:ac:55:b4:cd:45:0b:0a:da:e5:5d:17:5c:8a:ca:b8:
         bd:98:67:b7:86:47:61:2b:d8:ab:d4:79:9a:54:6b:40:fe:95:
         b8:b5:5a:da:51:68:fc:54:81:9a:99:33:ae:f3:f4:e9:87:91:
         e5:a5:18:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87eixxjtaw3/z7HeqrBVzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjYwMTAyMDQxODQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzMxNWFlNDc3MTFiN2Y0YWUyNTc0ZDgwZGIwNjU5ZDcwNmI5NjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8WB1m/n3vNglJBSmUVBC9Cp4+mx
a3HjSEiS7k7fXgTgzVxAHg/3Ulb1dMdecblXW0+J7anyrf8by00HS/bOhnzXFVBV
VU1gyaOcrpZyINFML0uDcjDNAxRh1Z/bBboJHRE+YzpYOy6k2ROg1jLeUGZttn4o
9ziNNyXINGVrbzGzezCkYXazCga3WlhQFdt1S704xZ3cAciekDLRYI6ua3qoBNIM
1U9PbR/pgZPJSkVNzyDhFGObU6oS/5PviuCtbRPDWjxDi8Ct5vi1JewOVmEWB1Pv
iIZcKqiS1EWytgWvRrCjKj87gEnfxCH1J0OAmlCLWMNw6Z+nKEpZ9WKmKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcxWuR3Ebf0riV02A2wZZ1wa5ZrMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvaHpGYTVIY1J0X1N1SlhUWURiQmxuWEJybG1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkilMA0G
CSqGSIb3DQEBCwUAA4IBAQBHcQtHNxOPYGOOE5UugUROUB+Qa6mhO5JmtwHl/zS0
2fjreXvmKsH8OUKtxNlmvJhH3/8UQUj5Aodv5Lm2qaMNgpLh5Ry6+ocvHXlu9bYL
TlZf6K1GC7micY3NtaHUiMEDqtR0t3zz+hf7g7A7HcKjOqtpCArAAc9G/wK5+puS
A+giJ+sCU3AwnI//NdfzeL+yKU/eWLUpL8jKMR9jr7uB2EdLlhMRqz9h0Ek+7LB6
sXK5OU9pD6hA6UKZtF/DXNkdTl9iXAfeO3GsVbTNRQsK2uVdF1yKyri9mGe3hkdh
K9ir1HmaVGtA/pW4tVraUWj8VIGamTOu8/Tph5HlpRgk
-----END CERTIFICATE-----