This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/huGWDOEcUTUqIG9e1L_h4ARcYgc.roa
File:                     huGWDOEcUTUqIG9e1L_h4ARcYgc.roa (raw, json)
Hash identifier:          ep7WZEe0uNB7TC5UWchUPrP3Z+XFzdhbo4xtqAF4pXY=
Subject key identifier:   86:E1:96:0C:E1:1C:51:35:2A:20:6F:5E:D4:BF:E1:E0:04:5C:62:07
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019B7AC79CE0986BE7C32FB32AF22D4AF79C
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/huGWDOEcUTUqIG9e1L_h4ARcYgc.roa
Signing time:             Thu 01 Jan 2026 18:17:40 +0000
ROA not before:           Thu 01 Jan 2026 18:17:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197309
IP address blocks:        45.136.204.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:9c:e0:98:6b:e7:c3:2f:b3:2a:f2:2d:4a:f7:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 18:17:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86e1960ce11c51352a206f5ed4bfe1e0045c6207
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e3:5b:48:86:fd:f0:ce:8c:5b:a7:c8:f3:63:
                    0d:09:82:75:92:1c:df:2e:3b:ec:d6:15:e6:82:8d:
                    f6:0a:48:76:ee:81:ed:0c:74:67:66:a4:3d:82:d0:
                    33:ae:9e:1a:f1:af:39:95:b2:20:7e:88:98:22:f4:
                    e1:64:1c:15:5e:7f:68:e5:5c:f2:14:ed:55:fb:a6:
                    68:70:1e:ad:3f:c3:74:5f:8f:1a:6a:1c:78:89:65:
                    80:23:0c:86:30:ee:56:a5:6d:d6:ec:0f:b5:01:e9:
                    4e:fa:7d:2d:a5:ea:e7:3d:84:11:00:49:90:1e:c9:
                    74:ba:6a:97:5a:e9:08:b8:55:17:4d:dc:73:e6:58:
                    c6:59:c8:b5:6e:b9:dd:38:35:6a:e1:8d:5f:7b:55:
                    d8:c8:cc:5c:d5:ab:c8:c3:f3:10:f3:82:e3:f5:f6:
                    6c:bc:02:ac:ce:92:2d:89:f6:6a:2e:55:e3:53:23:
                    15:f3:2c:23:1b:69:e9:1c:58:90:72:57:92:17:0d:
                    e6:ae:68:76:95:00:f9:1e:db:8e:c8:3b:37:94:b6:
                    a8:ad:14:9e:3f:b2:1f:ca:8a:eb:75:f9:7b:f9:57:
                    37:99:78:5b:5f:83:8f:5b:94:fe:16:80:62:dc:d4:
                    2a:5f:21:eb:27:1c:2c:44:c2:71:26:5f:a9:e0:cc:
                    19:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:E1:96:0C:E1:1C:51:35:2A:20:6F:5E:D4:BF:E1:E0:04:5C:62:07
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/huGWDOEcUTUqIG9e1L_h4ARcYgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:0b:87:7f:b6:25:52:49:5b:ff:cf:81:0b:20:f4:ac:b8:cc:
         96:61:1f:00:94:e3:86:ab:2a:19:f5:5f:ec:94:8f:ca:6f:23:
         a4:1e:6b:3f:38:b2:ef:ab:1a:29:33:d6:40:3c:b2:d9:a8:fd:
         b1:c6:2a:0f:84:f1:67:35:32:41:69:3d:5b:0f:ee:27:6c:f7:
         04:d0:39:e1:03:88:61:aa:3b:35:1a:32:cc:fa:59:a7:f3:22:
         35:6b:f9:50:77:79:2f:64:d0:3a:8d:fd:4e:ad:48:b8:2c:21:
         b3:b6:84:df:52:c1:ae:33:91:5c:84:e1:4f:0c:ce:50:3f:d3:
         5f:d2:aa:f4:7f:1a:46:4e:b2:b4:54:ba:c0:30:f8:e6:56:92:
         6f:01:c8:0d:b4:31:0e:a3:d7:14:ba:49:bf:9e:e0:38:b4:ee:
         03:d5:b5:35:3b:4c:a5:01:48:bb:54:13:c9:94:ab:2e:3f:31:
         26:68:92:1a:d2:66:5b:a5:ec:ba:be:bf:af:bd:64:da:bc:f7:
         41:5f:d8:82:1d:c8:f9:61:f3:90:d0:d8:56:e4:54:28:94:07:
         29:fd:56:c0:a2:01:ab:22:11:a4:7b:f4:a1:e9:c0:cf:f6:a2:
         1d:75:69:3e:36:08:4d:3d:99:04:0c:7a:37:e8:fd:c3:34:8a:
         7b:13:39:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x5zgmGvnwy+zKvItSvecMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwMTAxMTgxNzQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmUxOTYwY2UxMWM1MTM1MmEyMDZmNWVkNGJmZTFlMDA0NWM2MjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAneNbSIb98M6MW6fI82MNCYJ1khzf
Ljvs1hXmgo32Ckh27oHtDHRnZqQ9gtAzrp4a8a85lbIgfoiYIvThZBwVXn9o5Vzy
FO1V+6ZocB6tP8N0X48aahx4iWWAIwyGMO5WpW3W7A+1AelO+n0tpernPYQRAEmQ
Hsl0umqXWukIuFUXTdxz5ljGWci1brndODVq4Y1fe1XYyMxc1avIw/MQ84Lj9fZs
vAKszpItifZqLlXjUyMV8ywjG2npHFiQcleSFw3mrmh2lQD5HtuOyDs3lLaorRSe
P7Ifyorrdfl7+Vc3mXhbX4OPW5T+FoBi3NQqXyHrJxwsRMJxJl+p4MwZawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbhlgzhHFE1KiBvXtS/4eAEXGIHMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvaHVHV0RPRWNVVFVxSUc5ZTFMX2g0QVJjWWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYjMMA0G
CSqGSIb3DQEBCwUAA4IBAQAtC4d/tiVSSVv/z4ELIPSsuMyWYR8AlOOGqyoZ9V/s
lI/KbyOkHms/OLLvqxopM9ZAPLLZqP2xxioPhPFnNTJBaT1bD+4nbPcE0DnhA4hh
qjs1GjLM+lmn8yI1a/lQd3kvZNA6jf1OrUi4LCGztoTfUsGuM5FchOFPDM5QP9Nf
0qr0fxpGTrK0VLrAMPjmVpJvAcgNtDEOo9cUukm/nuA4tO4D1bU1O0ylAUi7VBPJ
lKsuPzEmaJIa0mZbpey6vr+vvWTavPdBX9iCHcj5YfOQ0NhW5FQolAcp/VbAogGr
IhGke/Sh6cDP9qIddWk+NghNPZkEDHo36P3DNIp7Ezl4
-----END CERTIFICATE-----