This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/H-lm96V35FhELR_nnrzZI9ut2d0.roa
File:                     H-lm96V35FhELR_nnrzZI9ut2d0.roa (raw, json)
Hash identifier:          s+kiqY4GPLmW1PF0+6lOK9Ndrf/SoDD8rIUb/sfeHBk=
Subject key identifier:   1F:E9:66:F7:A5:77:E4:58:44:2D:1F:E7:9E:BC:D9:23:DB:AD:D9:DD
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019BA21A0C45C4F948D77733575FE4E96D2D
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/H-lm96V35FhELR_nnrzZI9ut2d0.roa
Signing time:             Fri 09 Jan 2026 09:32:54 +0000
ROA not before:           Fri 09 Jan 2026 09:32:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215341
IP address blocks:        194.85.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 08:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:a2:1a:0c:45:c4:f9:48:d7:77:33:57:5f:e4:e9:6d:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  9 09:32:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1fe966f7a577e458442d1fe79ebcd923dbadd9dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:35:24:09:b5:41:d5:5e:92:e4:9d:bd:06:2a:
                    9f:3b:95:36:a2:0e:c8:fb:a8:a8:3d:f0:1b:a2:86:
                    1d:26:9c:18:f4:34:9f:ea:b4:5a:95:a4:fd:df:33:
                    21:c8:85:6e:8f:76:0c:90:09:d0:3d:9c:4e:2c:0e:
                    fb:b8:10:93:5d:2c:6c:ce:a0:4d:de:73:51:97:6a:
                    72:93:ae:ee:87:99:bc:cc:50:aa:0c:65:85:f6:c4:
                    b9:8b:4b:01:c1:b1:d3:3f:ef:74:57:42:70:e4:c0:
                    48:c1:9f:d3:84:09:f8:6a:f7:2e:51:7d:ea:a7:a9:
                    38:ed:1d:46:37:74:42:07:90:63:6a:92:5a:3a:19:
                    2c:0a:4b:09:64:eb:0b:2f:6e:50:a4:5b:fd:84:ca:
                    64:04:98:69:8c:8e:e6:7d:aa:b7:f3:c0:b9:e6:d7:
                    0b:db:08:62:e7:a8:b1:43:4f:dc:4e:f6:a5:ea:d2:
                    58:97:fd:40:0e:b5:da:fa:ad:51:a5:29:fe:5b:8d:
                    c3:e6:01:c3:d9:ab:b5:02:26:ce:f5:da:72:33:50:
                    05:8b:c3:01:6a:d6:cd:af:00:2e:95:15:17:55:c3:
                    09:85:d6:0f:e2:1c:d0:31:55:9f:d2:25:7b:a2:7b:
                    bf:59:6f:3b:52:58:e3:0d:44:f1:5c:ce:4d:9d:14:
                    0a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:E9:66:F7:A5:77:E4:58:44:2D:1F:E7:9E:BC:D9:23:DB:AD:D9:DD
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/H-lm96V35FhELR_nnrzZI9ut2d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.85.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:24:52:d8:00:81:7a:d3:cd:ce:91:bc:38:ea:bc:11:52:96:
         52:e3:79:5b:07:1e:36:f4:dd:25:7d:ed:98:ba:a0:87:ce:36:
         ea:03:4a:4c:e6:48:4a:ab:1a:e4:c5:a4:59:b8:d1:42:1b:6f:
         a2:74:a7:ca:78:a7:ac:07:9c:3a:68:91:93:9b:f0:50:d8:21:
         6e:55:3b:4a:f9:12:d3:3b:e2:7b:e3:ea:57:0e:f8:81:bd:38:
         4b:d3:06:45:67:df:ad:ad:dc:dc:7f:cd:5c:59:8c:0e:44:9d:
         d6:1d:5a:33:36:ac:da:60:2f:d6:f1:61:31:37:8b:0d:df:8e:
         81:5a:03:02:c4:49:6f:6f:1c:b6:00:b1:8e:74:52:f8:ae:dc:
         5e:4c:9f:8c:75:89:fd:05:c1:bd:28:f9:a8:40:6e:33:a9:f4:
         24:d4:31:c4:a5:39:77:68:18:45:91:07:e4:76:36:23:28:5b:
         3c:0e:20:07:c2:95:29:6a:1e:56:1c:3a:f9:0f:ec:57:ab:3a:
         65:39:ce:86:60:d9:d7:4b:ce:b9:8b:4c:a9:64:5c:66:ae:4e:
         df:78:19:71:4a:d9:96:8a:4e:e0:0f:2e:14:79:75:d8:d4:c3:
         e5:ec:78:f2:8f:1d:f5:79:06:d4:39:b6:4f:3d:9d:8e:0d:cb:
         65:0b:20:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuiGgxFxPlI13czV1/k6W0tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwMTA5MDkzMjU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmU5NjZmN2E1NzdlNDU4NDQyZDFmZTc5ZWJjZDkyM2RiYWRkOWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTUkCbVB1V6S5J29BiqfO5U2og7I
+6ioPfAbooYdJpwY9DSf6rRalaT93zMhyIVuj3YMkAnQPZxOLA77uBCTXSxszqBN
3nNRl2pyk67uh5m8zFCqDGWF9sS5i0sBwbHTP+90V0Jw5MBIwZ/ThAn4avcuUX3q
p6k47R1GN3RCB5BjapJaOhksCksJZOsLL25QpFv9hMpkBJhpjI7mfaq388C55tcL
2whi56ixQ0/cTval6tJYl/1ADrXa+q1RpSn+W43D5gHD2au1AibO9dpyM1AFi8MB
atbNrwAulRUXVcMJhdYP4hzQMVWf0iV7onu/WW87UljjDUTxXM5NnRQKRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB/pZveld+RYRC0f55682SPbrdndMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvSC1sbTk2VjM1RmhFTFJfbm5yelpJOXV0MmQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlX4MA0G
CSqGSIb3DQEBCwUAA4IBAQBNJFLYAIF6083Okbw46rwRUpZS43lbBx429N0lfe2Y
uqCHzjbqA0pM5khKqxrkxaRZuNFCG2+idKfKeKesB5w6aJGTm/BQ2CFuVTtK+RLT
O+J74+pXDviBvThL0wZFZ9+trdzcf81cWYwORJ3WHVozNqzaYC/W8WExN4sN346B
WgMCxElvbxy2ALGOdFL4rtxeTJ+MdYn9BcG9KPmoQG4zqfQk1DHEpTl3aBhFkQfk
djYjKFs8DiAHwpUpah5WHDr5D+xXqzplOc6GYNnXS865i0ypZFxmrk7feBlxStmW
ik7gDy4UeXXY1MPl7Hjyjx31eQbUObZPPZ2ODctlCyBq
-----END CERTIFICATE-----