This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/hUnWrHlPIoPfvBbum7OrhUWRqLI.roa
File:                     hUnWrHlPIoPfvBbum7OrhUWRqLI.roa (raw, json)
Hash identifier:          e/GXq9aYTVRrXZWYbT6Zkrl8pvhbXzrogL8EwFT9RAM=
Subject key identifier:   85:49:D6:AC:79:4F:22:83:DF:BC:16:EE:9B:B3:AB:85:45:91:A8:B2
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019B797DDFA44AE84603DEF35AEFD72AB0B0
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/hUnWrHlPIoPfvBbum7OrhUWRqLI.roa
Signing time:             Thu 01 Jan 2026 12:17:30 +0000
ROA not before:           Thu 01 Jan 2026 12:17:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3320
IP address blocks:        167.17.56.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 08:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7d:df:a4:4a:e8:46:03:de:f3:5a:ef:d7:2a:b0:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  1 12:17:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8549d6ac794f2283dfbc16ee9bb3ab854591a8b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e6:91:d0:0d:72:56:9e:88:c0:95:95:98:56:
                    88:1e:ac:57:03:bd:2c:3d:51:cf:55:7d:36:0e:64:
                    20:b3:64:3b:32:80:d4:47:21:04:ae:62:51:68:d0:
                    1a:31:f1:c8:c1:2d:17:ea:13:55:6f:26:5a:cd:ba:
                    da:e7:91:35:35:ce:56:6b:ad:28:63:7c:24:d2:e6:
                    e3:cf:a2:5c:35:ab:ed:08:d2:1a:13:64:88:72:a2:
                    92:92:02:6e:6b:fb:b3:42:5d:72:cd:bc:02:9e:d0:
                    68:f7:b9:62:2c:b6:42:19:1b:bf:1d:17:22:6a:b9:
                    5f:b2:ed:11:32:cf:ed:20:e5:54:db:33:f8:dc:6a:
                    96:5e:d0:ed:25:a9:d0:63:08:9e:49:9d:d8:21:c5:
                    f0:be:89:43:ea:fe:47:59:7d:2e:55:95:2d:3a:76:
                    70:c2:89:95:d3:61:76:b4:f3:32:4e:5c:00:2a:80:
                    ee:b1:1e:45:c5:2b:15:1d:23:21:0b:7c:f2:b9:73:
                    2d:74:18:4a:1e:04:8c:19:f1:39:6b:25:18:cb:de:
                    c7:2c:d9:83:2c:47:04:16:71:f9:f9:64:12:f6:da:
                    a1:b1:bf:e8:ae:88:45:10:fe:c4:92:24:67:e0:5d:
                    1a:fa:d0:b3:7f:fa:01:b8:a1:90:cc:1c:64:ec:54:
                    c4:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:49:D6:AC:79:4F:22:83:DF:BC:16:EE:9B:B3:AB:85:45:91:A8:B2
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/hUnWrHlPIoPfvBbum7OrhUWRqLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.17.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         27:29:f2:44:a5:8c:d2:89:d8:3f:90:aa:2d:f6:3f:aa:d7:92:
         25:53:2d:ff:7b:6c:09:7f:36:7f:27:47:72:74:89:88:74:fc:
         98:73:63:93:34:49:f6:55:2d:1c:b0:63:51:f8:e4:85:17:05:
         63:f4:5b:be:db:57:14:9a:ab:e0:e7:68:f1:b9:0d:b7:6d:c8:
         70:8a:4e:1c:90:a4:bd:06:38:f1:24:0e:58:31:1c:f1:a6:9b:
         09:14:27:44:de:07:cd:d3:d7:d1:e8:9f:1e:fa:22:77:18:b7:
         72:58:35:67:c1:73:0f:1f:a3:8a:15:de:64:a3:e6:a8:91:0d:
         67:f0:0b:e3:2c:9b:d7:71:c9:b3:2b:93:5a:04:b6:8d:64:58:
         90:c2:cc:25:a3:09:37:b4:76:6c:c7:b4:9c:fb:4d:1c:b2:a9:
         c0:25:db:96:63:1d:2a:47:a3:87:8f:41:b1:2a:3b:a4:b7:7f:
         9b:9b:93:92:35:03:d0:1c:6e:86:e5:6a:cc:f2:d8:f9:8e:1b:
         61:d9:46:9d:0c:0a:21:94:70:ed:e2:4f:fe:34:8b:7d:f8:dd:
         e2:a0:58:f0:ea:65:24:c8:6d:76:08:48:36:09:ef:d9:a6:d7:
         a9:c8:bb:59:43:f1:3b:4b:31:71:8a:fc:14:0d:74:ed:fa:24:
         1f:25:ed:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fd+kSuhGA97zWu/XKrCwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjYwMTAxMTIxNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTQ5ZDZhYzc5NGYyMjgzZGZiYzE2ZWU5YmIzYWI4NTQ1OTFhOGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouaR0A1yVp6IwJWVmFaIHqxXA70s
PVHPVX02DmQgs2Q7MoDURyEErmJRaNAaMfHIwS0X6hNVbyZazbra55E1Nc5Wa60o
Y3wk0ubjz6JcNavtCNIaE2SIcqKSkgJua/uzQl1yzbwCntBo97liLLZCGRu/HRci
arlfsu0RMs/tIOVU2zP43GqWXtDtJanQYwieSZ3YIcXwvolD6v5HWX0uVZUtOnZw
womV02F2tPMyTlwAKoDusR5FxSsVHSMhC3zyuXMtdBhKHgSMGfE5ayUYy97HLNmD
LEcEFnH5+WQS9tqhsb/orohFEP7EkiRn4F0a+tCzf/oBuKGQzBxk7FTEqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVJ1qx5TyKD37wW7puzq4VFkaiyMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvaFVuV3JIbFBJb1BmdkJidW03T3JoVVdScUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDpxE4MA0G
CSqGSIb3DQEBCwUAA4IBAQAnKfJEpYzSidg/kKot9j+q15IlUy3/e2wJfzZ/J0dy
dImIdPyYc2OTNEn2VS0csGNR+OSFFwVj9Fu+21cUmqvg52jxuQ23bchwik4ckKS9
BjjxJA5YMRzxppsJFCdE3gfN09fR6J8e+iJ3GLdyWDVnwXMPH6OKFd5ko+aokQ1n
8AvjLJvXccmzK5NaBLaNZFiQwswlowk3tHZsx7Sc+00csqnAJduWYx0qR6OHj0Gx
Kjukt3+bm5OSNQPQHG6G5WrM8tj5jhth2UadDAohlHDt4k/+NIt9+N3ioFjw6mUk
yG12CEg2Ce/ZptepyLtZQ/E7SzFxivwUDXTt+iQfJe1O
-----END CERTIFICATE-----