This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/IEHhAsm6Xmdej2oCP8axb9PFCII.roa
File:                     IEHhAsm6Xmdej2oCP8axb9PFCII.roa (raw, json)
Hash identifier:          HMNMX3CTbZjbh0WFm8CFNKQuDtEwRiZo1B5DzDBXjYE=
Subject key identifier:   20:41:E1:02:C9:BA:5E:67:5E:8F:6A:02:3F:C6:B1:6F:D3:C5:08:82
Certificate issuer:       /CN=b79220a805e4378547e43bac731ce86fe01145c7
Certificate serial:       019B7B368D1D24524D6E04551B7B976F7345
Authority key identifier: B7:92:20:A8:05:E4:37:85:47:E4:3B:AC:73:1C:E8:6F:E0:11:45:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/IEHhAsm6Xmdej2oCP8axb9PFCII.roa
Signing time:             Thu 01 Jan 2026 20:18:51 +0000
ROA not before:           Thu 01 Jan 2026 20:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205416
IP address blocks:        185.92.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 05:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:8d:1d:24:52:4d:6e:04:55:1b:7b:97:6f:73:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b79220a805e4378547e43bac731ce86fe01145c7
        Validity
            Not Before: Jan  1 20:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2041e102c9ba5e675e8f6a023fc6b16fd3c50882
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b5:38:15:27:e4:14:ec:45:75:93:22:5b:dd:
                    de:39:da:47:cf:4c:a5:92:1c:3a:ad:b4:68:7a:e1:
                    cc:14:2c:7f:6e:74:49:da:22:55:58:dd:97:a4:8c:
                    3f:5a:14:e6:9f:03:a5:38:f5:ac:a0:45:67:7a:29:
                    8d:4d:a4:3e:2a:b5:99:56:8f:1b:01:42:5f:29:74:
                    ae:14:b1:0e:51:72:3f:e3:0d:da:4f:78:bf:9b:24:
                    cd:98:54:2f:72:28:1f:5c:5e:3c:e4:8a:05:6a:5e:
                    61:b6:d9:6d:82:4f:ee:c1:f5:18:df:9c:a0:fd:31:
                    90:0a:50:a3:1b:8c:c5:94:9f:13:6f:26:c7:8d:58:
                    f7:65:80:98:78:48:83:ca:72:22:65:cd:b1:73:fb:
                    37:c3:ea:1b:d6:8a:78:fb:31:d5:15:2e:9b:8b:0c:
                    ff:8c:26:f2:48:d1:08:86:16:da:5a:82:71:96:85:
                    60:b0:12:f9:73:e4:0c:41:b6:d6:e2:97:2c:e7:c9:
                    be:f7:38:4d:ec:c6:09:74:89:82:f8:ea:60:49:e1:
                    ef:3f:f9:f5:c9:8f:e7:a7:a5:b1:16:54:88:62:6f:
                    23:88:fc:65:06:5e:72:35:cc:0b:2d:ea:33:04:b8:
                    d2:c0:a8:7f:62:e6:1e:89:2d:38:9c:e0:e4:64:08:
                    84:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:41:E1:02:C9:BA:5E:67:5E:8F:6A:02:3F:C6:B1:6F:D3:C5:08:82
            X509v3 Authority Key Identifier:
                keyid:B7:92:20:A8:05:E4:37:85:47:E4:3B:AC:73:1C:E8:6F:E0:11:45:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/IEHhAsm6Xmdej2oCP8axb9PFCII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:be:cb:c4:0f:12:03:f6:5d:9a:74:fc:8f:2d:93:1f:1e:27:
         4d:6b:22:04:93:f3:1a:0a:f1:79:22:7b:f4:d8:25:b0:47:22:
         4d:49:2a:9e:bb:ca:47:6a:a1:7e:13:a9:26:c1:0b:2e:a3:0f:
         3c:71:42:25:18:ef:e4:14:a8:af:41:5e:ac:73:d7:44:76:b7:
         44:62:05:03:36:57:60:76:41:52:10:fa:cd:4d:e2:8b:5b:a1:
         58:1c:3b:d2:75:5c:d4:72:33:83:f5:00:09:37:2d:4f:04:9c:
         df:68:24:9c:eb:82:cd:be:5e:fb:87:e5:ca:f6:db:ec:17:90:
         05:6f:4a:64:35:4f:92:08:01:2d:b8:99:8c:b3:8e:f4:b9:48:
         cf:01:24:c6:b1:93:ab:65:86:0d:97:63:cb:d4:b5:3c:96:72:
         9f:c7:63:dc:63:ef:60:1d:3b:f8:24:43:30:93:7c:21:50:aa:
         13:d9:f1:6e:e3:0c:49:6f:02:21:47:d2:1b:93:1c:2e:ba:2c:
         6c:82:ab:38:c1:4f:58:b9:35:52:53:9f:e2:84:ff:99:42:c0:
         3f:c1:33:8f:e6:9e:e9:70:4c:d2:15:bd:7e:f9:30:1a:49:ae:
         6d:ab:98:b0:06:c4:b1:07:63:55:6a:54:52:4a:73:45:6a:ab:
         2f:57:5a:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7No0dJFJNbgRVG3uXb3NFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3OTIyMGE4MDVlNDM3ODU0N2U0M2JhYzczMWNlODZmZTAx
MTQ1YzcwHhcNMjYwMTAxMjAxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDQxZTEwMmM5YmE1ZTY3NWU4ZjZhMDIzZmM2YjE2ZmQzYzUwODgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubU4FSfkFOxFdZMiW93eOdpHz0yl
khw6rbRoeuHMFCx/bnRJ2iJVWN2XpIw/WhTmnwOlOPWsoEVneimNTaQ+KrWZVo8b
AUJfKXSuFLEOUXI/4w3aT3i/myTNmFQvcigfXF485IoFal5httltgk/uwfUY35yg
/TGQClCjG4zFlJ8TbybHjVj3ZYCYeEiDynIiZc2xc/s3w+ob1op4+zHVFS6biwz/
jCbySNEIhhbaWoJxloVgsBL5c+QMQbbW4pcs58m+9zhN7MYJdImC+OpgSeHvP/n1
yY/np6WxFlSIYm8jiPxlBl5yNcwLLeozBLjSwKh/YuYeiS04nODkZAiEAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCBB4QLJul5nXo9qAj/GsW/TxQiCMB8GA1UdIwQY
MBaAFLeSIKgF5DeFR+Q7rHMc6G/gEUXHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDVJZ3FBWGtONFZINUR1c2N4em9iLUFSUmNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9lN2Y4ODQtY2Y3Yi00OTFjLTllZDkt
NDIzYWZjMmI2OGI4LzEvSUVIaEFzbTZYbWRlajJvQ1A4YXhiOVBGQ0lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9lN2Y4ODQtY2Y3Yi00OTFjLTllZDktNDIzYWZjMmI2OGI4
LzEvdDVJZ3FBWGtONFZINUR1c2N4em9iLUFSUmNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVzUMA0G
CSqGSIb3DQEBCwUAA4IBAQCTvsvEDxID9l2adPyPLZMfHidNayIEk/MaCvF5Inv0
2CWwRyJNSSqeu8pHaqF+E6kmwQsuow88cUIlGO/kFKivQV6sc9dEdrdEYgUDNldg
dkFSEPrNTeKLW6FYHDvSdVzUcjOD9QAJNy1PBJzfaCSc64LNvl77h+XK9tvsF5AF
b0pkNU+SCAEtuJmMs470uUjPASTGsZOrZYYNl2PL1LU8lnKfx2PcY+9gHTv4JEMw
k3whUKoT2fFu4wxJbwIhR9Ibkxwuuixsgqs4wU9YuTVSU5/ihP+ZQsA/wTOP5p7p
cEzSFb1++TAaSa5tq5iwBsSxB2NValRSSnNFaqsvV1ox
-----END CERTIFICATE-----