This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/HgzP266-mfVR4Zu-vqbiCInscNs.roa
File:                     HgzP266-mfVR4Zu-vqbiCInscNs.roa (raw, json)
Hash identifier:          lFbzWeDQ0uORaOVt9cJPVaE2kwNYdZuNZdjU/9DXgMM=
Subject key identifier:   1E:0C:CF:DB:AE:BE:99:F5:51:E1:9B:BE:BE:A6:E2:08:89:EC:70:DB
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       019B7F1594E78115903D74352B8B913B5D6E
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/HgzP266-mfVR4Zu-vqbiCInscNs.roa
Signing time:             Fri 02 Jan 2026 14:21:19 +0000
ROA not before:           Fri 02 Jan 2026 14:21:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7303
IP address blocks:        2.18.56.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:94:e7:81:15:90:3d:74:35:2b:8b:91:3b:5d:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Jan  2 14:21:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1e0ccfdbaebe99f551e19bbebea6e20889ec70db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d3:83:fb:48:bf:4a:35:06:68:69:a6:fd:e8:
                    b8:7b:a2:59:ed:90:1c:7b:0a:79:23:cb:ea:11:14:
                    17:4a:6e:ea:64:fc:31:8b:0b:de:1f:77:5f:62:e6:
                    b4:f9:40:29:44:fd:45:16:f9:7e:27:70:04:c7:fc:
                    b0:f4:6b:b5:c5:bf:4d:73:25:fc:69:19:d6:a5:3a:
                    92:ff:e7:b7:5d:ef:f0:f8:49:c4:ed:78:f1:a9:7d:
                    87:ea:40:79:39:fa:b9:ee:55:d5:1f:7a:32:10:3d:
                    89:3d:57:88:79:9e:9c:27:c1:81:94:64:90:44:c7:
                    5a:2c:bb:07:5a:11:36:98:29:e3:5b:75:0f:74:73:
                    6c:24:3a:f6:94:17:15:c8:a4:5c:a7:21:9d:9d:66:
                    e6:6c:83:0c:49:2b:3d:7c:07:d1:97:a4:35:00:dd:
                    5a:5d:bf:d1:d2:28:6a:0a:5e:50:e0:92:cc:9c:05:
                    29:2a:cb:a6:c9:d4:f7:c1:aa:a8:30:96:f3:9c:d1:
                    e2:a8:ad:48:df:25:29:ce:b1:c3:72:d1:b8:1b:02:
                    bf:7e:b8:a1:df:23:5a:46:28:13:13:38:4f:6e:b5:
                    dc:0e:1f:3d:0f:2e:39:a7:a5:77:a2:66:17:4a:be:
                    86:56:98:5f:07:d7:70:dd:3c:e1:ab:1e:14:44:eb:
                    4d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:0C:CF:DB:AE:BE:99:F5:51:E1:9B:BE:BE:A6:E2:08:89:EC:70:DB
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/HgzP266-mfVR4Zu-vqbiCInscNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.18.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6f:76:c7:e9:96:bd:06:72:fe:f6:21:2b:35:b0:ff:83:e1:19:
         7b:f2:78:ce:bf:3a:ab:fb:6c:69:51:06:ae:ba:23:e2:7d:c5:
         ef:53:6b:be:ef:f9:15:c1:46:ce:f8:db:c0:34:c8:66:75:26:
         e4:e7:d9:c8:b6:86:d2:bb:2e:df:97:6a:2d:ec:f9:a6:ea:1f:
         96:b8:f7:2c:0f:da:ad:3c:df:fa:6d:bd:aa:ca:2b:a0:4d:35:
         32:57:ae:d5:d4:4f:0e:db:1b:63:5c:44:ab:55:dc:c5:fe:51:
         0b:c8:f2:d3:44:ce:dc:d5:00:6e:dc:dd:23:6d:38:82:e4:10:
         b9:d9:91:78:97:e5:45:c0:43:de:b0:14:7a:86:03:cf:92:72:
         02:5c:c7:db:6f:4a:44:ed:25:ce:b6:42:28:6b:b9:6e:76:95:
         f5:0f:c4:68:32:d5:39:e4:b9:65:dd:b2:ce:00:b9:36:22:0b:
         c8:1f:3a:42:13:c4:e4:30:29:67:c9:a2:43:20:b0:c2:29:32:
         98:d7:bc:7f:7c:ab:1b:9f:f3:4e:de:67:9f:90:4e:44:ca:37:
         86:e3:42:ec:55:5a:6b:00:7f:31:38:4d:e1:7d:2c:83:49:f2:
         05:5b:96:21:a1:53:df:55:54:6c:c7:8a:e5:2d:7f:85:de:6f:
         3a:4a:3d:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FZTngRWQPXQ1K4uRO11uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjYwMTAyMTQyMTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTBjY2ZkYmFlYmU5OWY1NTFlMTliYmViZWE2ZTIwODg5ZWM3MGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodOD+0i/SjUGaGmm/ei4e6JZ7ZAc
ewp5I8vqERQXSm7qZPwxiwveH3dfYua0+UApRP1FFvl+J3AEx/yw9Gu1xb9NcyX8
aRnWpTqS/+e3Xe/w+EnE7XjxqX2H6kB5Ofq57lXVH3oyED2JPVeIeZ6cJ8GBlGSQ
RMdaLLsHWhE2mCnjW3UPdHNsJDr2lBcVyKRcpyGdnWbmbIMMSSs9fAfRl6Q1AN1a
Xb/R0ihqCl5Q4JLMnAUpKsumydT3waqoMJbznNHiqK1I3yUpzrHDctG4GwK/frih
3yNaRigTEzhPbrXcDh89Dy45p6V3omYXSr6GVphfB9dw3Tzhqx4UROtNgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB4Mz9uuvpn1UeGbvr6m4giJ7HDbMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvSGd6UDI2Ni1tZlZSNFp1LXZxYmlDSW5zY05zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAhI4MA0G
CSqGSIb3DQEBCwUAA4IBAQBvdsfplr0Gcv72ISs1sP+D4Rl78njOvzqr+2xpUQau
uiPifcXvU2u+7/kVwUbO+NvANMhmdSbk59nItobSuy7fl2ot7Pmm6h+WuPcsD9qt
PN/6bb2qyiugTTUyV67V1E8O2xtjXESrVdzF/lELyPLTRM7c1QBu3N0jbTiC5BC5
2ZF4l+VFwEPesBR6hgPPknICXMfbb0pE7SXOtkIoa7ludpX1D8RoMtU55Lll3bLO
ALk2IgvIHzpCE8TkMClnyaJDILDCKTKY17x/fKsbn/NO3mefkE5EyjeG40LsVVpr
AH8xOE3hfSyDSfIFW5YhoVPfVVRsx4rlLX+F3m86Sj3r
-----END CERTIFICATE-----