This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/hSpqK91sbt0IXmBNfLicX1QIIR4.roa
File:                     hSpqK91sbt0IXmBNfLicX1QIIR4.roa (raw, json)
Hash identifier:          jkMdg7RKCkfutmrCmljNb5VhNrEnir/CCf6q38J73kY=
Subject key identifier:   85:2A:6A:2B:DD:6C:6E:DD:08:5E:60:4D:7C:B8:9C:5F:54:08:21:1E
Certificate issuer:       /CN=2e252a477242fb45f20bb08020a403a2bb466a9b
Certificate serial:       019C09A51005E5F8FB378234C3D14E910251
Authority key identifier: 2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/hSpqK91sbt0IXmBNfLicX1QIIR4.roa
Signing time:             Thu 29 Jan 2026 12:05:38 +0000
ROA not before:           Thu 29 Jan 2026 12:05:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199987
IP address blocks:        85.132.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Feb 2026 19:43:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:09:a5:10:05:e5:f8:fb:37:82:34:c3:d1:4e:91:02:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e252a477242fb45f20bb08020a403a2bb466a9b
        Validity
            Not Before: Jan 29 12:05:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=852a6a2bdd6c6edd085e604d7cb89c5f5408211e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:1f:7c:33:37:d4:96:58:f2:60:a1:c9:a2:4b:
                    0f:7f:20:31:56:90:c0:c9:94:29:0d:75:f0:ad:0b:
                    01:71:d6:60:18:a5:64:13:f4:88:3a:33:28:22:4a:
                    b7:37:44:62:45:64:e3:72:eb:a8:52:f0:63:ec:21:
                    ff:36:86:f8:36:26:78:0d:97:60:63:be:ec:d8:d9:
                    98:86:98:e4:c6:2a:7d:91:68:0a:43:23:55:27:12:
                    50:21:81:e3:da:ef:52:11:05:46:3a:fc:7f:6d:74:
                    af:30:40:5a:5c:42:64:1d:8f:56:14:fc:01:77:a1:
                    fb:df:d0:b9:a1:df:d6:32:8b:71:c4:a3:6f:d4:24:
                    03:68:d0:e5:92:44:48:98:aa:8c:47:cd:77:0b:96:
                    06:33:0e:59:ca:e9:66:21:31:71:27:83:1d:e5:d6:
                    06:21:c9:c9:d4:3f:dc:f8:b6:46:52:f8:e1:34:91:
                    97:22:f6:f8:6a:24:54:d1:1f:07:6f:a0:49:98:0a:
                    3d:1a:60:54:43:3d:b2:91:0c:d0:88:d8:c1:10:40:
                    89:f5:e4:59:90:2e:ab:3b:5a:56:0d:22:43:b4:ad:
                    f8:14:39:a4:36:db:80:e6:a2:ee:1f:28:9e:a1:9f:
                    6a:3c:a5:65:22:f8:c6:ff:01:f1:a1:6f:78:99:9f:
                    47:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:2A:6A:2B:DD:6C:6E:DD:08:5E:60:4D:7C:B8:9C:5F:54:08:21:1E
            X509v3 Authority Key Identifier:
                keyid:2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/hSpqK91sbt0IXmBNfLicX1QIIR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.132.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:e7:c6:12:70:e2:d2:c6:db:0e:0c:d2:9d:9d:ac:ab:3f:11:
         69:f0:0c:c0:f4:1c:d7:a8:61:83:de:c4:59:c1:cc:d5:c8:65:
         89:f2:97:ba:9f:d4:9d:03:e2:a3:0c:94:21:83:05:d6:75:a3:
         04:66:88:15:bb:c9:05:d2:a3:db:d4:aa:48:ed:bd:af:42:7f:
         b3:28:b1:4f:56:35:5f:95:3a:47:12:b3:d2:ef:55:ba:5c:72:
         be:ea:d6:26:e0:0f:6e:da:d8:16:f3:49:24:f5:6c:4e:83:2c:
         06:9f:cc:67:ef:d6:52:57:37:5b:61:92:c8:2b:31:ba:2e:0e:
         65:2d:35:64:b1:80:d0:09:92:07:39:d8:a8:d0:63:19:51:36:
         78:42:36:3b:16:88:25:dd:45:14:20:99:be:da:86:38:86:f8:
         d9:8c:c8:15:d9:f3:24:fb:e7:53:5d:76:34:50:ee:19:d5:a3:
         5a:85:f0:77:93:91:e4:5b:55:37:df:2e:95:d6:b4:84:02:2e:
         2e:3f:50:e1:71:7a:c6:3c:d1:79:b4:99:e4:cc:31:3d:91:35:
         be:4b:d4:88:cc:fc:d3:53:23:a4:37:3a:cd:1b:11:91:bb:17:
         81:cb:2b:a6:6c:a1:32:e5:0b:59:33:82:80:af:f0:68:ef:76:
         de:ef:ce:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwJpRAF5fj7N4I0w9FOkQJRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMjUyYTQ3NzI0MmZiNDVmMjBiYjA4MDIwYTQwM2EyYmI0
NjZhOWIwHhcNMjYwMTI5MTIwNTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTJhNmEyYmRkNmM2ZWRkMDg1ZTYwNGQ3Y2I4OWM1ZjU0MDgyMTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh98MzfUlljyYKHJoksPfyAxVpDA
yZQpDXXwrQsBcdZgGKVkE/SIOjMoIkq3N0RiRWTjcuuoUvBj7CH/Nob4NiZ4DZdg
Y77s2NmYhpjkxip9kWgKQyNVJxJQIYHj2u9SEQVGOvx/bXSvMEBaXEJkHY9WFPwB
d6H739C5od/WMotxxKNv1CQDaNDlkkRImKqMR813C5YGMw5ZyulmITFxJ4Md5dYG
IcnJ1D/c+LZGUvjhNJGXIvb4aiRU0R8Hb6BJmAo9GmBUQz2ykQzQiNjBEECJ9eRZ
kC6rO1pWDSJDtK34FDmkNtuA5qLuHyieoZ9qPKVlIvjG/wHxoW94mZ9H7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIUqaivdbG7dCF5gTXy4nF9UCCEeMB8GA1UdIwQY
MBaAFC4lKkdyQvtF8guwgCCkA6K7RmqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmIt
MTZmMTQ2YmVmOTk1LzEvaFNwcUs5MXNidDBJWG1CTmZMaWNYMVFJSVI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmItMTZmMTQ2YmVmOTk1
LzEvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYRXMA0G
CSqGSIb3DQEBCwUAA4IBAQCN58YScOLSxtsODNKdnayrPxFp8AzA9BzXqGGD3sRZ
wczVyGWJ8pe6n9SdA+KjDJQhgwXWdaMEZogVu8kF0qPb1KpI7b2vQn+zKLFPVjVf
lTpHErPS71W6XHK+6tYm4A9u2tgW80kk9WxOgywGn8xn79ZSVzdbYZLIKzG6Lg5l
LTVksYDQCZIHOdio0GMZUTZ4QjY7Fogl3UUUIJm+2oY4hvjZjMgV2fMk++dTXXY0
UO4Z1aNahfB3k5HkW1U33y6V1rSEAi4uP1DhcXrGPNF5tJnkzDE9kTW+S9SIzPzT
UyOkNzrNGxGRuxeByyumbKEy5QtZM4KAr/Bo73be787Y
-----END CERTIFICATE-----