This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/HClmRpwZ5qb-6Tw5Lpkkp6vUq24.roa
File:                     HClmRpwZ5qb-6Tw5Lpkkp6vUq24.roa (raw, json)
Hash identifier:          R6anRTSdgq6QM25eUKnQ4vUTar0ktx5VjKKHjNUMua0=
Subject key identifier:   1C:29:66:46:9C:19:E6:A6:FE:E9:3C:39:2E:99:24:A7:AB:D4:AB:6E
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       019B77C75DDBE516199C6257A073614439E9
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/HClmRpwZ5qb-6Tw5Lpkkp6vUq24.roa
Signing time:             Thu 01 Jan 2026 04:18:32 +0000
ROA not before:           Thu 01 Jan 2026 04:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203363
IP address blocks:        91.205.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:5d:db:e5:16:19:9c:62:57:a0:73:61:44:39:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Jan  1 04:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1c2966469c19e6a6fee93c392e9924a7abd4ab6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:18:29:4c:e7:ae:41:e4:32:a0:cd:1e:e4:da:
                    fb:a5:b0:8c:71:c9:7c:81:18:a6:a8:df:ec:c7:7f:
                    e8:d4:cc:4e:7f:2d:cb:55:35:93:fd:58:d9:f2:0d:
                    30:ec:32:e1:0f:0a:ba:c3:d7:dc:47:a3:a3:e8:e7:
                    78:3e:44:b5:fb:f3:29:2b:ae:1d:d2:ff:75:7d:55:
                    16:58:8c:75:0e:71:0c:e5:99:05:17:54:95:8c:00:
                    ff:8a:aa:b7:f1:15:8a:ac:b1:9f:a5:32:c8:9f:72:
                    33:7e:5a:67:71:70:60:e1:1c:bb:6f:60:47:bc:52:
                    9b:bd:9f:7f:07:34:64:c0:90:8f:b9:ab:7a:43:b1:
                    33:a8:44:d9:80:bc:88:58:fd:3b:2c:12:b9:f6:c0:
                    bf:21:4d:8e:bf:0e:95:3d:91:d6:57:41:e6:b6:8e:
                    cd:69:4b:27:79:56:be:f3:11:ad:80:65:d0:63:bc:
                    68:32:4e:56:72:9e:2f:22:b6:b5:e6:9b:38:2b:99:
                    cc:dc:a5:f0:9d:a8:0d:22:97:44:9e:d8:1d:e5:a7:
                    c9:bc:3d:50:c6:3a:a0:5a:dd:11:8a:9e:86:c1:00:
                    1f:46:f9:a4:e3:ea:3f:c4:bc:bb:84:3e:5a:63:54:
                    1f:46:c6:fe:56:b4:24:84:56:0d:e1:8f:2c:20:3d:
                    74:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:29:66:46:9C:19:E6:A6:FE:E9:3C:39:2E:99:24:A7:AB:D4:AB:6E
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/HClmRpwZ5qb-6Tw5Lpkkp6vUq24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:ff:0d:f9:76:ee:ba:af:55:b7:0f:9e:9f:36:74:74:cd:39:
         2c:b4:53:01:99:8e:0a:b9:8f:17:8b:ed:83:32:14:6c:20:ba:
         b3:a0:5b:54:48:79:fc:43:dd:13:29:df:6e:5b:c8:c2:81:29:
         e1:cd:80:18:c0:e9:a1:8c:b1:ee:a6:0b:40:de:79:19:5e:b4:
         93:c9:e0:8a:96:ce:57:80:0b:a6:33:fe:55:ab:31:fc:63:ff:
         46:92:87:b9:d1:09:fd:49:d8:02:54:8c:f2:61:66:d0:3a:19:
         b7:a3:14:68:7e:82:b5:4a:45:00:fd:60:de:d7:40:c7:a8:1b:
         2f:76:34:78:1b:70:72:a9:a3:a1:55:d8:90:95:c1:09:f9:f0:
         6a:43:8b:14:88:18:9b:b5:36:6e:00:61:02:bc:04:71:9f:ee:
         92:5d:3a:a1:e3:32:1a:cc:9b:5f:9e:de:ba:5f:b1:ac:f2:91:
         8a:0e:5b:5f:9f:d4:c6:b2:01:a5:74:ee:1d:a5:50:89:fd:a6:
         91:c5:69:9b:e2:fa:97:91:39:b5:66:fb:60:2b:08:b9:c8:84:
         02:96:12:ee:42:b1:9b:8f:8d:c2:bf:d1:10:e9:86:78:69:e2:
         64:27:32:71:ce:f7:d7:db:7e:95:f1:cf:aa:35:1a:7d:c0:f0:
         81:75:48:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x13b5RYZnGJXoHNhRDnpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjYwMTAxMDQxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzI5NjY0NjljMTllNmE2ZmVlOTNjMzkyZTk5MjRhN2FiZDRhYjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhgpTOeuQeQyoM0e5Nr7pbCMccl8
gRimqN/sx3/o1MxOfy3LVTWT/VjZ8g0w7DLhDwq6w9fcR6Oj6Od4PkS1+/MpK64d
0v91fVUWWIx1DnEM5ZkFF1SVjAD/iqq38RWKrLGfpTLIn3IzflpncXBg4Ry7b2BH
vFKbvZ9/BzRkwJCPuat6Q7EzqETZgLyIWP07LBK59sC/IU2Ovw6VPZHWV0Hmto7N
aUsneVa+8xGtgGXQY7xoMk5Wcp4vIra15ps4K5nM3KXwnagNIpdEntgd5afJvD1Q
xjqgWt0Rip6GwQAfRvmk4+o/xLy7hD5aY1QfRsb+VrQkhFYN4Y8sID10SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwpZkacGeam/uk8OS6ZJKer1KtuMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvSENsbVJwd1o1cWItNlR3NUxwa2twNnZVcTI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW82eMA0G
CSqGSIb3DQEBCwUAA4IBAQDK/w35du66r1W3D56fNnR0zTkstFMBmY4KuY8Xi+2D
MhRsILqzoFtUSHn8Q90TKd9uW8jCgSnhzYAYwOmhjLHupgtA3nkZXrSTyeCKls5X
gAumM/5VqzH8Y/9Gkoe50Qn9SdgCVIzyYWbQOhm3oxRofoK1SkUA/WDe10DHqBsv
djR4G3ByqaOhVdiQlcEJ+fBqQ4sUiBibtTZuAGECvARxn+6SXTqh4zIazJtfnt66
X7Gs8pGKDltfn9TGsgGldO4dpVCJ/aaRxWmb4vqXkTm1ZvtgKwi5yIQClhLuQrGb
j43Cv9EQ6YZ4aeJkJzJxzvfX236V8c+qNRp9wPCBdUg2
-----END CERTIFICATE-----