This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/e283bb-d4d3-4b3a-b2b3-8ac8965708bc/1/HQ9qBlpX88L3-OQbW8XUTwQxEak.roa
File:                     HQ9qBlpX88L3-OQbW8XUTwQxEak.roa (raw, json)
Hash identifier:          Qa8CEOF0FEc/At83oa6rDq82gWxWhWkHOjKs2stdWXg=
Subject key identifier:   1D:0F:6A:06:5A:57:F3:C2:F7:F8:E4:1B:5B:C5:D4:4F:04:31:11:A9
Certificate issuer:       /CN=df7dd65966737ce8f65e40ef2fea1cffafb162b0
Certificate serial:       019B7F154F4AA896AAD25F91FF93231E33DC
Authority key identifier: DF:7D:D6:59:66:73:7C:E8:F6:5E:40:EF:2F:EA:1C:FF:AF:B1:62:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/333WWWZzfOj2XkDvL-oc_6-xYrA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/e283bb-d4d3-4b3a-b2b3-8ac8965708bc/1/HQ9qBlpX88L3-OQbW8XUTwQxEak.roa
Signing time:             Fri 02 Jan 2026 14:21:01 +0000
ROA not before:           Fri 02 Jan 2026 14:21:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50329
IP address blocks:        178.170.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/e283bb-d4d3-4b3a-b2b3-8ac8965708bc/1/333WWWZzfOj2XkDvL-oc_6-xYrA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/e283bb-d4d3-4b3a-b2b3-8ac8965708bc/1/333WWWZzfOj2XkDvL-oc_6-xYrA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/333WWWZzfOj2XkDvL-oc_6-xYrA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 20:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:4f:4a:a8:96:aa:d2:5f:91:ff:93:23:1e:33:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df7dd65966737ce8f65e40ef2fea1cffafb162b0
        Validity
            Not Before: Jan  2 14:21:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1d0f6a065a57f3c2f7f8e41b5bc5d44f043111a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:dc:df:b5:38:df:23:f3:1d:42:74:b9:d7:39:
                    fc:18:8a:78:4e:c5:32:15:26:7f:39:67:c3:0d:29:
                    1d:f6:43:cd:b8:e2:cd:42:aa:fc:a0:e7:ff:e0:1c:
                    71:99:9b:f9:a3:17:fc:28:1b:19:94:cf:ba:a0:90:
                    a6:50:97:f6:62:11:d0:9f:b5:dc:58:75:ff:ad:c9:
                    82:a5:00:cc:e1:89:3e:d7:1e:6d:45:19:33:dc:1d:
                    b9:88:34:a2:7f:cd:be:e6:7e:95:59:63:83:0c:53:
                    9b:59:f7:ec:7f:f2:1c:90:7e:9b:c9:d0:db:08:b9:
                    93:06:55:c1:49:14:ad:13:55:25:88:57:5a:91:91:
                    ba:a2:82:e4:56:3e:67:0b:1b:74:95:54:84:1b:1f:
                    41:84:3d:5e:b1:a5:15:65:84:87:01:17:18:a8:9a:
                    d5:f6:1b:39:7d:dc:d1:10:7b:1f:98:1a:59:c2:06:
                    4a:61:0e:75:4c:71:40:aa:0d:42:6b:fb:59:c9:c4:
                    80:28:43:ae:1f:d5:1d:3b:8e:db:4f:8d:fe:b0:38:
                    3d:10:9a:f5:0b:e2:22:c0:5f:b6:ea:dc:15:03:14:
                    f3:11:6c:ea:d1:98:ae:e6:6b:d4:33:c8:8c:4b:e7:
                    c9:9d:61:11:90:85:15:58:50:e8:db:66:e2:a4:34:
                    60:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:0F:6A:06:5A:57:F3:C2:F7:F8:E4:1B:5B:C5:D4:4F:04:31:11:A9
            X509v3 Authority Key Identifier:
                keyid:DF:7D:D6:59:66:73:7C:E8:F6:5E:40:EF:2F:EA:1C:FF:AF:B1:62:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/333WWWZzfOj2XkDvL-oc_6-xYrA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/e283bb-d4d3-4b3a-b2b3-8ac8965708bc/1/HQ9qBlpX88L3-OQbW8XUTwQxEak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/e283bb-d4d3-4b3a-b2b3-8ac8965708bc/1/333WWWZzfOj2XkDvL-oc_6-xYrA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.170.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:d8:b6:33:74:5a:55:f9:68:e1:b3:58:ee:3e:25:73:de:e8:
         db:05:82:3e:3c:5b:92:40:af:f5:53:bb:a5:64:4d:07:90:39:
         0a:65:57:25:03:28:db:58:ff:1f:c9:fa:d6:89:9f:7b:22:d5:
         f3:ac:ca:be:06:a6:b2:e7:84:be:38:ec:d8:26:33:cc:73:ee:
         03:2b:53:5f:02:83:36:22:92:d5:32:bc:97:28:93:96:02:a1:
         ad:d5:71:c2:90:6a:00:7f:d4:b9:01:c3:0e:19:02:62:a2:5d:
         16:33:ea:58:db:a8:da:cd:a6:5c:52:1b:9e:d9:1a:47:38:7d:
         1f:4a:91:67:af:f7:80:15:96:9f:58:b8:10:cc:11:f2:81:91:
         55:93:82:8d:f4:e8:04:03:7f:6b:1e:75:b8:76:cc:ad:d2:4b:
         b4:31:9d:14:e5:61:09:58:5a:cc:3c:f5:58:5d:61:ee:cb:95:
         98:f1:54:7d:d0:74:88:c2:15:c7:9b:4f:b5:72:08:27:85:f7:
         f2:3d:58:73:f3:82:e9:dc:c5:66:1e:3b:72:6d:3c:0b:3b:1a:
         61:d0:16:54:20:15:d9:bb:db:71:01:70:47:5c:45:39:da:2a:
         81:7e:57:4e:9d:95:23:3a:9f:7b:26:4c:18:b2:dd:22:cf:05:
         c5:30:68:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FU9KqJaq0l+R/5MjHjPcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmN2RkNjU5NjY3MzdjZThmNjVlNDBlZjJmZWExY2ZmYWZi
MTYyYjAwHhcNMjYwMTAyMTQyMTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDBmNmEwNjVhNTdmM2MyZjdmOGU0MWI1YmM1ZDQ0ZjA0MzExMWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudzftTjfI/MdQnS51zn8GIp4TsUy
FSZ/OWfDDSkd9kPNuOLNQqr8oOf/4BxxmZv5oxf8KBsZlM+6oJCmUJf2YhHQn7Xc
WHX/rcmCpQDM4Yk+1x5tRRkz3B25iDSif82+5n6VWWODDFObWffsf/IckH6bydDb
CLmTBlXBSRStE1UliFdakZG6ooLkVj5nCxt0lVSEGx9BhD1esaUVZYSHARcYqJrV
9hs5fdzREHsfmBpZwgZKYQ51THFAqg1Ca/tZycSAKEOuH9UdO47bT43+sDg9EJr1
C+IiwF+26twVAxTzEWzq0Ziu5mvUM8iMS+fJnWERkIUVWFDo22bipDRgBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB0PagZaV/PC9/jkG1vF1E8EMRGpMB8GA1UdIwQY
MBaAFN991llmc3zo9l5A7y/qHP+vsWKwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzMzV1dXWnpmT2oyWGtEdkwtb2NfNi14WXJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9lMjgzYmItZDRkMy00YjNhLWIyYjMt
OGFjODk2NTcwOGJjLzEvSFE5cUJscFg4OEwzLU9RYlc4WFVUd1F4RWFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9lMjgzYmItZDRkMy00YjNhLWIyYjMtOGFjODk2NTcwOGJj
LzEvMzMzV1dXWnpmT2oyWGtEdkwtb2NfNi14WXJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsqqDMA0G
CSqGSIb3DQEBCwUAA4IBAQA82LYzdFpV+Wjhs1juPiVz3ujbBYI+PFuSQK/1U7ul
ZE0HkDkKZVclAyjbWP8fyfrWiZ97ItXzrMq+Bqay54S+OOzYJjPMc+4DK1NfAoM2
IpLVMryXKJOWAqGt1XHCkGoAf9S5AcMOGQJiol0WM+pY26jazaZcUhue2RpHOH0f
SpFnr/eAFZafWLgQzBHygZFVk4KN9OgEA39rHnW4dsyt0ku0MZ0U5WEJWFrMPPVY
XWHuy5WY8VR90HSIwhXHm0+1cggnhffyPVhz84Lp3MVmHjtybTwLOxph0BZUIBXZ
u9txAXBHXEU52iqBfldOnZUjOp97JkwYst0izwXFMGhL
-----END CERTIFICATE-----