This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/Hky6ApZANVkmXvWwpZDDWUTm7QE.roa
File:                     Hky6ApZANVkmXvWwpZDDWUTm7QE.roa (raw, json)
Hash identifier:          or9Ntu3xVBzInXLEgPDlj5Cr4WAO00moRchho0hGvQs=
Subject key identifier:   1E:4C:BA:02:96:40:35:59:26:5E:F5:B0:A5:90:C3:59:44:E6:ED:01
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       019B7EA7643D48056D117D0620AF49941377
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/Hky6ApZANVkmXvWwpZDDWUTm7QE.roa
Signing time:             Fri 02 Jan 2026 12:20:57 +0000
ROA not before:           Fri 02 Jan 2026 12:20:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212123
IP address blocks:        185.133.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 12:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:64:3d:48:05:6d:11:7d:06:20:af:49:94:13:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:20:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1e4cba0296403559265ef5b0a590c35944e6ed01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:31:94:22:7c:cd:dd:83:da:00:02:9c:0c:4d:
                    9d:9b:d7:ba:88:04:01:53:6b:53:26:2e:0a:a5:6c:
                    61:7e:b7:e8:4c:52:aa:7a:c6:7a:de:a3:a9:d3:27:
                    fb:8a:ee:6c:0e:40:66:8a:e5:9c:99:6c:6b:76:1a:
                    ac:0a:bc:2a:59:4b:d6:02:d6:38:af:74:d9:07:34:
                    98:9e:4a:1f:c7:9d:a3:58:45:4c:23:ca:51:66:50:
                    2d:bc:be:bd:45:e7:f4:8b:01:59:7b:01:6c:0a:7a:
                    c7:4f:09:fa:db:76:c7:ac:82:6b:ca:57:aa:96:cf:
                    57:ef:59:1c:84:62:fe:10:5e:be:84:85:6b:6f:98:
                    09:11:48:85:be:f2:aa:e2:ef:ee:42:90:80:a0:8c:
                    a4:32:93:03:d4:09:0e:ed:69:da:39:d8:be:6b:f2:
                    88:db:68:f0:5d:a1:c7:3f:4e:1a:81:3c:5c:58:f0:
                    4a:eb:db:77:84:5f:4e:19:04:59:e6:79:a7:91:5e:
                    28:0a:45:5b:5d:66:70:12:73:12:1e:9f:93:23:5e:
                    81:cd:22:be:cd:09:45:46:15:26:33:2b:bb:f8:8f:
                    23:b9:48:03:58:c1:79:80:6c:57:46:28:dd:81:44:
                    44:09:b9:d4:df:70:cc:1b:54:bd:fe:4b:f8:14:3f:
                    d3:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:4C:BA:02:96:40:35:59:26:5E:F5:B0:A5:90:C3:59:44:E6:ED:01
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/Hky6ApZANVkmXvWwpZDDWUTm7QE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:4c:68:40:72:32:e2:9a:97:12:66:0e:e0:02:22:88:4f:c5:
         bd:88:80:97:1b:18:6f:16:d3:df:35:93:7f:3c:f6:78:66:ea:
         fd:21:9b:93:07:7c:1f:f3:da:1c:77:95:69:08:7f:83:82:64:
         cf:e8:1b:bc:8c:b8:cc:d7:1f:9e:6a:be:61:d2:fe:4e:84:60:
         cb:e5:51:52:9b:73:a1:f1:f1:6b:9d:62:64:00:66:bc:33:36:
         27:f3:d7:59:b8:a5:00:1a:f4:af:69:a7:82:cb:fd:9c:6f:c5:
         ba:6e:5d:28:dc:29:1d:88:6e:ea:63:6f:61:52:d2:52:9a:fe:
         c2:d2:7d:23:31:db:8d:e7:78:28:44:dc:46:7a:0b:07:6c:ac:
         87:b3:14:e3:72:6d:c3:10:e7:a1:71:41:a3:5d:5a:f1:da:61:
         d0:f7:bb:12:c3:da:9b:c3:28:06:33:d4:e3:34:bb:fe:28:0c:
         10:80:cb:03:45:90:b2:b7:c6:6b:bb:f0:9f:71:b2:d3:ae:bd:
         ee:8e:9b:6d:d2:4d:ab:cd:37:cd:01:e8:1f:64:e5:93:1c:17:
         17:a8:cd:40:a4:46:d3:8d:87:ee:40:4b:ac:c5:53:01:00:d8:
         38:5e:72:9e:3c:7d:9c:da:6d:85:95:9c:bf:8c:38:2b:77:32:
         63:41:7a:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+p2Q9SAVtEX0GIK9JlBN3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjYwMTAyMTIyMDU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTRjYmEwMjk2NDAzNTU5MjY1ZWY1YjBhNTkwYzM1OTQ0ZTZlZDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTGUInzN3YPaAAKcDE2dm9e6iAQB
U2tTJi4KpWxhfrfoTFKqesZ63qOp0yf7iu5sDkBmiuWcmWxrdhqsCrwqWUvWAtY4
r3TZBzSYnkofx52jWEVMI8pRZlAtvL69Ref0iwFZewFsCnrHTwn623bHrIJryleq
ls9X71kchGL+EF6+hIVrb5gJEUiFvvKq4u/uQpCAoIykMpMD1AkO7WnaOdi+a/KI
22jwXaHHP04agTxcWPBK69t3hF9OGQRZ5nmnkV4oCkVbXWZwEnMSHp+TI16BzSK+
zQlFRhUmMyu7+I8juUgDWMF5gGxXRijdgURECbnU33DMG1S9/kv4FD/TPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB5MugKWQDVZJl71sKWQw1lE5u0BMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvSGt5NkFwWkFOVmttWHZXd3BaRERXVVRtN1FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYXTMA0G
CSqGSIb3DQEBCwUAA4IBAQCKTGhAcjLimpcSZg7gAiKIT8W9iICXGxhvFtPfNZN/
PPZ4Zur9IZuTB3wf89ocd5VpCH+DgmTP6Bu8jLjM1x+ear5h0v5OhGDL5VFSm3Oh
8fFrnWJkAGa8MzYn89dZuKUAGvSvaaeCy/2cb8W6bl0o3CkdiG7qY29hUtJSmv7C
0n0jMduN53goRNxGegsHbKyHsxTjcm3DEOehcUGjXVrx2mHQ97sSw9qbwygGM9Tj
NLv+KAwQgMsDRZCyt8Zru/CfcbLTrr3ujptt0k2rzTfNAegfZOWTHBcXqM1ApEbT
jYfuQEusxVMBANg4XnKePH2c2m2FlZy/jDgrdzJjQXqB
-----END CERTIFICATE-----