This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/hbdA2d-vBo-3SzfwxxldcwTdYxM.roa
File:                     hbdA2d-vBo-3SzfwxxldcwTdYxM.roa (raw, json)
Hash identifier:          raXOO4Vzk3j1wiNPoTdhzreg0aYJjjmuG0/ZS3bT/qA=
Subject key identifier:   85:B7:40:D9:DF:AF:06:8F:B7:4B:37:F0:C7:19:5D:73:04:DD:63:13
Certificate issuer:       /CN=a621186413bbdfde20e592fbe5553de7f94e5987
Certificate serial:       019B7C13487E1505D600C206D42B3B7CCCED
Authority key identifier: A6:21:18:64:13:BB:DF:DE:20:E5:92:FB:E5:55:3D:E7:F9:4E:59:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/piEYZBO7394g5ZL75VU95_lOWYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/hbdA2d-vBo-3SzfwxxldcwTdYxM.roa
Signing time:             Fri 02 Jan 2026 00:19:57 +0000
ROA not before:           Fri 02 Jan 2026 00:19:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        185.131.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/piEYZBO7394g5ZL75VU95_lOWYc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/piEYZBO7394g5ZL75VU95_lOWYc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/piEYZBO7394g5ZL75VU95_lOWYc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 00:21:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:48:7e:15:05:d6:00:c2:06:d4:2b:3b:7c:cc:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a621186413bbdfde20e592fbe5553de7f94e5987
        Validity
            Not Before: Jan  2 00:19:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=85b740d9dfaf068fb74b37f0c7195d7304dd6313
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:65:75:0a:9c:58:3d:a9:47:4d:b7:cf:7b:58:
                    30:ed:35:02:ff:45:c7:f7:fb:23:e5:a0:df:8c:34:
                    21:1b:56:b2:8d:ba:1f:b2:59:fd:b6:68:b7:3f:bd:
                    78:dc:19:6e:03:ff:58:23:cd:17:1d:00:6e:17:4d:
                    48:f0:01:4f:cf:f6:61:15:63:70:98:e1:56:89:b2:
                    6e:73:a6:8d:ec:d7:68:41:b6:60:fa:2a:2e:65:df:
                    2f:73:50:d9:c5:a6:0c:9a:28:8c:cb:08:57:f8:24:
                    c2:c6:8d:e6:d2:37:c7:5f:16:59:b6:d2:75:f7:9e:
                    40:f7:11:eb:a0:9e:84:26:d5:a6:e2:cd:6a:48:a3:
                    af:3f:5b:f6:b8:77:b8:03:91:5c:96:c5:cf:31:d7:
                    88:01:56:23:b1:e6:fb:5d:7f:81:10:2d:a4:f8:54:
                    b9:33:46:db:c1:f3:b2:d7:da:52:39:0e:bd:fe:4c:
                    09:30:92:c7:2b:79:56:37:59:1d:81:20:80:6d:4e:
                    89:bd:f8:d4:96:f5:2c:b2:ab:20:c3:bb:e3:20:e1:
                    85:7b:4a:09:78:cf:d7:14:59:5d:cb:6e:33:08:f8:
                    83:bb:db:5b:cb:a0:67:45:f3:cc:b0:a6:79:16:0c:
                    65:f1:15:13:bb:ee:65:ab:7f:d7:69:15:51:7a:a9:
                    82:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:B7:40:D9:DF:AF:06:8F:B7:4B:37:F0:C7:19:5D:73:04:DD:63:13
            X509v3 Authority Key Identifier:
                keyid:A6:21:18:64:13:BB:DF:DE:20:E5:92:FB:E5:55:3D:E7:F9:4E:59:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/piEYZBO7394g5ZL75VU95_lOWYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/hbdA2d-vBo-3SzfwxxldcwTdYxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/0396ad-dda7-4600-8f66-f56c779b142f/1/piEYZBO7394g5ZL75VU95_lOWYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:b5:93:da:30:39:a5:6a:cc:bc:01:71:01:73:8c:04:ab:fb:
         c3:49:01:99:41:b8:e3:18:f1:cd:cd:91:7d:40:b2:db:e6:f1:
         19:3c:57:c8:7e:97:23:20:8c:70:ac:1b:f0:e8:fc:27:16:ea:
         96:57:69:8e:6e:b8:f3:10:02:d6:75:42:24:b3:1d:ec:64:76:
         42:cc:c7:3c:74:41:42:b4:8c:bf:5e:e7:2d:c8:b8:a6:13:2b:
         b5:c4:31:44:88:2e:13:47:74:85:4d:8e:65:85:5a:72:9b:d5:
         b4:48:80:67:37:58:1f:31:2c:6b:a8:c0:5c:65:c3:4d:f8:3e:
         d2:d5:ed:ee:f2:62:2f:ed:69:fd:16:cf:20:a0:3a:29:4e:bd:
         b2:49:1a:d0:02:89:ac:4e:e6:2b:c1:68:82:85:45:72:ab:ee:
         25:04:29:12:ac:31:0c:c9:7e:d5:59:9d:8b:79:6c:d8:98:b9:
         d0:07:ce:c8:12:05:9c:b6:30:19:e6:9f:d4:b7:36:e7:c4:45:
         11:96:c3:62:c4:43:8a:57:6f:cb:c4:45:9d:02:00:80:8b:8a:
         7f:64:91:94:ec:11:11:76:d7:f5:5f:95:e2:0f:4e:fa:d2:c9:
         fe:bf:8b:5e:85:43:dd:9b:54:42:64:49:65:dc:d7:bd:82:a8:
         2e:3d:9c:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E0h+FQXWAMIG1Cs7fMztMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MjExODY0MTNiYmRmZGUyMGU1OTJmYmU1NTUzZGU3Zjk0
ZTU5ODcwHhcNMjYwMTAyMDAxOTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWI3NDBkOWRmYWYwNjhmYjc0YjM3ZjBjNzE5NWQ3MzA0ZGQ2MzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGV1CpxYPalHTbfPe1gw7TUC/0XH
9/sj5aDfjDQhG1ayjbofsln9tmi3P7143BluA/9YI80XHQBuF01I8AFPz/ZhFWNw
mOFWibJuc6aN7NdoQbZg+iouZd8vc1DZxaYMmiiMywhX+CTCxo3m0jfHXxZZttJ1
955A9xHroJ6EJtWm4s1qSKOvP1v2uHe4A5FclsXPMdeIAVYjseb7XX+BEC2k+FS5
M0bbwfOy19pSOQ69/kwJMJLHK3lWN1kdgSCAbU6JvfjUlvUssqsgw7vjIOGFe0oJ
eM/XFFldy24zCPiDu9tby6BnRfPMsKZ5Fgxl8RUTu+5lq3/XaRVReqmCHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIW3QNnfrwaPt0s38McZXXME3WMTMB8GA1UdIwQY
MBaAFKYhGGQTu9/eIOWS++VVPef5TlmHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGlFWVpCTzczOTRnNVpMNzVWVTk1X2xPV1ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8wMzk2YWQtZGRhNy00NjAwLThmNjYt
ZjU2Yzc3OWIxNDJmLzEvaGJkQTJkLXZCby0zU3pmd3h4bGRjd1RkWXhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8wMzk2YWQtZGRhNy00NjAwLThmNjYtZjU2Yzc3OWIxNDJm
LzEvcGlFWVpCTzczOTRnNVpMNzVWVTk1X2xPV1ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYPkMA0G
CSqGSIb3DQEBCwUAA4IBAQCItZPaMDmlasy8AXEBc4wEq/vDSQGZQbjjGPHNzZF9
QLLb5vEZPFfIfpcjIIxwrBvw6PwnFuqWV2mObrjzEALWdUIksx3sZHZCzMc8dEFC
tIy/XuctyLimEyu1xDFEiC4TR3SFTY5lhVpym9W0SIBnN1gfMSxrqMBcZcNN+D7S
1e3u8mIv7Wn9Fs8goDopTr2ySRrQAomsTuYrwWiChUVyq+4lBCkSrDEMyX7VWZ2L
eWzYmLnQB87IEgWctjAZ5p/UtzbnxEURlsNixEOKV2/LxEWdAgCAi4p/ZJGU7BER
dtf1X5XiD0760sn+v4tehUPdm1RCZEll3Ne9gqguPZxJ
-----END CERTIFICATE-----