This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/hTC91o4ZtMO-04ZIsmw_aK8gJeA.roa
File:                     hTC91o4ZtMO-04ZIsmw_aK8gJeA.roa (raw, json)
Hash identifier:          War1ZIX95W/VPK4FUZA8Xa/ZSNStMaoIUos///YIBIQ=
Subject key identifier:   85:30:BD:D6:8E:19:B4:C3:BE:D3:86:48:B2:6C:3F:68:AF:20:25:E0
Certificate issuer:       /CN=e4984f8f36ebf9f8f54c12174f463664d7b23aee
Certificate serial:       019B7A5B86B979875FC12ECF57AE9050028E
Authority key identifier: E4:98:4F:8F:36:EB:F9:F8:F5:4C:12:17:4F:46:36:64:D7:B2:3A:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/hTC91o4ZtMO-04ZIsmw_aK8gJeA.roa
Signing time:             Thu 01 Jan 2026 16:19:37 +0000
ROA not before:           Thu 01 Jan 2026 16:19:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203966
IP address blocks:        213.171.70.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:86:b9:79:87:5f:c1:2e:cf:57:ae:90:50:02:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4984f8f36ebf9f8f54c12174f463664d7b23aee
        Validity
            Not Before: Jan  1 16:19:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8530bdd68e19b4c3bed38648b26c3f68af2025e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:89:f5:26:f4:70:d9:75:4e:06:cc:13:f5:b6:
                    14:f7:03:8e:55:68:b8:51:95:34:cf:04:51:57:37:
                    60:80:77:66:53:cf:fe:79:82:6a:29:56:f6:ed:1d:
                    d0:0b:92:1a:ec:d4:77:1e:6f:fd:4c:0c:aa:a2:93:
                    19:a8:fa:41:69:8f:17:ab:19:21:0b:19:36:08:f8:
                    d0:07:65:5a:d8:40:e1:fb:c1:03:73:90:c5:ad:3c:
                    ba:05:1c:29:8c:0b:d5:5d:c4:e3:b7:ac:05:c6:99:
                    81:8e:28:4d:bf:0e:1c:a8:52:d1:cb:65:49:ea:28:
                    a7:9a:04:a1:2d:da:1a:25:a3:78:f0:d7:34:82:fb:
                    78:34:45:8c:9b:c7:15:93:99:55:5a:45:05:2f:da:
                    f3:50:33:86:dc:fd:54:bd:d8:d5:77:5b:cc:57:20:
                    69:6a:5b:69:d0:de:64:98:62:5b:57:87:e1:c7:c5:
                    24:7d:7e:a5:f6:44:70:1e:df:02:20:b2:c6:77:3c:
                    23:ad:d7:5a:a1:44:55:12:ca:4e:68:d2:22:f0:1a:
                    f3:90:46:83:df:a6:2c:86:a1:e4:76:54:40:5a:aa:
                    f6:8e:b8:48:8c:1d:04:d9:7c:07:28:2e:e4:1d:48:
                    54:90:ca:72:a0:41:9d:4e:9f:a0:c0:0d:6a:83:5d:
                    64:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:30:BD:D6:8E:19:B4:C3:BE:D3:86:48:B2:6C:3F:68:AF:20:25:E0
            X509v3 Authority Key Identifier:
                keyid:E4:98:4F:8F:36:EB:F9:F8:F5:4C:12:17:4F:46:36:64:D7:B2:3A:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/hTC91o4ZtMO-04ZIsmw_aK8gJeA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/57d908-207d-497c-ab18-de7be1e5c776/1/5JhPjzbr-fj1TBIXT0Y2ZNeyOu4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.171.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6f:61:d9:2f:11:84:60:39:f8:c4:07:80:9f:a4:a2:f8:4b:c5:
         c0:23:a7:69:83:9a:e8:c6:e2:23:d2:6e:17:0d:36:1a:9f:67:
         52:4a:78:76:9f:c5:f5:d6:07:5c:f2:2d:23:05:ba:c0:00:21:
         2e:67:6a:49:0f:ea:25:e8:5d:56:83:59:11:50:b1:52:8b:43:
         15:60:62:fc:d9:45:ae:99:68:69:77:55:09:f5:de:34:81:04:
         43:66:70:ca:02:5e:a0:09:10:9b:52:ce:8f:c1:18:23:05:34:
         81:e4:2d:c9:29:1d:68:61:da:10:51:0e:65:05:12:4d:ea:e6:
         8b:8d:c6:95:9c:a2:61:a5:39:c2:2b:ff:69:95:42:69:30:78:
         05:c8:ef:a9:ea:4b:64:bb:d8:4f:7e:72:46:e5:ae:e6:38:07:
         75:63:e4:1a:2f:f2:20:45:15:f4:a6:89:c3:8a:06:cc:1d:dd:
         e9:99:65:60:3c:d3:ec:63:8e:ba:98:01:73:63:45:6d:ab:cf:
         b3:d3:d6:c6:0e:35:fd:e6:59:02:7a:4d:87:c9:de:2a:13:fd:
         17:72:bd:75:75:a6:4e:b0:16:14:15:ef:2d:19:90:00:76:14:
         00:b7:56:f1:ef:ff:24:10:ba:f4:17:6b:0a:0f:c4:14:8f:98:
         f1:a2:3f:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6W4a5eYdfwS7PV66QUAKOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0OTg0ZjhmMzZlYmY5ZjhmNTRjMTIxNzRmNDYzNjY0ZDdi
MjNhZWUwHhcNMjYwMTAxMTYxOTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTMwYmRkNjhlMTliNGMzYmVkMzg2NDhiMjZjM2Y2OGFmMjAyNWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvon1JvRw2XVOBswT9bYU9wOOVWi4
UZU0zwRRVzdggHdmU8/+eYJqKVb27R3QC5Ia7NR3Hm/9TAyqopMZqPpBaY8Xqxkh
Cxk2CPjQB2Va2EDh+8EDc5DFrTy6BRwpjAvVXcTjt6wFxpmBjihNvw4cqFLRy2VJ
6iinmgShLdoaJaN48Nc0gvt4NEWMm8cVk5lVWkUFL9rzUDOG3P1UvdjVd1vMVyBp
altp0N5kmGJbV4fhx8UkfX6l9kRwHt8CILLGdzwjrddaoURVEspOaNIi8BrzkEaD
36YshqHkdlRAWqr2jrhIjB0E2XwHKC7kHUhUkMpyoEGdTp+gwA1qg11kiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIUwvdaOGbTDvtOGSLJsP2ivICXgMB8GA1UdIwQY
MBaAFOSYT4826/n49UwSF09GNmTXsjruMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUpoUGp6YnItZmoxVEJJWFQwWTJaTmV5T3U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi81N2Q5MDgtMjA3ZC00OTdjLWFiMTgt
ZGU3YmUxZTVjNzc2LzEvaFRDOTFvNFp0TU8tMDRaSXNtd19hSzhnSmVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi81N2Q5MDgtMjA3ZC00OTdjLWFiMTgtZGU3YmUxZTVjNzc2
LzEvNUpoUGp6YnItZmoxVEJJWFQwWTJaTmV5T3U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1atGMA0G
CSqGSIb3DQEBCwUAA4IBAQBvYdkvEYRgOfjEB4CfpKL4S8XAI6dpg5roxuIj0m4X
DTYan2dSSnh2n8X11gdc8i0jBbrAACEuZ2pJD+ol6F1Wg1kRULFSi0MVYGL82UWu
mWhpd1UJ9d40gQRDZnDKAl6gCRCbUs6PwRgjBTSB5C3JKR1oYdoQUQ5lBRJN6uaL
jcaVnKJhpTnCK/9plUJpMHgFyO+p6ktku9hPfnJG5a7mOAd1Y+QaL/IgRRX0ponD
igbMHd3pmWVgPNPsY466mAFzY0Vtq8+z09bGDjX95lkCek2Hyd4qE/0Xcr11daZO
sBYUFe8tGZAAdhQAt1bx7/8kELr0F2sKD8QUj5jxoj+C
-----END CERTIFICATE-----