This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/kHpTZdJdGSTy5cL36tdDAiifHMM.roa
File:                     kHpTZdJdGSTy5cL36tdDAiifHMM.roa (raw, json)
Hash identifier:          t+ZN1J9Tad6u02+/g5NMqtaDNj7REzYTAjeN7U4LYyw=
Subject key identifier:   90:7A:53:65:D2:5D:19:24:F2:E5:C2:F7:EA:D7:43:02:28:9F:1C:C3
Certificate issuer:       /CN=16cde139ae0573b0a4dda93e77b57ff27f9beba1
Certificate serial:       019B7C8052EE0F90934D4BAFF6065C63F1BB
Authority key identifier: 16:CD:E1:39:AE:05:73:B0:A4:DD:A9:3E:77:B5:7F:F2:7F:9B:EB:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/kHpTZdJdGSTy5cL36tdDAiifHMM.roa
Signing time:             Fri 02 Jan 2026 02:19:03 +0000
ROA not before:           Fri 02 Jan 2026 02:19:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8220
IP address blocks:        155.45.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 05:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:52:ee:0f:90:93:4d:4b:af:f6:06:5c:63:f1:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16cde139ae0573b0a4dda93e77b57ff27f9beba1
        Validity
            Not Before: Jan  2 02:19:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=907a5365d25d1924f2e5c2f7ead74302289f1cc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:16:de:b3:c0:9d:b5:e6:db:ed:88:9f:88:a6:
                    ce:e7:e6:bb:cc:99:cc:d3:6b:c2:7a:e8:55:23:e4:
                    ff:08:68:8a:be:6f:60:f5:53:a6:77:19:62:4a:d6:
                    18:6d:6a:f4:9c:12:fc:e4:9c:aa:50:59:c3:4c:c2:
                    0f:32:1c:8a:f1:65:c5:b4:4f:2a:7f:53:b6:f0:02:
                    9d:58:14:a8:7b:5c:91:bf:ef:61:a9:03:73:29:8b:
                    51:9f:74:7e:91:2e:d7:a0:6a:c9:ad:7f:72:1c:ba:
                    a3:cd:b6:97:40:0d:45:3b:52:23:31:92:58:59:96:
                    30:d7:a5:43:bb:b4:09:b3:00:b1:ca:b3:cc:40:01:
                    d7:48:04:0e:0b:00:e5:4a:95:59:0f:62:c4:ad:7a:
                    86:62:bd:d7:19:c9:1f:26:38:79:4e:bb:b6:2b:19:
                    51:bc:7e:65:4f:0c:d0:50:69:f6:fe:1c:6a:9c:40:
                    85:20:e1:11:d6:da:ff:16:3d:d8:9f:f6:d8:a6:3c:
                    86:33:46:7c:7e:e9:3a:47:a3:d0:21:53:64:4e:23:
                    cc:bc:6f:5d:79:46:a7:31:a5:c7:39:78:95:45:79:
                    fd:38:54:c2:b7:7c:35:ff:bd:10:72:96:2d:f4:04:
                    eb:79:ed:5e:cd:e5:0b:73:ee:b0:65:5e:e8:90:dd:
                    0c:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:7A:53:65:D2:5D:19:24:F2:E5:C2:F7:EA:D7:43:02:28:9F:1C:C3
            X509v3 Authority Key Identifier:
                keyid:16:CD:E1:39:AE:05:73:B0:A4:DD:A9:3E:77:B5:7F:F2:7F:9B:EB:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/kHpTZdJdGSTy5cL36tdDAiifHMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.45.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:4f:63:3b:9b:80:b5:f4:f6:a0:24:42:3c:68:3c:fb:f6:b7:
         bc:5e:e2:c6:58:75:ab:94:ea:5a:5f:ae:bc:dd:53:ba:0e:a9:
         c4:fa:69:21:5e:ba:45:58:87:78:74:91:7b:e9:90:46:c5:a9:
         56:66:00:20:cc:47:4a:49:fc:ef:82:d1:3b:ae:23:ed:bd:23:
         1c:a6:3d:e6:cf:b2:22:55:1a:1e:7b:a9:84:67:b8:57:5f:b1:
         03:76:94:6f:65:06:32:54:1c:5b:bb:fa:03:1f:cf:06:28:9f:
         2b:c1:ea:21:fc:b9:20:f9:19:8b:9e:b2:6d:e9:16:c7:49:1c:
         3b:92:f0:86:06:d0:86:31:8d:49:61:75:db:ce:0e:0a:ca:dd:
         a8:20:34:64:41:c9:ad:58:75:ce:98:e8:35:70:35:11:fd:5b:
         2b:fd:c7:ad:f2:02:c0:21:e0:c8:a5:48:d5:30:03:67:a8:b3:
         58:7f:40:69:40:fe:59:f9:18:84:2f:98:f0:ff:56:77:bb:2f:
         12:d4:7c:69:bf:85:71:0f:4a:50:34:ae:63:22:90:2a:5d:07:
         0e:cd:f5:42:1a:5c:00:28:d7:f2:ee:fe:f3:19:07:6d:98:f9:
         62:36:db:8c:e2:9d:dc:9b:0f:16:88:b9:5a:1d:21:ad:ad:75:
         58:c8:08:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gFLuD5CTTUuv9gZcY/G7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2Y2RlMTM5YWUwNTczYjBhNGRkYTkzZTc3YjU3ZmYyN2Y5
YmViYTEwHhcNMjYwMTAyMDIxOTAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDdhNTM2NWQyNWQxOTI0ZjJlNWMyZjdlYWQ3NDMwMjI4OWYxY2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBbes8Cdtebb7YifiKbO5+a7zJnM
02vCeuhVI+T/CGiKvm9g9VOmdxliStYYbWr0nBL85JyqUFnDTMIPMhyK8WXFtE8q
f1O28AKdWBSoe1yRv+9hqQNzKYtRn3R+kS7XoGrJrX9yHLqjzbaXQA1FO1IjMZJY
WZYw16VDu7QJswCxyrPMQAHXSAQOCwDlSpVZD2LErXqGYr3XGckfJjh5Tru2KxlR
vH5lTwzQUGn2/hxqnECFIOER1tr/Fj3Yn/bYpjyGM0Z8fuk6R6PQIVNkTiPMvG9d
eUanMaXHOXiVRXn9OFTCt3w1/70QcpYt9ATree1ezeULc+6wZV7okN0MiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJB6U2XSXRkk8uXC9+rXQwIonxzDMB8GA1UdIwQY
MBaAFBbN4TmuBXOwpN2pPne1f/J/m+uhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnMzaE9hNEZjN0NrM2FrLWQ3Vl84bi1iNjZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8zYzAyZjYtN2M0MS00OWJiLWI5ZGUt
YjY5ZGNlNzU0N2ExLzEva0hwVFpkSmRHU1R5NWNMMzZ0ZERBaWlmSE1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8zYzAyZjYtN2M0MS00OWJiLWI5ZGUtYjY5ZGNlNzU0N2Ex
LzEvRnMzaE9hNEZjN0NrM2FrLWQ3Vl84bi1iNjZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmy2AMA0G
CSqGSIb3DQEBCwUAA4IBAQBrT2M7m4C19PagJEI8aDz79re8XuLGWHWrlOpaX668
3VO6DqnE+mkhXrpFWId4dJF76ZBGxalWZgAgzEdKSfzvgtE7riPtvSMcpj3mz7Ii
VRoee6mEZ7hXX7EDdpRvZQYyVBxbu/oDH88GKJ8rweoh/Lkg+RmLnrJt6RbHSRw7
kvCGBtCGMY1JYXXbzg4Kyt2oIDRkQcmtWHXOmOg1cDUR/Vsr/cet8gLAIeDIpUjV
MANnqLNYf0BpQP5Z+RiEL5jw/1Z3uy8S1Hxpv4VxD0pQNK5jIpAqXQcOzfVCGlwA
KNfy7v7zGQdtmPliNtuM4p3cmw8WiLlaHSGtrXVYyAiX
-----END CERTIFICATE-----