This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/hLSO_O6xaM7r05r3MxZf6SqUUFs.roa
File:                     hLSO_O6xaM7r05r3MxZf6SqUUFs.roa (raw, json)
Hash identifier:          P+jaY+n9bXozEzc3ZwpWv16cXEXSmsjH0j6LoAlbUSc=
Subject key identifier:   84:B4:8E:FC:EE:B1:68:CE:EB:D3:9A:F7:33:16:5F:E9:2A:94:50:5B
Certificate issuer:       /CN=a4824308bc83b4ee56f1c0c1b9fbfc311b0cd44a
Certificate serial:       019B7C11DB13474385BF985CDB670CD7BDF5
Authority key identifier: A4:82:43:08:BC:83:B4:EE:56:F1:C0:C1:B9:FB:FC:31:1B:0C:D4:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pIJDCLyDtO5W8cDBufv8MRsM1Eo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/hLSO_O6xaM7r05r3MxZf6SqUUFs.roa
Signing time:             Fri 02 Jan 2026 00:18:23 +0000
ROA not before:           Fri 02 Jan 2026 00:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203306
IP address blocks:        81.95.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/pIJDCLyDtO5W8cDBufv8MRsM1Eo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/pIJDCLyDtO5W8cDBufv8MRsM1Eo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pIJDCLyDtO5W8cDBufv8MRsM1Eo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:db:13:47:43:85:bf:98:5c:db:67:0c:d7:bd:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4824308bc83b4ee56f1c0c1b9fbfc311b0cd44a
        Validity
            Not Before: Jan  2 00:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=84b48efceeb168ceebd39af733165fe92a94505b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0b:58:08:d0:40:f9:9c:77:52:24:5f:2b:fa:
                    08:3a:f5:6e:0f:3e:b8:d5:6f:d0:9d:41:f4:1b:16:
                    d6:4d:a5:c3:46:94:16:97:0e:26:39:92:50:ba:ff:
                    2f:57:8a:34:06:16:19:88:7d:19:8a:fb:b3:a0:07:
                    14:83:ba:f2:0a:3f:05:ac:70:28:f5:76:c4:19:d4:
                    a6:d0:cf:20:1a:b8:99:e5:73:c8:de:2e:d6:51:73:
                    2f:b1:fc:ad:a7:8c:9d:d7:a1:82:17:d3:bf:20:7a:
                    8c:b0:b7:5e:f3:f6:cf:eb:e5:fe:e9:f2:b1:72:a4:
                    f4:7c:8f:e5:16:8f:38:80:bf:3b:3b:34:23:1e:94:
                    a4:a4:e5:c4:f7:02:3f:42:66:7f:9c:94:a1:3d:29:
                    19:d5:8b:e6:98:cf:55:55:ab:05:3f:09:dc:78:a0:
                    50:34:26:e4:6e:11:32:0d:d3:fb:61:07:31:7e:9b:
                    66:50:3d:b7:70:1c:21:4f:ee:b6:c7:45:43:59:e1:
                    57:fc:56:a2:76:e6:9b:5a:35:4e:3d:54:5c:e1:b2:
                    04:2a:59:51:fb:19:7b:84:6a:25:ec:94:ae:2f:ea:
                    ca:46:ef:d7:83:40:8b:86:37:69:bf:44:5d:8f:d6:
                    57:7a:e0:a3:da:8d:ed:ee:54:ea:ec:2f:41:6b:c0:
                    9b:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:B4:8E:FC:EE:B1:68:CE:EB:D3:9A:F7:33:16:5F:E9:2A:94:50:5B
            X509v3 Authority Key Identifier:
                keyid:A4:82:43:08:BC:83:B4:EE:56:F1:C0:C1:B9:FB:FC:31:1B:0C:D4:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pIJDCLyDtO5W8cDBufv8MRsM1Eo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/hLSO_O6xaM7r05r3MxZf6SqUUFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/pIJDCLyDtO5W8cDBufv8MRsM1Eo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.95.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:f3:f2:74:ae:3a:bf:f3:d6:6d:b1:5c:6b:4e:c8:fa:42:83:
         93:da:31:29:10:f9:bf:c3:c4:a4:c7:d7:2d:87:be:14:f0:08:
         39:17:95:bb:b3:03:d4:be:fc:6d:8e:8f:40:d6:01:19:9f:05:
         94:fc:be:d5:0f:99:30:89:69:ee:6d:12:c5:98:a1:bf:ee:71:
         80:58:02:1a:35:64:33:72:34:11:5a:09:b7:b2:6c:b3:12:19:
         05:be:1c:dd:ed:e7:2d:9a:d1:4b:99:32:b0:f8:5b:f6:13:a7:
         57:3e:0a:ed:fe:b3:60:6e:84:87:09:da:5c:8c:8b:ef:5b:ae:
         18:25:22:ea:76:39:af:56:a5:6b:79:fa:47:fb:a3:3c:89:e3:
         f6:fc:3b:3d:62:04:04:a3:16:11:bb:e1:b6:50:5a:87:98:35:
         4f:1f:74:f9:3c:5f:49:06:f9:95:10:83:e0:3b:4b:24:e4:fb:
         fe:ff:7f:11:14:78:45:35:cd:3e:63:a2:a3:93:71:dd:49:95:
         6d:67:40:73:df:34:08:bc:b1:a4:a2:87:1e:e3:54:9f:65:c3:
         70:1d:86:34:14:58:cb:88:fb:a7:d6:ca:a1:85:91:51:ef:b9:
         3c:eb:8a:ab:0d:c3:34:d9:55:2b:13:8e:c1:cc:cc:41:ee:eb:
         b5:44:4e:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EdsTR0OFv5hc22cM1731MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ODI0MzA4YmM4M2I0ZWU1NmYxYzBjMWI5ZmJmYzMxMWIw
Y2Q0NGEwHhcNMjYwMTAyMDAxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGI0OGVmY2VlYjE2OGNlZWJkMzlhZjczMzE2NWZlOTJhOTQ1MDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAtYCNBA+Zx3UiRfK/oIOvVuDz64
1W/QnUH0GxbWTaXDRpQWlw4mOZJQuv8vV4o0BhYZiH0ZivuzoAcUg7ryCj8FrHAo
9XbEGdSm0M8gGriZ5XPI3i7WUXMvsfytp4yd16GCF9O/IHqMsLde8/bP6+X+6fKx
cqT0fI/lFo84gL87OzQjHpSkpOXE9wI/QmZ/nJShPSkZ1YvmmM9VVasFPwnceKBQ
NCbkbhEyDdP7YQcxfptmUD23cBwhT+62x0VDWeFX/FaiduabWjVOPVRc4bIEKllR
+xl7hGol7JSuL+rKRu/Xg0CLhjdpv0Rdj9ZXeuCj2o3t7lTq7C9Ba8Cb0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIS0jvzusWjO69Oa9zMWX+kqlFBbMB8GA1UdIwQY
MBaAFKSCQwi8g7TuVvHAwbn7/DEbDNRKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcElKRENMeUR0TzVXOGNEQnVmdjhNUnNNMUVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS81ZmViMTMtOWU0My00MzI1LTg1Yzkt
MTk2ZTZmMzc1ZmQ2LzEvaExTT19PNnhhTTdyMDVyM014WmY2U3FVVUZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS81ZmViMTMtOWU0My00MzI1LTg1YzktMTk2ZTZmMzc1ZmQ2
LzEvcElKRENMeUR0TzVXOGNEQnVmdjhNUnNNMUVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUV/HMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ8/J0rjq/89ZtsVxrTsj6QoOT2jEpEPm/w8Skx9ct
h74U8Ag5F5W7swPUvvxtjo9A1gEZnwWU/L7VD5kwiWnubRLFmKG/7nGAWAIaNWQz
cjQRWgm3smyzEhkFvhzd7ectmtFLmTKw+Fv2E6dXPgrt/rNgboSHCdpcjIvvW64Y
JSLqdjmvVqVrefpH+6M8ieP2/Ds9YgQEoxYRu+G2UFqHmDVPH3T5PF9JBvmVEIPg
O0sk5Pv+/38RFHhFNc0+Y6Kjk3HdSZVtZ0Bz3zQIvLGkooce41SfZcNwHYY0FFjL
iPun1sqhhZFR77k864qrDcM02VUrE47BzMxB7uu1RE63
-----END CERTIFICATE-----