This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/HgGkGBstyKsZBFCaKLv9CJKNyro.roa
File:                     HgGkGBstyKsZBFCaKLv9CJKNyro.roa (raw, json)
Hash identifier:          klemyl3LyPK3NCSjEkKCCRHmMvzRtXaWKBO10cWuRcM=
Subject key identifier:   1E:01:A4:18:1B:2D:C8:AB:19:04:50:9A:28:BB:FD:08:92:8D:CA:BA
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       019B79EBD9EEA3D9E41AD6B1D6A007D339DE
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/HgGkGBstyKsZBFCaKLv9CJKNyro.roa
Signing time:             Thu 01 Jan 2026 14:17:38 +0000
ROA not before:           Thu 01 Jan 2026 14:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33917
IP address blocks:        193.80.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 17:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:eb:d9:ee:a3:d9:e4:1a:d6:b1:d6:a0:07:d3:39:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 14:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1e01a4181b2dc8ab1904509a28bbfd08928dcaba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:c7:7d:14:da:29:d5:e8:31:a0:46:25:82:19:
                    a2:fc:cf:38:83:16:a6:a3:df:9e:9e:88:e4:c0:eb:
                    b3:5d:cd:89:cc:6d:6a:b6:7f:0c:bf:dc:b7:af:ab:
                    44:33:fe:b2:45:09:bf:b4:9b:47:03:3f:ee:1f:1e:
                    cf:49:21:f5:2f:e3:16:5d:e2:73:b0:1d:35:91:5f:
                    3b:af:b4:96:40:b7:d0:c7:a1:36:b2:a4:88:e3:9a:
                    6d:b4:15:bb:ea:13:f8:2a:7c:af:b7:f5:80:af:2f:
                    c4:33:e9:71:70:76:aa:a1:af:84:c4:1d:b5:4c:ce:
                    a7:09:ad:53:10:bc:f9:76:0f:f0:ef:ce:10:cf:02:
                    a4:6d:3e:52:6f:7e:50:91:45:4f:21:ac:2b:af:1a:
                    18:74:71:4a:b9:9b:70:94:d7:d6:c2:a7:09:8c:bf:
                    2b:f9:11:8f:24:88:f4:f6:0d:f6:17:6f:09:6c:15:
                    85:aa:36:f9:51:c3:ef:e9:69:c4:ab:1f:8f:33:8e:
                    ea:c4:ca:56:53:fb:5b:00:19:5b:4e:0f:ab:1c:35:
                    e5:be:92:a8:9c:db:0b:2b:e6:99:ab:f6:81:4c:ed:
                    63:9f:b1:66:85:55:d5:4d:dc:fd:77:14:58:84:d0:
                    0d:e3:47:e4:61:13:36:62:9e:94:12:08:fb:58:f5:
                    95:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:01:A4:18:1B:2D:C8:AB:19:04:50:9A:28:BB:FD:08:92:8D:CA:BA
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/HgGkGBstyKsZBFCaKLv9CJKNyro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.80.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:1c:1a:6e:8c:f7:c0:be:6f:a2:fa:40:d0:40:17:ef:8a:30:
         be:70:70:7a:5d:e5:0d:7d:66:d9:3a:5d:35:0c:cf:cd:11:d6:
         eb:48:68:5c:89:a2:d4:ce:d1:1b:1a:24:91:51:bc:58:ee:b4:
         50:bb:32:33:ad:e5:c7:fe:00:02:e5:cd:35:f8:80:75:ce:5c:
         14:01:c1:ba:e6:08:a1:3d:33:6d:9c:f1:f6:73:ee:71:0c:45:
         ab:db:f4:06:42:ae:a7:c5:03:0e:c8:cb:d6:02:df:a0:b9:98:
         94:c4:f1:8d:15:05:cb:27:01:3b:d2:21:80:f4:15:43:bf:b4:
         14:41:06:d3:21:2e:c6:b3:0c:81:41:93:7f:56:68:fc:32:50:
         bd:21:ff:3c:c0:0b:d6:86:4d:4d:ba:d2:ac:2f:eb:e9:c8:9d:
         f6:6b:73:a8:30:94:22:c4:b6:0f:85:8a:16:9e:39:6c:7b:80:
         37:87:b9:ff:5a:0a:33:ef:d2:b2:cb:e4:e5:aa:5e:df:f1:d9:
         a5:ff:8a:91:01:66:55:67:84:46:22:89:0d:47:2c:c1:53:64:
         2d:bf:00:a4:9b:83:af:c6:d4:99:04:6b:35:92:b0:b2:35:41:
         4a:65:72:64:d5:f1:1d:9e:a4:d8:d3:99:de:ec:e9:9f:e1:ae:
         c7:77:ba:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt569nuo9nkGtax1qAH0zneMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjYwMTAxMTQxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTAxYTQxODFiMmRjOGFiMTkwNDUwOWEyOGJiZmQwODkyOGRjYWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA58d9FNop1egxoEYlghmi/M84gxam
o9+enojkwOuzXc2JzG1qtn8Mv9y3r6tEM/6yRQm/tJtHAz/uHx7PSSH1L+MWXeJz
sB01kV87r7SWQLfQx6E2sqSI45pttBW76hP4Knyvt/WAry/EM+lxcHaqoa+ExB21
TM6nCa1TELz5dg/w784QzwKkbT5Sb35QkUVPIawrrxoYdHFKuZtwlNfWwqcJjL8r
+RGPJIj09g32F28JbBWFqjb5UcPv6WnEqx+PM47qxMpWU/tbABlbTg+rHDXlvpKo
nNsLK+aZq/aBTO1jn7FmhVXVTdz9dxRYhNAN40fkYRM2Yp6UEgj7WPWVfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB4BpBgbLcirGQRQmii7/QiSjcq6MB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvSGdHa0dCc3R5S3NaQkZDYUtMdjlDSktOeXJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwVC/MA0G
CSqGSIb3DQEBCwUAA4IBAQBPHBpujPfAvm+i+kDQQBfvijC+cHB6XeUNfWbZOl01
DM/NEdbrSGhciaLUztEbGiSRUbxY7rRQuzIzreXH/gAC5c01+IB1zlwUAcG65gih
PTNtnPH2c+5xDEWr2/QGQq6nxQMOyMvWAt+guZiUxPGNFQXLJwE70iGA9BVDv7QU
QQbTIS7GswyBQZN/Vmj8MlC9If88wAvWhk1NutKsL+vpyJ32a3OoMJQixLYPhYoW
njlse4A3h7n/Wgoz79Kyy+Tlql7f8dml/4qRAWZVZ4RGIokNRyzBU2QtvwCkm4Ov
xtSZBGs1krCyNUFKZXJk1fEdnqTY05ne7Omf4a7Hd7r2
-----END CERTIFICATE-----