This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/RHxATavLVj71s5bqw_sLOTtLYvg.roa
File:                     RHxATavLVj71s5bqw_sLOTtLYvg.roa (raw, json)
Hash identifier:          G/B3SqhyCu42dp9UEezZ3MyCJQiuy8jFm5X1+PCgYU4=
Subject key identifier:   44:7C:40:4D:AB:CB:56:3E:F5:B3:96:EA:C3:FB:0B:39:3B:4B:62:F8
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       019B7BA527C5EC8502EA4A403794C7573026
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/RHxATavLVj71s5bqw_sLOTtLYvg.roa
Signing time:             Thu 01 Jan 2026 22:19:39 +0000
ROA not before:           Thu 01 Jan 2026 22:19:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6453
IP address blocks:        212.5.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:27:c5:ec:85:02:ea:4a:40:37:94:c7:57:30:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 22:19:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=447c404dabcb563ef5b396eac3fb0b393b4b62f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1f:f4:d8:f7:fb:9a:0f:5a:c0:29:b7:85:0d:
                    0e:39:63:2f:b5:c5:fe:f3:41:d7:5f:93:dd:f8:d0:
                    fa:f8:fe:e6:80:57:a0:3f:4a:6c:f9:98:60:b2:c6:
                    48:e0:9a:a3:bf:e3:06:99:ed:09:7f:44:14:8f:d6:
                    ae:01:28:c2:e5:16:a1:ba:86:c4:de:67:72:4d:98:
                    cb:f2:fb:8c:9f:96:d4:a9:2f:a3:65:ff:9d:d4:35:
                    18:17:44:1b:17:bc:5b:75:c7:65:cb:b0:02:59:3b:
                    4d:89:d3:7c:30:b5:88:d8:c0:74:95:5b:66:0a:bb:
                    c6:54:89:77:4f:2d:cb:f9:f8:06:e9:3c:24:38:a5:
                    81:17:2d:c5:07:c5:d6:c2:44:4c:87:d2:93:4c:a4:
                    fc:9d:df:ec:1f:1c:8d:ff:52:04:bf:b1:c9:2d:dd:
                    92:2a:59:59:42:2f:9f:58:5d:79:89:d2:34:73:3d:
                    f0:a5:a9:22:7d:54:86:a1:82:57:66:2e:9c:0d:32:
                    cb:87:77:c5:fc:f7:af:49:73:79:25:70:19:63:d5:
                    9c:65:4f:e4:06:04:6e:54:e6:f4:57:c2:b3:71:3c:
                    33:dd:b9:db:26:29:15:a0:5b:e8:e8:82:c5:00:87:
                    18:03:21:13:35:ec:a3:d7:fb:f7:42:c5:04:2a:7f:
                    60:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:7C:40:4D:AB:CB:56:3E:F5:B3:96:EA:C3:FB:0B:39:3B:4B:62:F8
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/RHxATavLVj71s5bqw_sLOTtLYvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.5.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:3d:31:42:78:7c:95:cf:70:6c:02:7f:e1:77:d7:f0:c5:4d:
         05:d0:ed:5b:0a:16:5f:1a:fe:4a:18:c9:f7:a0:68:d3:d3:de:
         75:d8:e9:ac:7e:dd:2f:eb:10:b4:dd:2d:07:73:f4:d0:d2:ee:
         f7:3f:cd:da:a3:df:a5:f4:d9:8a:7e:00:93:e1:b9:a3:ad:3e:
         73:80:69:bf:e7:92:bb:dc:ed:fe:15:7e:09:2e:d4:ad:7b:95:
         19:11:b3:a8:15:fa:94:29:ef:4a:0c:74:cb:b6:a2:9e:b9:63:
         79:f2:4c:6f:8a:43:c3:47:29:e4:d2:41:9c:10:b9:2b:2f:c4:
         99:0d:1a:67:9a:f7:fd:50:a3:06:d4:48:e4:d9:64:6a:58:81:
         1c:ad:87:64:ae:fa:a0:57:2e:b4:5a:cb:d2:47:fd:d9:41:c5:
         27:43:70:76:ed:a0:8c:12:bb:61:fa:e5:62:6b:06:ad:b0:82:
         d8:74:01:c9:50:a2:df:86:06:26:d9:08:b9:21:cd:e5:fa:86:
         da:22:2f:6f:f5:9c:c7:33:92:cc:8f:d2:cd:b1:33:56:ff:5d:
         b1:b8:2f:b0:62:61:fb:ac:ce:3f:0e:74:1f:f6:70:8c:7d:9d:
         16:34:ef:23:ea:2b:ef:54:21:2b:c8:a4:62:b6:8c:9c:84:30:
         e4:bb:8c:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pSfF7IUC6kpAN5THVzAmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwMTAxMjIxOTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDdjNDA0ZGFiY2I1NjNlZjViMzk2ZWFjM2ZiMGIzOTNiNGI2MmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtB/02Pf7mg9awCm3hQ0OOWMvtcX+
80HXX5Pd+ND6+P7mgFegP0ps+ZhgssZI4Jqjv+MGme0Jf0QUj9auASjC5RahuobE
3mdyTZjL8vuMn5bUqS+jZf+d1DUYF0QbF7xbdcdly7ACWTtNidN8MLWI2MB0lVtm
CrvGVIl3Ty3L+fgG6TwkOKWBFy3FB8XWwkRMh9KTTKT8nd/sHxyN/1IEv7HJLd2S
KllZQi+fWF15idI0cz3wpakifVSGoYJXZi6cDTLLh3fF/PevSXN5JXAZY9WcZU/k
BgRuVOb0V8KzcTwz3bnbJikVoFvo6ILFAIcYAyETNeyj1/v3QsUEKn9gQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFER8QE2ry1Y+9bOW6sP7Czk7S2L4MB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvUkh4QVRhdkxWajcxczVicXdfc0xPVHRMWXZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AWcMA0G
CSqGSIb3DQEBCwUAA4IBAQBfPTFCeHyVz3BsAn/hd9fwxU0F0O1bChZfGv5KGMn3
oGjT09512Omsft0v6xC03S0Hc/TQ0u73P83ao9+l9NmKfgCT4bmjrT5zgGm/55K7
3O3+FX4JLtSte5UZEbOoFfqUKe9KDHTLtqKeuWN58kxvikPDRynk0kGcELkrL8SZ
DRpnmvf9UKMG1Ejk2WRqWIEcrYdkrvqgVy60WsvSR/3ZQcUnQ3B27aCMErth+uVi
awatsILYdAHJUKLfhgYm2Qi5Ic3l+obaIi9v9ZzHM5LMj9LNsTNW/12xuC+wYmH7
rM4/DnQf9nCMfZ0WNO8j6ivvVCEryKRitoychDDku4yw
-----END CERTIFICATE-----