This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/9a52fd-0364-4150-aaca-41602fdc9fde/1/HuM-fqgyJipWVuJxhHWn42tWfGs.roa
File:                     HuM-fqgyJipWVuJxhHWn42tWfGs.roa (raw, json)
Hash identifier:          U6kHpEw2y7t9pxRNfk/+X/Y6S7JlFdwGGwL7w7s/5Yo=
Subject key identifier:   1E:E3:3E:7E:A8:32:26:2A:56:56:E2:71:84:75:A7:E3:6B:56:7C:6B
Certificate issuer:       /CN=76e2ae4fe0c0d6cb0749b877ae155a629fe2afd6
Certificate serial:       019B7BA4666E5891E76DB1097EE7AA5FCFC4
Authority key identifier: 76:E2:AE:4F:E0:C0:D6:CB:07:49:B8:77:AE:15:5A:62:9F:E2:AF:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/duKuT-DA1ssHSbh3rhVaYp_ir9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/9a52fd-0364-4150-aaca-41602fdc9fde/1/HuM-fqgyJipWVuJxhHWn42tWfGs.roa
Signing time:             Thu 01 Jan 2026 22:18:50 +0000
ROA not before:           Thu 01 Jan 2026 22:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44761
IP address blocks:        195.28.18.0/23 maxlen: 23
                          195.28.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/9a52fd-0364-4150-aaca-41602fdc9fde/1/duKuT-DA1ssHSbh3rhVaYp_ir9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/9a52fd-0364-4150-aaca-41602fdc9fde/1/duKuT-DA1ssHSbh3rhVaYp_ir9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/duKuT-DA1ssHSbh3rhVaYp_ir9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:66:6e:58:91:e7:6d:b1:09:7e:e7:aa:5f:cf:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76e2ae4fe0c0d6cb0749b877ae155a629fe2afd6
        Validity
            Not Before: Jan  1 22:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1ee33e7ea832262a5656e2718475a7e36b567c6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:8f:92:80:b8:3e:72:dc:54:a8:d3:c0:bf:c8:
                    32:7e:5a:58:2f:c9:47:1c:0f:bf:ef:87:a4:63:8a:
                    98:4a:37:da:06:ad:cb:e4:f1:63:1f:94:40:59:93:
                    6b:7c:d1:94:2b:9c:ad:03:e7:c2:00:6e:45:18:bc:
                    c9:e5:c1:f4:b5:6e:0e:0b:2b:b4:04:18:6b:06:ac:
                    a3:f0:9b:16:cb:cf:65:4f:76:e5:38:3a:8e:86:b8:
                    4d:26:87:7e:b5:c8:91:3f:ab:6e:3d:2a:db:fb:8f:
                    0f:79:c0:ee:17:8b:cc:6c:76:43:cc:cc:05:61:96:
                    f8:85:ab:92:79:39:d5:9b:6a:6e:8e:d0:12:d0:a1:
                    f3:fd:40:89:e2:af:0f:27:40:57:c9:64:71:3b:22:
                    b7:17:0d:09:ac:b4:4f:b7:2a:4d:2d:9a:4e:48:4b:
                    0e:5c:b8:83:28:a1:9e:bd:1e:03:03:97:30:21:4b:
                    a8:14:66:c6:24:fa:af:ba:5c:eb:38:eb:fe:82:16:
                    76:34:cf:ed:ab:28:ad:da:4c:83:7b:92:d9:cd:ec:
                    e7:4d:c9:f1:5f:f0:ad:d2:3f:a7:63:16:0a:0a:22:
                    7c:5b:3d:09:d9:2f:66:0d:f3:61:e4:60:80:7c:f6:
                    a3:60:15:38:8b:04:df:10:3e:6a:ea:e6:75:e8:bc:
                    fb:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:E3:3E:7E:A8:32:26:2A:56:56:E2:71:84:75:A7:E3:6B:56:7C:6B
            X509v3 Authority Key Identifier:
                keyid:76:E2:AE:4F:E0:C0:D6:CB:07:49:B8:77:AE:15:5A:62:9F:E2:AF:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/duKuT-DA1ssHSbh3rhVaYp_ir9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/9a52fd-0364-4150-aaca-41602fdc9fde/1/HuM-fqgyJipWVuJxhHWn42tWfGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/9a52fd-0364-4150-aaca-41602fdc9fde/1/duKuT-DA1ssHSbh3rhVaYp_ir9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.28.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:4f:ca:53:f9:37:28:3f:df:f7:85:b5:4f:fa:ac:bf:e6:c0:
         e4:ca:84:fe:bd:b6:15:27:ff:6f:9b:0c:10:f9:79:6f:33:30:
         ae:2f:5e:2c:43:4a:0e:8c:1a:2c:94:bb:94:95:f7:e5:d5:0d:
         92:f4:61:de:0a:d1:1f:0e:2a:c3:fa:e2:a4:15:0a:d8:61:b6:
         6a:b0:26:5f:0d:fe:e5:58:83:c9:51:b5:38:c3:21:45:61:32:
         41:85:9b:3c:e5:8b:8b:7f:5a:4b:fe:36:71:e4:b5:3a:8b:9d:
         bb:d5:f0:29:0d:07:a0:6e:69:8b:63:a6:a4:83:ed:7d:e3:43:
         24:08:e4:b1:7c:41:8d:89:92:55:5c:c2:89:b4:33:c7:39:1c:
         8c:e6:ca:fb:72:a6:c8:07:b9:a0:2c:d8:22:fd:54:99:cf:56:
         d8:f8:2a:97:99:1b:0e:9a:2e:a9:0b:49:c2:52:e0:26:20:2f:
         6f:6d:80:8b:b3:62:92:0d:7e:54:a8:85:d6:c0:c2:c6:c1:1c:
         ed:37:53:22:43:a6:b6:ce:eb:3f:c0:a9:a1:a1:42:4f:40:3a:
         94:59:38:56:da:28:df:a8:64:98:ad:78:da:7e:a5:da:40:e9:
         d9:5b:12:7a:6a:e3:85:68:fc:45:c5:82:78:3e:11:30:ec:26:
         18:ac:ad:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pGZuWJHnbbEJfueqX8/EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZTJhZTRmZTBjMGQ2Y2IwNzQ5Yjg3N2FlMTU1YTYyOWZl
MmFmZDYwHhcNMjYwMTAxMjIxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWUzM2U3ZWE4MzIyNjJhNTY1NmUyNzE4NDc1YTdlMzZiNTY3YzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Y+SgLg+ctxUqNPAv8gyflpYL8lH
HA+/74ekY4qYSjfaBq3L5PFjH5RAWZNrfNGUK5ytA+fCAG5FGLzJ5cH0tW4OCyu0
BBhrBqyj8JsWy89lT3blODqOhrhNJod+tciRP6tuPSrb+48PecDuF4vMbHZDzMwF
YZb4hauSeTnVm2pujtAS0KHz/UCJ4q8PJ0BXyWRxOyK3Fw0JrLRPtypNLZpOSEsO
XLiDKKGevR4DA5cwIUuoFGbGJPqvulzrOOv+ghZ2NM/tqyit2kyDe5LZzeznTcnx
X/Ct0j+nYxYKCiJ8Wz0J2S9mDfNh5GCAfPajYBU4iwTfED5q6uZ16Lz7eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB7jPn6oMiYqVlbicYR1p+NrVnxrMB8GA1UdIwQY
MBaAFHbirk/gwNbLB0m4d64VWmKf4q/WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHVLdVQtREExc3NIU2JoM3JoVmFZcF9pcjlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC85YTUyZmQtMDM2NC00MTUwLWFhY2Et
NDE2MDJmZGM5ZmRlLzEvSHVNLWZxZ3lKaXBXVnVKeGhIV240MnRXZkdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC85YTUyZmQtMDM2NC00MTUwLWFhY2EtNDE2MDJmZGM5ZmRl
LzEvZHVLdVQtREExc3NIU2JoM3JoVmFZcF9pcjlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwxwSMA0G
CSqGSIb3DQEBCwUAA4IBAQACT8pT+TcoP9/3hbVP+qy/5sDkyoT+vbYVJ/9vmwwQ
+XlvMzCuL14sQ0oOjBoslLuUlffl1Q2S9GHeCtEfDirD+uKkFQrYYbZqsCZfDf7l
WIPJUbU4wyFFYTJBhZs85YuLf1pL/jZx5LU6i5271fApDQegbmmLY6akg+1940Mk
COSxfEGNiZJVXMKJtDPHORyM5sr7cqbIB7mgLNgi/VSZz1bY+CqXmRsOmi6pC0nC
UuAmIC9vbYCLs2KSDX5UqIXWwMLGwRztN1MiQ6a2zus/wKmhoUJPQDqUWThW2ijf
qGSYrXjafqXaQOnZWxJ6auOFaPxFxYJ4PhEw7CYYrK3T
-----END CERTIFICATE-----