This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/hxGvu-IScN-_hKbmojPRTU_qNno.roa
File:                     hxGvu-IScN-_hKbmojPRTU_qNno.roa (raw, json)
Hash identifier:          ahzGwiWSxhQfKuYeEu+Wyoh/XK6bY7UKu+vDiNdhn8A=
Subject key identifier:   87:11:AF:BB:E2:12:70:DF:BF:84:A6:E6:A2:33:D1:4D:4F:EA:36:7A
Certificate issuer:       /CN=c8c2c7314593042cf74210f7f03be7106c224f89
Certificate serial:       019B7AC9569C3393D7C5D124BCDC125081E7
Authority key identifier: C8:C2:C7:31:45:93:04:2C:F7:42:10:F7:F0:3B:E7:10:6C:22:4F:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yMLHMUWTBCz3QhD38DvnEGwiT4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/hxGvu-IScN-_hKbmojPRTU_qNno.roa
Signing time:             Thu 01 Jan 2026 18:19:33 +0000
ROA not before:           Thu 01 Jan 2026 18:19:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208972
IP address blocks:        185.233.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/yMLHMUWTBCz3QhD38DvnEGwiT4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/yMLHMUWTBCz3QhD38DvnEGwiT4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yMLHMUWTBCz3QhD38DvnEGwiT4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:56:9c:33:93:d7:c5:d1:24:bc:dc:12:50:81:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8c2c7314593042cf74210f7f03be7106c224f89
        Validity
            Not Before: Jan  1 18:19:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8711afbbe21270dfbf84a6e6a233d14d4fea367a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c5:3b:93:79:4f:60:c9:23:b3:80:89:f0:99:
                    2a:47:1a:ce:f9:c9:55:05:1a:4d:5d:8b:5c:96:a7:
                    f6:dc:af:ac:d5:84:f7:75:19:ec:00:6d:c7:a2:a0:
                    14:22:49:ac:a6:c3:2a:6c:16:30:f4:2d:a4:46:47:
                    76:4b:20:91:0b:62:9c:37:8f:86:0b:b9:9b:6b:68:
                    c4:3c:88:7a:0b:d1:c1:5f:d1:2a:a1:84:ef:fa:4c:
                    c7:a5:53:86:f0:b9:d9:ea:e0:23:5b:7a:e4:98:d3:
                    78:0e:82:3c:1e:33:1f:47:34:e0:4c:1b:3a:9c:01:
                    4b:13:d3:a0:36:c0:72:da:35:5d:15:a2:5e:ea:28:
                    49:0a:bb:3c:22:54:eb:3f:ff:4f:e2:47:2d:6a:a9:
                    c8:7d:9f:77:a7:97:c6:4e:59:24:22:df:c7:b6:86:
                    a0:07:aa:64:a7:d2:9f:9e:51:63:1e:a0:93:9e:90:
                    f0:5d:c1:0a:88:c7:91:ba:1d:c2:d0:d9:39:97:07:
                    01:d7:76:0e:7d:46:c4:7a:8f:31:e6:2b:e3:1e:6c:
                    96:e6:2b:ac:c3:20:38:37:eb:a7:95:5c:20:8e:1f:
                    69:cc:3c:bc:c1:ce:93:50:d4:77:67:0e:86:d9:cb:
                    4c:b6:a9:d2:4b:62:44:c0:77:27:d0:8b:3f:00:3e:
                    1f:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:11:AF:BB:E2:12:70:DF:BF:84:A6:E6:A2:33:D1:4D:4F:EA:36:7A
            X509v3 Authority Key Identifier:
                keyid:C8:C2:C7:31:45:93:04:2C:F7:42:10:F7:F0:3B:E7:10:6C:22:4F:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yMLHMUWTBCz3QhD38DvnEGwiT4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/hxGvu-IScN-_hKbmojPRTU_qNno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b2dbe0-04c5-41ba-ac62-3a53d0ef8b5a/1/yMLHMUWTBCz3QhD38DvnEGwiT4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.233.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:1c:f2:b2:9c:99:81:f9:11:7f:0c:31:b0:ee:77:c9:b9:93:
         72:5c:c1:83:39:16:a7:d7:60:d0:c4:0d:31:31:65:b4:74:10:
         45:62:72:34:0f:3e:6e:c1:f9:ac:41:0d:3a:c5:65:da:e4:34:
         2d:3e:2e:15:ab:26:83:2d:41:9e:17:99:c6:2b:34:fe:79:58:
         39:34:c6:fb:2b:d1:4b:60:80:c9:b9:ef:0a:50:e7:fa:72:c6:
         43:07:50:ec:52:af:1f:61:60:9a:aa:32:99:19:04:c8:ff:51:
         ab:dc:e7:07:0a:24:1c:55:e6:86:c1:f8:2f:39:54:ec:fd:cb:
         cb:91:86:02:23:bb:a6:f8:33:42:73:fd:96:13:0d:96:b0:94:
         3a:28:5b:82:0f:da:f9:15:c0:39:5c:7a:23:54:49:14:82:f0:
         fe:0b:92:7a:45:c5:99:57:eb:cb:00:e8:71:92:03:59:00:95:
         f4:8a:2d:d3:b3:d0:f6:0c:f4:fe:30:57:33:6d:cc:dd:79:00:
         8d:85:1e:06:41:06:61:41:f2:e1:48:ef:f5:53:b6:9e:f2:2a:
         f7:12:43:68:ac:a3:55:94:10:d0:6c:bd:a5:f4:9d:5a:9e:d1:
         53:73:2e:3a:e9:1b:4c:65:fd:d9:02:ca:d4:91:26:53:aa:df:
         d6:9b:e2:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yVacM5PXxdEkvNwSUIHnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4YzJjNzMxNDU5MzA0MmNmNzQyMTBmN2YwM2JlNzEwNmMy
MjRmODkwHhcNMjYwMTAxMTgxOTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzExYWZiYmUyMTI3MGRmYmY4NGE2ZTZhMjMzZDE0ZDRmZWEzNjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMU7k3lPYMkjs4CJ8JkqRxrO+clV
BRpNXYtclqf23K+s1YT3dRnsAG3HoqAUIkmspsMqbBYw9C2kRkd2SyCRC2KcN4+G
C7mba2jEPIh6C9HBX9EqoYTv+kzHpVOG8LnZ6uAjW3rkmNN4DoI8HjMfRzTgTBs6
nAFLE9OgNsBy2jVdFaJe6ihJCrs8IlTrP/9P4kctaqnIfZ93p5fGTlkkIt/Htoag
B6pkp9KfnlFjHqCTnpDwXcEKiMeRuh3C0Nk5lwcB13YOfUbEeo8x5ivjHmyW5ius
wyA4N+unlVwgjh9pzDy8wc6TUNR3Zw6G2ctMtqnSS2JEwHcn0Is/AD4fAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcRr7viEnDfv4Sm5qIz0U1P6jZ6MB8GA1UdIwQY
MBaAFMjCxzFFkwQs90IQ9/A75xBsIk+JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU1MSE1VV1RCQ3ozUWhEMzhEdm5FR3dpVDRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9iMmRiZTAtMDRjNS00MWJhLWFjNjIt
M2E1M2QwZWY4YjVhLzEvaHhHdnUtSVNjTi1faEtibW9qUFJUVV9xTm5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9iMmRiZTAtMDRjNS00MWJhLWFjNjItM2E1M2QwZWY4YjVh
LzEveU1MSE1VV1RCQ3ozUWhEMzhEdm5FR3dpVDRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuenbMA0G
CSqGSIb3DQEBCwUAA4IBAQAIHPKynJmB+RF/DDGw7nfJuZNyXMGDORan12DQxA0x
MWW0dBBFYnI0Dz5uwfmsQQ06xWXa5DQtPi4VqyaDLUGeF5nGKzT+eVg5NMb7K9FL
YIDJue8KUOf6csZDB1DsUq8fYWCaqjKZGQTI/1Gr3OcHCiQcVeaGwfgvOVTs/cvL
kYYCI7um+DNCc/2WEw2WsJQ6KFuCD9r5FcA5XHojVEkUgvD+C5J6RcWZV+vLAOhx
kgNZAJX0ii3Ts9D2DPT+MFczbczdeQCNhR4GQQZhQfLhSO/1U7ae8ir3EkNorKNV
lBDQbL2l9J1antFTcy466RtMZf3ZAsrUkSZTqt/Wm+Ky
-----END CERTIFICATE-----