This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/SH7mYCplmUG1WPrPlT2zfvFlYDQ.roa
File:                     SH7mYCplmUG1WPrPlT2zfvFlYDQ.roa (raw, json)
Hash identifier:          qfd6W9XZaVbOnQrJkqxjWhw9Yzr99SClUKTu6DgmGR0=
Subject key identifier:   48:7E:E6:60:2A:65:99:41:B5:58:FA:CF:95:3D:B3:7E:F1:65:60:34
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019BB34AFC9C3AE59E9D4B47D0454912417E
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/SH7mYCplmUG1WPrPlT2zfvFlYDQ.roa
Signing time:             Mon 12 Jan 2026 17:39:54 +0000
ROA not before:           Mon 12 Jan 2026 17:39:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207567
IP address blocks:        144.31.244.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:b3:4a:fc:9c:3a:e5:9e:9d:4b:47:d0:45:49:12:41:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jan 12 17:39:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=487ee6602a659941b558facf953db37ef1656034
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:68:7f:0d:7d:ec:70:f3:31:74:3d:9d:83:46:
                    44:6a:af:bf:b2:94:f5:0d:dc:f0:c3:de:e8:af:9b:
                    12:f9:e2:7f:bc:5a:71:be:04:76:05:41:11:59:8a:
                    56:00:7a:a1:ce:0d:d2:6c:bf:36:9a:40:db:30:78:
                    74:d3:32:30:51:76:12:62:fd:fa:41:d8:0f:dd:14:
                    64:ff:dd:8c:d8:63:36:62:0f:a4:23:24:cf:9b:d1:
                    46:32:71:82:1b:95:b9:96:b9:42:0b:89:6e:14:b6:
                    63:01:0e:fd:f7:e1:b5:2b:97:5d:43:7c:7e:af:43:
                    85:6c:e0:05:70:07:05:55:6f:1f:c0:4c:45:d0:ca:
                    36:b9:a7:85:c2:a3:9a:5a:de:97:2c:dd:e0:71:ae:
                    21:5f:ff:66:56:1c:b4:b8:8a:6a:76:86:11:85:05:
                    a0:09:a9:0f:1a:75:db:6a:32:57:d9:40:55:91:5f:
                    bb:16:64:70:97:7a:36:bb:02:d3:83:77:80:c9:2c:
                    7f:8e:cd:98:76:a5:6e:bb:5c:7d:7f:dd:8c:2e:87:
                    b3:82:26:38:82:b6:39:f3:e3:fb:92:d4:54:1b:a1:
                    14:ef:26:fe:75:cb:15:1b:d0:72:e3:d4:75:ed:5a:
                    70:cf:ae:33:1f:36:62:1e:b0:36:8f:69:ef:d3:d8:
                    1b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:7E:E6:60:2A:65:99:41:B5:58:FA:CF:95:3D:B3:7E:F1:65:60:34
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/SH7mYCplmUG1WPrPlT2zfvFlYDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.31.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:3b:2b:53:ab:74:46:a2:ab:96:67:fd:ce:61:cc:28:f6:d1:
         f5:37:c2:d6:e5:e4:72:98:af:d6:f7:94:2a:99:9e:25:f9:9f:
         fa:bb:a4:0a:4e:eb:6c:a6:13:dc:0f:c2:9f:75:89:e1:15:eb:
         34:82:f9:94:ec:da:7e:c6:75:11:79:1d:48:8a:ce:af:67:82:
         d0:3d:0d:a3:3c:16:91:38:77:eb:cc:34:51:44:f7:34:75:15:
         76:25:39:5c:08:93:bb:4d:55:ca:15:d8:85:52:76:ca:20:6b:
         a8:6f:9a:ee:74:b8:e9:f4:35:00:d4:f7:44:85:48:25:bf:7b:
         e1:e5:84:06:ec:71:b0:8e:17:d6:19:93:e3:1d:19:b3:f6:de:
         91:19:8e:18:79:29:3a:7f:2e:4a:f1:1a:77:25:62:16:63:6b:
         43:44:2a:2a:f9:ca:d7:92:c5:10:5b:78:40:59:20:97:c6:7e:
         a0:33:42:8a:e8:dd:1f:cc:03:4b:c3:87:35:8b:4a:8e:aa:b8:
         c4:87:4b:87:98:27:63:cb:5d:75:1d:8e:5b:00:66:30:91:ba:
         5e:00:56:31:02:01:08:e8:b1:b1:50:e0:04:9d:88:5c:13:aa:
         2f:94:48:9f:c6:11:2e:a4:ba:66:b3:8f:cf:1b:88:7d:a4:2c:
         1d:a2:4d:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuzSvycOuWenUtH0EVJEkF+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMTEyMTczOTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODdlZTY2MDJhNjU5OTQxYjU1OGZhY2Y5NTNkYjM3ZWYxNjU2MDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGh/DX3scPMxdD2dg0ZEaq+/spT1
Ddzww97or5sS+eJ/vFpxvgR2BUERWYpWAHqhzg3SbL82mkDbMHh00zIwUXYSYv36
QdgP3RRk/92M2GM2Yg+kIyTPm9FGMnGCG5W5lrlCC4luFLZjAQ799+G1K5ddQ3x+
r0OFbOAFcAcFVW8fwExF0Mo2uaeFwqOaWt6XLN3gca4hX/9mVhy0uIpqdoYRhQWg
CakPGnXbajJX2UBVkV+7FmRwl3o2uwLTg3eAySx/js2YdqVuu1x9f92MLoezgiY4
grY58+P7ktRUG6EU7yb+dcsVG9By49R17Vpwz64zHzZiHrA2j2nv09gb0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEh+5mAqZZlBtVj6z5U9s37xZWA0MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvU0g3bVlDcGxtVUcxV1ByUGxUMnpmdkZsWURRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBkB/0MA0G
CSqGSIb3DQEBCwUAA4IBAQA9OytTq3RGoquWZ/3OYcwo9tH1N8LW5eRymK/W95Qq
mZ4l+Z/6u6QKTutsphPcD8KfdYnhFes0gvmU7Np+xnUReR1Iis6vZ4LQPQ2jPBaR
OHfrzDRRRPc0dRV2JTlcCJO7TVXKFdiFUnbKIGuob5rudLjp9DUA1PdEhUglv3vh
5YQG7HGwjhfWGZPjHRmz9t6RGY4YeSk6fy5K8Rp3JWIWY2tDRCoq+crXksUQW3hA
WSCXxn6gM0KK6N0fzANLw4c1i0qOqrjEh0uHmCdjy111HY5bAGYwkbpeAFYxAgEI
6LGxUOAEnYhcE6ovlEifxhEupLpms4/PG4h9pCwdok0Q
-----END CERTIFICATE-----