This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/3dc879-11b9-4fa6-841d-906a91ee9fe4/1/hvjTcKPQGXrhHxR8FLC4HcSQhWk.roa
File:                     hvjTcKPQGXrhHxR8FLC4HcSQhWk.roa (raw, json)
Hash identifier:          nOSvBwGcqr48/L9ifoZ/bQG7uxX3sVi/N4rTjGne47k=
Subject key identifier:   86:F8:D3:70:A3:D0:19:7A:E1:1F:14:7C:14:B0:B8:1D:C4:90:85:69
Certificate issuer:       /CN=e20449fe7f4b2cf1f7fd670e582ebcc97e45f7ff
Certificate serial:       019B7D5CCCD7E8F03E422E0E9D235E171222
Authority key identifier: E2:04:49:FE:7F:4B:2C:F1:F7:FD:67:0E:58:2E:BC:C9:7E:45:F7:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4gRJ_n9LLPH3_WcOWC68yX5F9_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/3dc879-11b9-4fa6-841d-906a91ee9fe4/1/hvjTcKPQGXrhHxR8FLC4HcSQhWk.roa
Signing time:             Fri 02 Jan 2026 06:19:52 +0000
ROA not before:           Fri 02 Jan 2026 06:19:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49605
IP address blocks:        185.29.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/3dc879-11b9-4fa6-841d-906a91ee9fe4/1/4gRJ_n9LLPH3_WcOWC68yX5F9_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/3dc879-11b9-4fa6-841d-906a91ee9fe4/1/4gRJ_n9LLPH3_WcOWC68yX5F9_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4gRJ_n9LLPH3_WcOWC68yX5F9_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:cc:d7:e8:f0:3e:42:2e:0e:9d:23:5e:17:12:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e20449fe7f4b2cf1f7fd670e582ebcc97e45f7ff
        Validity
            Not Before: Jan  2 06:19:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86f8d370a3d0197ae11f147c14b0b81dc4908569
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:15:87:5f:51:d1:bc:1e:ff:c9:40:83:42:8a:
                    16:93:a3:29:cb:ce:e7:83:ce:3b:72:88:11:c6:5a:
                    e9:19:5e:bc:06:e4:f3:e0:5a:32:7e:4c:c8:e9:72:
                    25:8f:82:f3:7d:10:b4:5c:2a:eb:94:0c:8f:6a:6d:
                    25:8a:af:db:c7:5c:c5:00:53:fb:55:23:ef:ee:d4:
                    e1:fa:e3:e4:32:42:56:65:85:82:39:cc:06:a0:1f:
                    78:b8:e2:e5:bd:1e:1b:6a:be:52:8f:5c:b6:9d:d2:
                    ef:56:7c:46:9e:5e:19:1b:bb:51:7e:f1:bb:fb:f9:
                    82:29:b4:9c:2b:07:a1:1e:32:62:13:82:21:07:6d:
                    c9:c5:79:20:b1:fa:ba:13:9f:42:5c:3b:4f:85:e3:
                    d2:e6:ea:ab:ac:dd:8b:0e:7b:b2:86:f2:5a:3a:80:
                    0d:ca:e2:a7:72:d2:e3:e4:d7:7f:84:60:d3:b5:5e:
                    c9:1d:19:a3:4d:cd:11:fc:f7:42:2f:14:f8:47:6a:
                    a0:b6:70:a9:1e:85:af:6f:15:60:58:6c:17:ff:49:
                    44:7f:93:50:39:9e:a1:3b:2c:1b:a4:47:88:3a:34:
                    08:e2:ad:fa:76:57:ee:70:ed:c2:7f:97:7e:03:3a:
                    a4:23:41:0b:6d:9f:5d:f4:86:2d:f8:31:ae:69:ef:
                    e8:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:F8:D3:70:A3:D0:19:7A:E1:1F:14:7C:14:B0:B8:1D:C4:90:85:69
            X509v3 Authority Key Identifier:
                keyid:E2:04:49:FE:7F:4B:2C:F1:F7:FD:67:0E:58:2E:BC:C9:7E:45:F7:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4gRJ_n9LLPH3_WcOWC68yX5F9_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3dc879-11b9-4fa6-841d-906a91ee9fe4/1/hvjTcKPQGXrhHxR8FLC4HcSQhWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3dc879-11b9-4fa6-841d-906a91ee9fe4/1/4gRJ_n9LLPH3_WcOWC68yX5F9_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:c7:35:37:6f:f3:1b:00:2c:66:87:2b:c3:ea:ee:f6:a9:92:
         56:04:82:e4:0c:9a:e1:75:41:56:5a:4b:ec:eb:5f:a4:5f:5d:
         39:ee:fe:31:d7:6d:d3:b4:c3:b5:95:86:17:d9:6c:1c:96:40:
         db:e4:1c:8e:a6:e7:98:04:f8:26:ce:a8:8a:52:c4:97:0b:50:
         bf:43:45:23:63:f8:45:21:cf:73:b0:e5:17:83:63:34:4d:7b:
         df:c4:1f:c8:96:ed:82:83:19:8f:3e:8e:2f:78:2c:0f:03:a1:
         e6:89:fd:2b:ae:23:49:1f:0f:be:cb:c1:c2:8d:20:00:a2:d0:
         f1:70:6e:90:d0:3b:c3:5e:d0:88:0a:f5:e1:7b:e0:38:5f:e0:
         f3:db:0a:1a:09:11:50:a5:7d:ac:13:b7:1b:17:bf:49:b9:30:
         7c:ed:af:f2:7d:1b:5c:80:8a:81:7d:51:3e:41:ca:4a:47:73:
         ae:4b:74:31:89:cd:01:a1:6d:52:9d:41:b0:dd:6f:69:10:1b:
         37:6a:a5:26:9c:6f:6c:11:ed:0d:d6:a3:9c:27:ac:b9:96:80:
         e0:01:1b:fc:11:51:7c:80:1d:6a:7c:c2:96:da:4c:ad:6a:92:
         a3:ca:ff:10:d9:6a:c4:ec:98:06:94:f8:f7:64:da:52:3b:8a:
         61:b0:b0:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XMzX6PA+Qi4OnSNeFxIiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyMDQ0OWZlN2Y0YjJjZjFmN2ZkNjcwZTU4MmViY2M5N2U0
NWY3ZmYwHhcNMjYwMTAyMDYxOTUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmY4ZDM3MGEzZDAxOTdhZTExZjE0N2MxNGIwYjgxZGM0OTA4NTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyBWHX1HRvB7/yUCDQooWk6Mpy87n
g847cogRxlrpGV68BuTz4FoyfkzI6XIlj4LzfRC0XCrrlAyPam0liq/bx1zFAFP7
VSPv7tTh+uPkMkJWZYWCOcwGoB94uOLlvR4bar5Sj1y2ndLvVnxGnl4ZG7tRfvG7
+/mCKbScKwehHjJiE4IhB23JxXkgsfq6E59CXDtPhePS5uqrrN2LDnuyhvJaOoAN
yuKnctLj5Nd/hGDTtV7JHRmjTc0R/PdCLxT4R2qgtnCpHoWvbxVgWGwX/0lEf5NQ
OZ6hOywbpEeIOjQI4q36dlfucO3Cf5d+AzqkI0ELbZ9d9IYt+DGuae/oLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIb403Cj0Bl64R8UfBSwuB3EkIVpMB8GA1UdIwQY
MBaAFOIESf5/Syzx9/1nDlguvMl+Rff/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGdSSl9uOUxMUEgzX1djT1dDNjh5WDVGOV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zZGM4NzktMTFiOS00ZmE2LTg0MWQt
OTA2YTkxZWU5ZmU0LzEvaHZqVGNLUFFHWHJoSHhSOEZMQzRIY1NRaFdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zZGM4NzktMTFiOS00ZmE2LTg0MWQtOTA2YTkxZWU5ZmU0
LzEvNGdSSl9uOUxMUEgzX1djT1dDNjh5WDVGOV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuR1IMA0G
CSqGSIb3DQEBCwUAA4IBAQBWxzU3b/MbACxmhyvD6u72qZJWBILkDJrhdUFWWkvs
61+kX1057v4x123TtMO1lYYX2WwclkDb5ByOpueYBPgmzqiKUsSXC1C/Q0UjY/hF
Ic9zsOUXg2M0TXvfxB/Ilu2CgxmPPo4veCwPA6Hmif0rriNJHw++y8HCjSAAotDx
cG6Q0DvDXtCICvXhe+A4X+Dz2woaCRFQpX2sE7cbF79JuTB87a/yfRtcgIqBfVE+
QcpKR3OuS3Qxic0BoW1SnUGw3W9pEBs3aqUmnG9sEe0N1qOcJ6y5loDgARv8EVF8
gB1qfMKW2kytapKjyv8Q2WrE7JgGlPj3ZNpSO4phsLAn
-----END CERTIFICATE-----