This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/796823-6d81-4d91-b664-e0abd4d84571/1/1HpVkB_jbLhmzmxBwUx9bssht30.roa
File:                     1HpVkB_jbLhmzmxBwUx9bssht30.roa (raw, json)
Hash identifier:          zCHbybFcXq0qDlNR99yqu6g+oFdwplvbb6MafSX5AMs=
Subject key identifier:   D4:7A:55:90:1F:E3:6C:B8:66:CE:6C:41:C1:4C:7D:6E:CB:21:B7:7D
Certificate issuer:       /CN=04268ae40737536a464c28493eaf503db9a18f20
Certificate serial:       019B79ED2C7388F77DA8B9B2CDBBD68BD779
Authority key identifier: 04:26:8A:E4:07:37:53:6A:46:4C:28:49:3E:AF:50:3D:B9:A1:8F:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BCaK5Ac3U2pGTChJPq9QPbmhjyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/796823-6d81-4d91-b664-e0abd4d84571/1/1HpVkB_jbLhmzmxBwUx9bssht30.roa
Signing time:             Thu 01 Jan 2026 14:19:05 +0000
ROA not before:           Thu 01 Jan 2026 14:19:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        185.134.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/796823-6d81-4d91-b664-e0abd4d84571/1/BCaK5Ac3U2pGTChJPq9QPbmhjyA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/796823-6d81-4d91-b664-e0abd4d84571/1/BCaK5Ac3U2pGTChJPq9QPbmhjyA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BCaK5Ac3U2pGTChJPq9QPbmhjyA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:2c:73:88:f7:7d:a8:b9:b2:cd:bb:d6:8b:d7:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04268ae40737536a464c28493eaf503db9a18f20
        Validity
            Not Before: Jan  1 14:19:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d47a55901fe36cb866ce6c41c14c7d6ecb21b77d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e9:f6:61:bd:31:de:e2:15:0d:98:34:41:cb:
                    35:83:bd:4c:46:f9:1a:29:69:55:b2:de:8b:66:dd:
                    64:64:da:d4:31:04:55:1d:66:7b:82:c0:66:f8:a6:
                    ae:e2:d2:eb:8a:67:48:2d:29:71:79:54:c8:a8:0a:
                    61:8a:51:57:c9:ff:c2:38:87:de:27:7d:17:df:af:
                    59:df:15:09:22:a3:e8:53:f5:68:dc:ca:bf:80:f7:
                    18:6f:a3:3c:c3:0c:f2:98:0f:62:83:01:d6:d3:79:
                    6c:01:4e:ac:93:66:bb:44:5c:e8:b3:d2:2c:8f:c7:
                    57:fc:f3:a0:d2:19:68:60:77:4a:f8:1e:50:27:38:
                    14:0d:31:be:bd:1e:f6:ca:2b:f0:32:31:8c:6c:2d:
                    dc:2f:64:37:9e:59:91:9c:31:4c:d5:07:49:94:e5:
                    f1:0f:15:c6:25:66:d4:04:cd:5a:35:13:0d:c8:66:
                    8c:2f:4d:3f:f1:95:aa:d9:2e:6e:e9:df:4d:e9:da:
                    ce:5a:ca:72:40:ba:75:3b:93:be:4e:3c:21:dd:92:
                    8f:44:1d:97:cd:f7:9c:52:16:a9:2f:f8:ee:d8:0f:
                    57:57:ad:58:a8:9f:fc:a2:de:96:40:31:88:39:55:
                    6d:93:68:b7:6d:0f:07:d5:a3:b0:a8:3c:a3:bd:f5:
                    70:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:7A:55:90:1F:E3:6C:B8:66:CE:6C:41:C1:4C:7D:6E:CB:21:B7:7D
            X509v3 Authority Key Identifier:
                keyid:04:26:8A:E4:07:37:53:6A:46:4C:28:49:3E:AF:50:3D:B9:A1:8F:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BCaK5Ac3U2pGTChJPq9QPbmhjyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/796823-6d81-4d91-b664-e0abd4d84571/1/1HpVkB_jbLhmzmxBwUx9bssht30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/796823-6d81-4d91-b664-e0abd4d84571/1/BCaK5Ac3U2pGTChJPq9QPbmhjyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:53:03:53:43:c5:c8:82:8d:1c:bc:0f:b9:0a:7a:b3:8f:cd:
         92:15:f5:f4:79:80:5d:c8:58:2a:27:43:a2:66:cb:34:79:3e:
         d1:19:c7:a4:3e:f8:b5:b4:1f:46:fc:2f:2d:f2:e0:58:29:d8:
         3d:94:9b:a1:32:05:ea:3d:5c:d8:11:3e:9d:e7:98:c6:23:28:
         83:c1:8a:3e:44:7e:08:8c:74:8a:7d:a5:c9:48:82:11:ba:88:
         04:ab:84:bd:ce:74:fc:e6:e1:29:58:79:2d:29:6c:93:f1:9c:
         e6:ea:73:99:82:be:a6:24:eb:c4:48:2f:0c:c8:4c:41:f6:6a:
         62:bf:47:33:5b:48:41:57:70:58:18:4a:8d:4e:71:80:cb:cd:
         3b:22:8e:cc:f1:92:70:c6:d4:05:fc:d6:c8:b4:b2:20:f0:ad:
         f2:4b:df:55:f0:44:06:b5:4d:34:8f:66:18:b9:cc:62:b0:13:
         8c:24:96:bc:52:62:71:67:13:c1:77:e3:c2:62:23:51:4b:fe:
         1c:30:29:04:ff:d8:3a:c5:a2:79:b2:52:c4:67:2e:6d:05:1e:
         b8:5a:6f:8b:7b:5a:aa:a9:3d:34:b8:93:02:0f:d2:73:dc:6c:
         38:95:7d:a8:d9:aa:02:25:43:dd:83:d0:ca:2c:fd:03:6a:00:
         70:5a:77:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57SxziPd9qLmyzbvWi9d5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0MjY4YWU0MDczNzUzNmE0NjRjMjg0OTNlYWY1MDNkYjlh
MThmMjAwHhcNMjYwMTAxMTQxOTA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDdhNTU5MDFmZTM2Y2I4NjZjZTZjNDFjMTRjN2Q2ZWNiMjFiNzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqen2Yb0x3uIVDZg0Qcs1g71MRvka
KWlVst6LZt1kZNrUMQRVHWZ7gsBm+Kau4tLrimdILSlxeVTIqAphilFXyf/COIfe
J30X369Z3xUJIqPoU/Vo3Mq/gPcYb6M8wwzymA9igwHW03lsAU6sk2a7RFzos9Is
j8dX/POg0hloYHdK+B5QJzgUDTG+vR72yivwMjGMbC3cL2Q3nlmRnDFM1QdJlOXx
DxXGJWbUBM1aNRMNyGaML00/8ZWq2S5u6d9N6drOWspyQLp1O5O+Tjwh3ZKPRB2X
zfecUhapL/ju2A9XV61YqJ/8ot6WQDGIOVVtk2i3bQ8H1aOwqDyjvfVwQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNR6VZAf42y4Zs5sQcFMfW7LIbd9MB8GA1UdIwQY
MBaAFAQmiuQHN1NqRkwoST6vUD25oY8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkNhSzVBYzNVMnBHVENoSlBxOVFQYm1oanlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy83OTY4MjMtNmQ4MS00ZDkxLWI2NjQt
ZTBhYmQ0ZDg0NTcxLzEvMUhwVmtCX2piTGhtem14QndVeDlic3NodDMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy83OTY4MjMtNmQ4MS00ZDkxLWI2NjQtZTBhYmQ0ZDg0NTcx
LzEvQkNhSzVBYzNVMnBHVENoSlBxOVFQYm1oanlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYZPMA0G
CSqGSIb3DQEBCwUAA4IBAQBiUwNTQ8XIgo0cvA+5Cnqzj82SFfX0eYBdyFgqJ0Oi
Zss0eT7RGcekPvi1tB9G/C8t8uBYKdg9lJuhMgXqPVzYET6d55jGIyiDwYo+RH4I
jHSKfaXJSIIRuogEq4S9znT85uEpWHktKWyT8Zzm6nOZgr6mJOvESC8MyExB9mpi
v0czW0hBV3BYGEqNTnGAy807Io7M8ZJwxtQF/NbItLIg8K3yS99V8EQGtU00j2YY
ucxisBOMJJa8UmJxZxPBd+PCYiNRS/4cMCkE/9g6xaJ5slLEZy5tBR64Wm+Le1qq
qT00uJMCD9Jz3Gw4lX2o2aoCJUPdg9DKLP0DagBwWndc
-----END CERTIFICATE-----