This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/hok6Qp96mKVdQQjarDAvvs1bUeM.roa
File:                     hok6Qp96mKVdQQjarDAvvs1bUeM.roa (raw, json)
Hash identifier:          5zV7NiDuzjvbffwRhWRdC6edDv2RAzy2F0ZnadV/k8Y=
Subject key identifier:   86:89:3A:42:9F:7A:98:A5:5D:41:08:DA:AC:30:2F:BE:CD:5B:51:E3
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       019B78A275CB5C0FF25609A16162B5BD61D2
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/hok6Qp96mKVdQQjarDAvvs1bUeM.roa
Signing time:             Thu 01 Jan 2026 08:17:51 +0000
ROA not before:           Thu 01 Jan 2026 08:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16247
IP address blocks:        185.201.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 12:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:75:cb:5c:0f:f2:56:09:a1:61:62:b5:bd:61:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jan  1 08:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86893a429f7a98a55d4108daac302fbecd5b51e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7f:a7:b8:58:d4:14:ca:b8:20:99:79:64:f8:
                    af:05:ad:65:aa:ef:ae:93:b9:d8:1a:55:41:6e:3d:
                    97:67:f7:cd:d3:57:ad:62:6e:7a:fa:81:a3:bf:b5:
                    ea:97:a4:af:f3:42:64:f4:4c:c0:b8:52:b3:ef:b9:
                    e7:32:b3:ac:34:47:b7:16:78:1a:58:00:54:2e:db:
                    ef:53:8d:62:e2:af:95:ce:93:c3:e3:71:91:03:30:
                    27:97:07:9e:8d:4a:30:30:44:92:61:9a:cd:24:cc:
                    39:03:f2:af:7b:8c:47:15:8b:f1:2f:c8:8f:2d:a8:
                    1b:5e:b8:3a:49:c6:7c:10:72:0a:b8:d1:b5:d3:07:
                    f9:94:fd:64:f4:78:4d:19:b9:bd:6f:b6:8b:3a:6c:
                    2f:ec:35:46:e5:bf:0b:29:08:cd:1f:54:a6:51:a8:
                    4c:0e:4b:b4:e2:ed:22:8d:75:d6:47:4b:6a:b7:78:
                    22:cc:60:b5:a2:ae:bd:b9:61:d2:c8:56:cb:73:a7:
                    f2:59:b0:0f:67:c8:39:90:08:83:63:d1:4d:f5:40:
                    78:a8:e8:ad:75:83:ae:d8:01:7d:02:dd:61:73:61:
                    c0:8c:a7:80:9f:b2:76:3b:64:c3:90:81:08:7e:40:
                    de:bd:64:19:94:2c:14:1e:46:d9:bc:03:a3:fa:37:
                    c4:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:89:3A:42:9F:7A:98:A5:5D:41:08:DA:AC:30:2F:BE:CD:5B:51:E3
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/hok6Qp96mKVdQQjarDAvvs1bUeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:7b:90:0b:f4:d1:3f:36:5a:23:db:53:04:0d:f9:b3:30:b8:
         8a:e0:04:0b:39:79:32:08:ce:97:a8:55:73:dd:4c:41:68:b2:
         c6:7d:b0:47:12:d7:db:76:3b:48:f5:13:38:3b:cb:1d:9b:bf:
         13:30:4b:3c:04:13:54:a4:e2:4a:82:99:39:c9:69:d3:4d:8d:
         5d:f3:69:a1:64:9d:69:5c:b2:f4:97:04:f4:56:85:7c:67:7f:
         b7:6b:3e:fb:d0:7c:ed:bb:46:c5:ed:56:1d:e3:cd:61:22:df:
         af:d7:28:50:b8:ab:05:9a:5c:d2:0f:27:d9:d5:10:2f:88:83:
         6e:cd:b8:3b:fd:64:32:f8:e1:99:2d:23:15:fd:1d:52:7d:d0:
         f8:11:f0:8e:f5:af:22:55:33:49:d9:1d:59:08:91:b7:c7:7c:
         fa:f6:a1:66:2f:31:13:5f:2b:48:0f:ca:4b:3d:8c:42:c6:f4:
         0e:e9:ce:6b:47:61:77:d7:1c:8d:5c:54:2c:a8:39:4c:b6:62:
         bf:ed:39:69:dc:2e:ba:a4:cc:6a:29:f6:54:75:29:75:ea:bc:
         bc:cd:ee:e2:e0:10:1d:53:6a:17:b5:d9:de:96:8e:43:df:73:
         c1:cd:78:4b:e7:b4:86:4a:27:6e:7a:d4:50:d4:90:60:29:08:
         33:66:7b:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4onXLXA/yVgmhYWK1vWHSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjYwMTAxMDgxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njg5M2E0MjlmN2E5OGE1NWQ0MTA4ZGFhYzMwMmZiZWNkNWI1MWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwH+nuFjUFMq4IJl5ZPivBa1lqu+u
k7nYGlVBbj2XZ/fN01etYm56+oGjv7Xql6Sv80Jk9EzAuFKz77nnMrOsNEe3Fnga
WABULtvvU41i4q+VzpPD43GRAzAnlweejUowMESSYZrNJMw5A/Kve4xHFYvxL8iP
LagbXrg6ScZ8EHIKuNG10wf5lP1k9HhNGbm9b7aLOmwv7DVG5b8LKQjNH1SmUahM
Dku04u0ijXXWR0tqt3gizGC1oq69uWHSyFbLc6fyWbAPZ8g5kAiDY9FN9UB4qOit
dYOu2AF9At1hc2HAjKeAn7J2O2TDkIEIfkDevWQZlCwUHkbZvAOj+jfE0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIaJOkKfepilXUEI2qwwL77NW1HjMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvaG9rNlFwOTZtS1ZkUVFqYXJEQXZ2czFiVWVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuckqMA0G
CSqGSIb3DQEBCwUAA4IBAQCSe5AL9NE/Nloj21MEDfmzMLiK4AQLOXkyCM6XqFVz
3UxBaLLGfbBHEtfbdjtI9RM4O8sdm78TMEs8BBNUpOJKgpk5yWnTTY1d82mhZJ1p
XLL0lwT0VoV8Z3+3az770Hztu0bF7VYd481hIt+v1yhQuKsFmlzSDyfZ1RAviINu
zbg7/WQy+OGZLSMV/R1SfdD4EfCO9a8iVTNJ2R1ZCJG3x3z69qFmLzETXytID8pL
PYxCxvQO6c5rR2F31xyNXFQsqDlMtmK/7Tlp3C66pMxqKfZUdSl16ry8ze7i4BAd
U2oXtdnelo5D33PBzXhL57SGSiduetRQ1JBgKQgzZnuQ
-----END CERTIFICATE-----