This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/HX5f80duZbfz-iasKI8ZstuiDOE.roa
File:                     HX5f80duZbfz-iasKI8ZstuiDOE.roa (raw, json)
Hash identifier:          F3S67PslnyiQwchIpW4wRDpOJwAA4P0KJ07r5fwGqG0=
Subject key identifier:   1D:7E:5F:F3:47:6E:65:B7:F3:FA:26:AC:28:8F:19:B2:DB:A2:0C:E1
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019B9743C2B44421582CAAB7F22078CC6268
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/HX5f80duZbfz-iasKI8ZstuiDOE.roa
Signing time:             Wed 07 Jan 2026 07:02:38 +0000
ROA not before:           Wed 07 Jan 2026 07:02:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        194.26.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:97:43:c2:b4:44:21:58:2c:aa:b7:f2:20:78:cc:62:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Jan  7 07:02:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1d7e5ff3476e65b7f3fa26ac288f19b2dba20ce1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f3:1d:d7:c1:6e:6f:15:f0:69:70:f5:99:d9:
                    d8:36:9d:e4:ec:7c:96:a2:b5:1d:e9:6c:55:5a:87:
                    1e:e1:db:6e:87:dc:f9:a9:ba:77:21:5a:d9:1a:b0:
                    42:84:84:d2:1f:84:a2:91:2b:09:3b:f1:f9:d0:b8:
                    ae:2e:d2:94:db:25:91:37:2e:46:25:db:c5:20:f6:
                    6e:15:9f:c0:37:27:a7:09:c6:fa:fe:c2:58:c4:05:
                    10:54:46:9c:6b:4c:db:bd:07:f1:b4:1f:34:d5:c7:
                    00:de:7b:dd:2a:c6:20:8a:7d:1f:45:98:05:4e:f0:
                    17:c5:7a:e4:10:c6:68:73:3c:e5:c0:50:86:5e:33:
                    b6:06:da:7e:c7:fd:42:2a:b9:7b:f4:07:6e:b6:eb:
                    d9:46:c5:22:2e:35:82:85:13:0e:cb:20:d0:29:1c:
                    5d:05:00:9d:e0:88:d6:31:43:64:95:44:ac:f4:88:
                    9b:c1:ea:78:93:04:19:7c:22:37:93:fc:07:53:aa:
                    54:86:90:11:18:32:f4:d0:81:da:86:8f:fa:74:bd:
                    d9:c0:67:f6:d8:09:e9:8a:52:57:69:5d:45:d3:62:
                    3f:93:94:f0:88:65:36:f1:45:fa:fa:25:8d:ec:fc:
                    81:b5:6a:9a:fe:9f:09:fa:21:7e:c1:52:48:ba:22:
                    f5:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:7E:5F:F3:47:6E:65:B7:F3:FA:26:AC:28:8F:19:B2:DB:A2:0C:E1
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/HX5f80duZbfz-iasKI8ZstuiDOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:a0:20:36:8d:2e:30:7c:bb:98:e3:30:09:50:99:df:51:97:
         44:9e:7f:48:6a:34:fb:c4:27:75:fa:5c:8d:6e:11:21:0e:7b:
         76:0d:d1:b6:d1:fb:db:94:51:80:b7:3b:8f:39:40:62:33:db:
         88:12:1f:bb:92:38:6a:36:3c:51:42:a1:c7:d4:1a:fd:af:f1:
         a1:0e:42:36:03:ef:05:33:dd:ff:45:68:fc:b3:cb:13:32:96:
         63:0a:bf:bb:18:b8:ce:c8:49:25:e9:90:f3:55:87:7f:d9:a3:
         15:ea:c0:0c:9a:ab:5b:ae:af:6b:8c:f4:a2:92:c7:7a:d7:45:
         73:ff:0c:bc:ee:a0:8a:d4:69:86:ce:2b:e4:69:56:ed:ab:68:
         fc:d0:b9:ca:18:65:4a:19:b0:71:40:7b:e3:63:e4:1c:13:c6:
         8a:f5:a0:51:ff:5c:13:bf:f0:39:51:c1:dc:98:ae:f2:47:b5:
         85:87:9f:e1:4e:43:ff:1e:c1:6f:40:38:9b:b6:f2:82:2c:16:
         1e:c5:b6:22:b9:57:e6:c1:bb:49:a7:3a:96:19:5a:49:e6:bf:
         f3:ed:cf:75:2b:2e:65:a0:0b:f1:0c:fa:8a:77:e9:df:34:aa:
         09:57:05:9f:c0:ef:b5:00:79:f8:32:da:9a:e5:4a:17:b4:21:
         e3:37:d1:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuXQ8K0RCFYLKq38iB4zGJoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjYwMTA3MDcwMjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDdlNWZmMzQ3NmU2NWI3ZjNmYTI2YWMyODhmMTliMmRiYTIwY2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPMd18FubxXwaXD1mdnYNp3k7HyW
orUd6WxVWoce4dtuh9z5qbp3IVrZGrBChITSH4SikSsJO/H50LiuLtKU2yWRNy5G
JdvFIPZuFZ/ANyenCcb6/sJYxAUQVEaca0zbvQfxtB801ccA3nvdKsYgin0fRZgF
TvAXxXrkEMZoczzlwFCGXjO2Btp+x/1CKrl79AdutuvZRsUiLjWChRMOyyDQKRxd
BQCd4IjWMUNklUSs9Iibwep4kwQZfCI3k/wHU6pUhpARGDL00IHaho/6dL3ZwGf2
2AnpilJXaV1F02I/k5TwiGU28UX6+iWN7PyBtWqa/p8J+iF+wVJIuiL1AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1+X/NHbmW38/omrCiPGbLbogzhMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvSFg1ZjgwZHVaYmZ6LWlhc0tJOFpzdHVpRE9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhrDMA0G
CSqGSIb3DQEBCwUAA4IBAQAToCA2jS4wfLuY4zAJUJnfUZdEnn9IajT7xCd1+lyN
bhEhDnt2DdG20fvblFGAtzuPOUBiM9uIEh+7kjhqNjxRQqHH1Br9r/GhDkI2A+8F
M93/RWj8s8sTMpZjCr+7GLjOyEkl6ZDzVYd/2aMV6sAMmqtbrq9rjPSiksd610Vz
/wy87qCK1GmGzivkaVbtq2j80LnKGGVKGbBxQHvjY+QcE8aK9aBR/1wTv/A5UcHc
mK7yR7WFh5/hTkP/HsFvQDibtvKCLBYexbYiuVfmwbtJpzqWGVpJ5r/z7c91Ky5l
oAvxDPqKd+nfNKoJVwWfwO+1AHn4Mtqa5UoXtCHjN9E4
-----END CERTIFICATE-----