This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/HZUDvHuGYZK9QbMf0MY-dusOD4I.roa
File:                     HZUDvHuGYZK9QbMf0MY-dusOD4I.roa (raw, json)
Hash identifier:          IJPI4tkcBVYfJT9rogmP0q4P9x3me4l98nQnYBEzBZs=
Subject key identifier:   1D:95:03:BC:7B:86:61:92:BD:41:B3:1F:D0:C6:3E:76:EB:0E:0F:82
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       019B7758ECFE99E280D35FDD91A40047AF7A
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/HZUDvHuGYZK9QbMf0MY-dusOD4I.roa
Signing time:             Thu 01 Jan 2026 02:17:55 +0000
ROA not before:           Thu 01 Jan 2026 02:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200461
IP address blocks:        178.251.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 14:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:ec:fe:99:e2:80:d3:5f:dd:91:a4:00:47:af:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 02:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1d9503bc7b866192bd41b31fd0c63e76eb0e0f82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b9:b6:1e:14:8a:93:8d:6d:c2:08:d0:63:62:
                    d7:45:d5:ab:84:1f:1c:5e:b5:48:a1:f2:35:9e:20:
                    a9:ef:71:53:47:29:94:1c:36:46:a0:1e:23:1b:36:
                    25:79:c1:d1:bc:4d:10:11:8b:4c:8f:05:5b:ac:4c:
                    25:68:30:69:53:19:a4:91:97:53:43:f2:5f:f4:c0:
                    cf:42:33:8e:7b:ff:bd:57:e9:52:b4:20:5e:93:c2:
                    df:13:f4:a1:6b:c6:ae:38:e6:6d:9a:71:d2:35:e0:
                    5d:0a:dc:8a:97:e5:e6:81:38:64:b4:a0:8b:d8:61:
                    ba:5f:d4:d3:9e:ab:79:a5:37:f6:15:3a:2d:e7:59:
                    a1:01:f4:f4:e2:1e:a8:cb:2f:48:16:ae:cf:e7:83:
                    68:e6:e9:f9:cf:aa:df:3f:43:5c:d4:36:a5:ad:81:
                    2b:0f:e4:a4:fd:4b:81:d6:78:c3:56:15:44:58:84:
                    9e:1c:78:ab:32:ed:7f:20:52:dc:2b:60:12:48:a7:
                    ca:16:25:b5:b7:49:b5:87:08:e3:17:40:29:08:b5:
                    00:99:a6:0c:d6:4d:d4:a2:9f:62:c4:98:d3:de:68:
                    17:1c:6c:06:e6:25:34:ac:3c:f5:bc:08:a8:58:28:
                    ac:bb:11:57:57:13:37:bd:de:8b:82:f6:9d:63:1c:
                    90:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:95:03:BC:7B:86:61:92:BD:41:B3:1F:D0:C6:3E:76:EB:0E:0F:82
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/HZUDvHuGYZK9QbMf0MY-dusOD4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.251.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:40:3d:73:c2:21:fc:79:5c:2a:31:da:a9:ec:6e:89:fd:9b:
         de:54:7f:8b:3b:7c:47:ca:16:02:bd:85:fa:85:38:7a:86:0f:
         5a:f8:2c:ba:68:15:04:4f:a5:6d:4f:f8:f2:40:ef:86:63:13:
         fd:50:ad:6d:a0:e0:a9:8f:19:32:96:62:ec:8b:54:95:2a:a7:
         36:e8:3e:b4:ac:0f:4a:45:0d:f3:24:7f:61:80:54:18:c2:e7:
         38:c9:04:ee:5c:36:04:35:6b:b9:85:fc:2a:fd:3c:70:a6:e2:
         91:76:17:79:8c:92:6e:d9:88:d7:59:c7:20:32:73:24:29:64:
         b5:2d:9c:2b:38:22:02:30:4b:6a:0f:b6:60:95:a3:3a:ad:e6:
         a3:19:89:9e:ba:57:f3:b5:e0:c4:3f:47:6d:39:9d:b9:a0:f2:
         58:96:f0:da:be:6b:87:94:84:5b:d7:3b:ee:c8:e7:fe:94:63:
         a7:36:f0:ae:c5:40:8b:fd:0a:bd:93:50:e4:2c:83:1d:88:13:
         d7:b6:12:af:00:98:60:27:f1:d8:48:9d:e3:4c:43:4b:86:42:
         70:71:6d:6f:23:92:3b:4d:15:87:c6:d8:00:90:e2:a9:7d:fb:
         eb:e5:9e:f7:a3:67:0f:cd:58:c5:2d:82:77:58:a6:8b:c8:3e:
         99:53:c5:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WOz+meKA01/dkaQAR696MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjYwMTAxMDIxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDk1MDNiYzdiODY2MTkyYmQ0MWIzMWZkMGM2M2U3NmViMGUwZjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrm2HhSKk41twgjQY2LXRdWrhB8c
XrVIofI1niCp73FTRymUHDZGoB4jGzYlecHRvE0QEYtMjwVbrEwlaDBpUxmkkZdT
Q/Jf9MDPQjOOe/+9V+lStCBek8LfE/Sha8auOOZtmnHSNeBdCtyKl+XmgThktKCL
2GG6X9TTnqt5pTf2FTot51mhAfT04h6oyy9IFq7P54No5un5z6rfP0Nc1DalrYEr
D+Sk/UuB1njDVhVEWISeHHirMu1/IFLcK2ASSKfKFiW1t0m1hwjjF0ApCLUAmaYM
1k3Uop9ixJjT3mgXHGwG5iU0rDz1vAioWCisuxFXVxM3vd6LgvadYxyQbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2VA7x7hmGSvUGzH9DGPnbrDg+CMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvSFpVRHZIdUdZWks5UWJNZjBNWS1kdXNPRDRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsvvkMA0G
CSqGSIb3DQEBCwUAA4IBAQCJQD1zwiH8eVwqMdqp7G6J/ZveVH+LO3xHyhYCvYX6
hTh6hg9a+Cy6aBUET6VtT/jyQO+GYxP9UK1toOCpjxkylmLsi1SVKqc26D60rA9K
RQ3zJH9hgFQYwuc4yQTuXDYENWu5hfwq/TxwpuKRdhd5jJJu2YjXWccgMnMkKWS1
LZwrOCICMEtqD7ZglaM6reajGYmeulfzteDEP0dtOZ25oPJYlvDavmuHlIRb1zvu
yOf+lGOnNvCuxUCL/Qq9k1DkLIMdiBPXthKvAJhgJ/HYSJ3jTENLhkJwcW1vI5I7
TRWHxtgAkOKpffvr5Z73o2cPzVjFLYJ3WKaLyD6ZU8UH
-----END CERTIFICATE-----