This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/e674fb-2683-4cf4-967b-b7c67eacc3a5/1/HqjPBLQP0k_ZWUi4re8PM7q9yeE.roa
File:                     HqjPBLQP0k_ZWUi4re8PM7q9yeE.roa (raw, json)
Hash identifier:          zWvSWnQ+ZhrAVivum98kmHRXOZE35K47bVLXG/JHPOg=
Subject key identifier:   1E:A8:CF:04:B4:0F:D2:4F:D9:59:48:B8:AD:EF:0F:33:BA:BD:C9:E1
Certificate issuer:       /CN=b8458858a1cbde89c929060f42f2b0df924d4e29
Certificate serial:       019B7F15321FC4FB69CE6E4CE28AA37B6DB5
Authority key identifier: B8:45:88:58:A1:CB:DE:89:C9:29:06:0F:42:F2:B0:DF:92:4D:4E:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uEWIWKHL3onJKQYPQvKw35JNTik.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/e674fb-2683-4cf4-967b-b7c67eacc3a5/1/HqjPBLQP0k_ZWUi4re8PM7q9yeE.roa
Signing time:             Fri 02 Jan 2026 14:20:54 +0000
ROA not before:           Fri 02 Jan 2026 14:20:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206861
IP address blocks:        185.173.132.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/e674fb-2683-4cf4-967b-b7c67eacc3a5/1/uEWIWKHL3onJKQYPQvKw35JNTik.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/e674fb-2683-4cf4-967b-b7c67eacc3a5/1/uEWIWKHL3onJKQYPQvKw35JNTik.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uEWIWKHL3onJKQYPQvKw35JNTik.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 11:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:32:1f:c4:fb:69:ce:6e:4c:e2:8a:a3:7b:6d:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8458858a1cbde89c929060f42f2b0df924d4e29
        Validity
            Not Before: Jan  2 14:20:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1ea8cf04b40fd24fd95948b8adef0f33babdc9e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ab:b9:5f:e8:bf:3b:3e:23:ae:0f:d5:8e:88:
                    0f:c6:4b:07:f0:46:ef:f4:30:c8:b9:c4:98:df:4e:
                    37:70:95:81:5a:68:dd:95:c9:d3:91:9e:99:e6:39:
                    9e:fa:49:04:14:4f:40:4c:b7:2b:eb:66:3c:42:b3:
                    14:c4:be:2d:24:46:82:1b:da:f5:ba:14:55:f5:da:
                    bd:21:0f:b5:d4:a8:b3:35:e9:a6:75:c6:c4:9c:15:
                    ef:81:cf:2c:15:14:48:17:90:a5:20:27:13:ba:ba:
                    4f:fd:7d:e4:d9:9e:dc:d6:e1:3c:1c:2f:da:ab:d4:
                    21:ab:b8:5f:3b:68:ac:61:a4:c2:29:49:f3:9f:9c:
                    6b:b8:54:82:90:f4:e1:0d:c4:8f:c9:f0:f5:98:fb:
                    c5:56:27:e2:4b:3d:b4:27:ca:62:b3:fb:28:e7:c5:
                    a8:02:bc:16:32:b7:92:c5:d6:ae:25:21:50:62:f7:
                    93:2a:70:6d:17:cd:9e:96:fd:cf:e4:ce:55:61:fb:
                    c7:00:61:ca:f7:42:bc:53:c4:dc:90:db:86:38:d8:
                    6d:ac:2a:94:b2:31:f9:a8:5a:0b:9e:ea:f3:06:11:
                    66:59:15:b7:1f:e1:b8:e8:45:bb:f9:f7:95:e2:78:
                    66:8b:1f:71:3b:4d:b2:5b:c1:55:cc:d7:d1:9a:e2:
                    47:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:A8:CF:04:B4:0F:D2:4F:D9:59:48:B8:AD:EF:0F:33:BA:BD:C9:E1
            X509v3 Authority Key Identifier:
                keyid:B8:45:88:58:A1:CB:DE:89:C9:29:06:0F:42:F2:B0:DF:92:4D:4E:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uEWIWKHL3onJKQYPQvKw35JNTik.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/e674fb-2683-4cf4-967b-b7c67eacc3a5/1/HqjPBLQP0k_ZWUi4re8PM7q9yeE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/e674fb-2683-4cf4-967b-b7c67eacc3a5/1/uEWIWKHL3onJKQYPQvKw35JNTik.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:c1:bc:ff:6e:6a:da:45:a8:26:3a:77:99:7d:34:b0:39:b6:
         26:5f:81:41:cf:40:df:28:13:df:f3:f4:5e:7f:30:30:7d:11:
         37:50:71:61:36:4a:f1:e6:9a:39:3d:7b:66:90:f1:78:83:72:
         49:f3:c4:3b:d0:11:05:82:be:83:12:f8:f9:89:e4:0d:89:d4:
         c4:e9:db:03:9e:a6:ad:b9:0e:b6:a9:5f:f5:94:38:73:87:36:
         56:05:84:40:74:6f:2b:d3:1f:07:b4:99:33:18:cc:8a:4e:bd:
         bb:f1:51:80:0a:66:7a:76:a0:24:66:a0:1e:f6:fc:d6:d2:80:
         b0:13:fa:ed:db:53:c7:5a:f0:11:b9:0d:81:93:ad:88:55:af:
         7f:13:3b:8e:07:44:3d:04:b7:89:db:57:0b:8b:98:06:d3:31:
         21:39:16:7e:c1:ea:38:9a:dd:33:8d:5c:6a:c8:fd:ac:35:b4:
         a5:76:3b:0f:5b:7a:a0:e6:bd:5b:4f:83:71:a4:c7:5c:69:66:
         f1:b7:4b:6a:e0:a0:81:61:93:30:56:30:ea:8c:7c:27:01:2e:
         33:b1:9c:16:bd:d4:06:38:ba:d8:73:57:aa:bc:91:4d:a5:27:
         c5:05:88:29:56:41:1c:62:6a:56:49:3a:72:78:f4:d6:35:2c:
         c7:68:3a:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FTIfxPtpzm5M4oqje221MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NDU4ODU4YTFjYmRlODljOTI5MDYwZjQyZjJiMGRmOTI0
ZDRlMjkwHhcNMjYwMTAyMTQyMDU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWE4Y2YwNGI0MGZkMjRmZDk1OTQ4YjhhZGVmMGYzM2JhYmRjOWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6u5X+i/Oz4jrg/VjogPxksH8Ebv
9DDIucSY3043cJWBWmjdlcnTkZ6Z5jme+kkEFE9ATLcr62Y8QrMUxL4tJEaCG9r1
uhRV9dq9IQ+11KizNemmdcbEnBXvgc8sFRRIF5ClICcTurpP/X3k2Z7c1uE8HC/a
q9Qhq7hfO2isYaTCKUnzn5xruFSCkPThDcSPyfD1mPvFVifiSz20J8pis/so58Wo
ArwWMreSxdauJSFQYveTKnBtF82elv3P5M5VYfvHAGHK90K8U8TckNuGONhtrCqU
sjH5qFoLnurzBhFmWRW3H+G46EW7+feV4nhmix9xO02yW8FVzNfRmuJHtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6ozwS0D9JP2VlIuK3vDzO6vcnhMB8GA1UdIwQY
MBaAFLhFiFihy96JySkGD0LysN+STU4pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUVXSVdLSEwzb25KS1FZUFF2S3czNUpOVGlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9lNjc0ZmItMjY4My00Y2Y0LTk2N2It
YjdjNjdlYWNjM2E1LzEvSHFqUEJMUVAwa19aV1VpNHJlOFBNN3E5eWVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9lNjc0ZmItMjY4My00Y2Y0LTk2N2ItYjdjNjdlYWNjM2E1
LzEvdUVXSVdLSEwzb25KS1FZUFF2S3czNUpOVGlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCua2EMA0G
CSqGSIb3DQEBCwUAA4IBAQAgwbz/bmraRagmOneZfTSwObYmX4FBz0DfKBPf8/Re
fzAwfRE3UHFhNkrx5po5PXtmkPF4g3JJ88Q70BEFgr6DEvj5ieQNidTE6dsDnqat
uQ62qV/1lDhzhzZWBYRAdG8r0x8HtJkzGMyKTr278VGACmZ6dqAkZqAe9vzW0oCw
E/rt21PHWvARuQ2Bk62IVa9/EzuOB0Q9BLeJ21cLi5gG0zEhORZ+weo4mt0zjVxq
yP2sNbSldjsPW3qg5r1bT4NxpMdcaWbxt0tq4KCBYZMwVjDqjHwnAS4zsZwWvdQG
OLrYc1eqvJFNpSfFBYgpVkEcYmpWSTpyePTWNSzHaDpp
-----END CERTIFICATE-----