This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/8e291a-b655-46e4-bdc3-ef5ba54adb59/1/HF5zqPXN9kt9inQteOZzFMTE7II.roa
File:                     HF5zqPXN9kt9inQteOZzFMTE7II.roa (raw, json)
Hash identifier:          R1fiWZdr3X5ktKLZaP8dhQLpBM9tv/J5IHD5dAofhUY=
Subject key identifier:   1C:5E:73:A8:F5:CD:F6:4B:7D:8A:74:2D:78:E6:73:14:C4:C4:EC:82
Certificate issuer:       /CN=20b4873842a904f1a697201393e7ba626842f4af
Certificate serial:       019B797E6E61680130CC2AAEAF75ED064CFA
Authority key identifier: 20:B4:87:38:42:A9:04:F1:A6:97:20:13:93:E7:BA:62:68:42:F4:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ILSHOEKpBPGmlyATk-e6YmhC9K8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/8e291a-b655-46e4-bdc3-ef5ba54adb59/1/HF5zqPXN9kt9inQteOZzFMTE7II.roa
Signing time:             Thu 01 Jan 2026 12:18:07 +0000
ROA not before:           Thu 01 Jan 2026 12:18:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50333
IP address blocks:        85.255.240.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/8e291a-b655-46e4-bdc3-ef5ba54adb59/1/ILSHOEKpBPGmlyATk-e6YmhC9K8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/8e291a-b655-46e4-bdc3-ef5ba54adb59/1/ILSHOEKpBPGmlyATk-e6YmhC9K8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ILSHOEKpBPGmlyATk-e6YmhC9K8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:6e:61:68:01:30:cc:2a:ae:af:75:ed:06:4c:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20b4873842a904f1a697201393e7ba626842f4af
        Validity
            Not Before: Jan  1 12:18:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1c5e73a8f5cdf64b7d8a742d78e67314c4c4ec82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b7:a0:0e:88:f6:26:18:0e:e7:04:fb:99:a8:
                    4e:c3:b5:43:14:c0:83:c7:7a:05:58:ec:d4:b4:d5:
                    e3:a2:26:46:c3:cd:82:60:ae:26:69:c0:ac:ec:6a:
                    44:d5:24:f5:e9:f4:44:f7:da:ae:7a:69:d0:2e:8f:
                    f0:0b:7b:2e:1c:f3:f3:d4:81:ff:6b:43:0a:3d:5d:
                    f8:ee:03:9d:b0:3c:84:8e:64:0e:5b:7f:23:4e:52:
                    48:9c:c8:ab:18:8f:e8:07:8e:30:01:c9:5f:16:b3:
                    75:f3:18:a5:b5:0d:cb:9d:4b:15:68:15:31:4d:25:
                    ec:b3:58:30:c8:dd:1b:83:b8:b3:b5:ba:2d:95:cb:
                    24:34:dc:02:9d:46:89:ee:65:9d:62:d3:a3:81:0a:
                    93:5e:df:f4:b7:6a:72:ff:63:98:81:51:74:7c:70:
                    33:22:17:0c:4e:62:ae:c4:14:42:aa:92:78:86:b8:
                    1d:75:7f:69:90:26:e9:48:9e:04:54:22:13:70:1b:
                    6a:bd:f4:aa:ae:e3:62:1c:cd:1e:88:08:02:17:6a:
                    0f:32:51:73:00:68:bd:07:e7:e9:8a:d3:af:31:d4:
                    39:db:c5:b9:9d:dc:e6:bb:35:e2:51:68:a2:85:b9:
                    bd:21:58:43:ff:4b:38:78:04:67:ef:63:ed:f4:24:
                    74:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:5E:73:A8:F5:CD:F6:4B:7D:8A:74:2D:78:E6:73:14:C4:C4:EC:82
            X509v3 Authority Key Identifier:
                keyid:20:B4:87:38:42:A9:04:F1:A6:97:20:13:93:E7:BA:62:68:42:F4:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ILSHOEKpBPGmlyATk-e6YmhC9K8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/8e291a-b655-46e4-bdc3-ef5ba54adb59/1/HF5zqPXN9kt9inQteOZzFMTE7II.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/8e291a-b655-46e4-bdc3-ef5ba54adb59/1/ILSHOEKpBPGmlyATk-e6YmhC9K8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.255.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         2d:54:c8:73:b8:29:5a:48:f9:b9:e3:67:1d:e4:e8:66:21:0c:
         87:4f:2d:a4:f6:67:9d:9e:07:ba:a6:8f:03:14:c4:a0:0f:c6:
         d0:d5:b9:96:22:68:00:e8:96:da:dc:66:c2:6e:be:ca:b8:2d:
         54:05:a1:68:e1:71:a8:86:0f:8a:0f:25:f8:2b:fe:ab:d1:f5:
         73:b3:5b:58:4e:07:90:56:3e:09:44:32:3d:32:12:98:ba:ff:
         85:64:d0:e5:55:f7:86:3a:e5:5e:62:7a:9f:a7:54:ad:d3:07:
         96:d5:d9:71:b2:66:57:7f:54:e0:dc:cb:9c:83:37:3a:2a:6b:
         74:7d:09:aa:a6:97:e8:e6:85:43:40:ee:fe:ab:f6:44:99:48:
         bb:7f:1b:0a:2f:2c:04:f5:01:fe:41:b2:68:a4:34:bb:34:b2:
         3a:73:dd:3f:fb:be:e7:5c:9d:da:3c:16:0a:7d:b3:af:26:1f:
         46:56:8d:db:95:79:5f:bd:06:4e:37:45:ce:50:a9:92:db:3f:
         fa:cc:4e:8b:fd:95:42:9f:0f:e4:9f:0f:ea:34:18:8d:ec:8c:
         07:83:5b:cc:89:39:8e:89:62:71:6e:1f:0a:51:7e:47:0b:cc:
         5f:ff:8e:d9:8c:fc:79:c9:32:e0:04:1e:6b:eb:ba:83:6c:78:
         52:fa:c8:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fm5haAEwzCqur3XtBkz6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYjQ4NzM4NDJhOTA0ZjFhNjk3MjAxMzkzZTdiYTYyNjg0
MmY0YWYwHhcNMjYwMTAxMTIxODA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzVlNzNhOGY1Y2RmNjRiN2Q4YTc0MmQ3OGU2NzMxNGM0YzRlYzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbegDoj2JhgO5wT7mahOw7VDFMCD
x3oFWOzUtNXjoiZGw82CYK4macCs7GpE1ST16fRE99quemnQLo/wC3suHPPz1IH/
a0MKPV347gOdsDyEjmQOW38jTlJInMirGI/oB44wAclfFrN18xiltQ3LnUsVaBUx
TSXss1gwyN0bg7iztbotlcskNNwCnUaJ7mWdYtOjgQqTXt/0t2py/2OYgVF0fHAz
IhcMTmKuxBRCqpJ4hrgddX9pkCbpSJ4EVCITcBtqvfSqruNiHM0eiAgCF2oPMlFz
AGi9B+fpitOvMdQ528W5ndzmuzXiUWiihbm9IVhD/0s4eARn72Pt9CR0LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBxec6j1zfZLfYp0LXjmcxTExOyCMB8GA1UdIwQY
MBaAFCC0hzhCqQTxppcgE5PnumJoQvSvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUxTSE9FS3BCUEdtbHlBVGstZTZZbWhDOUs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS84ZTI5MWEtYjY1NS00NmU0LWJkYzMt
ZWY1YmE1NGFkYjU5LzEvSEY1enFQWE45a3Q5aW5RdGVPWnpGTVRFN0lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS84ZTI5MWEtYjY1NS00NmU0LWJkYzMtZWY1YmE1NGFkYjU5
LzEvSUxTSE9FS3BCUEdtbHlBVGstZTZZbWhDOUs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEVf/wMA0G
CSqGSIb3DQEBCwUAA4IBAQAtVMhzuClaSPm542cd5OhmIQyHTy2k9mednge6po8D
FMSgD8bQ1bmWImgA6Jba3GbCbr7KuC1UBaFo4XGohg+KDyX4K/6r0fVzs1tYTgeQ
Vj4JRDI9MhKYuv+FZNDlVfeGOuVeYnqfp1St0weW1dlxsmZXf1Tg3Mucgzc6Kmt0
fQmqppfo5oVDQO7+q/ZEmUi7fxsKLywE9QH+QbJopDS7NLI6c90/+77nXJ3aPBYK
fbOvJh9GVo3blXlfvQZON0XOUKmS2z/6zE6L/ZVCnw/knw/qNBiN7IwHg1vMiTmO
iWJxbh8KUX5HC8xf/47ZjPx5yTLgBB5r67qDbHhS+si8
-----END CERTIFICATE-----