This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/HqifaU4ZzX1zPEBC7D-B73EGf3M.roa
File:                     HqifaU4ZzX1zPEBC7D-B73EGf3M.roa (raw, json)
Hash identifier:          0M8aqRG6ut6LxfjbRqCgOybnHyYCc2Tx8toQYsRs7+g=
Subject key identifier:   1E:A8:9F:69:4E:19:CD:7D:73:3C:40:42:EC:3F:81:EF:71:06:7F:73
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019A96B68DE3FA574E52372978EE1607ED7E
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/HqifaU4ZzX1zPEBC7D-B73EGf3M.roa
Signing time:             Tue 18 Nov 2025 11:25:37 +0000
ROA not before:           Tue 18 Nov 2025 11:25:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        45.147.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Dec 2025 09:57:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:96:b6:8d:e3:fa:57:4e:52:37:29:78:ee:16:07:ed:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Nov 18 11:25:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ea89f694e19cd7d733c4042ec3f81ef71067f73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:2a:4f:54:ee:56:7e:e4:38:e5:73:20:c0:de:
                    f0:c1:e4:f6:6a:35:df:b2:89:61:d6:c5:8c:3d:59:
                    35:ed:d5:92:20:25:ba:72:fe:c9:1d:a5:72:1a:3a:
                    44:57:2f:a7:59:53:10:5f:45:bf:80:4d:a5:01:72:
                    26:3d:6a:b2:48:ee:df:f1:de:68:c9:aa:2b:8c:9e:
                    4c:83:24:e8:dd:e4:53:ab:27:a6:d6:a7:90:55:1a:
                    61:7d:89:91:ef:9d:6e:f8:06:5c:ce:ff:00:f5:96:
                    1b:5b:57:99:20:c9:08:83:c2:17:32:5c:71:66:c5:
                    82:23:aa:f6:4f:58:63:a0:13:eb:86:81:59:04:3c:
                    90:69:92:7b:ed:40:a9:16:24:42:0e:54:8f:cc:5d:
                    76:a9:f3:a8:70:c3:93:43:b4:ac:30:de:c2:02:40:
                    54:05:27:5e:15:40:0d:09:a8:55:d3:e4:ef:d3:c8:
                    49:6e:dc:c0:ef:00:f6:1a:87:d5:8e:72:5c:e2:a8:
                    26:8d:e2:0b:db:86:00:22:8e:c9:eb:9c:e0:e3:8a:
                    1a:c9:97:a8:f2:be:e1:66:b1:55:d1:39:e8:b1:8b:
                    12:ea:60:24:1e:96:0a:ee:b2:73:df:9e:51:47:62:
                    66:6f:1a:cc:cb:e8:fe:3e:08:ac:53:74:cb:ea:d3:
                    0c:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:A8:9F:69:4E:19:CD:7D:73:3C:40:42:EC:3F:81:EF:71:06:7F:73
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/HqifaU4ZzX1zPEBC7D-B73EGf3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:65:c2:7e:f2:a0:95:9a:24:55:80:10:db:c0:c4:41:b4:a0:
         2c:3f:6e:06:a3:2f:6b:52:cb:49:12:c4:12:03:a0:d3:b4:32:
         04:52:eb:3c:af:8f:0c:3c:17:ce:58:0d:b3:91:44:2f:d7:75:
         8a:32:70:43:96:fe:2c:31:35:d2:0d:4b:65:79:79:95:85:9e:
         2c:7c:52:89:33:8e:45:61:f5:89:c1:b7:af:90:2c:6f:cf:94:
         53:91:63:85:29:1a:85:6a:e2:75:92:d4:e1:d4:fa:8e:d6:46:
         04:9b:5d:01:54:f8:5b:8f:74:a4:5f:d2:45:e3:af:87:66:a8:
         ee:57:38:00:47:4f:a5:c5:53:8c:9c:ce:ef:a5:12:e3:c8:c2:
         31:df:5c:86:f8:52:a6:09:0d:5c:bf:46:82:2b:ae:b5:59:1d:
         62:7b:b1:6d:49:43:71:27:d1:ca:86:75:f6:5a:f0:c4:55:e1:
         d5:39:84:da:c7:9c:67:9f:85:47:e3:60:62:f4:65:7f:9f:a2:
         7a:52:af:e0:70:35:2f:27:09:70:bc:f2:48:a4:0f:c4:86:48:
         5c:cf:35:02:36:dd:ea:e0:1a:0e:81:c2:f8:5f:2e:4f:b7:b7:
         a1:34:95:84:31:1f:24:d5:4e:8b:4e:45:82:24:f1:7d:37:17:
         d7:3a:53:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqWto3j+ldOUjcpeO4WB+1+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjUxMTE4MTEyNTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWE4OWY2OTRlMTljZDdkNzMzYzQwNDJlYzNmODFlZjcxMDY3ZjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCpPVO5WfuQ45XMgwN7wweT2ajXf
solh1sWMPVk17dWSICW6cv7JHaVyGjpEVy+nWVMQX0W/gE2lAXImPWqySO7f8d5o
yaorjJ5MgyTo3eRTqyem1qeQVRphfYmR751u+AZczv8A9ZYbW1eZIMkIg8IXMlxx
ZsWCI6r2T1hjoBPrhoFZBDyQaZJ77UCpFiRCDlSPzF12qfOocMOTQ7SsMN7CAkBU
BSdeFUANCahV0+Tv08hJbtzA7wD2GofVjnJc4qgmjeIL24YAIo7J65zg44oayZeo
8r7hZrFV0TnosYsS6mAkHpYK7rJz355RR2JmbxrMy+j+PgisU3TL6tMM3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6on2lOGc19czxAQuw/ge9xBn9zMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvSHFpZmFVNFp6WDF6UEVCQzdELUI3M0VHZjNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZMsMA0G
CSqGSIb3DQEBCwUAA4IBAQAcZcJ+8qCVmiRVgBDbwMRBtKAsP24Goy9rUstJEsQS
A6DTtDIEUus8r48MPBfOWA2zkUQv13WKMnBDlv4sMTXSDUtleXmVhZ4sfFKJM45F
YfWJwbevkCxvz5RTkWOFKRqFauJ1ktTh1PqO1kYEm10BVPhbj3SkX9JF46+HZqju
VzgAR0+lxVOMnM7vpRLjyMIx31yG+FKmCQ1cv0aCK661WR1ie7FtSUNxJ9HKhnX2
WvDEVeHVOYTax5xnn4VH42Bi9GV/n6J6Uq/gcDUvJwlwvPJIpA/EhkhczzUCNt3q
4BoOgcL4Xy5Pt7ehNJWEMR8k1U6LTkWCJPF9NxfXOlOS
-----END CERTIFICATE-----