This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/cHEcDX0McPp18OAbTp5Y95Csw7w.roa
File:                     cHEcDX0McPp18OAbTp5Y95Csw7w.roa (raw, json)
Hash identifier:          g/pWKJS7on51I83qoD+dJERwm0yZFbDiNUAwdftfVMQ=
Subject key identifier:   70:71:1C:0D:7D:0C:70:FA:75:F0:E0:1B:4E:9E:58:F7:90:AC:C3:BC
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019AD12759DA946A36F945F5FC6F9A81B254
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/cHEcDX0McPp18OAbTp5Y95Csw7w.roa
Signing time:             Sat 29 Nov 2025 19:46:48 +0000
ROA not before:           Sat 29 Nov 2025 19:46:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63199
IP address blocks:        91.193.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 10:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:d1:27:59:da:94:6a:36:f9:45:f5:fc:6f:9a:81:b2:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Nov 29 19:46:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70711c0d7d0c70fa75f0e01b4e9e58f790acc3bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9c:e7:31:14:95:2a:ad:ea:03:9e:56:8b:86:
                    09:96:3f:8a:7c:f1:f9:9b:b1:4a:d4:55:66:3a:18:
                    3c:ad:f9:3a:1d:45:51:47:fb:3b:15:b5:37:ce:41:
                    03:ce:86:df:cf:38:c2:13:9d:43:71:54:64:d0:04:
                    bb:6c:0c:21:a9:46:b1:95:10:a7:61:b0:b6:51:ee:
                    af:b4:d8:fb:d2:de:74:aa:3e:f8:99:08:64:16:59:
                    e4:17:04:89:88:75:3f:cb:1f:2f:6f:7b:20:44:cf:
                    61:dc:34:f8:bf:e2:d9:67:be:2f:8d:de:ed:25:11:
                    83:51:d9:95:20:cf:59:1d:4d:9c:a0:61:4e:9b:1c:
                    c1:5e:95:9c:b8:c0:30:3d:34:e0:4e:ab:96:1d:66:
                    15:88:9b:4a:25:76:15:9f:b0:72:52:2f:e1:a2:3a:
                    31:f4:66:c5:02:8a:80:85:c6:31:17:27:d6:d7:df:
                    7a:49:9e:80:5d:57:2a:a7:75:c3:bd:62:82:88:d9:
                    4a:80:ba:73:e6:51:91:46:76:1d:b7:d3:81:08:9f:
                    aa:58:7f:89:88:a0:14:da:cc:7c:d4:e6:5b:9c:b6:
                    cf:15:00:c9:b7:85:4a:bd:7a:38:12:0b:0a:9e:a6:
                    42:a7:e0:c3:31:8c:c2:a4:94:98:d4:a9:6c:ff:da:
                    6b:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:71:1C:0D:7D:0C:70:FA:75:F0:E0:1B:4E:9E:58:F7:90:AC:C3:BC
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/cHEcDX0McPp18OAbTp5Y95Csw7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:e1:f0:02:98:28:fa:1e:70:f0:25:0c:cf:bd:c6:c8:43:ea:
         0d:ba:c1:9e:14:69:19:ef:dd:96:03:1a:17:4a:8b:f5:56:3d:
         70:18:07:01:49:19:11:7f:91:8d:c7:02:59:79:d5:94:03:5a:
         3d:7b:7a:80:6f:87:73:e5:c9:bc:e0:71:22:df:cd:9d:77:e1:
         b7:bc:40:cd:8e:2c:6a:95:7e:b7:6b:d6:ee:21:90:ce:a9:67:
         b0:d0:00:3b:b6:75:1a:26:08:aa:a1:31:ed:8a:7a:67:28:86:
         25:16:f9:80:8a:24:6a:f5:d7:28:5b:36:e8:3c:5d:9b:96:8f:
         ed:6f:db:04:05:c7:21:27:2a:85:db:6b:44:53:3a:47:70:2d:
         88:75:c0:a0:c6:d9:8b:da:b8:dc:34:8f:83:67:d7:a2:de:9c:
         9d:7d:09:78:f2:7e:fa:70:7f:fc:ed:9f:7e:e7:81:6e:a5:98:
         b2:25:13:b3:11:dd:28:aa:7b:a7:9e:eb:ae:ad:23:eb:d2:fb:
         4d:ec:67:19:6f:42:4c:6e:1c:2a:37:c3:9c:12:31:58:03:f0:
         ab:d7:52:80:5d:e2:e7:45:10:cd:25:96:85:21:ba:a1:bf:7a:
         f8:da:7e:2e:1a:d9:08:70:45:86:36:0a:f2:0f:7c:e3:e8:6f:
         87:30:df:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrRJ1nalGo2+UX1/G+agbJUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjUxMTI5MTk0NjQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDcxMWMwZDdkMGM3MGZhNzVmMGUwMWI0ZTllNThmNzkwYWNjM2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspznMRSVKq3qA55Wi4YJlj+KfPH5
m7FK1FVmOhg8rfk6HUVRR/s7FbU3zkEDzobfzzjCE51DcVRk0AS7bAwhqUaxlRCn
YbC2Ue6vtNj70t50qj74mQhkFlnkFwSJiHU/yx8vb3sgRM9h3DT4v+LZZ74vjd7t
JRGDUdmVIM9ZHU2coGFOmxzBXpWcuMAwPTTgTquWHWYViJtKJXYVn7ByUi/hojox
9GbFAoqAhcYxFyfW1996SZ6AXVcqp3XDvWKCiNlKgLpz5lGRRnYdt9OBCJ+qWH+J
iKAU2sx81OZbnLbPFQDJt4VKvXo4EgsKnqZCp+DDMYzCpJSY1Kls/9priwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHBxHA19DHD6dfDgG06eWPeQrMO8MB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvY0hFY0RYME1jUHAxOE9BYlRwNVk5NUNzdzd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8HpMA0G
CSqGSIb3DQEBCwUAA4IBAQBw4fACmCj6HnDwJQzPvcbIQ+oNusGeFGkZ792WAxoX
Sov1Vj1wGAcBSRkRf5GNxwJZedWUA1o9e3qAb4dz5cm84HEi382dd+G3vEDNjixq
lX63a9buIZDOqWew0AA7tnUaJgiqoTHtinpnKIYlFvmAiiRq9dcoWzboPF2blo/t
b9sEBcchJyqF22tEUzpHcC2IdcCgxtmL2rjcNI+DZ9ei3pydfQl48n76cH/87Z9+
54FupZiyJROzEd0oqnunnuuurSPr0vtN7GcZb0JMbhwqN8OcEjFYA/Cr11KAXeLn
RRDNJZaFIbqhv3r42n4uGtkIcEWGNgryD3zj6G+HMN+i
-----END CERTIFICATE-----