This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/hxyFg93cyoODusD3h3L8hfc5HG0.roa
File:                     hxyFg93cyoODusD3h3L8hfc5HG0.roa (raw, json)
Hash identifier:          BPNhbAxVULf2vc9aGDatTvAGnPVmpDD0d77IZ2F/Ui8=
Subject key identifier:   87:1C:85:83:DD:DC:CA:83:83:BA:C0:F7:87:72:FC:85:F7:39:1C:6D
Certificate issuer:       /CN=4acfac8645a3c6f10042dc4a74d700d9d06af17a
Certificate serial:       019B77C66A9885C1BD40275BD064000887AF
Authority key identifier: 4A:CF:AC:86:45:A3:C6:F1:00:42:DC:4A:74:D7:00:D9:D0:6A:F1:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/hxyFg93cyoODusD3h3L8hfc5HG0.roa
Signing time:             Thu 01 Jan 2026 04:17:30 +0000
ROA not before:           Thu 01 Jan 2026 04:17:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396982
IP address blocks:        185.180.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 21:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:6a:98:85:c1:bd:40:27:5b:d0:64:00:08:87:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4acfac8645a3c6f10042dc4a74d700d9d06af17a
        Validity
            Not Before: Jan  1 04:17:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=871c8583dddcca8383bac0f78772fc85f7391c6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a2:7e:2d:e7:7a:4b:fc:33:6b:48:55:ce:1b:
                    c5:29:be:6a:08:c4:06:3c:aa:e1:84:38:a1:bb:5e:
                    26:71:82:98:6a:0d:6c:bb:46:3b:be:df:81:9e:bb:
                    a7:5e:e9:57:33:a6:2b:77:c9:d2:b5:b7:e8:2d:c1:
                    48:8b:0a:f9:ca:19:03:d0:8a:04:ba:6a:db:53:1f:
                    b7:64:73:fa:bd:ea:82:59:1c:82:0a:c3:fd:fb:59:
                    82:9f:37:df:cf:e8:22:4f:91:e5:b3:7b:7e:3f:2a:
                    77:4d:03:ff:05:83:44:30:af:0f:4d:94:90:9c:e3:
                    95:c6:d5:b7:f5:70:68:d5:1c:8a:45:85:a1:fe:e1:
                    66:4d:8e:92:d0:2c:f9:c0:d0:a3:2a:9a:0d:a2:c9:
                    eb:e2:4e:d3:f1:f8:67:be:68:d5:82:b9:42:e0:bd:
                    fd:bd:24:ac:fb:f8:e7:18:18:bd:65:c3:72:e9:21:
                    59:a6:db:fd:9e:8e:96:7c:87:d4:3e:41:bb:f4:61:
                    cc:34:a7:b1:f5:8c:35:84:ec:9a:76:26:0a:b7:ad:
                    5c:8c:35:bb:3d:34:06:33:bb:6a:b1:d9:b1:80:41:
                    ca:f7:96:7e:86:4e:0d:17:76:71:d2:49:76:77:84:
                    19:45:d2:60:ea:55:68:fd:02:92:b0:ce:c1:21:8a:
                    2e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:1C:85:83:DD:DC:CA:83:83:BA:C0:F7:87:72:FC:85:F7:39:1C:6D
            X509v3 Authority Key Identifier:
                keyid:4A:CF:AC:86:45:A3:C6:F1:00:42:DC:4A:74:D7:00:D9:D0:6A:F1:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/hxyFg93cyoODusD3h3L8hfc5HG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:cd:4e:30:e1:5b:df:a5:04:67:6a:62:71:58:89:43:01:70:
         5f:cf:69:47:8a:da:49:0b:0c:23:9d:bb:97:90:f3:6f:80:1b:
         37:96:c4:68:47:86:54:bb:54:02:c8:db:08:bc:10:67:8a:d4:
         2f:da:a0:5a:f2:5e:07:38:a0:ce:92:b6:f0:52:f8:67:7b:d8:
         ed:f5:6f:52:ef:86:42:cc:55:b9:24:8c:7e:50:5e:89:69:d6:
         f3:e8:86:f6:8f:a6:2c:54:59:93:52:90:fb:4b:49:e0:c0:1b:
         69:43:85:cd:6f:f5:ac:e2:4e:d6:59:3e:57:7d:b0:6f:98:79:
         18:a5:af:62:f0:d4:87:fd:ab:54:53:61:d3:68:0d:10:04:cc:
         b5:6d:68:ac:90:97:fa:36:e6:21:29:b5:de:6e:ce:0d:ae:c2:
         47:2f:1d:9c:bb:56:77:1b:c8:ad:ff:a7:57:34:38:cc:7c:05:
         28:b4:df:5b:4b:6e:a3:ca:95:fe:28:a4:4f:88:12:01:41:7c:
         0f:6d:01:f1:2f:b8:27:fa:2f:30:6e:22:ef:21:5c:cb:ed:50:
         01:05:f8:50:ea:c4:ad:a7:cf:1e:e0:2c:de:52:d7:96:ff:44:
         9c:e6:80:b9:2b:ad:80:ea:49:70:82:05:4e:ff:69:c6:51:05:
         39:d0:a3:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xmqYhcG9QCdb0GQACIevMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhY2ZhYzg2NDVhM2M2ZjEwMDQyZGM0YTc0ZDcwMGQ5ZDA2
YWYxN2EwHhcNMjYwMTAxMDQxNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzFjODU4M2RkZGNjYTgzODNiYWMwZjc4NzcyZmM4NWY3MzkxYzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjaJ+Led6S/wza0hVzhvFKb5qCMQG
PKrhhDihu14mcYKYag1su0Y7vt+BnrunXulXM6Yrd8nStbfoLcFIiwr5yhkD0IoE
umrbUx+3ZHP6veqCWRyCCsP9+1mCnzffz+giT5Hls3t+Pyp3TQP/BYNEMK8PTZSQ
nOOVxtW39XBo1RyKRYWh/uFmTY6S0Cz5wNCjKpoNosnr4k7T8fhnvmjVgrlC4L39
vSSs+/jnGBi9ZcNy6SFZptv9no6WfIfUPkG79GHMNKex9Yw1hOyadiYKt61cjDW7
PTQGM7tqsdmxgEHK95Z+hk4NF3Zx0kl2d4QZRdJg6lVo/QKSsM7BIYouHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcchYPd3MqDg7rA94dy/IX3ORxtMB8GA1UdIwQY
MBaAFErPrIZFo8bxAELcSnTXANnQavF6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3Mtc2hrV2p4dkVBUXR4S2ROY0EyZEJxOFhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8yYzE3Y2ItNDc0Mi00NGNmLTg5MWYt
N2JmODI3N2Q4YTJmLzEvaHh5Rmc5M2N5b09EdXNEM2gzTDhoZmM1SEcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8yYzE3Y2ItNDc0Mi00NGNmLTg5MWYtN2JmODI3N2Q4YTJm
LzEvU3Mtc2hrV2p4dkVBUXR4S2ROY0EyZEJxOFhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubSOMA0G
CSqGSIb3DQEBCwUAA4IBAQBLzU4w4VvfpQRnamJxWIlDAXBfz2lHitpJCwwjnbuX
kPNvgBs3lsRoR4ZUu1QCyNsIvBBnitQv2qBa8l4HOKDOkrbwUvhne9jt9W9S74ZC
zFW5JIx+UF6Jadbz6Ib2j6YsVFmTUpD7S0ngwBtpQ4XNb/Ws4k7WWT5XfbBvmHkY
pa9i8NSH/atUU2HTaA0QBMy1bWiskJf6NuYhKbXebs4NrsJHLx2cu1Z3G8it/6dX
NDjMfAUotN9bS26jypX+KKRPiBIBQXwPbQHxL7gn+i8wbiLvIVzL7VABBfhQ6sSt
p88e4CzeUteW/0Sc5oC5K62A6klwggVO/2nGUQU50KPB
-----END CERTIFICATE-----