This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/H41pXcA8VjDWzAOdUw8kJkHTePo.roa
File:                     H41pXcA8VjDWzAOdUw8kJkHTePo.roa (raw, json)
Hash identifier:          vd9X0KNO4KjRnGRSxo8WoFeqcJXdexnSKn3TUknAjFQ=
Subject key identifier:   1F:8D:69:5D:C0:3C:56:30:D6:CC:03:9D:53:0F:24:26:41:D3:78:FA
Certificate issuer:       /CN=d6aa89f7b722279c032942dcf24865f6d72d6501
Certificate serial:       019B797E07ED15835A088B8CEE0D1142254B
Authority key identifier: D6:AA:89:F7:B7:22:27:9C:03:29:42:DC:F2:48:65:F6:D7:2D:65:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qqJ97ciJ5wDKULc8khl9tctZQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/H41pXcA8VjDWzAOdUw8kJkHTePo.roa
Signing time:             Thu 01 Jan 2026 12:17:41 +0000
ROA not before:           Thu 01 Jan 2026 12:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        185.225.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/1qqJ97ciJ5wDKULc8khl9tctZQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/1qqJ97ciJ5wDKULc8khl9tctZQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qqJ97ciJ5wDKULc8khl9tctZQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:07:ed:15:83:5a:08:8b:8c:ee:0d:11:42:25:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa89f7b722279c032942dcf24865f6d72d6501
        Validity
            Not Before: Jan  1 12:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f8d695dc03c5630d6cc039d530f242641d378fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:d5:f5:9d:0b:82:92:b3:3c:40:24:26:1a:2c:
                    e7:01:8e:b8:88:d0:17:1e:7e:61:ac:b0:3d:ff:e8:
                    12:8d:01:3d:49:c2:4d:ce:a9:bc:e7:a0:2d:8c:24:
                    dc:1a:e7:76:43:22:22:5f:25:21:26:9c:e1:a1:50:
                    1b:a6:0c:0b:cd:41:2e:c4:f8:35:da:4d:b2:3e:15:
                    fa:50:84:2d:65:43:74:81:13:bf:a6:62:4c:cd:5f:
                    6e:26:cd:6b:28:f9:9d:e1:0b:b5:91:9e:7d:ad:0b:
                    25:0b:bb:65:b2:71:44:73:c1:dc:ee:9d:ae:73:dc:
                    01:ca:df:2b:d0:3d:13:ed:d1:f1:25:88:9e:ea:f9:
                    db:e3:91:4d:0f:df:f7:4b:c5:41:e7:43:d7:55:78:
                    da:f2:1e:b8:c5:35:45:f6:d2:b8:41:02:d8:a3:38:
                    44:47:6c:9b:81:ac:18:51:a1:32:0d:f8:cd:b6:fd:
                    37:94:f5:06:ae:67:cf:a1:f0:d4:41:5f:0b:f6:8a:
                    93:53:df:09:aa:f8:88:af:f1:f9:1f:33:29:08:f8:
                    a5:5c:62:0b:b8:5e:b9:6f:04:7d:4c:f1:1e:d6:cc:
                    df:4b:23:78:09:be:f9:d8:4c:bd:4e:0d:43:80:77:
                    71:b0:6a:6f:4a:41:04:79:9f:15:a5:31:75:9e:e7:
                    2b:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:8D:69:5D:C0:3C:56:30:D6:CC:03:9D:53:0F:24:26:41:D3:78:FA
            X509v3 Authority Key Identifier:
                keyid:D6:AA:89:F7:B7:22:27:9C:03:29:42:DC:F2:48:65:F6:D7:2D:65:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qqJ97ciJ5wDKULc8khl9tctZQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/H41pXcA8VjDWzAOdUw8kJkHTePo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/0e7e28-a829-47d2-80e6-8ba6888669cf/1/1qqJ97ciJ5wDKULc8khl9tctZQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:2f:f5:5f:11:e9:29:09:48:5a:12:12:7c:6d:02:7a:c0:da:
         25:f1:de:81:b2:10:09:79:e6:be:32:37:6d:5e:10:68:95:50:
         4f:c1:24:fb:01:66:c9:11:00:f5:8b:2c:80:df:43:b7:3a:b5:
         84:7c:01:8a:f9:7d:44:62:97:55:95:97:82:ef:40:63:38:f6:
         be:fb:0f:b0:74:10:32:7b:88:ea:c7:19:ad:2a:ff:7d:16:a9:
         0b:06:04:c5:74:c0:28:bd:69:bc:2a:1d:dc:a3:0b:e9:49:de:
         2a:69:54:38:3c:d9:97:96:68:cd:c1:0b:b0:5e:ff:fb:7a:81:
         61:8c:16:b5:d3:b0:ce:39:88:20:19:7d:75:80:71:c7:83:88:
         49:ac:7e:4a:7a:7e:ea:64:4a:bc:26:92:c8:8c:b8:82:1b:0d:
         26:00:d0:ee:c0:d1:d3:80:54:64:27:e4:d0:31:f2:ca:73:92:
         e6:99:0e:19:6c:5d:55:20:45:72:c1:b3:bb:8a:dc:ff:ca:d1:
         c5:82:ec:05:4c:e7:e8:cd:5c:95:08:f2:69:73:df:51:bb:8c:
         19:95:84:64:4d:ca:32:96:56:6c:64:64:fa:83:b3:91:c7:f6:
         d8:fe:b8:49:0e:65:02:3a:ca:02:87:75:0b:11:00:c9:2e:5c:
         77:6c:e2:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fgftFYNaCIuM7g0RQiVLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWE4OWY3YjcyMjI3OWMwMzI5NDJkY2YyNDg2NWY2ZDcy
ZDY1MDEwHhcNMjYwMTAxMTIxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjhkNjk1ZGMwM2M1NjMwZDZjYzAzOWQ1MzBmMjQyNjQxZDM3OGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydX1nQuCkrM8QCQmGiznAY64iNAX
Hn5hrLA9/+gSjQE9ScJNzqm856AtjCTcGud2QyIiXyUhJpzhoVAbpgwLzUEuxPg1
2k2yPhX6UIQtZUN0gRO/pmJMzV9uJs1rKPmd4Qu1kZ59rQslC7tlsnFEc8Hc7p2u
c9wByt8r0D0T7dHxJYie6vnb45FND9/3S8VB50PXVXja8h64xTVF9tK4QQLYozhE
R2ybgawYUaEyDfjNtv03lPUGrmfPofDUQV8L9oqTU98JqviIr/H5HzMpCPilXGIL
uF65bwR9TPEe1szfSyN4Cb752Ey9Tg1DgHdxsGpvSkEEeZ8VpTF1nucrTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+NaV3APFYw1swDnVMPJCZB03j6MB8GA1UdIwQY
MBaAFNaqife3IiecAylC3PJIZfbXLWUBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFxSjk3Y2lKNXdES1VMYzhraGw5dGN0WlFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8wZTdlMjgtYTgyOS00N2QyLTgwZTYt
OGJhNjg4ODY2OWNmLzEvSDQxcFhjQThWakRXekFPZFV3OGtKa0hUZVBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8wZTdlMjgtYTgyOS00N2QyLTgwZTYtOGJhNjg4ODY2OWNm
LzEvMXFxSjk3Y2lKNXdES1VMYzhraGw5dGN0WlFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueH8MA0G
CSqGSIb3DQEBCwUAA4IBAQAmL/VfEekpCUhaEhJ8bQJ6wNol8d6BshAJeea+Mjdt
XhBolVBPwST7AWbJEQD1iyyA30O3OrWEfAGK+X1EYpdVlZeC70BjOPa++w+wdBAy
e4jqxxmtKv99FqkLBgTFdMAovWm8Kh3cowvpSd4qaVQ4PNmXlmjNwQuwXv/7eoFh
jBa107DOOYggGX11gHHHg4hJrH5Ken7qZEq8JpLIjLiCGw0mANDuwNHTgFRkJ+TQ
MfLKc5LmmQ4ZbF1VIEVywbO7itz/ytHFguwFTOfozVyVCPJpc99Ru4wZlYRkTcoy
llZsZGT6g7ORx/bY/rhJDmUCOsoCh3ULEQDJLlx3bOJD
-----END CERTIFICATE-----