This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/98aca3-0c7c-4f05-8d03-35c78e70199e/1/HAZA6F3BwOd0IfWybSlNKmtev0c.roa
File:                     HAZA6F3BwOd0IfWybSlNKmtev0c.roa (raw, json)
Hash identifier:          gALftZc7LvU74tun0cfmm/0H5zwtdsQqdDGCiEp/ba4=
Subject key identifier:   1C:06:40:E8:5D:C1:C0:E7:74:21:F5:B2:6D:29:4D:2A:6B:5E:BF:47
Certificate issuer:       /CN=96c56c5ea5478f4d37b30f3682e43b7e2ef90d98
Certificate serial:       019B7F151FEE28DD77AF621A2CAE1C9A98A9
Authority key identifier: 96:C5:6C:5E:A5:47:8F:4D:37:B3:0F:36:82:E4:3B:7E:2E:F9:0D:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lsVsXqVHj003sw82guQ7fi75DZg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/98aca3-0c7c-4f05-8d03-35c78e70199e/1/HAZA6F3BwOd0IfWybSlNKmtev0c.roa
Signing time:             Fri 02 Jan 2026 14:20:49 +0000
ROA not before:           Fri 02 Jan 2026 14:20:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31534
IP address blocks:        193.16.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/98aca3-0c7c-4f05-8d03-35c78e70199e/1/lsVsXqVHj003sw82guQ7fi75DZg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/98aca3-0c7c-4f05-8d03-35c78e70199e/1/lsVsXqVHj003sw82guQ7fi75DZg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lsVsXqVHj003sw82guQ7fi75DZg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 20:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:1f:ee:28:dd:77:af:62:1a:2c:ae:1c:9a:98:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96c56c5ea5478f4d37b30f3682e43b7e2ef90d98
        Validity
            Not Before: Jan  2 14:20:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1c0640e85dc1c0e77421f5b26d294d2a6b5ebf47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:aa:fc:e6:a7:52:98:7e:da:27:89:c0:01:b0:
                    33:0e:fb:e9:46:64:62:51:d4:71:fd:b8:36:55:68:
                    12:21:ed:ee:e7:ab:bb:bb:02:ea:73:d2:a3:7d:fa:
                    7d:17:61:ee:fa:3c:6f:b2:98:53:91:70:85:08:b9:
                    98:34:c4:b8:c9:c4:04:79:57:4e:47:c7:ca:8a:71:
                    b6:4d:9f:ac:e9:82:c9:d8:02:41:9d:4a:b1:41:49:
                    51:e0:f5:bb:85:98:cf:38:ac:22:ea:5d:d5:6d:c8:
                    22:8e:b8:90:37:19:df:ee:75:23:74:3c:48:cb:c6:
                    5c:78:9e:11:a7:25:29:f9:0b:4f:93:fc:28:e4:33:
                    09:99:bf:6d:e8:98:da:c8:88:08:85:29:e2:eb:3a:
                    e1:ba:c7:ef:0b:75:4f:83:52:88:ea:8a:92:a3:5d:
                    0b:e1:c6:0a:74:3f:ff:b5:b5:94:bc:3b:d0:0d:b0:
                    55:46:a3:7a:33:26:ae:55:05:bb:b0:ea:76:b2:83:
                    af:c6:61:c7:c7:cd:98:c7:6f:a3:87:47:7a:3f:2f:
                    5d:dd:d4:bd:14:59:bb:c5:b8:10:b3:31:6a:69:15:
                    86:66:2b:aa:e7:d0:fd:19:bd:e4:4a:63:0e:5b:e0:
                    71:4a:2d:e8:c1:50:91:99:32:e8:04:9e:96:bf:e9:
                    29:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:06:40:E8:5D:C1:C0:E7:74:21:F5:B2:6D:29:4D:2A:6B:5E:BF:47
            X509v3 Authority Key Identifier:
                keyid:96:C5:6C:5E:A5:47:8F:4D:37:B3:0F:36:82:E4:3B:7E:2E:F9:0D:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lsVsXqVHj003sw82guQ7fi75DZg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/98aca3-0c7c-4f05-8d03-35c78e70199e/1/HAZA6F3BwOd0IfWybSlNKmtev0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/98aca3-0c7c-4f05-8d03-35c78e70199e/1/lsVsXqVHj003sw82guQ7fi75DZg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:84:33:88:11:91:60:e6:10:5d:a6:98:da:5c:15:28:dc:e9:
         eb:95:6a:23:eb:ab:49:14:7e:8e:6c:f2:7e:15:1e:8c:6f:0d:
         60:94:01:99:01:23:1c:94:a9:18:ac:9f:41:5b:13:cd:6c:f3:
         c5:88:74:3a:85:cd:c7:f2:fd:0b:c6:bf:ed:51:64:73:fc:43:
         93:38:a2:78:f0:2c:91:ab:55:ce:b9:db:bf:d6:12:10:2a:94:
         87:c0:8e:e2:3c:8c:3e:f5:ed:e6:42:22:79:4f:8d:48:d4:81:
         30:14:7d:39:d2:fe:56:8b:53:fd:e7:87:98:b5:5b:35:81:bd:
         46:58:30:b5:f4:a0:6e:d0:2c:81:8e:af:5e:9d:17:61:e4:2f:
         83:f8:15:8c:45:74:c4:3b:56:a7:8d:45:06:32:1c:45:18:e8:
         ce:66:89:c2:15:93:02:1c:45:92:4d:37:c5:e1:7d:dc:5c:41:
         3d:46:e0:f3:4c:99:c0:ef:b0:1a:94:6c:e1:7e:c3:5f:9b:ad:
         59:c0:9e:4c:1c:60:84:a3:6f:e0:ce:c7:66:86:e3:dd:e0:11:
         9b:fc:c7:af:6d:c4:73:7b:8e:73:54:6e:be:79:f8:3e:72:fa:
         b3:9e:31:d6:f5:c7:2f:9e:d4:99:6e:78:32:94:79:26:a3:d1:
         f4:44:99:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FR/uKN13r2IaLK4cmpipMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2YzU2YzVlYTU0NzhmNGQzN2IzMGYzNjgyZTQzYjdlMmVm
OTBkOTgwHhcNMjYwMTAyMTQyMDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzA2NDBlODVkYzFjMGU3NzQyMWY1YjI2ZDI5NGQyYTZiNWViZjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKr85qdSmH7aJ4nAAbAzDvvpRmRi
UdRx/bg2VWgSIe3u56u7uwLqc9Kjffp9F2Hu+jxvsphTkXCFCLmYNMS4ycQEeVdO
R8fKinG2TZ+s6YLJ2AJBnUqxQUlR4PW7hZjPOKwi6l3VbcgijriQNxnf7nUjdDxI
y8ZceJ4RpyUp+QtPk/wo5DMJmb9t6JjayIgIhSni6zrhusfvC3VPg1KI6oqSo10L
4cYKdD//tbWUvDvQDbBVRqN6MyauVQW7sOp2soOvxmHHx82Yx2+jh0d6Py9d3dS9
FFm7xbgQszFqaRWGZiuq59D9Gb3kSmMOW+BxSi3owVCRmTLoBJ6Wv+kp0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwGQOhdwcDndCH1sm0pTSprXr9HMB8GA1UdIwQY
MBaAFJbFbF6lR49NN7MPNoLkO34u+Q2YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHNWc1hxVkhqMDAzc3c4Mmd1UTdmaTc1RFpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS85OGFjYTMtMGM3Yy00ZjA1LThkMDMt
MzVjNzhlNzAxOTllLzEvSEFaQTZGM0J3T2QwSWZXeWJTbE5LbXRldjBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS85OGFjYTMtMGM3Yy00ZjA1LThkMDMtMzVjNzhlNzAxOTll
LzEvbHNWc1hxVkhqMDAzc3c4Mmd1UTdmaTc1RFpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRBmMA0G
CSqGSIb3DQEBCwUAA4IBAQANhDOIEZFg5hBdppjaXBUo3OnrlWoj66tJFH6ObPJ+
FR6Mbw1glAGZASMclKkYrJ9BWxPNbPPFiHQ6hc3H8v0Lxr/tUWRz/EOTOKJ48CyR
q1XOudu/1hIQKpSHwI7iPIw+9e3mQiJ5T41I1IEwFH050v5Wi1P954eYtVs1gb1G
WDC19KBu0CyBjq9enRdh5C+D+BWMRXTEO1anjUUGMhxFGOjOZonCFZMCHEWSTTfF
4X3cXEE9RuDzTJnA77AalGzhfsNfm61ZwJ5MHGCEo2/gzsdmhuPd4BGb/MevbcRz
e45zVG6+efg+cvqznjHW9ccvntSZbngylHkmo9H0RJmF
-----END CERTIFICATE-----