This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/c23ca3-b327-4ed2-a5bb-b16e683dbe27/1/0HigbbPnkZoyonq1yyfi617xeII.roa
File:                     0HigbbPnkZoyonq1yyfi617xeII.roa (raw, json)
Hash identifier:          MUaxT3D+6K8H+XJRqIFEKgk/lwlHeolFKwuvBRyzNa8=
Subject key identifier:   D0:78:A0:6D:B3:E7:91:9A:32:A2:7A:B5:CB:27:E2:EB:5E:F1:78:82
Certificate issuer:       /CN=0cebbfaaec24039b41eba56bb1caa51677d21c70
Certificate serial:       019B79ED291C52C7B1713870CA280D813EE0
Authority key identifier: 0C:EB:BF:AA:EC:24:03:9B:41:EB:A5:6B:B1:CA:A5:16:77:D2:1C:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOu_quwkA5tB66VrscqlFnfSHHA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/c23ca3-b327-4ed2-a5bb-b16e683dbe27/1/0HigbbPnkZoyonq1yyfi617xeII.roa
Signing time:             Thu 01 Jan 2026 14:19:04 +0000
ROA not before:           Thu 01 Jan 2026 14:19:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208493
IP address blocks:        45.129.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/c23ca3-b327-4ed2-a5bb-b16e683dbe27/1/DOu_quwkA5tB66VrscqlFnfSHHA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/c23ca3-b327-4ed2-a5bb-b16e683dbe27/1/DOu_quwkA5tB66VrscqlFnfSHHA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOu_quwkA5tB66VrscqlFnfSHHA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:29:1c:52:c7:b1:71:38:70:ca:28:0d:81:3e:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0cebbfaaec24039b41eba56bb1caa51677d21c70
        Validity
            Not Before: Jan  1 14:19:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d078a06db3e7919a32a27ab5cb27e2eb5ef17882
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:97:05:f6:bd:53:9f:f6:a5:06:2d:0a:f1:ec:
                    ac:57:70:c2:4b:0d:cd:82:29:e4:42:a3:6d:ac:33:
                    44:27:df:3f:fd:91:f0:0a:24:3f:cc:91:87:66:82:
                    28:72:9d:6b:9a:24:39:27:69:97:2f:b2:43:86:8b:
                    e1:5d:2e:8a:8f:14:b5:79:f4:42:c2:c9:e3:fc:92:
                    c7:3e:4a:65:1a:47:1d:93:16:36:d7:f0:1c:b9:a6:
                    3f:7e:7d:c4:0a:9e:a9:ea:b8:38:b4:3d:a5:bb:6f:
                    e5:ab:26:67:ac:f2:6e:30:d1:ea:3d:87:93:6a:62:
                    b6:c2:1b:3e:38:f9:be:7e:bb:3b:72:f4:be:18:ec:
                    96:41:c6:0e:08:7d:af:ad:70:25:60:41:16:9b:55:
                    29:3d:bc:56:91:a6:1d:c4:a7:8e:d1:9f:32:60:ff:
                    9e:0f:79:52:02:8e:03:40:48:86:0c:c8:57:5b:c3:
                    3b:15:93:54:30:77:50:d0:50:26:c6:66:bc:30:ca:
                    6c:d1:2f:a0:3c:bb:3c:d6:51:46:15:e0:80:90:f1:
                    70:cb:79:3c:40:f9:ca:ce:f2:cc:c0:78:c0:d2:04:
                    20:2b:83:0d:b0:61:d1:48:8d:d3:9e:eb:a0:23:49:
                    29:58:22:af:18:2c:26:a0:6c:7e:8d:63:ce:3c:61:
                    95:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:78:A0:6D:B3:E7:91:9A:32:A2:7A:B5:CB:27:E2:EB:5E:F1:78:82
            X509v3 Authority Key Identifier:
                keyid:0C:EB:BF:AA:EC:24:03:9B:41:EB:A5:6B:B1:CA:A5:16:77:D2:1C:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOu_quwkA5tB66VrscqlFnfSHHA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/c23ca3-b327-4ed2-a5bb-b16e683dbe27/1/0HigbbPnkZoyonq1yyfi617xeII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/c23ca3-b327-4ed2-a5bb-b16e683dbe27/1/DOu_quwkA5tB66VrscqlFnfSHHA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:26:c4:8d:97:85:75:36:23:3c:49:9d:42:67:35:e6:6a:55:
         e8:05:a7:8b:30:0e:89:37:2a:70:8a:66:91:bd:d3:fe:26:ce:
         e3:69:64:a3:da:b4:8b:55:f4:b2:70:80:da:f6:39:7c:3b:16:
         47:20:ff:2b:91:18:6d:ea:86:85:14:07:c0:d0:15:ff:ae:17:
         45:53:49:89:5e:28:38:e6:c7:bc:1a:c9:a2:06:8f:72:24:1e:
         85:e6:8c:81:fe:b7:56:66:00:11:8e:8a:34:2b:bd:7f:92:fb:
         5c:53:87:0d:c4:27:7a:e7:c1:22:81:07:74:d5:c3:61:6f:a0:
         6e:62:d4:ed:66:33:91:ed:e0:0c:78:d6:10:c7:e3:26:af:86:
         72:c9:d1:39:3f:53:2b:f7:db:d3:f9:2a:8f:2a:b9:99:f8:e2:
         82:52:10:cc:db:a3:53:e0:19:ac:cb:d8:5c:38:bc:b6:5e:8f:
         d0:c1:fc:17:15:68:1a:11:22:9a:79:0e:f4:c1:ae:5d:2c:83:
         6d:7a:25:01:32:60:03:13:14:96:89:c1:df:4b:64:16:7b:fa:
         05:36:c0:0e:50:a6:46:54:6e:8c:f7:b6:a8:9a:60:a1:b4:3e:
         09:31:f9:e6:2a:7a:1e:6c:65:59:cc:73:8a:0a:14:4a:bf:2b:
         f0:c8:60:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57SkcUsexcThwyigNgT7gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZWJiZmFhZWMyNDAzOWI0MWViYTU2YmIxY2FhNTE2Nzdk
MjFjNzAwHhcNMjYwMTAxMTQxOTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDc4YTA2ZGIzZTc5MTlhMzJhMjdhYjVjYjI3ZTJlYjVlZjE3ODgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5cF9r1Tn/alBi0K8eysV3DCSw3N
ginkQqNtrDNEJ98//ZHwCiQ/zJGHZoIocp1rmiQ5J2mXL7JDhovhXS6KjxS1efRC
wsnj/JLHPkplGkcdkxY21/AcuaY/fn3ECp6p6rg4tD2lu2/lqyZnrPJuMNHqPYeT
amK2whs+OPm+frs7cvS+GOyWQcYOCH2vrXAlYEEWm1UpPbxWkaYdxKeO0Z8yYP+e
D3lSAo4DQEiGDMhXW8M7FZNUMHdQ0FAmxma8MMps0S+gPLs81lFGFeCAkPFwy3k8
QPnKzvLMwHjA0gQgK4MNsGHRSI3TnuugI0kpWCKvGCwmoGx+jWPOPGGV8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNB4oG2z55GaMqJ6tcsn4ute8XiCMB8GA1UdIwQY
MBaAFAzrv6rsJAObQeula7HKpRZ30hxwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE91X3F1d2tBNXRCNjZWcnNjcWxGbmZTSEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9jMjNjYTMtYjMyNy00ZWQyLWE1YmIt
YjE2ZTY4M2RiZTI3LzEvMEhpZ2JiUG5rWm95b25xMXl5Zmk2MTd4ZUlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9jMjNjYTMtYjMyNy00ZWQyLWE1YmItYjE2ZTY4M2RiZTI3
LzEvRE91X3F1d2tBNXRCNjZWcnNjcWxGbmZTSEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYF0MA0G
CSqGSIb3DQEBCwUAA4IBAQApJsSNl4V1NiM8SZ1CZzXmalXoBaeLMA6JNypwimaR
vdP+Js7jaWSj2rSLVfSycIDa9jl8OxZHIP8rkRht6oaFFAfA0BX/rhdFU0mJXig4
5se8GsmiBo9yJB6F5oyB/rdWZgARjoo0K71/kvtcU4cNxCd658EigQd01cNhb6Bu
YtTtZjOR7eAMeNYQx+Mmr4ZyydE5P1Mr99vT+SqPKrmZ+OKCUhDM26NT4Bmsy9hc
OLy2Xo/QwfwXFWgaESKaeQ70wa5dLINteiUBMmADExSWicHfS2QWe/oFNsAOUKZG
VG6M97aommChtD4JMfnmKnoebGVZzHOKChRKvyvwyGCm
-----END CERTIFICATE-----