This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/HEEBNvj21luiVf4won7bq4ZQmKE.roa
File:                     HEEBNvj21luiVf4won7bq4ZQmKE.roa (raw, json)
Hash identifier:          udPIy2ibL7Vj2lt8/UkNkqdezAjsD65iSObaDZOKY84=
Subject key identifier:   1C:41:01:36:F8:F6:D6:5B:A2:55:FE:30:A2:7E:DB:AB:86:50:98:A1
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       019B7D5CD43122077C58BF47A516A3709D4E
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/HEEBNvj21luiVf4won7bq4ZQmKE.roa
Signing time:             Fri 02 Jan 2026 06:19:54 +0000
ROA not before:           Fri 02 Jan 2026 06:19:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202984
IP address blocks:        185.39.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:55:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:d4:31:22:07:7c:58:bf:47:a5:16:a3:70:9d:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jan  2 06:19:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1c410136f8f6d65ba255fe30a27edbab865098a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:8b:48:d3:27:79:5f:59:22:ba:5a:ea:25:c2:
                    7c:5e:63:cc:20:03:00:a3:38:54:bc:44:f7:3a:9b:
                    71:cf:bc:e5:23:18:5d:a7:df:1d:ab:06:9c:c7:77:
                    b3:07:db:50:3f:15:e9:8b:17:a9:90:07:e0:6c:5c:
                    67:d1:94:d8:b5:70:e6:06:fd:54:c6:66:a1:1f:6d:
                    cd:42:d7:7b:14:56:70:92:72:28:ef:90:ca:72:d8:
                    20:b4:d0:79:d8:48:c9:90:4f:6d:bb:c7:05:65:6e:
                    7c:a9:01:34:f0:98:83:10:b8:fd:34:d5:36:5d:03:
                    2f:ce:7a:e6:53:7c:96:db:cc:ed:03:2b:bc:c2:8b:
                    1c:cc:f7:b3:74:f9:7d:fd:40:f5:ac:31:e1:48:6a:
                    55:6d:78:c8:4e:f5:ed:60:51:61:b9:ed:1a:ab:4a:
                    18:91:2a:77:da:cb:04:2c:c2:bc:e1:af:20:0d:dd:
                    49:d0:22:40:6d:32:c5:0d:1b:63:15:6a:f4:bb:bd:
                    df:54:ff:e7:a4:5d:b4:11:50:c0:29:f6:84:fb:04:
                    da:63:08:12:45:dc:13:8c:1a:ae:e4:c6:76:43:1b:
                    f1:d9:cb:c5:dc:b7:7a:42:53:f4:06:aa:2b:9e:1d:
                    b5:85:8b:2e:8e:da:51:91:31:f5:ac:4f:df:82:6e:
                    ee:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:41:01:36:F8:F6:D6:5B:A2:55:FE:30:A2:7E:DB:AB:86:50:98:A1
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/HEEBNvj21luiVf4won7bq4ZQmKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:eb:73:4c:ae:43:b8:ee:b5:a9:64:84:53:2b:b1:69:12:c7:
         6d:b3:ea:a2:aa:c7:7c:a4:bc:e7:a9:0f:94:70:54:c5:c8:70:
         f0:5f:ad:5a:aa:dc:88:22:12:a9:d8:ee:7f:35:95:9d:60:22:
         8b:5e:5d:44:e1:b6:02:93:c5:58:dd:6e:38:7e:8f:e8:a5:6f:
         7c:e9:2b:a3:87:a3:16:61:77:40:89:dd:2e:82:70:ae:73:a3:
         e5:ab:fd:b4:91:4b:1d:75:86:3b:f6:62:fb:51:5d:26:f7:9f:
         f2:1e:3c:d0:a1:dc:09:7c:72:00:86:82:63:5c:2f:96:9b:04:
         9d:75:fe:62:e9:e9:59:fe:31:6b:5c:5d:a0:ce:5a:43:8a:2b:
         33:4a:b5:d7:7a:e4:31:14:28:0c:09:89:3d:4c:e0:2b:90:9a:
         5c:63:47:f1:99:1a:69:4f:71:5b:cc:13:5d:73:19:8e:7f:b7:
         7a:36:11:f0:f0:7f:05:16:56:d7:a0:78:32:cc:1f:fb:ec:0a:
         e9:f8:58:8b:7a:84:94:5c:47:fa:fc:05:14:4c:09:1d:f7:0d:
         9f:96:cd:42:2a:97:8d:cc:c1:c3:5b:0e:bf:83:2c:84:37:73:
         d2:1b:5e:af:ef:ce:4f:45:c2:09:1f:b5:b8:ff:81:f0:ae:a3:
         7f:19:01:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XNQxIgd8WL9HpRajcJ1OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjYwMTAyMDYxOTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzQxMDEzNmY4ZjZkNjViYTI1NWZlMzBhMjdlZGJhYjg2NTA5OGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4tI0yd5X1kiulrqJcJ8XmPMIAMA
ozhUvET3Optxz7zlIxhdp98dqwacx3ezB9tQPxXpixepkAfgbFxn0ZTYtXDmBv1U
xmahH23NQtd7FFZwknIo75DKctggtNB52EjJkE9tu8cFZW58qQE08JiDELj9NNU2
XQMvznrmU3yW28ztAyu8wosczPezdPl9/UD1rDHhSGpVbXjITvXtYFFhue0aq0oY
kSp32ssELMK84a8gDd1J0CJAbTLFDRtjFWr0u73fVP/npF20EVDAKfaE+wTaYwgS
RdwTjBqu5MZ2Qxvx2cvF3Ld6QlP0Bqornh21hYsujtpRkTH1rE/fgm7upQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBxBATb49tZbolX+MKJ+26uGUJihMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvSEVFQk52ajIxbHVpVmY0d29uN2JxNFpRbUtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSfNMA0G
CSqGSIb3DQEBCwUAA4IBAQBC63NMrkO47rWpZIRTK7FpEsdts+qiqsd8pLznqQ+U
cFTFyHDwX61aqtyIIhKp2O5/NZWdYCKLXl1E4bYCk8VY3W44fo/opW986Sujh6MW
YXdAid0ugnCuc6Plq/20kUsddYY79mL7UV0m95/yHjzQodwJfHIAhoJjXC+WmwSd
df5i6elZ/jFrXF2gzlpDiiszSrXXeuQxFCgMCYk9TOArkJpcY0fxmRppT3FbzBNd
cxmOf7d6NhHw8H8FFlbXoHgyzB/77Arp+FiLeoSUXEf6/AUUTAkd9w2fls1CKpeN
zMHDWw6/gyyEN3PSG16v785PRcIJH7W4/4HwrqN/GQG/
-----END CERTIFICATE-----