This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/34b93c-a03d-4ada-83fc-bc637a8512b1/1/hQTOuRw6qx1AcVubUofo6BPrH1w.roa
File:                     hQTOuRw6qx1AcVubUofo6BPrH1w.roa (raw, json)
Hash identifier:          MYw1x7TT9vrN92qevrPZraH9+ojPP3NcZFy8h3cQIvc=
Subject key identifier:   85:04:CE:B9:1C:3A:AB:1D:40:71:5B:9B:52:87:E8:E8:13:EB:1F:5C
Certificate issuer:       /CN=23ee5e71409b21fd5c820f3d3ac3fdc0fce75a0b
Certificate serial:       019B7EA5559AC532B6AD8CA0F704CE09564B
Authority key identifier: 23:EE:5E:71:40:9B:21:FD:5C:82:0F:3D:3A:C3:FD:C0:FC:E7:5A:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I-5ecUCbIf1cgg89OsP9wPznWgs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/34b93c-a03d-4ada-83fc-bc637a8512b1/1/hQTOuRw6qx1AcVubUofo6BPrH1w.roa
Signing time:             Fri 02 Jan 2026 12:18:43 +0000
ROA not before:           Fri 02 Jan 2026 12:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        185.210.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/34b93c-a03d-4ada-83fc-bc637a8512b1/1/I-5ecUCbIf1cgg89OsP9wPznWgs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/34b93c-a03d-4ada-83fc-bc637a8512b1/1/I-5ecUCbIf1cgg89OsP9wPznWgs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I-5ecUCbIf1cgg89OsP9wPznWgs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:55:9a:c5:32:b6:ad:8c:a0:f7:04:ce:09:56:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23ee5e71409b21fd5c820f3d3ac3fdc0fce75a0b
        Validity
            Not Before: Jan  2 12:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8504ceb91c3aab1d40715b9b5287e8e813eb1f5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:15:e8:88:13:6c:c8:d1:ec:41:94:1f:38:b0:
                    67:dc:f5:8c:ab:ee:1c:00:81:61:2e:cb:ea:21:63:
                    96:38:c9:ec:ac:51:6c:21:af:94:87:15:5b:df:d2:
                    67:a4:e7:db:1d:72:b2:08:bb:b2:9d:68:d0:76:e8:
                    8a:fe:df:38:73:ea:0d:d8:08:3b:44:f8:2a:98:06:
                    3a:22:af:b5:45:8b:bf:97:d2:e7:8c:db:ea:b4:97:
                    45:14:66:d7:41:8f:1b:a0:35:5f:7c:a7:9b:0a:5d:
                    96:c3:1b:43:86:c7:b8:da:ad:9a:53:b3:44:3f:1b:
                    65:31:d9:1c:35:4d:f2:b8:d3:39:00:a2:23:25:c3:
                    1b:31:16:96:96:54:2e:8d:73:2e:72:33:58:26:37:
                    db:cd:aa:10:14:09:35:ac:f8:52:54:c9:ef:46:a1:
                    c5:bd:0e:d0:0b:d5:39:61:65:cd:38:dd:8e:80:c8:
                    1f:c5:27:6d:f7:61:f0:e4:c8:fc:66:3c:07:84:00:
                    3a:30:c7:64:0e:26:ee:e6:2e:c4:e8:fd:c5:26:86:
                    55:34:95:54:f7:6c:0b:33:96:74:2c:b3:93:9a:8c:
                    65:d4:23:e8:52:ed:fb:d3:aa:73:03:af:95:bf:dc:
                    92:42:25:69:be:a8:da:7f:7d:ab:ef:d6:8c:57:4b:
                    d5:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:04:CE:B9:1C:3A:AB:1D:40:71:5B:9B:52:87:E8:E8:13:EB:1F:5C
            X509v3 Authority Key Identifier:
                keyid:23:EE:5E:71:40:9B:21:FD:5C:82:0F:3D:3A:C3:FD:C0:FC:E7:5A:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I-5ecUCbIf1cgg89OsP9wPznWgs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/34b93c-a03d-4ada-83fc-bc637a8512b1/1/hQTOuRw6qx1AcVubUofo6BPrH1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/34b93c-a03d-4ada-83fc-bc637a8512b1/1/I-5ecUCbIf1cgg89OsP9wPznWgs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:7e:92:41:c8:12:90:dc:03:3b:30:74:55:a6:bc:f0:1b:7f:
         15:4d:09:54:70:49:09:0e:8d:c3:e3:07:be:56:a5:7e:b4:37:
         47:55:c3:fa:b2:69:3b:b1:fb:1e:12:ca:94:49:b4:b9:8f:5e:
         fe:cd:97:64:40:30:6c:b1:d4:6c:d0:da:50:59:2e:8c:2e:93:
         2d:b3:02:87:d4:05:16:e3:ed:20:61:e9:ea:73:5c:73:88:30:
         09:35:96:ed:02:21:76:2c:c4:e8:69:f1:7b:6d:30:a5:4c:04:
         48:0a:92:3b:4c:29:6e:cf:76:d4:8f:f2:4e:5e:83:85:e4:3c:
         f8:96:aa:da:69:12:60:ea:56:e2:1a:1d:ab:1f:75:a3:1b:00:
         3e:94:6d:d1:ba:7c:57:f3:a2:0d:54:5d:ef:11:4e:4e:17:96:
         27:4a:1a:1e:59:89:dc:a6:9a:1d:a9:96:a9:a0:49:7c:7c:2e:
         ad:c3:e7:8a:b9:3f:64:10:80:67:cf:16:e9:71:34:e0:ea:bf:
         81:b9:26:e7:0e:22:0c:1f:95:ee:91:8d:89:6a:f7:5c:e3:01:
         79:c3:f4:f7:99:b7:1b:53:f4:d3:f3:4b:0f:65:03:a5:82:49:
         9c:76:26:81:e5:77:fc:37:1a:5f:4f:44:56:62:1e:b1:c4:bc:
         31:10:af:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pVWaxTK2rYyg9wTOCVZLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZWU1ZTcxNDA5YjIxZmQ1YzgyMGYzZDNhYzNmZGMwZmNl
NzVhMGIwHhcNMjYwMTAyMTIxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTA0Y2ViOTFjM2FhYjFkNDA3MTViOWI1Mjg3ZThlODEzZWIxZjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyxXoiBNsyNHsQZQfOLBn3PWMq+4c
AIFhLsvqIWOWOMnsrFFsIa+UhxVb39JnpOfbHXKyCLuynWjQduiK/t84c+oN2Ag7
RPgqmAY6Iq+1RYu/l9LnjNvqtJdFFGbXQY8boDVffKebCl2WwxtDhse42q2aU7NE
PxtlMdkcNU3yuNM5AKIjJcMbMRaWllQujXMucjNYJjfbzaoQFAk1rPhSVMnvRqHF
vQ7QC9U5YWXNON2OgMgfxSdt92Hw5Mj8ZjwHhAA6MMdkDibu5i7E6P3FJoZVNJVU
92wLM5Z0LLOTmoxl1CPoUu3706pzA6+Vv9ySQiVpvqjaf32r79aMV0vVmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIUEzrkcOqsdQHFbm1KH6OgT6x9cMB8GA1UdIwQY
MBaAFCPuXnFAmyH9XIIPPTrD/cD851oLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSS01ZWNVQ2JJZjFjZ2c4OU9zUDl3UHpuV2dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zNGI5M2MtYTAzZC00YWRhLTgzZmMt
YmM2MzdhODUxMmIxLzEvaFFUT3VSdzZxeDFBY1Z1YlVvZm82QlBySDF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zNGI5M2MtYTAzZC00YWRhLTgzZmMtYmM2MzdhODUxMmIx
LzEvSS01ZWNVQ2JJZjFjZ2c4OU9zUDl3UHpuV2dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudKcMA0G
CSqGSIb3DQEBCwUAA4IBAQCcfpJByBKQ3AM7MHRVprzwG38VTQlUcEkJDo3D4we+
VqV+tDdHVcP6smk7sfseEsqUSbS5j17+zZdkQDBssdRs0NpQWS6MLpMtswKH1AUW
4+0gYenqc1xziDAJNZbtAiF2LMToafF7bTClTARICpI7TCluz3bUj/JOXoOF5Dz4
lqraaRJg6lbiGh2rH3WjGwA+lG3RunxX86INVF3vEU5OF5YnShoeWYncppodqZap
oEl8fC6tw+eKuT9kEIBnzxbpcTTg6r+BuSbnDiIMH5XukY2Javdc4wF5w/T3mbcb
U/TT80sPZQOlgkmcdiaB5Xf8NxpfT0RWYh6xxLwxEK9W
-----END CERTIFICATE-----