This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/ab65f6-31be-4149-a6e3-ae5fa53b93b2/1/hCRU042AoO-wp1TNEdYzfOG7kyM.roa
File:                     hCRU042AoO-wp1TNEdYzfOG7kyM.roa (raw, json)
Hash identifier:          458hq105l3Yhrg7POKX+Z5+Z9IN5XlkejgNFXz79fUQ=
Subject key identifier:   84:24:54:D3:8D:80:A0:EF:B0:A7:54:CD:11:D6:33:7C:E1:BB:93:23
Certificate issuer:       /CN=21b82fc8ed88f99cab57d76803176eb27a9f0bfa
Certificate serial:       019B797EA7AB325258B353139535217F3D19
Authority key identifier: 21:B8:2F:C8:ED:88:F9:9C:AB:57:D7:68:03:17:6E:B2:7A:9F:0B:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IbgvyO2I-ZyrV9doAxdusnqfC_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/ab65f6-31be-4149-a6e3-ae5fa53b93b2/1/hCRU042AoO-wp1TNEdYzfOG7kyM.roa
Signing time:             Thu 01 Jan 2026 12:18:22 +0000
ROA not before:           Thu 01 Jan 2026 12:18:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60845
IP address blocks:        185.113.164.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/ab65f6-31be-4149-a6e3-ae5fa53b93b2/1/IbgvyO2I-ZyrV9doAxdusnqfC_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/ab65f6-31be-4149-a6e3-ae5fa53b93b2/1/IbgvyO2I-ZyrV9doAxdusnqfC_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IbgvyO2I-ZyrV9doAxdusnqfC_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:a7:ab:32:52:58:b3:53:13:95:35:21:7f:3d:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21b82fc8ed88f99cab57d76803176eb27a9f0bfa
        Validity
            Not Before: Jan  1 12:18:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=842454d38d80a0efb0a754cd11d6337ce1bb9323
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:00:b3:9d:9a:92:29:31:57:8b:85:c8:37:64:
                    7d:98:08:f8:b6:f7:a8:5a:b5:73:68:41:ff:33:37:
                    6c:2b:eb:5c:5c:fa:f0:39:88:55:29:b9:0f:6e:56:
                    3a:e5:9f:af:74:bb:34:06:ab:d2:7b:ec:64:d1:d4:
                    e0:6a:84:2f:e4:7d:a6:e8:75:9f:a4:68:ca:9b:2b:
                    9c:87:8d:97:ab:bb:ce:9e:64:0e:60:06:fc:af:e4:
                    0e:88:c5:30:04:2c:fa:ef:1a:f7:83:9e:ad:e8:bc:
                    10:6a:97:a5:2d:85:a5:e7:ca:78:e0:22:93:86:04:
                    b5:2f:62:b6:11:cf:c9:0e:55:ff:b2:f4:84:8e:a3:
                    16:f5:64:e0:90:39:c6:98:b9:4f:96:a2:69:d6:a8:
                    97:62:67:6e:08:bb:87:b0:93:ad:8a:7e:73:74:50:
                    f5:d6:6c:fc:66:52:70:46:a8:04:6c:7e:11:1c:4a:
                    54:ff:1c:0e:36:fe:6c:dd:97:ee:1c:d8:fe:4b:6f:
                    ff:31:ab:2b:11:e1:66:2b:b6:2d:7e:8a:e3:97:73:
                    30:0a:a0:45:fd:5c:95:b1:00:2b:70:56:e3:98:44:
                    cd:88:f1:0a:8a:0a:e8:bb:7c:37:38:99:f2:96:a4:
                    d2:a7:aa:33:e4:08:6e:79:6c:79:e5:97:8a:32:cf:
                    0a:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:24:54:D3:8D:80:A0:EF:B0:A7:54:CD:11:D6:33:7C:E1:BB:93:23
            X509v3 Authority Key Identifier:
                keyid:21:B8:2F:C8:ED:88:F9:9C:AB:57:D7:68:03:17:6E:B2:7A:9F:0B:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbgvyO2I-ZyrV9doAxdusnqfC_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/ab65f6-31be-4149-a6e3-ae5fa53b93b2/1/hCRU042AoO-wp1TNEdYzfOG7kyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/ab65f6-31be-4149-a6e3-ae5fa53b93b2/1/IbgvyO2I-ZyrV9doAxdusnqfC_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:3c:37:cb:d2:c5:22:62:4d:3c:15:a8:43:47:49:b1:6f:37:
         38:21:3f:f3:ab:0a:09:8f:41:10:d1:da:08:f0:1e:2f:c9:c8:
         6e:a4:68:4f:66:27:30:f3:f0:1f:d2:b6:69:f1:1f:f3:06:49:
         c8:de:3c:12:6f:b8:51:7d:b8:ce:2a:b1:fe:eb:f7:71:e6:18:
         7d:f6:80:52:7e:cb:22:08:dd:5e:63:5f:dd:02:61:bf:60:b1:
         44:8f:d9:a4:91:bb:1a:3f:44:f2:c5:b2:4b:b5:1c:1a:e8:6a:
         9d:79:bc:e4:25:cb:a9:9f:4e:df:2b:88:4a:93:17:8a:4d:8e:
         63:6c:61:b7:73:f6:58:10:8a:03:07:5c:6b:bf:11:76:80:39:
         5e:bb:3e:29:11:ce:2c:30:6b:b4:72:30:e2:d7:e1:81:a8:0a:
         c9:4d:fe:2e:d0:8b:15:86:cb:25:37:0b:f3:dd:19:9f:e1:e9:
         fe:f0:02:57:db:77:d7:ee:5e:14:9e:dc:82:45:ee:8b:be:4f:
         af:cf:9e:6a:c1:b5:2c:3d:38:72:7f:1e:e6:6e:a2:65:f4:61:
         51:1f:7c:de:9f:79:2e:b3:5d:cb:78:e9:cb:b0:72:bf:ba:d4:
         06:28:7f:ff:55:d5:2d:14:d1:1a:18:90:ba:38:89:6a:22:b7:
         90:7a:7e:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fqerMlJYs1MTlTUhfz0ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYjgyZmM4ZWQ4OGY5OWNhYjU3ZDc2ODAzMTc2ZWIyN2E5
ZjBiZmEwHhcNMjYwMTAxMTIxODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDI0NTRkMzhkODBhMGVmYjBhNzU0Y2QxMWQ2MzM3Y2UxYmI5MzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgCznZqSKTFXi4XIN2R9mAj4tveo
WrVzaEH/MzdsK+tcXPrwOYhVKbkPblY65Z+vdLs0BqvSe+xk0dTgaoQv5H2m6HWf
pGjKmyuch42Xq7vOnmQOYAb8r+QOiMUwBCz67xr3g56t6LwQapelLYWl58p44CKT
hgS1L2K2Ec/JDlX/svSEjqMW9WTgkDnGmLlPlqJp1qiXYmduCLuHsJOtin5zdFD1
1mz8ZlJwRqgEbH4RHEpU/xwONv5s3ZfuHNj+S2//MasrEeFmK7Ytforjl3MwCqBF
/VyVsQArcFbjmETNiPEKigrou3w3OJnylqTSp6oz5AhueWx55ZeKMs8KpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQkVNONgKDvsKdUzRHWM3zhu5MjMB8GA1UdIwQY
MBaAFCG4L8jtiPmcq1fXaAMXbrJ6nwv6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJndnlPMkktWnlyVjlkb0F4ZHVzbnFmQ19vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9hYjY1ZjYtMzFiZS00MTQ5LWE2ZTMt
YWU1ZmE1M2I5M2IyLzEvaENSVTA0MkFvTy13cDFUTkVkWXpmT0c3a3lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9hYjY1ZjYtMzFiZS00MTQ5LWE2ZTMtYWU1ZmE1M2I5M2Iy
LzEvSWJndnlPMkktWnlyVjlkb0F4ZHVzbnFmQ19vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXGkMA0G
CSqGSIb3DQEBCwUAA4IBAQCUPDfL0sUiYk08FahDR0mxbzc4IT/zqwoJj0EQ0doI
8B4vychupGhPZicw8/Af0rZp8R/zBknI3jwSb7hRfbjOKrH+6/dx5hh99oBSfssi
CN1eY1/dAmG/YLFEj9mkkbsaP0TyxbJLtRwa6GqdebzkJcupn07fK4hKkxeKTY5j
bGG3c/ZYEIoDB1xrvxF2gDleuz4pEc4sMGu0cjDi1+GBqArJTf4u0IsVhsslNwvz
3Rmf4en+8AJX23fX7l4UntyCRe6Lvk+vz55qwbUsPThyfx7mbqJl9GFRH3zen3ku
s13LeOnLsHK/utQGKH//VdUtFNEaGJC6OIlqIreQen7l
-----END CERTIFICATE-----