This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/hTbfi8iyqpyBUx58enPyCnAk8B4.roa
File:                     hTbfi8iyqpyBUx58enPyCnAk8B4.roa (raw, json)
Hash identifier:          iR4m3I4+fi5SXyKVTPF8tJekzYjESRlBnoPf8B3mZQY=
Subject key identifier:   85:36:DF:8B:C8:B2:AA:9C:81:53:1E:7C:7A:73:F2:0A:70:24:F0:1E
Certificate issuer:       /CN=b6f3db35659133315d2fcf93058dce350a4cb17a
Certificate serial:       019B7E38950CDAF62812E25528BA1A427304
Authority key identifier: B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/hTbfi8iyqpyBUx58enPyCnAk8B4.roa
Signing time:             Fri 02 Jan 2026 10:19:55 +0000
ROA not before:           Fri 02 Jan 2026 10:19:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210353
IP address blocks:        194.44.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:95:0c:da:f6:28:12:e2:55:28:ba:1a:42:73:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6f3db35659133315d2fcf93058dce350a4cb17a
        Validity
            Not Before: Jan  2 10:19:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8536df8bc8b2aa9c81531e7c7a73f20a7024f01e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:cd:85:60:63:7b:b2:eb:05:04:e1:1e:aa:c9:
                    78:45:e5:81:0d:8e:8a:0b:f7:20:e9:17:1c:da:c0:
                    7c:39:f9:2a:a6:a7:17:64:fa:1d:1a:2a:cc:e3:ec:
                    2a:31:38:04:bf:8e:48:35:16:dd:51:ce:45:86:38:
                    fe:00:97:d7:9b:35:f4:e7:6b:75:19:52:3f:4f:4c:
                    ff:44:60:c1:75:88:ea:a1:0c:3d:9d:3a:2b:e3:3f:
                    85:66:d5:0d:8b:bb:45:a2:35:7c:cb:22:50:19:26:
                    e4:14:0f:20:0d:27:3b:4c:7c:25:f3:d6:44:93:13:
                    b1:37:a4:1f:4d:b7:ae:7e:e8:5c:a5:94:8a:ea:bd:
                    1c:e1:e7:56:90:c0:66:9c:69:24:ad:b1:4e:9a:b3:
                    8e:9c:b0:48:6a:05:ab:34:6d:9a:f2:0d:4e:48:a5:
                    ab:e8:0d:3a:b2:1d:e8:94:aa:f1:ef:b3:83:db:8f:
                    89:c4:7e:91:ab:dc:84:f5:2b:d0:37:d9:79:11:b4:
                    06:8c:fe:b7:a2:36:cd:25:4c:81:7f:a9:d2:c3:44:
                    51:74:e2:84:02:75:8c:d9:05:2a:46:cb:8a:5b:c0:
                    81:f5:71:a3:a0:63:94:2e:59:3e:d5:55:a1:88:b0:
                    a6:97:3b:13:84:c0:31:19:4d:3d:1a:ff:0a:82:d3:
                    35:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:36:DF:8B:C8:B2:AA:9C:81:53:1E:7C:7A:73:F2:0A:70:24:F0:1E
            X509v3 Authority Key Identifier:
                keyid:B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/hTbfi8iyqpyBUx58enPyCnAk8B4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.44.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:cd:1a:10:2c:a1:ed:a9:7d:7a:78:3c:15:21:bd:f6:3c:f1:
         f6:39:13:fa:a4:49:65:dc:f7:db:9a:55:af:64:9a:70:58:70:
         78:0a:37:59:06:ed:89:0b:22:79:d0:0b:bb:d5:63:1e:3c:91:
         e0:08:fd:d5:8a:b1:c3:b3:b6:50:1b:28:82:61:9b:37:5c:a7:
         3e:fd:71:42:7c:1f:97:e4:6a:1b:13:60:f0:7a:d3:e8:32:03:
         5a:e1:3a:05:72:63:15:4e:55:af:d3:40:01:4e:ee:bc:e3:ba:
         44:b3:da:b8:16:77:7b:6a:52:87:54:c2:6a:ba:93:33:f1:4c:
         61:ec:11:13:e0:0e:1b:2a:a6:bd:e3:57:59:e6:08:ae:7f:77:
         1c:64:01:3d:6b:19:fe:0b:b8:c0:82:18:e7:4b:22:12:e9:37:
         34:72:75:13:b6:1b:f6:a0:b0:e5:d6:06:32:79:38:21:55:a2:
         6c:a1:2a:ed:b6:2b:ce:3e:ec:89:71:87:e8:47:97:da:48:f2:
         fc:6e:ab:38:b8:54:4f:99:b4:5f:e7:ef:59:e0:f5:81:89:35:
         d9:b5:0d:93:c9:4a:45:7f:ca:39:2e:e0:7c:7d:22:24:d3:56:
         c2:c0:7b:15:42:e0:35:85:a3:bf:59:fe:76:bf:47:cd:89:71:
         2e:76:8b:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OJUM2vYoEuJVKLoaQnMEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZjNkYjM1NjU5MTMzMzE1ZDJmY2Y5MzA1OGRjZTM1MGE0
Y2IxN2EwHhcNMjYwMTAyMTAxOTU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTM2ZGY4YmM4YjJhYTljODE1MzFlN2M3YTczZjIwYTcwMjRmMDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApc2FYGN7susFBOEeqsl4ReWBDY6K
C/cg6Rcc2sB8OfkqpqcXZPodGirM4+wqMTgEv45INRbdUc5Fhjj+AJfXmzX052t1
GVI/T0z/RGDBdYjqoQw9nTor4z+FZtUNi7tFojV8yyJQGSbkFA8gDSc7THwl89ZE
kxOxN6QfTbeufuhcpZSK6r0c4edWkMBmnGkkrbFOmrOOnLBIagWrNG2a8g1OSKWr
6A06sh3olKrx77OD24+JxH6Rq9yE9SvQN9l5EbQGjP63ojbNJUyBf6nSw0RRdOKE
AnWM2QUqRsuKW8CB9XGjoGOULlk+1VWhiLCmlzsThMAxGU09Gv8KgtM1SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIU234vIsqqcgVMefHpz8gpwJPAeMB8GA1UdIwQY
MBaAFLbz2zVlkTMxXS/PkwWNzjUKTLF6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQt
NTQ5ZWU2ZDMwZmI2LzEvaFRiZmk4aXlxcHlCVXg1OGVuUHlDbkFrOEI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQtNTQ5ZWU2ZDMwZmI2
LzEvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwizqMA0G
CSqGSIb3DQEBCwUAA4IBAQCDzRoQLKHtqX16eDwVIb32PPH2ORP6pEll3PfbmlWv
ZJpwWHB4CjdZBu2JCyJ50Au71WMePJHgCP3VirHDs7ZQGyiCYZs3XKc+/XFCfB+X
5GobE2DwetPoMgNa4ToFcmMVTlWv00ABTu6847pEs9q4Fnd7alKHVMJqupMz8Uxh
7BET4A4bKqa941dZ5giuf3ccZAE9axn+C7jAghjnSyIS6Tc0cnUTthv2oLDl1gYy
eTghVaJsoSrttivOPuyJcYfoR5faSPL8bqs4uFRPmbRf5+9Z4PWBiTXZtQ2TyUpF
f8o5LuB8fSIk01bCwHsVQuA1haO/Wf52v0fNiXEudosa
-----END CERTIFICATE-----