This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/HmPFJkjojfXkQXnX-ShV0bymoms.roa
File:                     HmPFJkjojfXkQXnX-ShV0bymoms.roa (raw, json)
Hash identifier:          qiXaZzgKfCkOjQoBV7iB0khwdnyrdRGDGRMiD17+W5Q=
Subject key identifier:   1E:63:C5:26:48:E8:8D:F5:E4:41:79:D7:F9:28:55:D1:BC:A6:A2:6B
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       019B7F84206E9E4AE69E9DD803E4F9792EE3
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/HmPFJkjojfXkQXnX-ShV0bymoms.roa
Signing time:             Fri 02 Jan 2026 16:22:04 +0000
ROA not before:           Fri 02 Jan 2026 16:22:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400746
IP address blocks:        188.121.60.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:20:6e:9e:4a:e6:9e:9d:d8:03:e4:f9:79:2e:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 16:22:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1e63c52648e88df5e44179d7f92855d1bca6a26b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:9b:81:97:f6:83:13:19:c8:bc:32:c7:c8:e8:
                    d0:b3:c5:2d:f1:45:86:a7:35:cf:5b:24:dd:eb:ba:
                    bd:3b:d6:d9:0e:8d:a7:e6:7e:e5:26:7c:0f:af:e7:
                    e6:41:cd:fa:24:6b:77:95:69:13:85:db:da:3c:37:
                    91:6a:a7:cc:cf:57:40:df:27:10:f0:27:ec:e3:63:
                    d9:59:ee:f1:d1:4d:ed:f2:77:b3:bf:78:80:64:15:
                    11:2f:47:02:9c:16:08:18:e6:a1:d1:bb:8a:18:f1:
                    0d:95:c6:c3:76:7f:b3:7b:4d:aa:23:7d:25:09:20:
                    a0:c4:db:2b:ac:0d:1a:52:b2:1e:1c:49:49:9e:09:
                    a7:84:4f:b2:0a:66:ac:dc:d3:6e:dc:43:5a:fb:ec:
                    21:3d:17:6b:5f:2a:d7:94:07:74:9d:8d:e9:fe:e7:
                    c6:9c:10:b2:75:7c:81:bf:7c:5f:77:ce:df:c5:45:
                    76:0b:ea:f4:b0:d2:63:f9:b6:3a:83:fd:9b:18:88:
                    73:06:db:99:28:79:50:73:de:7b:9a:73:54:85:32:
                    a7:05:3a:71:b8:7c:da:bd:6d:a7:2f:64:5f:e8:b6:
                    31:6a:8e:bf:24:eb:66:f6:76:e1:0a:1f:43:c9:b8:
                    68:7c:3b:63:2a:32:19:ac:c2:2d:57:eb:46:93:85:
                    6e:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:63:C5:26:48:E8:8D:F5:E4:41:79:D7:F9:28:55:D1:BC:A6:A2:6B
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/HmPFJkjojfXkQXnX-ShV0bymoms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.121.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:b1:b6:af:4d:04:1c:da:a2:b5:d8:95:b6:e0:74:9e:8f:09:
         11:50:0a:35:7d:39:f6:0c:09:5e:42:b2:38:a3:c6:08:be:9c:
         04:10:96:6b:cd:52:ab:48:0d:7c:da:fb:44:47:26:52:b9:3c:
         c1:80:85:ab:63:94:d8:25:99:57:d5:42:76:2e:a3:ed:a7:3b:
         37:68:e3:3f:31:a4:69:08:d1:7e:b2:2b:ab:b4:9c:18:da:94:
         b5:f0:5e:53:58:81:3a:b6:96:32:0e:d6:6c:66:0f:65:32:3a:
         3c:41:f6:2a:40:41:70:7a:0e:83:fe:e4:73:71:85:e4:4e:a8:
         9d:1c:c4:42:86:7b:4a:b8:77:7d:eb:80:7c:bc:a0:e9:fe:0f:
         56:1f:0f:75:fb:8e:7a:9c:a1:cf:e1:df:c9:c4:dd:e5:19:f1:
         27:a5:6b:61:19:d2:ae:1b:25:37:72:b4:79:e5:77:75:80:bb:
         e7:35:88:48:e5:19:6a:b4:fd:84:e2:04:c9:0b:e7:71:39:d5:
         8a:d8:e6:13:50:19:76:94:05:eb:01:ee:ed:c9:c8:fa:3e:01:
         78:59:d7:73:42:9a:46:c8:15:c4:39:7b:c3:6e:2f:30:4f:b3:
         b6:46:3a:45:4a:08:02:5b:c2:9d:b7:6d:f1:34:c2:72:59:16:
         97:c6:7f:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hCBunkrmnp3YA+T5eS7jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjYwMTAyMTYyMjA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTYzYzUyNjQ4ZTg4ZGY1ZTQ0MTc5ZDdmOTI4NTVkMWJjYTZhMjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZuBl/aDExnIvDLHyOjQs8Ut8UWG
pzXPWyTd67q9O9bZDo2n5n7lJnwPr+fmQc36JGt3lWkThdvaPDeRaqfMz1dA3ycQ
8Cfs42PZWe7x0U3t8nezv3iAZBURL0cCnBYIGOah0buKGPENlcbDdn+ze02qI30l
CSCgxNsrrA0aUrIeHElJngmnhE+yCmas3NNu3ENa++whPRdrXyrXlAd0nY3p/ufG
nBCydXyBv3xfd87fxUV2C+r0sNJj+bY6g/2bGIhzBtuZKHlQc957mnNUhTKnBTpx
uHzavW2nL2Rf6LYxao6/JOtm9nbhCh9DybhofDtjKjIZrMItV+tGk4VuywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB5jxSZI6I315EF51/koVdG8pqJrMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvSG1QRkpram9qZlhrUVhuWC1TaFYwYnltb21zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvHk8MA0G
CSqGSIb3DQEBCwUAA4IBAQAksbavTQQc2qK12JW24HSejwkRUAo1fTn2DAleQrI4
o8YIvpwEEJZrzVKrSA182vtERyZSuTzBgIWrY5TYJZlX1UJ2LqPtpzs3aOM/MaRp
CNF+siurtJwY2pS18F5TWIE6tpYyDtZsZg9lMjo8QfYqQEFweg6D/uRzcYXkTqid
HMRChntKuHd964B8vKDp/g9WHw91+456nKHP4d/JxN3lGfEnpWthGdKuGyU3crR5
5Xd1gLvnNYhI5RlqtP2E4gTJC+dxOdWK2OYTUBl2lAXrAe7tycj6PgF4WddzQppG
yBXEOXvDbi8wT7O2RjpFSggCW8Kdt23xNMJyWRaXxn92
-----END CERTIFICATE-----