This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/HB8oWPORk_kBVM_NNnN5rsZSYMw.roa
File:                     HB8oWPORk_kBVM_NNnN5rsZSYMw.roa (raw, json)
Hash identifier:          JUT9QoRq3kZDCee6PYhDNYcwmNxNElz71rJ3W7dPa54=
Subject key identifier:   1C:1F:28:58:F3:91:93:F9:01:54:CF:CD:36:73:79:AE:C6:52:60:CC
Certificate issuer:       /CN=bdd4262f642b1bb0b53b2a6d7798c0899d1e4d43
Certificate serial:       019B7C80A8CEC6B7D538729D434F024B0EFB
Authority key identifier: BD:D4:26:2F:64:2B:1B:B0:B5:3B:2A:6D:77:98:C0:89:9D:1E:4D:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/HB8oWPORk_kBVM_NNnN5rsZSYMw.roa
Signing time:             Fri 02 Jan 2026 02:19:25 +0000
ROA not before:           Fri 02 Jan 2026 02:19:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15614
IP address blocks:        91.221.2.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:a8:ce:c6:b7:d5:38:72:9d:43:4f:02:4b:0e:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdd4262f642b1bb0b53b2a6d7798c0899d1e4d43
        Validity
            Not Before: Jan  2 02:19:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1c1f2858f39193f90154cfcd367379aec65260cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b3:3b:0e:2b:d1:be:20:6f:63:e0:1e:1f:f0:
                    ed:3d:46:94:9e:7f:d5:39:7d:cc:32:8a:b6:15:48:
                    bc:9c:50:cf:db:f6:6d:63:1a:10:7c:ae:1c:0d:25:
                    5a:4a:8a:5b:e3:10:2e:f8:44:dd:cc:ce:06:00:d8:
                    c6:b3:f2:0c:f3:51:9f:41:76:d0:24:a0:4c:b6:d6:
                    9f:83:b5:ce:b6:c3:a8:76:29:a5:db:95:ee:79:4c:
                    8b:ce:6f:79:c6:39:ae:da:45:40:63:52:53:b7:a3:
                    cc:8d:7f:59:38:91:97:f9:f5:a9:bd:3d:21:a2:10:
                    92:1d:28:91:ab:b6:97:50:ee:87:e4:78:cb:10:d7:
                    1e:cf:3c:b5:92:e1:4a:59:86:f4:78:18:71:e3:08:
                    fa:17:19:29:9c:b9:4c:cf:a3:51:11:33:34:d5:e5:
                    c1:08:cc:2e:4b:d9:fe:94:82:b4:98:b6:0c:b5:cd:
                    a5:f1:87:5b:d6:cc:4e:c0:6d:2b:e3:6c:16:80:d1:
                    22:9f:ef:40:e9:95:23:b5:d2:42:84:c5:7e:1a:1c:
                    c2:8f:6a:ee:d2:98:b3:fe:b4:72:24:f8:b9:00:4c:
                    92:cb:09:84:a2:40:d5:1f:01:c4:9f:db:73:58:4b:
                    7f:d7:de:19:53:2d:7e:0a:c9:3a:8f:9c:0a:4e:d3:
                    9b:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:1F:28:58:F3:91:93:F9:01:54:CF:CD:36:73:79:AE:C6:52:60:CC
            X509v3 Authority Key Identifier:
                keyid:BD:D4:26:2F:64:2B:1B:B0:B5:3B:2A:6D:77:98:C0:89:9D:1E:4D:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/HB8oWPORk_kBVM_NNnN5rsZSYMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:44:5f:f0:2f:97:65:dc:3b:8c:5c:04:45:7b:2a:f9:62:8c:
         f6:95:ea:3c:c0:e5:33:07:40:34:9a:ae:5e:a2:10:18:7c:37:
         cd:e0:2a:dd:1e:0b:cc:88:8b:91:93:a0:8c:0b:14:18:c6:d1:
         c4:b4:3b:90:c6:2d:b0:90:10:63:f1:c6:17:db:b2:90:41:6d:
         86:30:8f:0b:7f:46:3f:88:5d:50:6b:ac:09:1a:93:6a:49:05:
         7f:57:b2:ef:c6:24:db:89:f0:99:bd:32:ed:45:44:4a:44:93:
         78:23:c8:81:42:7c:80:8a:b1:ab:f7:ad:d7:4e:b3:d4:9b:f9:
         ad:ca:a5:59:e4:4d:9e:ec:86:5f:d6:64:0e:58:9c:01:e0:7b:
         b5:92:06:81:8a:86:04:e3:e4:8c:40:96:95:e8:a3:e2:5c:0a:
         e4:b2:47:a3:c6:74:1b:cd:3e:07:6d:9e:ee:9e:ff:8b:34:c6:
         fd:dd:76:09:71:75:75:98:b1:82:9a:dc:bc:91:f3:d1:35:cd:
         d1:41:93:29:9f:c4:50:58:b1:cc:78:1c:31:68:42:17:06:53:
         32:da:a2:30:e1:d6:a0:64:3d:7a:e8:db:63:d1:51:9e:31:9e:
         3c:67:ac:74:7b:a4:8e:1d:2f:27:4d:14:bd:a2:a5:7a:65:bd:
         ae:67:b7:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gKjOxrfVOHKdQ08CSw77MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZDQyNjJmNjQyYjFiYjBiNTNiMmE2ZDc3OThjMDg5OWQx
ZTRkNDMwHhcNMjYwMTAyMDIxOTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzFmMjg1OGYzOTE5M2Y5MDE1NGNmY2QzNjczNzlhZWM2NTI2MGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1LM7DivRviBvY+AeH/DtPUaUnn/V
OX3MMoq2FUi8nFDP2/ZtYxoQfK4cDSVaSopb4xAu+ETdzM4GANjGs/IM81GfQXbQ
JKBMttafg7XOtsOodiml25XueUyLzm95xjmu2kVAY1JTt6PMjX9ZOJGX+fWpvT0h
ohCSHSiRq7aXUO6H5HjLENcezzy1kuFKWYb0eBhx4wj6FxkpnLlMz6NRETM01eXB
CMwuS9n+lIK0mLYMtc2l8Ydb1sxOwG0r42wWgNEin+9A6ZUjtdJChMV+GhzCj2ru
0piz/rRyJPi5AEySywmEokDVHwHEn9tzWEt/194ZUy1+Csk6j5wKTtObGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwfKFjzkZP5AVTPzTZzea7GUmDMMB8GA1UdIwQY
MBaAFL3UJi9kKxuwtTsqbXeYwImdHk1DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmRRbUwyUXJHN0MxT3lwdGQ1akFpWjBlVFVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy85MGM1YmUtMmY2ZS00NDQxLTk0NjEt
M2JkNzlmZmM2Mzk4LzEvSEI4b1dQT1JrX2tCVk1fTk5uTjVyc1pTWU13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy85MGM1YmUtMmY2ZS00NDQxLTk0NjEtM2JkNzlmZmM2Mzk4
LzEvdmRRbUwyUXJHN0MxT3lwdGQ1akFpWjBlVFVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW90CMA0G
CSqGSIb3DQEBCwUAA4IBAQBTRF/wL5dl3DuMXARFeyr5Yoz2leo8wOUzB0A0mq5e
ohAYfDfN4CrdHgvMiIuRk6CMCxQYxtHEtDuQxi2wkBBj8cYX27KQQW2GMI8Lf0Y/
iF1Qa6wJGpNqSQV/V7LvxiTbifCZvTLtRURKRJN4I8iBQnyAirGr963XTrPUm/mt
yqVZ5E2e7IZf1mQOWJwB4Hu1kgaBioYE4+SMQJaV6KPiXArkskejxnQbzT4HbZ7u
nv+LNMb93XYJcXV1mLGCmty8kfPRNc3RQZMpn8RQWLHMeBwxaEIXBlMy2qIw4dag
ZD166Ntj0VGeMZ48Z6x0e6SOHS8nTRS9oqV6Zb2uZ7dj
-----END CERTIFICATE-----