This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/hW9pmZmoOAPv4EQxUHQXTXDJr6s.roa
File:                     hW9pmZmoOAPv4EQxUHQXTXDJr6s.roa (raw, json)
Hash identifier:          mjwhxdNEgH8aH/IfZWkqyz4fW356i+YVNu/YE2e6m8A=
Subject key identifier:   85:6F:69:99:99:A8:38:03:EF:E0:44:31:50:74:17:4D:70:C9:AF:AB
Certificate issuer:       /CN=aa5b471d0ba089d9e9f46c291319674fac8128d0
Certificate serial:       019B7BA37D0245B204F2F4091447A09E25F9
Authority key identifier: AA:5B:47:1D:0B:A0:89:D9:E9:F4:6C:29:13:19:67:4F:AC:81:28:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qltHHQugidnp9GwpExlnT6yBKNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/hW9pmZmoOAPv4EQxUHQXTXDJr6s.roa
Signing time:             Thu 01 Jan 2026 22:17:50 +0000
ROA not before:           Thu 01 Jan 2026 22:17:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213328
IP address blocks:        185.83.124.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/qltHHQugidnp9GwpExlnT6yBKNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/qltHHQugidnp9GwpExlnT6yBKNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qltHHQugidnp9GwpExlnT6yBKNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:7d:02:45:b2:04:f2:f4:09:14:47:a0:9e:25:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa5b471d0ba089d9e9f46c291319674fac8128d0
        Validity
            Not Before: Jan  1 22:17:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=856f699999a83803efe044315074174d70c9afab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:44:da:b5:44:6c:45:34:a9:3e:a9:64:8a:19:
                    3e:5b:0a:d2:cc:17:d5:ac:7d:22:7b:de:55:18:bf:
                    41:24:d0:da:34:8f:53:ef:67:a1:35:3e:42:2b:9c:
                    f6:60:4b:56:4a:41:de:6a:d5:f8:51:66:98:db:e6:
                    15:a5:f6:6d:14:1e:fd:14:13:5b:11:c1:48:5f:58:
                    7c:e1:ce:58:8f:09:48:5c:48:be:a3:2b:35:29:d6:
                    6e:f4:2c:7c:c0:b4:21:cc:79:c1:dd:96:98:1f:9e:
                    13:7a:01:16:6b:7c:a4:0f:18:c4:7f:88:5a:7c:3c:
                    44:55:59:59:16:63:01:89:0a:56:69:1a:7c:0f:7c:
                    05:4c:7f:ca:58:4d:2e:23:d7:f3:46:fb:22:ef:2d:
                    a6:f5:25:f8:f4:2f:74:f0:62:d5:ca:50:bb:4d:88:
                    0d:f7:a6:55:93:ca:9a:80:17:88:61:19:21:e2:15:
                    34:7e:ee:a9:af:83:74:be:f3:8b:c6:c0:46:20:f6:
                    51:ee:8e:23:8b:6d:f1:89:5a:6f:0d:3c:73:0f:08:
                    4f:4b:8a:7c:67:bd:8e:45:04:ca:0b:b7:a6:1e:f3:
                    b9:97:4d:4e:f7:5a:d1:4f:0d:8d:bb:36:1c:c1:ae:
                    72:d2:cf:9b:ba:0b:79:ac:7f:ca:6f:f8:b8:5f:5f:
                    4c:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:6F:69:99:99:A8:38:03:EF:E0:44:31:50:74:17:4D:70:C9:AF:AB
            X509v3 Authority Key Identifier:
                keyid:AA:5B:47:1D:0B:A0:89:D9:E9:F4:6C:29:13:19:67:4F:AC:81:28:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qltHHQugidnp9GwpExlnT6yBKNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/hW9pmZmoOAPv4EQxUHQXTXDJr6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/4be027-88e9-47e3-bb88-6f2e2529be82/1/qltHHQugidnp9GwpExlnT6yBKNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5f:3e:58:0c:30:9c:08:4a:30:2d:bc:d5:74:d1:f6:89:1f:9f:
         17:d1:03:88:25:bb:51:61:43:72:ad:03:23:30:a3:eb:7b:21:
         e8:4b:9e:36:a3:5e:f9:4d:ec:d6:e3:ec:14:0a:b4:47:88:25:
         96:4d:41:04:82:3a:a9:b8:67:47:f0:f3:d8:cd:73:9c:b9:97:
         52:b2:89:5a:2d:68:c5:97:2c:e4:d3:37:eb:65:2b:31:58:82:
         c8:29:d6:6f:7e:a9:a4:a5:8e:0b:40:42:21:bd:f9:d2:ca:f6:
         22:87:06:92:13:79:38:89:6a:9d:d9:b0:3f:08:28:60:b7:64:
         da:3b:50:f1:d6:8a:fa:c8:08:db:e5:7f:ae:ea:47:ae:16:a0:
         7a:b0:7c:7c:d7:a9:93:25:26:6e:72:50:f5:6c:b0:88:18:1d:
         d8:f8:8c:a8:16:77:2a:66:a6:c6:3e:f6:e9:5b:95:f1:5b:c9:
         b8:55:22:fc:9e:e0:69:42:6c:5d:de:06:76:50:20:0a:bf:7c:
         4d:d3:e1:8a:49:d4:ec:a3:1f:b5:c6:8b:56:c2:68:7b:8b:19:
         65:c6:da:86:c1:0c:74:5a:c7:5b:fa:a3:e2:39:33:04:96:63:
         a8:c5:27:fc:4f:dd:17:58:f6:98:77:03:bc:1a:48:17:ea:70:
         0d:ac:ad:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o30CRbIE8vQJFEegniX5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNWI0NzFkMGJhMDg5ZDllOWY0NmMyOTEzMTk2NzRmYWM4
MTI4ZDAwHhcNMjYwMTAxMjIxNzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTZmNjk5OTk5YTgzODAzZWZlMDQ0MzE1MDc0MTc0ZDcwYzlhZmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1UTatURsRTSpPqlkihk+WwrSzBfV
rH0ie95VGL9BJNDaNI9T72ehNT5CK5z2YEtWSkHeatX4UWaY2+YVpfZtFB79FBNb
EcFIX1h84c5YjwlIXEi+oys1KdZu9Cx8wLQhzHnB3ZaYH54TegEWa3ykDxjEf4ha
fDxEVVlZFmMBiQpWaRp8D3wFTH/KWE0uI9fzRvsi7y2m9SX49C908GLVylC7TYgN
96ZVk8qagBeIYRkh4hU0fu6pr4N0vvOLxsBGIPZR7o4ji23xiVpvDTxzDwhPS4p8
Z72ORQTKC7emHvO5l01O91rRTw2NuzYcwa5y0s+bugt5rH/Kb/i4X19MEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVvaZmZqDgD7+BEMVB0F01wya+rMB8GA1UdIwQY
MBaAFKpbRx0LoInZ6fRsKRMZZ0+sgSjQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWx0SEhRdWdpZG5wOUd3cEV4bG5UNnlCS05BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS80YmUwMjctODhlOS00N2UzLWJiODgt
NmYyZTI1MjliZTgyLzEvaFc5cG1abW9PQVB2NEVReFVIUVhUWERKcjZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS80YmUwMjctODhlOS00N2UzLWJiODgtNmYyZTI1MjliZTgy
LzEvcWx0SEhRdWdpZG5wOUd3cEV4bG5UNnlCS05BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVN8MA0G
CSqGSIb3DQEBCwUAA4IBAQBfPlgMMJwISjAtvNV00faJH58X0QOIJbtRYUNyrQMj
MKPreyHoS542o175TezW4+wUCrRHiCWWTUEEgjqpuGdH8PPYzXOcuZdSsolaLWjF
lyzk0zfrZSsxWILIKdZvfqmkpY4LQEIhvfnSyvYihwaSE3k4iWqd2bA/CChgt2Ta
O1Dx1or6yAjb5X+u6keuFqB6sHx816mTJSZuclD1bLCIGB3Y+IyoFncqZqbGPvbp
W5XxW8m4VSL8nuBpQmxd3gZ2UCAKv3xN0+GKSdTsox+1xotWwmh7ixllxtqGwQx0
Wsdb+qPiOTMElmOoxSf8T90XWPaYdwO8GkgX6nANrK3m
-----END CERTIFICATE-----