This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/hHNkE4cvKNJo9Gerp8RHk9hdEQg.roa
File:                     hHNkE4cvKNJo9Gerp8RHk9hdEQg.roa (raw, json)
Hash identifier:          HaLF7rpBDYrXA3kV9LMOnsPIEXrGUzRoXxz/QM3iujg=
Subject key identifier:   84:73:64:13:87:2F:28:D2:68:F4:67:AB:A7:C4:47:93:D8:5D:11:08
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       019B77C697CF668B229E2C507A13649ED891
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/hHNkE4cvKNJo9Gerp8RHk9hdEQg.roa
Signing time:             Thu 01 Jan 2026 04:17:42 +0000
ROA not before:           Thu 01 Jan 2026 04:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206430
IP address blocks:        89.45.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:97:cf:66:8b:22:9e:2c:50:7a:13:64:9e:d8:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  1 04:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=84736413872f28d268f467aba7c44793d85d1108
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:86:9e:1d:03:2e:96:9e:35:1d:5d:ce:ab:8e:
                    de:8e:1d:06:81:ca:dc:7d:ac:3c:2a:d6:b0:46:cb:
                    70:8f:f3:9e:1c:56:87:ae:12:f5:0c:aa:66:72:dc:
                    c0:54:f3:07:f6:bf:a5:12:d9:9f:36:e9:e0:f5:6a:
                    86:6c:bb:20:c2:d4:c1:48:be:95:f7:aa:cc:0c:1c:
                    6b:30:59:b0:5c:3d:d5:f6:ee:b4:b1:14:61:88:8a:
                    9d:a1:3f:90:95:69:50:d1:7e:00:e0:7a:2d:76:0c:
                    73:16:62:24:8b:ed:f9:52:3c:5a:4a:1c:86:a2:9d:
                    50:b1:b3:80:77:1a:d4:fa:f4:6c:60:40:5f:9a:68:
                    01:4d:94:4c:34:94:df:9c:85:e9:0f:78:6b:f8:f3:
                    6c:1a:af:55:29:a9:42:8b:50:9e:dc:6c:1b:06:56:
                    6d:a9:24:06:85:60:93:1f:5a:db:60:95:7d:63:d2:
                    9f:d0:6c:e4:1f:6b:5f:08:cc:17:76:23:eb:03:9e:
                    88:f6:44:50:f6:8d:fa:e9:af:76:8a:5a:3b:2c:a4:
                    f0:49:62:a5:96:59:64:b3:23:6a:da:2b:cc:6c:86:
                    6e:a9:ee:76:a1:09:91:da:96:cf:7e:7f:f2:4f:15:
                    0b:ad:fe:3e:ba:5f:40:59:de:0b:f2:75:38:61:25:
                    db:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:73:64:13:87:2F:28:D2:68:F4:67:AB:A7:C4:47:93:D8:5D:11:08
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/hHNkE4cvKNJo9Gerp8RHk9hdEQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.45.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:05:c6:51:95:13:73:0d:6f:1d:82:19:80:13:fc:a6:8b:cc:
         6a:e0:78:f2:ad:0a:51:50:20:9e:62:f0:84:07:75:c7:40:bf:
         7d:d2:6c:f8:42:af:52:b8:97:42:6f:18:34:41:c0:dc:bb:25:
         00:f9:74:b0:cf:2a:ad:dd:63:82:aa:0d:25:e4:70:b2:18:d8:
         bb:50:2e:71:d0:26:64:a7:dd:3d:2e:21:fd:70:36:0f:4d:c0:
         ec:b5:8e:9d:6e:28:f1:ee:43:a0:71:2b:35:b2:90:46:6e:98:
         6c:ab:f4:4e:b6:37:5f:f7:eb:64:44:0b:61:40:90:f0:84:e2:
         2f:d4:20:f6:e3:24:21:89:e8:a1:06:0b:20:44:d0:f2:62:9b:
         a4:3f:e3:3a:cd:dc:b3:59:1c:ec:80:f0:d8:3b:4a:0c:f3:38:
         57:d5:ad:64:d7:7f:d1:31:33:e5:04:a0:42:d8:b0:11:46:24:
         d3:a4:1d:f7:31:8d:e1:14:00:28:f8:ad:e5:c1:18:21:dc:c3:
         29:a6:94:fa:dc:2c:ba:c0:f1:2b:7f:f1:a5:f5:38:1f:ae:98:
         ca:de:06:36:e6:e6:22:3c:e4:da:d7:8b:41:6a:fb:65:98:7e:
         a4:ab:78:77:20:b4:d7:bd:c1:e4:39:84:9e:64:78:ad:2f:82:
         4a:d9:ad:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xpfPZosinixQehNkntiRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjYwMTAxMDQxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDczNjQxMzg3MmYyOGQyNjhmNDY3YWJhN2M0NDc5M2Q4NWQxMTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYaeHQMulp41HV3Oq47ejh0Ggcrc
faw8KtawRstwj/OeHFaHrhL1DKpmctzAVPMH9r+lEtmfNung9WqGbLsgwtTBSL6V
96rMDBxrMFmwXD3V9u60sRRhiIqdoT+QlWlQ0X4A4HotdgxzFmIki+35UjxaShyG
op1QsbOAdxrU+vRsYEBfmmgBTZRMNJTfnIXpD3hr+PNsGq9VKalCi1Ce3GwbBlZt
qSQGhWCTH1rbYJV9Y9Kf0GzkH2tfCMwXdiPrA56I9kRQ9o366a92ilo7LKTwSWKl
lllksyNq2ivMbIZuqe52oQmR2pbPfn/yTxULrf4+ul9AWd4L8nU4YSXblQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIRzZBOHLyjSaPRnq6fER5PYXREIMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvaEhOa0U0Y3ZLTkpvOUdlcnA4UkhrOWhkRVFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWS30MA0G
CSqGSIb3DQEBCwUAA4IBAQClBcZRlRNzDW8dghmAE/ymi8xq4HjyrQpRUCCeYvCE
B3XHQL990mz4Qq9SuJdCbxg0QcDcuyUA+XSwzyqt3WOCqg0l5HCyGNi7UC5x0CZk
p909LiH9cDYPTcDstY6dbijx7kOgcSs1spBGbphsq/ROtjdf9+tkRAthQJDwhOIv
1CD24yQhieihBgsgRNDyYpukP+M6zdyzWRzsgPDYO0oM8zhX1a1k13/RMTPlBKBC
2LARRiTTpB33MY3hFAAo+K3lwRgh3MMpppT63Cy6wPErf/Gl9TgfrpjK3gY25uYi
POTa14tBavtlmH6kq3h3ILTXvcHkOYSeZHitL4JK2a0M
-----END CERTIFICATE-----