This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/EHScBu0DtfNN7XuW2NbtkqUh6LY.roa
File:                     EHScBu0DtfNN7XuW2NbtkqUh6LY.roa (raw, json)
Hash identifier:          XTAL9pZrhDOSGcWcBZT8tlB7wZsz4Qittp7Yw5e9EHk=
Subject key identifier:   10:74:9C:06:ED:03:B5:F3:4D:ED:7B:96:D8:D6:ED:92:A5:21:E8:B6
Certificate issuer:       /CN=9e42ca46688a837b575234ce6a1a326587d6c204
Certificate serial:       019B7F820C882630D6391B4F3B016ABC1B94
Authority key identifier: 9E:42:CA:46:68:8A:83:7B:57:52:34:CE:6A:1A:32:65:87:D6:C2:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkLKRmiKg3tXUjTOahoyZYfWwgQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/EHScBu0DtfNN7XuW2NbtkqUh6LY.roa
Signing time:             Fri 02 Jan 2026 16:19:47 +0000
ROA not before:           Fri 02 Jan 2026 16:19:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207790
IP address blocks:        45.13.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/nkLKRmiKg3tXUjTOahoyZYfWwgQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/nkLKRmiKg3tXUjTOahoyZYfWwgQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkLKRmiKg3tXUjTOahoyZYfWwgQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:0c:88:26:30:d6:39:1b:4f:3b:01:6a:bc:1b:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e42ca46688a837b575234ce6a1a326587d6c204
        Validity
            Not Before: Jan  2 16:19:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=10749c06ed03b5f34ded7b96d8d6ed92a521e8b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:5b:17:e0:da:a7:2e:b1:84:2f:98:d6:f6:ec:
                    df:80:9b:4b:f5:57:7f:74:6a:db:51:b2:60:a4:50:
                    45:a1:14:ff:c6:4f:74:cc:ad:06:83:fa:c9:26:2a:
                    51:f1:2b:38:4d:1a:f6:1e:8e:09:18:c4:f3:40:bc:
                    93:24:51:2d:9d:64:16:52:e2:b0:e0:69:01:57:e2:
                    e9:80:9e:43:9c:21:fe:f7:39:f3:30:c6:54:04:71:
                    8b:37:5e:5a:7a:5f:be:b6:29:11:07:fd:ff:39:c7:
                    ae:1b:ba:29:b7:a7:be:ad:13:fd:d0:d8:1f:9b:ba:
                    e1:9f:11:c5:34:5a:21:ea:a3:c2:51:62:0f:a1:0e:
                    6d:81:6f:f7:c4:0e:ad:4e:80:1b:c9:5b:56:76:36:
                    d2:44:75:30:43:66:31:c8:d7:98:40:dc:99:6f:23:
                    82:78:4e:76:91:74:b0:3a:a7:5e:01:59:a9:ec:03:
                    ab:02:3e:66:52:33:ba:82:40:b8:03:15:dd:66:c5:
                    cf:45:2f:52:5e:95:61:09:25:7d:5e:8f:32:e4:da:
                    60:b8:e5:10:2c:20:40:48:a1:b8:25:c2:b9:4c:c3:
                    a8:ec:47:1f:92:28:f0:02:96:f4:09:81:ab:5e:2b:
                    47:8a:26:65:8f:26:b9:59:97:46:5e:94:17:bb:06:
                    f5:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:74:9C:06:ED:03:B5:F3:4D:ED:7B:96:D8:D6:ED:92:A5:21:E8:B6
            X509v3 Authority Key Identifier:
                keyid:9E:42:CA:46:68:8A:83:7B:57:52:34:CE:6A:1A:32:65:87:D6:C2:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkLKRmiKg3tXUjTOahoyZYfWwgQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/EHScBu0DtfNN7XuW2NbtkqUh6LY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ee2793-a0c9-42dc-a6a2-329ba388b7cf/1/nkLKRmiKg3tXUjTOahoyZYfWwgQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a2:50:46:5e:5a:5e:fa:ee:25:21:e4:bc:62:da:ec:f7:10:fa:
         f5:60:bd:c6:79:6d:d9:bc:7e:7c:37:0e:2f:d5:34:f0:bb:d3:
         60:6a:bf:85:27:87:13:a3:b7:2e:a5:7e:f0:c2:2f:93:35:be:
         89:07:38:3b:49:75:16:1a:a6:67:f1:b1:25:5a:06:c5:07:bb:
         e8:7f:d7:96:93:79:bd:18:98:59:5e:f6:43:4f:a4:5e:db:99:
         0a:2f:be:7f:49:6e:07:31:0b:2a:46:a5:a2:34:f8:d1:1f:a0:
         b4:d8:d8:10:ca:66:e0:26:e3:b8:80:d0:d5:12:3d:10:c6:e2:
         7d:34:7b:5e:e4:5b:fb:db:73:a8:d7:26:1c:2d:ca:39:67:aa:
         d2:cd:8e:e0:2f:f5:26:54:05:9b:24:af:5f:4f:94:51:c4:2b:
         b0:01:7a:8b:1b:ef:7a:2f:fc:dc:53:5a:cb:1b:0f:2d:b3:ed:
         ba:3c:17:20:98:4f:8f:f8:58:5b:69:72:1b:3b:9d:7c:57:14:
         79:9a:3b:19:e5:e9:53:06:98:0a:59:c2:d4:4e:05:75:17:97:
         eb:23:4e:a9:99:bf:ed:40:b1:b7:e4:61:d3:94:ac:5f:e1:59:
         cf:83:61:45:96:e2:10:fd:90:71:81:72:51:7d:83:2a:f7:92:
         81:35:63:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/ggyIJjDWORtPOwFqvBuUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDJjYTQ2Njg4YTgzN2I1NzUyMzRjZTZhMWEzMjY1ODdk
NmMyMDQwHhcNMjYwMTAyMTYxOTQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDc0OWMwNmVkMDNiNWYzNGRlZDdiOTZkOGQ2ZWQ5MmE1MjFlOGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FsX4NqnLrGEL5jW9uzfgJtL9Vd/
dGrbUbJgpFBFoRT/xk90zK0Gg/rJJipR8Ss4TRr2Ho4JGMTzQLyTJFEtnWQWUuKw
4GkBV+LpgJ5DnCH+9znzMMZUBHGLN15ael++tikRB/3/OceuG7opt6e+rRP90Ngf
m7rhnxHFNFoh6qPCUWIPoQ5tgW/3xA6tToAbyVtWdjbSRHUwQ2YxyNeYQNyZbyOC
eE52kXSwOqdeAVmp7AOrAj5mUjO6gkC4AxXdZsXPRS9SXpVhCSV9Xo8y5NpguOUQ
LCBASKG4JcK5TMOo7EcfkijwApb0CYGrXitHiiZljya5WZdGXpQXuwb1owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBB0nAbtA7XzTe17ltjW7ZKlIei2MB8GA1UdIwQY
MBaAFJ5CykZoioN7V1I0zmoaMmWH1sIEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtMS1JtaUtnM3RYVWpUT2Fob3laWWZXd2dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9lZTI3OTMtYTBjOS00MmRjLWE2YTIt
MzI5YmEzODhiN2NmLzEvRUhTY0J1MER0Zk5ON1h1VzJOYnRrcVVoNkxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9lZTI3OTMtYTBjOS00MmRjLWE2YTItMzI5YmEzODhiN2Nm
LzEvbmtMS1JtaUtnM3RYVWpUT2Fob3laWWZXd2dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ0MMA0G
CSqGSIb3DQEBCwUAA4IBAQCiUEZeWl767iUh5Lxi2uz3EPr1YL3GeW3ZvH58Nw4v
1TTwu9Ngar+FJ4cTo7cupX7wwi+TNb6JBzg7SXUWGqZn8bElWgbFB7vof9eWk3m9
GJhZXvZDT6Re25kKL75/SW4HMQsqRqWiNPjRH6C02NgQymbgJuO4gNDVEj0QxuJ9
NHte5Fv723Oo1yYcLco5Z6rSzY7gL/UmVAWbJK9fT5RRxCuwAXqLG+96L/zcU1rL
Gw8ts+26PBcgmE+P+FhbaXIbO518VxR5mjsZ5elTBpgKWcLUTgV1F5frI06pmb/t
QLG35GHTlKxf4VnPg2FFluIQ/ZBxgXJRfYMq95KBNWOS
-----END CERTIFICATE-----