This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/hLe9Xa1rDMaunSX5UD8tCHRgLLc.roa
File:                     hLe9Xa1rDMaunSX5UD8tCHRgLLc.roa (raw, json)
Hash identifier:          9qvXC/uilYEYnlhtLr2bokb3DyBNi92EuqBrDngnP80=
Subject key identifier:   84:B7:BD:5D:AD:6B:0C:C6:AE:9D:25:F9:50:3F:2D:08:74:60:2C:B7
Certificate issuer:       /CN=21e86ff9973c93abe6398f031966c29d75a3ba86
Certificate serial:       019B7910E3967D0988FB0D7967C556C23977
Authority key identifier: 21:E8:6F:F9:97:3C:93:AB:E6:39:8F:03:19:66:C2:9D:75:A3:BA:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/hLe9Xa1rDMaunSX5UD8tCHRgLLc.roa
Signing time:             Thu 01 Jan 2026 10:18:28 +0000
ROA not before:           Thu 01 Jan 2026 10:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13443
IP address blocks:        144.2.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:e3:96:7d:09:88:fb:0d:79:67:c5:56:c2:39:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21e86ff9973c93abe6398f031966c29d75a3ba86
        Validity
            Not Before: Jan  1 10:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=84b7bd5dad6b0cc6ae9d25f9503f2d0874602cb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ed:a3:2c:61:cb:37:7e:f3:66:7f:3a:c4:5b:
                    30:1a:f9:56:0f:6d:34:27:11:0c:eb:81:0a:d6:a2:
                    a3:4f:68:93:f8:84:c9:26:da:f0:b7:33:45:22:ec:
                    8c:d1:bc:98:14:41:f2:a0:d4:f3:eb:89:fd:75:c6:
                    85:f7:1b:b3:28:83:fc:bd:40:18:c9:6b:72:b8:a9:
                    38:ed:f4:f7:c1:fe:ec:bb:ba:a3:64:51:df:d9:da:
                    2d:60:da:56:a7:28:11:6b:a6:17:0a:4a:46:4c:e3:
                    4a:54:78:9d:61:90:2b:d2:0b:57:4b:36:aa:91:67:
                    cb:ee:6b:63:57:f8:5b:22:94:95:6f:e8:86:5c:c3:
                    f8:eb:cd:59:1a:ea:ca:0c:3d:a5:59:aa:96:79:6d:
                    da:9a:6e:6d:49:39:6e:af:6d:6a:fd:3e:69:67:ff:
                    f6:b8:a4:ca:8e:49:3a:66:7e:d0:ad:cf:80:91:90:
                    32:47:25:e9:d6:c5:61:aa:32:6c:39:7e:2e:bc:05:
                    8d:b7:a4:ab:87:e2:b9:6d:0f:bb:65:d8:6d:b6:f6:
                    f9:47:36:c2:6e:14:89:61:d1:93:a3:d6:84:1f:c0:
                    3b:4a:13:a8:96:a2:86:6d:ac:ba:43:75:ee:aa:e5:
                    65:2f:fa:44:a6:e3:2d:68:96:83:df:25:4a:35:70:
                    e0:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:B7:BD:5D:AD:6B:0C:C6:AE:9D:25:F9:50:3F:2D:08:74:60:2C:B7
            X509v3 Authority Key Identifier:
                keyid:21:E8:6F:F9:97:3C:93:AB:E6:39:8F:03:19:66:C2:9D:75:A3:BA:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/hLe9Xa1rDMaunSX5UD8tCHRgLLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.2.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:e6:87:c3:c4:e2:74:12:a0:4b:b5:3f:3f:fc:35:8f:fb:19:
         09:63:34:c5:6c:13:5a:c3:b4:a4:b3:80:11:a2:4a:e2:79:9f:
         6b:60:db:9c:86:b4:60:4a:4b:1e:5f:0c:b6:dc:2f:87:bc:ad:
         06:9c:f2:45:b8:1f:81:8e:b0:6a:6b:35:38:09:93:44:4c:10:
         6b:f0:47:c6:7d:9d:2b:e7:69:a7:5f:fb:4e:c8:16:e9:42:97:
         71:f3:7e:95:b5:16:fe:96:17:26:cc:0d:32:61:d4:ea:48:ea:
         f3:df:4d:09:f8:fc:34:f9:96:0a:98:64:71:43:52:54:fc:57:
         77:b5:60:00:50:22:66:17:db:04:35:dd:5e:05:71:23:08:b2:
         1b:fc:f3:47:07:5d:fe:a3:dc:c9:a6:b3:94:70:5b:b1:92:80:
         f0:91:5e:6d:32:b9:19:0f:b5:0d:35:96:6a:ab:1a:58:02:8c:
         75:67:b5:a1:24:e4:c8:d9:c1:e1:92:46:f8:b8:6e:f0:c6:2e:
         2d:2a:3b:a6:07:50:fe:22:f1:8f:af:67:b7:f4:ad:88:0d:4c:
         1a:46:a5:d3:4f:11:24:a0:64:ed:1b:3d:6c:5c:9b:3b:7a:cf:
         36:89:23:66:ce:10:c3:75:08:9f:ed:43:f8:0a:ce:99:44:86:
         c0:d4:9a:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EOOWfQmI+w15Z8VWwjl3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxZTg2ZmY5OTczYzkzYWJlNjM5OGYwMzE5NjZjMjlkNzVh
M2JhODYwHhcNMjYwMTAxMTAxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGI3YmQ1ZGFkNmIwY2M2YWU5ZDI1Zjk1MDNmMmQwODc0NjAyY2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuO2jLGHLN37zZn86xFswGvlWD200
JxEM64EK1qKjT2iT+ITJJtrwtzNFIuyM0byYFEHyoNTz64n9dcaF9xuzKIP8vUAY
yWtyuKk47fT3wf7su7qjZFHf2dotYNpWpygRa6YXCkpGTONKVHidYZAr0gtXSzaq
kWfL7mtjV/hbIpSVb+iGXMP4681ZGurKDD2lWaqWeW3amm5tSTlur21q/T5pZ//2
uKTKjkk6Zn7Qrc+AkZAyRyXp1sVhqjJsOX4uvAWNt6Srh+K5bQ+7Zdhttvb5RzbC
bhSJYdGTo9aEH8A7ShOolqKGbay6Q3XuquVlL/pEpuMtaJaD3yVKNXDgOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIS3vV2tawzGrp0l+VA/LQh0YCy3MB8GA1UdIwQY
MBaAFCHob/mXPJOr5jmPAxlmwp11o7qGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWVodi1aYzhrNnZtT1k4REdXYkNuWFdqdW9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8yZjZkZDAtYjc2Zi00N2Q1LWE0YWIt
MzJmZWViNTY2ZWU2LzEvaExlOVhhMXJETWF1blNYNVVEOHRDSFJnTExjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8yZjZkZDAtYjc2Zi00N2Q1LWE0YWItMzJmZWViNTY2ZWU2
LzEvSWVodi1aYzhrNnZtT1k4REdXYkNuWFdqdW9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkAIWMA0G
CSqGSIb3DQEBCwUAA4IBAQAs5ofDxOJ0EqBLtT8//DWP+xkJYzTFbBNaw7Sks4AR
okrieZ9rYNuchrRgSkseXwy23C+HvK0GnPJFuB+BjrBqazU4CZNETBBr8EfGfZ0r
52mnX/tOyBbpQpdx836VtRb+lhcmzA0yYdTqSOrz300J+Pw0+ZYKmGRxQ1JU/Fd3
tWAAUCJmF9sENd1eBXEjCLIb/PNHB13+o9zJprOUcFuxkoDwkV5tMrkZD7UNNZZq
qxpYAox1Z7WhJOTI2cHhkkb4uG7wxi4tKjumB1D+IvGPr2e39K2IDUwaRqXTTxEk
oGTtGz1sXJs7es82iSNmzhDDdQif7UP4Cs6ZRIbA1Jr9
-----END CERTIFICATE-----