This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/hm4kl2xwUmtOASOqA-jDS2UukA8.roa
File:                     hm4kl2xwUmtOASOqA-jDS2UukA8.roa (raw, json)
Hash identifier:          CeIk8O5E/FsBeHVWhuxqtMRG0dABISCSJXLahUh57YQ=
Subject key identifier:   86:6E:24:97:6C:70:52:6B:4E:01:23:AA:03:E8:C3:4B:65:2E:90:0F
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019B7CEE72CCC7256DC77B5AD5E0B8075638
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/hm4kl2xwUmtOASOqA-jDS2UukA8.roa
Signing time:             Fri 02 Jan 2026 04:19:20 +0000
ROA not before:           Fri 02 Jan 2026 04:19:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399275
IP address blocks:        79.172.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:72:cc:c7:25:6d:c7:7b:5a:d5:e0:b8:07:56:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jan  2 04:19:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=866e24976c70526b4e0123aa03e8c34b652e900f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:29:d5:c2:cb:c3:db:9c:7a:db:74:f2:18:7c:
                    dd:4a:70:3c:c9:79:57:c7:cd:bc:b0:79:55:78:58:
                    78:22:5f:6a:40:a1:1d:a6:99:39:0a:1d:76:5d:89:
                    13:50:15:86:c8:0c:e3:89:94:d7:e8:c3:0c:c8:99:
                    d1:33:d8:89:c4:66:55:ae:8e:9c:14:a8:0b:a6:eb:
                    ba:d2:06:56:35:2b:f9:1e:8b:e1:ad:f9:48:ae:9a:
                    e0:66:9d:f5:44:93:88:77:e9:8f:60:40:8a:6f:0f:
                    21:20:6c:66:c6:cb:13:77:c9:0e:d8:d6:91:ec:82:
                    4a:d7:d7:c9:6e:9c:3d:82:23:f5:3c:d7:78:5e:ed:
                    39:17:7e:77:50:29:d9:2f:88:d1:88:72:3f:ba:b9:
                    69:6a:bf:e6:87:17:fb:79:d0:1d:97:2b:66:2b:d5:
                    1c:57:d1:f3:dd:b5:73:b7:f2:14:95:bd:e6:ae:d8:
                    78:b1:58:17:03:34:b6:63:c1:8a:b7:02:2d:78:8f:
                    9a:6b:8d:46:4a:9a:49:55:45:cd:b1:8e:56:c7:7d:
                    35:15:29:23:cd:1b:2d:f5:32:46:37:2d:0f:98:c5:
                    58:c2:54:64:fa:02:ad:ef:a7:88:7e:82:77:88:16:
                    91:e2:67:4e:24:ed:21:bd:63:fe:bd:59:88:50:a9:
                    b3:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:6E:24:97:6C:70:52:6B:4E:01:23:AA:03:E8:C3:4B:65:2E:90:0F
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/hm4kl2xwUmtOASOqA-jDS2UukA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:c3:74:4d:f5:40:39:f0:67:c3:1b:ec:45:4b:20:89:2b:d8:
         41:c1:93:b9:d6:1f:40:62:b5:82:19:15:58:00:d4:89:af:7f:
         09:eb:a6:be:0b:ae:14:9b:cb:e6:16:d9:5c:09:39:89:19:e3:
         4a:23:6f:21:0e:55:4a:f1:6c:e3:08:c5:bb:a1:76:8e:06:fc:
         9a:fb:f0:52:14:9c:ac:6d:ff:ba:d2:d0:d1:0c:b9:72:aa:da:
         d6:de:41:c5:6a:1b:e6:b6:c4:3f:99:b9:91:43:18:ff:42:df:
         04:43:10:4f:9a:a7:68:23:28:ef:1c:a9:f4:50:12:b8:9a:2b:
         55:65:bb:27:f8:43:7f:b6:2d:42:d6:3a:e8:82:98:8c:11:27:
         41:61:e4:2b:96:69:4b:6c:25:ed:28:2d:c3:13:ec:0e:e8:5f:
         05:3c:be:da:32:c0:ce:b5:72:d8:ae:4d:47:23:cb:28:e1:0f:
         3c:67:fc:fb:a4:58:2a:f0:52:fb:f0:b0:91:17:cd:7d:06:44:
         4f:01:cf:f0:40:7f:86:2d:46:92:49:91:bd:77:89:76:c9:67:
         c8:dc:fe:5b:e4:36:37:cb:ae:c5:2a:e6:78:71:14:d0:30:d9:
         6b:00:ba:d3:de:0e:44:d0:55:5c:11:dc:00:15:56:f8:08:c2:
         f3:bf:50:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87nLMxyVtx3ta1eC4B1Y4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjYwMTAyMDQxOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjZlMjQ5NzZjNzA1MjZiNGUwMTIzYWEwM2U4YzM0YjY1MmU5MDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoinVwsvD25x623TyGHzdSnA8yXlX
x828sHlVeFh4Il9qQKEdppk5Ch12XYkTUBWGyAzjiZTX6MMMyJnRM9iJxGZVro6c
FKgLpuu60gZWNSv5HovhrflIrprgZp31RJOId+mPYECKbw8hIGxmxssTd8kO2NaR
7IJK19fJbpw9giP1PNd4Xu05F353UCnZL4jRiHI/urlpar/mhxf7edAdlytmK9Uc
V9Hz3bVzt/IUlb3mrth4sVgXAzS2Y8GKtwIteI+aa41GSppJVUXNsY5Wx301FSkj
zRst9TJGNy0PmMVYwlRk+gKt76eIfoJ3iBaR4mdOJO0hvWP+vVmIUKmzbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZuJJdscFJrTgEjqgPow0tlLpAPMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvaG00a2wyeHdVbXRPQVNPcUEtakRTMlV1a0E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT6z7MA0G
CSqGSIb3DQEBCwUAA4IBAQB2w3RN9UA58GfDG+xFSyCJK9hBwZO51h9AYrWCGRVY
ANSJr38J66a+C64Um8vmFtlcCTmJGeNKI28hDlVK8WzjCMW7oXaOBvya+/BSFJys
bf+60tDRDLlyqtrW3kHFahvmtsQ/mbmRQxj/Qt8EQxBPmqdoIyjvHKn0UBK4mitV
Zbsn+EN/ti1C1jrogpiMESdBYeQrlmlLbCXtKC3DE+wO6F8FPL7aMsDOtXLYrk1H
I8so4Q88Z/z7pFgq8FL78LCRF819BkRPAc/wQH+GLUaSSZG9d4l2yWfI3P5b5DY3
y67FKuZ4cRTQMNlrALrT3g5E0FVcEdwAFVb4CMLzv1CE
-----END CERTIFICATE-----