This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/HMlykTFhJH5cvI6c0OarlpUJDqs.roa
File:                     HMlykTFhJH5cvI6c0OarlpUJDqs.roa (raw, json)
Hash identifier:          g8eLru3YcyEqpK1Le+3Ioeg74n09HD2Zgis3A6Pccf4=
Subject key identifier:   1C:C9:72:91:31:61:24:7E:5C:BC:8E:9C:D0:E6:AB:96:95:09:0E:AB
Certificate issuer:       /CN=66de1d9dcdb25c1e532c5c9b69dfa757e306210e
Certificate serial:       019B7A5A6D21411221A327FAA587C0A0F9C6
Authority key identifier: 66:DE:1D:9D:CD:B2:5C:1E:53:2C:5C:9B:69:DF:A7:57:E3:06:21:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/HMlykTFhJH5cvI6c0OarlpUJDqs.roa
Signing time:             Thu 01 Jan 2026 16:18:24 +0000
ROA not before:           Thu 01 Jan 2026 16:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44583
IP address blocks:        85.118.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:6d:21:41:12:21:a3:27:fa:a5:87:c0:a0:f9:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66de1d9dcdb25c1e532c5c9b69dfa757e306210e
        Validity
            Not Before: Jan  1 16:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1cc972913161247e5cbc8e9cd0e6ab9695090eab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:eb:14:ea:7c:37:4b:da:ad:a0:4e:23:05:83:
                    02:86:9b:19:dd:9d:39:82:71:ab:52:26:fd:0a:7f:
                    ff:cd:dc:3e:f8:c2:20:04:0f:f5:38:90:6b:c4:8c:
                    2d:08:50:b8:29:b0:a5:29:ac:d8:79:33:78:92:46:
                    f0:3d:77:93:75:c4:d3:33:00:20:5f:42:57:1b:5c:
                    31:52:e9:9d:68:ec:ca:76:3c:35:65:3b:05:18:40:
                    90:b8:df:11:dc:b3:15:41:d1:57:5a:42:66:49:9c:
                    96:d8:72:60:57:d2:b3:62:87:2d:81:30:df:16:63:
                    b5:2a:b8:e3:77:dd:d9:47:92:c0:3f:56:b1:20:d3:
                    f0:5f:1a:0e:20:34:f6:77:c5:aa:85:bc:fb:e7:b3:
                    4a:21:93:53:ca:d7:33:cb:ab:b3:e8:b0:ae:e6:26:
                    17:82:67:56:61:86:06:c8:e2:e0:69:94:a9:d7:fd:
                    e0:bf:4a:4a:49:ff:06:12:86:4d:46:dd:e9:4a:8f:
                    1a:19:3c:91:4a:e5:87:c3:2a:d6:8c:39:f2:44:53:
                    3b:ef:92:67:db:b6:38:6d:15:25:e1:49:84:46:0e:
                    29:bd:33:d4:f1:9e:d9:71:41:60:78:5e:44:7d:01:
                    19:ae:6d:da:c6:ce:f4:8d:51:64:a5:4e:2e:88:9e:
                    89:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:C9:72:91:31:61:24:7E:5C:BC:8E:9C:D0:E6:AB:96:95:09:0E:AB
            X509v3 Authority Key Identifier:
                keyid:66:DE:1D:9D:CD:B2:5C:1E:53:2C:5C:9B:69:DF:A7:57:E3:06:21:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/HMlykTFhJH5cvI6c0OarlpUJDqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.118.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:7f:9e:bf:99:cc:f8:0d:a4:de:62:fa:37:a0:e3:ad:b6:f2:
         39:46:38:9c:13:ac:72:a3:48:0c:30:76:95:ec:04:d1:77:a1:
         43:e6:6f:46:55:ac:8a:d5:90:89:c0:7a:d6:75:4b:c5:b2:c6:
         3e:1e:c7:d1:23:4e:aa:54:4e:c5:2d:8c:5b:44:33:a1:51:be:
         34:5a:bb:2f:8e:e4:51:9b:43:1b:8b:40:0b:8a:9c:4d:ae:12:
         6b:aa:74:33:b0:56:96:f9:97:9a:81:34:36:46:0b:5c:dc:46:
         3c:53:f7:9b:67:92:09:94:71:f7:78:49:56:62:6b:05:72:7e:
         44:25:10:dd:09:4d:e3:d9:10:22:b5:2f:de:2a:ec:05:cf:6f:
         75:c5:09:19:69:f0:1d:02:31:8d:7a:d7:66:f6:98:69:62:14:
         95:90:8c:d6:c2:3a:c6:49:b7:92:86:59:47:27:ec:a1:16:8c:
         ce:cb:46:6d:bc:94:84:fb:c0:0e:a8:6e:8b:a6:4b:8e:93:f3:
         2d:e1:42:72:23:7e:35:02:33:bf:76:4e:86:43:1d:e0:a2:0c:
         73:fb:49:47:1c:12:8f:6f:9c:4d:37:93:93:e7:dc:03:df:52:
         b2:e6:d9:ee:c2:2a:4f:29:bf:5d:b5:b7:5e:b9:56:ae:ef:16:
         10:31:e9:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Wm0hQRIhoyf6pYfAoPnGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGUxZDlkY2RiMjVjMWU1MzJjNWM5YjY5ZGZhNzU3ZTMw
NjIxMGUwHhcNMjYwMTAxMTYxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2M5NzI5MTMxNjEyNDdlNWNiYzhlOWNkMGU2YWI5Njk1MDkwZWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvesU6nw3S9qtoE4jBYMChpsZ3Z05
gnGrUib9Cn//zdw++MIgBA/1OJBrxIwtCFC4KbClKazYeTN4kkbwPXeTdcTTMwAg
X0JXG1wxUumdaOzKdjw1ZTsFGECQuN8R3LMVQdFXWkJmSZyW2HJgV9KzYoctgTDf
FmO1Krjjd93ZR5LAP1axINPwXxoOIDT2d8Wqhbz757NKIZNTytczy6uz6LCu5iYX
gmdWYYYGyOLgaZSp1/3gv0pKSf8GEoZNRt3pSo8aGTyRSuWHwyrWjDnyRFM775Jn
27Y4bRUl4UmERg4pvTPU8Z7ZcUFgeF5EfQEZrm3axs70jVFkpU4uiJ6JtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBzJcpExYSR+XLyOnNDmq5aVCQ6rMB8GA1UdIwQY
MBaAFGbeHZ3NslweUyxcm2nfp1fjBiEOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ0ZG5jMnlYQjVUTEZ5YmFkLW5WLU1HSVE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC82MGZjZmUtN2IyYy00NjcyLWJjMmYt
NDA0Nzk4NzA5NzZlLzEvSE1seWtURmhKSDVjdkk2YzBPYXJscFVKRHFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC82MGZjZmUtN2IyYy00NjcyLWJjMmYtNDA0Nzk4NzA5NzZl
LzEvWnQ0ZG5jMnlYQjVUTEZ5YmFkLW5WLU1HSVE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXYqMA0G
CSqGSIb3DQEBCwUAA4IBAQA3f56/mcz4DaTeYvo3oOOttvI5RjicE6xyo0gMMHaV
7ATRd6FD5m9GVayK1ZCJwHrWdUvFssY+HsfRI06qVE7FLYxbRDOhUb40WrsvjuRR
m0Mbi0ALipxNrhJrqnQzsFaW+ZeagTQ2Rgtc3EY8U/ebZ5IJlHH3eElWYmsFcn5E
JRDdCU3j2RAitS/eKuwFz291xQkZafAdAjGNetdm9phpYhSVkIzWwjrGSbeShllH
J+yhFozOy0ZtvJSE+8AOqG6LpkuOk/Mt4UJyI341AjO/dk6GQx3gogxz+0lHHBKP
b5xNN5OT59wD31Ky5tnuwipPKb9dtbdeuVau7xYQMelk
-----END CERTIFICATE-----