This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/HK6BNNsWSLGubaZl3upPyutswvU.roa
File:                     HK6BNNsWSLGubaZl3upPyutswvU.roa (raw, json)
Hash identifier:          WzFjY3CdZWeDvACOL+XKBEMBzEj0lVc25php/SCslcU=
Subject key identifier:   1C:AE:81:34:DB:16:48:B1:AE:6D:A6:65:DE:EA:4F:CA:EB:6C:C2:F5
Certificate issuer:       /CN=9d5de490ff874e9689cecf726cbb4e2f51f6c731
Certificate serial:       019B7D5D1D8A9D2B4D9C914E625F4EA1D834
Authority key identifier: 9D:5D:E4:90:FF:87:4E:96:89:CE:CF:72:6C:BB:4E:2F:51:F6:C7:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/HK6BNNsWSLGubaZl3upPyutswvU.roa
Signing time:             Fri 02 Jan 2026 06:20:12 +0000
ROA not before:           Fri 02 Jan 2026 06:20:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49490
IP address blocks:        194.145.64.0/19 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:1d:8a:9d:2b:4d:9c:91:4e:62:5f:4e:a1:d8:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d5de490ff874e9689cecf726cbb4e2f51f6c731
        Validity
            Not Before: Jan  2 06:20:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1cae8134db1648b1ae6da665deea4fcaeb6cc2f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a5:eb:d3:d9:3b:5a:b8:e1:a6:1f:0b:a2:ba:
                    89:1a:fb:03:a8:da:d2:7e:66:ee:fe:05:07:cd:fd:
                    69:2a:07:14:7d:68:22:7f:60:7d:ff:fe:7e:12:66:
                    39:f2:3e:e4:e4:0f:de:fa:37:ff:3a:77:3e:2d:88:
                    9d:c1:6c:98:fe:b0:0e:e9:d6:3f:1b:38:0e:f4:eb:
                    f4:e8:bf:37:89:c7:cf:8a:ea:01:18:48:97:55:20:
                    b9:52:0b:1d:29:a7:93:a3:0b:6b:a0:87:0a:1e:3a:
                    02:41:b5:fb:85:42:1f:e0:84:8a:a9:6c:87:a7:13:
                    29:4e:38:33:e4:2a:2b:ec:b5:17:db:93:4a:f0:04:
                    b2:bd:8f:0e:dd:ad:55:b8:13:14:79:38:e1:b5:29:
                    ea:e6:08:ae:d7:a4:f8:5a:56:3b:10:a4:8e:d0:59:
                    86:54:75:e1:b3:ab:53:af:92:2d:8f:e2:b9:7d:d8:
                    6b:9a:79:e5:a9:21:4e:16:41:39:6e:11:38:0d:2d:
                    10:00:b1:14:d0:cd:cf:db:96:27:b6:09:17:36:77:
                    54:be:01:3f:5f:47:68:47:8e:ae:a9:7f:4c:cc:91:
                    d1:2d:19:9f:6c:f5:e5:8c:e1:2d:86:61:0c:b2:28:
                    0d:50:7d:d8:91:7f:05:4e:00:d5:07:23:36:8c:55:
                    bd:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:AE:81:34:DB:16:48:B1:AE:6D:A6:65:DE:EA:4F:CA:EB:6C:C2:F5
            X509v3 Authority Key Identifier:
                keyid:9D:5D:E4:90:FF:87:4E:96:89:CE:CF:72:6C:BB:4E:2F:51:F6:C7:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/HK6BNNsWSLGubaZl3upPyutswvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.145.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         16:2b:b2:c9:f7:19:81:99:68:4b:da:8a:30:5b:2a:83:30:1e:
         8d:8b:51:d8:02:79:3d:41:2e:dc:dc:f4:c9:27:94:f3:4e:ad:
         76:cc:78:43:8e:67:25:f7:7e:4c:9c:ed:cb:34:d6:f2:a2:2c:
         78:5a:87:9a:09:61:ec:a0:8a:b7:9e:99:8c:44:2d:e9:4f:be:
         07:3a:39:eb:27:da:b7:fd:0f:eb:39:95:91:41:af:54:dd:38:
         3e:b2:dc:9e:c2:5b:ff:f4:cb:c5:e3:57:2c:fe:61:2a:41:4d:
         33:ad:95:38:be:49:db:0b:82:7a:91:27:cb:2f:ad:b2:1f:83:
         e8:70:62:55:8c:67:5d:3d:57:f4:ac:f0:ad:66:33:6b:24:dd:
         19:93:f8:2d:1e:b1:26:39:b2:a6:66:18:cd:e3:25:a8:b9:94:
         7b:e8:ae:32:51:78:1e:58:22:ed:27:9a:ac:58:cb:22:2a:b0:
         08:0f:38:b3:f7:93:83:b2:55:da:71:60:6b:bc:a6:bd:5e:53:
         25:a1:4f:75:70:13:38:22:74:1a:0d:7c:34:15:a2:b4:94:86:
         bd:26:cf:a0:c8:83:51:5b:21:2a:a8:fa:df:38:de:0c:99:79:
         b5:d9:fa:f8:ce:2f:8c:0a:03:07:43:4e:5e:b7:45:07:cd:17:
         72:11:13:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XR2KnStNnJFOYl9Oodg0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNWRlNDkwZmY4NzRlOTY4OWNlY2Y3MjZjYmI0ZTJmNTFm
NmM3MzEwHhcNMjYwMTAyMDYyMDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2FlODEzNGRiMTY0OGIxYWU2ZGE2NjVkZWVhNGZjYWViNmNjMmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaXr09k7Wrjhph8LorqJGvsDqNrS
fmbu/gUHzf1pKgcUfWgif2B9//5+EmY58j7k5A/e+jf/Onc+LYidwWyY/rAO6dY/
GzgO9Ov06L83icfPiuoBGEiXVSC5UgsdKaeTowtroIcKHjoCQbX7hUIf4ISKqWyH
pxMpTjgz5Cor7LUX25NK8ASyvY8O3a1VuBMUeTjhtSnq5giu16T4WlY7EKSO0FmG
VHXhs6tTr5Itj+K5fdhrmnnlqSFOFkE5bhE4DS0QALEU0M3P25YntgkXNndUvgE/
X0doR46uqX9MzJHRLRmfbPXljOEthmEMsigNUH3YkX8FTgDVByM2jFW9hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFByugTTbFkixrm2mZd7qT8rrbML1MB8GA1UdIwQY
MBaAFJ1d5JD/h06Wic7Pcmy7Ti9R9scxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblYza2tQLUhUcGFKenM5eWJMdE9MMUgyeHpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC83NDViZGItMTA0Yi00OWM3LTk5ZDUt
Y2VjMzNiYTFiZGY1LzEvSEs2Qk5Oc1dTTEd1YmFabDN1cFB5dXRzd3ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC83NDViZGItMTA0Yi00OWM3LTk5ZDUtY2VjMzNiYTFiZGY1
LzEvblYza2tQLUhUcGFKenM5eWJMdE9MMUgyeHpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFwpFAMA0G
CSqGSIb3DQEBCwUAA4IBAQAWK7LJ9xmBmWhL2oowWyqDMB6Ni1HYAnk9QS7c3PTJ
J5TzTq12zHhDjmcl935MnO3LNNbyoix4WoeaCWHsoIq3npmMRC3pT74HOjnrJ9q3
/Q/rOZWRQa9U3Tg+styewlv/9MvF41cs/mEqQU0zrZU4vknbC4J6kSfLL62yH4Po
cGJVjGddPVf0rPCtZjNrJN0Zk/gtHrEmObKmZhjN4yWouZR76K4yUXgeWCLtJ5qs
WMsiKrAIDziz95ODslXacWBrvKa9XlMloU91cBM4InQaDXw0FaK0lIa9Js+gyINR
WyEqqPrfON4MmXm12fr4zi+MCgMHQ05et0UHzRdyERP4
-----END CERTIFICATE-----