This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/4d1ab6-465b-4276-bc4a-2afa303e495d/1/IvgzP8R_m0s8ePEZg6507quDNrI.roa
File:                     IvgzP8R_m0s8ePEZg6507quDNrI.roa (raw, json)
Hash identifier:          X+lmN30HaOhvqFaQd7SLA7a7tpCSF9gpRrhHUrIx2Ls=
Subject key identifier:   22:F8:33:3F:C4:7F:9B:4B:3C:78:F1:19:83:AE:74:EE:AB:83:36:B2
Certificate issuer:       /CN=865b07c289df6bc9c762db4329ba0ce3c529fecb
Certificate serial:       019B7A5AB6E76F8B4024016B6F47AF06E420
Authority key identifier: 86:5B:07:C2:89:DF:6B:C9:C7:62:DB:43:29:BA:0C:E3:C5:29:FE:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hlsHwonfa8nHYttDKboM48Up_ss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/4d1ab6-465b-4276-bc4a-2afa303e495d/1/IvgzP8R_m0s8ePEZg6507quDNrI.roa
Signing time:             Thu 01 Jan 2026 16:18:43 +0000
ROA not before:           Thu 01 Jan 2026 16:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49592
IP address blocks:        92.42.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/4d1ab6-465b-4276-bc4a-2afa303e495d/1/hlsHwonfa8nHYttDKboM48Up_ss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/4d1ab6-465b-4276-bc4a-2afa303e495d/1/hlsHwonfa8nHYttDKboM48Up_ss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hlsHwonfa8nHYttDKboM48Up_ss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:b6:e7:6f:8b:40:24:01:6b:6f:47:af:06:e4:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=865b07c289df6bc9c762db4329ba0ce3c529fecb
        Validity
            Not Before: Jan  1 16:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=22f8333fc47f9b4b3c78f11983ae74eeab8336b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b5:ee:fc:8d:d3:13:84:58:13:c2:98:be:42:
                    c9:9c:04:2e:0d:12:09:1f:ee:e3:ab:fc:7f:83:3e:
                    fc:26:26:01:8f:e9:06:41:3a:2e:12:80:60:3d:93:
                    e5:3b:05:42:cd:d9:4f:62:e7:3a:87:26:1e:c9:df:
                    a9:51:dc:a5:a5:99:e9:14:06:69:73:5b:10:f4:7f:
                    75:7d:2f:d8:a3:c0:3b:e2:eb:25:1f:fa:85:38:bb:
                    d6:7e:50:02:73:79:0c:ef:b1:73:05:af:92:5c:36:
                    58:e8:a4:c5:bb:54:0b:22:04:3c:8a:b9:f6:69:09:
                    c2:ff:a1:a5:13:67:83:39:fc:7d:bb:42:05:bd:64:
                    27:a4:4b:06:66:d6:81:2f:7d:8b:ad:ee:d2:a0:dc:
                    a1:15:3c:78:5f:5e:55:c8:86:02:ea:67:29:56:ec:
                    e7:94:b9:19:50:6e:c4:f1:48:8a:ef:f6:63:e8:ba:
                    87:36:6b:22:a2:32:18:8d:9e:a9:b0:d4:6a:f5:84:
                    4c:a7:a0:c7:ed:c1:7b:31:cd:e6:f0:a8:ec:93:5a:
                    10:a7:64:99:92:ac:1e:ce:18:54:d4:73:3d:5c:3e:
                    07:54:54:ab:81:0c:bf:78:77:28:7f:41:5a:69:58:
                    77:73:9a:d5:39:d6:3d:f6:47:5d:d5:b4:a3:3f:fd:
                    fa:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:F8:33:3F:C4:7F:9B:4B:3C:78:F1:19:83:AE:74:EE:AB:83:36:B2
            X509v3 Authority Key Identifier:
                keyid:86:5B:07:C2:89:DF:6B:C9:C7:62:DB:43:29:BA:0C:E3:C5:29:FE:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hlsHwonfa8nHYttDKboM48Up_ss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/4d1ab6-465b-4276-bc4a-2afa303e495d/1/IvgzP8R_m0s8ePEZg6507quDNrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/4d1ab6-465b-4276-bc4a-2afa303e495d/1/hlsHwonfa8nHYttDKboM48Up_ss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:b0:30:80:c5:ae:6f:cb:eb:4a:8e:67:35:a9:8a:7d:9a:ee:
         8a:11:ba:0e:46:84:ec:22:3c:26:39:78:8c:4c:76:df:21:87:
         0a:93:8d:1b:75:ea:df:1b:04:f2:20:86:66:76:5d:c9:dd:ba:
         13:b2:29:79:e4:8e:79:fe:1f:b6:7f:71:62:90:af:89:a2:57:
         62:c5:81:17:32:a1:6d:23:7f:02:39:21:01:b4:b9:ad:41:fc:
         96:40:cc:48:8d:4e:10:2f:4f:01:93:da:f8:1a:38:9d:1b:75:
         3c:39:8b:0c:47:be:df:53:48:63:4c:22:a3:f1:7a:d3:b1:a0:
         a9:1e:ab:7b:93:07:7a:b3:6b:70:fe:2c:5e:1e:8b:1c:37:7b:
         11:98:18:5b:35:cd:b6:02:89:51:19:de:38:42:1c:94:4d:7e:
         9e:84:31:52:63:96:4e:1d:61:84:fa:66:f6:f7:65:6e:b7:6b:
         65:96:9b:aa:ca:23:9b:a0:c6:52:66:7f:9b:76:eb:3c:cc:3c:
         8a:48:de:2e:3b:fe:c5:a9:fd:9e:b8:a2:64:14:23:12:6e:f0:
         11:c9:e4:87:c6:8d:8a:30:52:51:73:2c:1b:1d:0b:2c:f6:5c:
         c5:57:be:09:ae:07:5e:55:38:3d:da:a8:a9:8b:84:9f:73:ec:
         73:d4:c1:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Wrbnb4tAJAFrb0evBuQgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2NWIwN2MyODlkZjZiYzljNzYyZGI0MzI5YmEwY2UzYzUy
OWZlY2IwHhcNMjYwMTAxMTYxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmY4MzMzZmM0N2Y5YjRiM2M3OGYxMTk4M2FlNzRlZWFiODMzNmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrXu/I3TE4RYE8KYvkLJnAQuDRIJ
H+7jq/x/gz78JiYBj+kGQTouEoBgPZPlOwVCzdlPYuc6hyYeyd+pUdylpZnpFAZp
c1sQ9H91fS/Yo8A74uslH/qFOLvWflACc3kM77FzBa+SXDZY6KTFu1QLIgQ8irn2
aQnC/6GlE2eDOfx9u0IFvWQnpEsGZtaBL32Lre7SoNyhFTx4X15VyIYC6mcpVuzn
lLkZUG7E8UiK7/Zj6LqHNmsiojIYjZ6psNRq9YRMp6DH7cF7Mc3m8Kjsk1oQp2SZ
kqwezhhU1HM9XD4HVFSrgQy/eHcof0FaaVh3c5rVOdY99kdd1bSjP/36ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCL4Mz/Ef5tLPHjxGYOudO6rgzayMB8GA1UdIwQY
MBaAFIZbB8KJ32vJx2LbQym6DOPFKf7LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGxzSHdvbmZhOG5IWXR0REtib000OFVwX3NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi80ZDFhYjYtNDY1Yi00Mjc2LWJjNGEt
MmFmYTMwM2U0OTVkLzEvSXZnelA4Ul9tMHM4ZVBFWmc2NTA3cXVETnJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi80ZDFhYjYtNDY1Yi00Mjc2LWJjNGEtMmFmYTMwM2U0OTVk
LzEvaGxzSHdvbmZhOG5IWXR0REtib000OFVwX3NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCrJMA0G
CSqGSIb3DQEBCwUAA4IBAQCcsDCAxa5vy+tKjmc1qYp9mu6KEboORoTsIjwmOXiM
THbfIYcKk40bderfGwTyIIZmdl3J3boTsil55I55/h+2f3FikK+JoldixYEXMqFt
I38COSEBtLmtQfyWQMxIjU4QL08Bk9r4GjidG3U8OYsMR77fU0hjTCKj8XrTsaCp
Hqt7kwd6s2tw/ixeHoscN3sRmBhbNc22AolRGd44QhyUTX6ehDFSY5ZOHWGE+mb2
92Vut2tllpuqyiOboMZSZn+bdus8zDyKSN4uO/7Fqf2euKJkFCMSbvARyeSHxo2K
MFJRcywbHQss9lzFV74JrgdeVTg92qipi4Sfc+xz1MFi
-----END CERTIFICATE-----