This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/HJo3CRIyATBS7g-UDXuzQV1nuKg.roa
File:                     HJo3CRIyATBS7g-UDXuzQV1nuKg.roa (raw, json)
Hash identifier:          EQakd71H1sWHiuQgGDjS23hEg0bJr+KP+TwWXG16xS8=
Subject key identifier:   1C:9A:37:09:12:32:01:30:52:EE:0F:94:0D:7B:B3:41:5D:67:B8:A8
Certificate issuer:       /CN=4b9331fa7be470dc179e16c306e98c6c731a575c
Certificate serial:       019B7F82A4A2917A5CEA9DB848E4E3C044FB
Authority key identifier: 4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/HJo3CRIyATBS7g-UDXuzQV1nuKg.roa
Signing time:             Fri 02 Jan 2026 16:20:26 +0000
ROA not before:           Fri 02 Jan 2026 16:20:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59989
IP address blocks:        140.150.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:a4:a2:91:7a:5c:ea:9d:b8:48:e4:e3:c0:44:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b9331fa7be470dc179e16c306e98c6c731a575c
        Validity
            Not Before: Jan  2 16:20:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1c9a37091232013052ee0f940d7bb3415d67b8a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:22:cf:eb:e4:12:a3:6b:b0:bf:82:7a:52:2b:
                    35:bc:15:90:98:cf:9b:46:30:31:e1:99:9b:17:30:
                    42:fa:d5:50:e3:90:5d:8c:8e:2c:39:5a:68:f0:bc:
                    76:93:fd:c4:01:70:1a:eb:5a:d3:42:89:2e:24:07:
                    5c:35:4a:83:3d:e0:f2:69:f1:79:fc:95:69:03:09:
                    d6:6d:be:ae:b4:79:8b:b6:69:a6:6e:16:e0:28:df:
                    ea:85:83:80:d1:de:f6:49:1f:e8:4b:d6:e7:aa:a4:
                    de:f8:35:e4:ef:d4:53:4a:32:41:9a:1f:80:84:49:
                    38:22:3f:7b:cb:63:d8:e4:4c:4b:52:17:a0:2d:ae:
                    8b:93:7f:bd:0e:42:d7:62:2c:7c:cb:ed:8a:9b:5d:
                    ad:d5:85:e4:c4:be:14:f4:35:28:7c:5c:03:67:6a:
                    6c:49:d2:44:76:98:09:c7:9f:ae:73:eb:a3:ff:c7:
                    de:0d:17:ae:55:95:84:f1:c2:7f:5c:d7:78:aa:95:
                    f4:32:4b:b7:a8:09:eb:90:45:44:70:b5:2d:03:10:
                    56:23:2e:9f:43:41:c2:5e:87:ba:89:c4:31:e9:65:
                    ce:87:c9:cb:20:a7:61:67:e6:2b:ca:4d:57:9d:46:
                    ea:2f:7d:25:e1:47:9d:58:f2:c6:7d:f0:df:4a:7a:
                    d8:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:9A:37:09:12:32:01:30:52:EE:0F:94:0D:7B:B3:41:5D:67:B8:A8
            X509v3 Authority Key Identifier:
                keyid:4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/HJo3CRIyATBS7g-UDXuzQV1nuKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:dc:62:2e:24:8f:7d:b0:ae:5a:09:c2:9d:1a:c2:ee:25:ac:
         03:b9:13:dc:9c:19:94:99:67:6a:c7:e8:5d:f0:aa:de:ba:01:
         75:a1:26:c7:bb:75:0b:77:b0:ef:ac:24:18:ad:e2:d8:ce:19:
         cc:b5:e9:e7:9b:f9:53:c7:78:df:61:66:a9:90:13:52:03:83:
         24:a3:67:44:ae:60:91:33:db:b4:e8:02:7b:eb:11:4b:64:dc:
         9f:df:42:fd:a2:75:f6:80:cf:43:6a:43:fb:68:74:2c:15:5e:
         14:05:20:7c:fb:c9:a0:f6:50:58:17:db:a3:91:e6:bb:18:b2:
         2a:ce:b6:14:fb:a2:cd:dd:db:5e:35:e1:14:e0:25:01:1b:61:
         fd:84:3f:97:80:01:fd:82:48:80:a9:12:67:2a:93:fc:2d:af:
         79:51:4c:9f:98:27:fb:28:49:d5:a7:d2:a8:7c:ae:f1:fb:27:
         81:65:3e:7d:fc:d1:d8:7b:62:9a:05:b9:fb:c8:48:b6:66:5f:
         87:1d:ec:9f:36:60:3e:2f:12:5e:cc:21:ce:17:ad:c5:47:de:
         b4:b6:0b:4f:d7:fe:e7:d9:70:c2:02:17:02:77:27:e0:16:37:
         6a:54:cc:b7:cf:4b:fd:66:a3:6d:9b:59:70:8a:55:63:15:9e:
         85:4f:c9:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gqSikXpc6p24SOTjwET7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOTMzMWZhN2JlNDcwZGMxNzllMTZjMzA2ZTk4YzZjNzMx
YTU3NWMwHhcNMjYwMTAyMTYyMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzlhMzcwOTEyMzIwMTMwNTJlZTBmOTQwZDdiYjM0MTVkNjdiOGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyLP6+QSo2uwv4J6Uis1vBWQmM+b
RjAx4ZmbFzBC+tVQ45BdjI4sOVpo8Lx2k/3EAXAa61rTQokuJAdcNUqDPeDyafF5
/JVpAwnWbb6utHmLtmmmbhbgKN/qhYOA0d72SR/oS9bnqqTe+DXk79RTSjJBmh+A
hEk4Ij97y2PY5ExLUhegLa6Lk3+9DkLXYix8y+2Km12t1YXkxL4U9DUofFwDZ2ps
SdJEdpgJx5+uc+uj/8feDReuVZWE8cJ/XNd4qpX0Mku3qAnrkEVEcLUtAxBWIy6f
Q0HCXoe6icQx6WXOh8nLIKdhZ+Yryk1XnUbqL30l4UedWPLGffDfSnrYnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFByaNwkSMgEwUu4PlA17s0FdZ7ioMB8GA1UdIwQY
MBaAFEuTMfp75HDcF54WwwbpjGxzGldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjIt
OGIyYjQ3MzhiMWNjLzEvSEpvM0NSSXlBVEJTN2ctVURYdXpRVjFudUtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjItOGIyYjQ3MzhiMWNj
LzEvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjJYnMA0G
CSqGSIb3DQEBCwUAA4IBAQDI3GIuJI99sK5aCcKdGsLuJawDuRPcnBmUmWdqx+hd
8KreugF1oSbHu3ULd7DvrCQYreLYzhnMtennm/lTx3jfYWapkBNSA4Mko2dErmCR
M9u06AJ76xFLZNyf30L9onX2gM9DakP7aHQsFV4UBSB8+8mg9lBYF9ujkea7GLIq
zrYU+6LN3dteNeEU4CUBG2H9hD+XgAH9gkiAqRJnKpP8La95UUyfmCf7KEnVp9Ko
fK7x+yeBZT59/NHYe2KaBbn7yEi2Zl+HHeyfNmA+LxJezCHOF63FR960tgtP1/7n
2XDCAhcCdyfgFjdqVMy3z0v9ZqNtm1lwilVjFZ6FT8nf
-----END CERTIFICATE-----