This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/d56693-2254-4a3b-acbb-efaaff0a982f/1/L_HXYmOHhoM2YRE97tQgr7r3-SI.roa
File:                     L_HXYmOHhoM2YRE97tQgr7r3-SI.roa (raw, json)
Hash identifier:          FgKVtJ0H+q1J3xzFBhPOLkROSf4gdoaYW3BrXLNdbVA=
Subject key identifier:   2F:F1:D7:62:63:87:86:83:36:61:11:3D:EE:D4:20:AF:BA:F7:F9:22
Certificate issuer:       /CN=47d064fb3e541f23563065e48f300f2cfdfe009a
Certificate serial:       019B7F15568C43C088631769510CEF73D6BA
Authority key identifier: 47:D0:64:FB:3E:54:1F:23:56:30:65:E4:8F:30:0F:2C:FD:FE:00:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R9Bk-z5UHyNWMGXkjzAPLP3-AJo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/d56693-2254-4a3b-acbb-efaaff0a982f/1/L_HXYmOHhoM2YRE97tQgr7r3-SI.roa
Signing time:             Fri 02 Jan 2026 14:21:03 +0000
ROA not before:           Fri 02 Jan 2026 14:21:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31708
IP address blocks:        195.244.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/d56693-2254-4a3b-acbb-efaaff0a982f/1/R9Bk-z5UHyNWMGXkjzAPLP3-AJo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/d56693-2254-4a3b-acbb-efaaff0a982f/1/R9Bk-z5UHyNWMGXkjzAPLP3-AJo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R9Bk-z5UHyNWMGXkjzAPLP3-AJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:56:8c:43:c0:88:63:17:69:51:0c:ef:73:d6:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47d064fb3e541f23563065e48f300f2cfdfe009a
        Validity
            Not Before: Jan  2 14:21:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ff1d762638786833661113deed420afbaf7f922
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:56:6a:0e:56:ac:c9:43:62:59:54:66:20:cb:
                    be:65:d4:c9:d0:61:0b:2f:2b:73:dd:d4:e6:c0:c5:
                    a0:68:6a:5b:bc:77:e2:80:77:74:47:12:f4:38:e1:
                    9a:74:d8:26:29:d9:83:49:17:68:74:2a:82:06:89:
                    ae:d1:29:8a:86:ef:3b:61:43:5b:b9:04:f2:bb:be:
                    c5:91:a0:d0:76:db:3b:0f:6c:f5:c1:56:c2:9d:92:
                    01:65:08:37:a9:14:45:29:81:4b:1b:0e:68:c5:04:
                    57:0d:7f:b9:cb:ec:da:58:c4:d5:cf:f4:0b:c5:dd:
                    9f:ac:c6:67:1d:b4:3a:15:f1:e5:2c:7f:30:bc:a8:
                    f8:ef:81:fc:8c:f6:62:f3:15:f6:5f:d9:3e:89:ce:
                    58:87:b7:0f:12:e5:8d:d1:57:30:81:f3:d4:65:08:
                    04:83:2b:f5:48:3e:85:0f:b9:8e:78:b9:75:cf:1b:
                    24:c3:77:01:26:fe:5f:f5:e9:19:15:ec:30:5f:39:
                    78:67:c2:f7:c5:58:04:f4:be:0b:3f:ff:94:51:0b:
                    6b:d8:0f:4a:bf:1f:2e:a0:c1:d2:57:5a:f1:8f:e5:
                    25:d3:c3:7c:60:07:60:f6:22:8b:a3:c6:bc:5e:3d:
                    3e:05:88:12:e8:4d:d0:01:c3:df:2a:9e:c4:d5:f3:
                    e3:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:F1:D7:62:63:87:86:83:36:61:11:3D:EE:D4:20:AF:BA:F7:F9:22
            X509v3 Authority Key Identifier:
                keyid:47:D0:64:FB:3E:54:1F:23:56:30:65:E4:8F:30:0F:2C:FD:FE:00:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R9Bk-z5UHyNWMGXkjzAPLP3-AJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d56693-2254-4a3b-acbb-efaaff0a982f/1/L_HXYmOHhoM2YRE97tQgr7r3-SI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d56693-2254-4a3b-acbb-efaaff0a982f/1/R9Bk-z5UHyNWMGXkjzAPLP3-AJo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.244.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:73:ac:ca:fd:e8:d5:6c:6f:c9:93:9a:80:e3:a7:31:bd:c4:
         1d:69:ad:78:3a:1d:01:40:fe:40:9e:35:91:12:2b:9f:16:35:
         e6:cd:5f:ef:9e:1c:93:44:d9:c0:66:de:fd:e4:7d:37:e6:53:
         45:4f:07:83:a6:ea:aa:66:6e:8c:f5:6e:20:3e:df:be:c5:b1:
         ae:9f:fe:93:de:0f:31:54:75:3a:61:e2:c4:2f:31:ed:18:ff:
         69:53:1e:d3:0c:42:74:86:62:30:21:aa:f8:3a:82:0b:b1:0e:
         67:77:5e:91:62:50:8e:fc:fc:71:09:b3:f9:33:0b:ef:05:1f:
         c8:b4:be:9d:c4:b7:0d:ac:f3:97:ec:93:05:38:16:39:a8:3c:
         33:25:52:f2:1d:9b:86:fd:8d:cf:58:c1:c3:ba:35:92:65:6d:
         71:e1:0b:5f:39:c2:dd:a1:f3:30:cd:33:0a:6a:1d:16:f0:de:
         02:6e:ab:19:1f:de:f5:3a:f3:4a:16:a4:72:0f:fc:18:8c:44:
         8c:6e:f6:d7:7f:b3:9c:81:db:a0:35:47:91:e7:f9:9c:24:f2:
         33:29:6a:61:c8:c5:51:ee:5d:c0:ab:f9:d9:03:44:a0:5e:32:
         a1:39:e3:ef:d4:be:59:44:65:62:48:c8:1f:4e:1d:b6:55:e7:
         a0:68:38:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FVaMQ8CIYxdpUQzvc9a6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3ZDA2NGZiM2U1NDFmMjM1NjMwNjVlNDhmMzAwZjJjZmRm
ZTAwOWEwHhcNMjYwMTAyMTQyMTAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmYxZDc2MjYzODc4NjgzMzY2MTExM2RlZWQ0MjBhZmJhZjdmOTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFZqDlasyUNiWVRmIMu+ZdTJ0GEL
Lytz3dTmwMWgaGpbvHfigHd0RxL0OOGadNgmKdmDSRdodCqCBomu0SmKhu87YUNb
uQTyu77FkaDQdts7D2z1wVbCnZIBZQg3qRRFKYFLGw5oxQRXDX+5y+zaWMTVz/QL
xd2frMZnHbQ6FfHlLH8wvKj474H8jPZi8xX2X9k+ic5Yh7cPEuWN0VcwgfPUZQgE
gyv1SD6FD7mOeLl1zxskw3cBJv5f9ekZFewwXzl4Z8L3xVgE9L4LP/+UUQtr2A9K
vx8uoMHSV1rxj+Ul08N8YAdg9iKLo8a8Xj0+BYgS6E3QAcPfKp7E1fPjZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/x12Jjh4aDNmERPe7UIK+69/kiMB8GA1UdIwQY
MBaAFEfQZPs+VB8jVjBl5I8wDyz9/gCaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjlCay16NVVIeU5XTUdYa2p6QVBMUDMtQUpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9kNTY2OTMtMjI1NC00YTNiLWFjYmIt
ZWZhYWZmMGE5ODJmLzEvTF9IWFltT0hob00yWVJFOTd0UWdyN3IzLVNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9kNTY2OTMtMjI1NC00YTNiLWFjYmItZWZhYWZmMGE5ODJm
LzEvUjlCay16NVVIeU5XTUdYa2p6QVBMUDMtQUpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/QdMA0G
CSqGSIb3DQEBCwUAA4IBAQBCc6zK/ejVbG/Jk5qA46cxvcQdaa14Oh0BQP5AnjWR
EiufFjXmzV/vnhyTRNnAZt795H035lNFTweDpuqqZm6M9W4gPt++xbGun/6T3g8x
VHU6YeLELzHtGP9pUx7TDEJ0hmIwIar4OoILsQ5nd16RYlCO/PxxCbP5MwvvBR/I
tL6dxLcNrPOX7JMFOBY5qDwzJVLyHZuG/Y3PWMHDujWSZW1x4QtfOcLdofMwzTMK
ah0W8N4CbqsZH971OvNKFqRyD/wYjESMbvbXf7OcgdugNUeR5/mcJPIzKWphyMVR
7l3Aq/nZA0SgXjKhOePv1L5ZRGViSMgfTh22VeegaDgv
-----END CERTIFICATE-----