This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/HMhWhNobOEPkN3MtaOvVXJjeyzU.roa
File:                     HMhWhNobOEPkN3MtaOvVXJjeyzU.roa (raw, json)
Hash identifier:          9VQQBJmuzLR1o/OSn+Mpj75Rdl8wKqyNnKeja8g+OEo=
Subject key identifier:   1C:C8:56:84:DA:1B:38:43:E4:37:73:2D:68:EB:D5:5C:98:DE:CB:35
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       019B7F8110BC7CCE5A228601D173EC5D2080
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/HMhWhNobOEPkN3MtaOvVXJjeyzU.roa
Signing time:             Fri 02 Jan 2026 16:18:43 +0000
ROA not before:           Fri 02 Jan 2026 16:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     54252
IP address blocks:        212.87.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:81:10:bc:7c:ce:5a:22:86:01:d1:73:ec:5d:20:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Jan  2 16:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1cc85684da1b3843e437732d68ebd55c98decb35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:8d:f1:6e:53:a7:07:b6:f3:e8:d2:ca:48:63:
                    e5:38:94:f8:62:1f:66:21:b1:22:c4:98:7f:ad:cb:
                    d1:be:5e:84:aa:ec:05:c8:78:a2:b2:99:71:7a:ba:
                    08:2e:9d:51:76:61:e5:14:93:6d:fd:9c:f2:6c:ba:
                    25:a1:fb:34:90:cd:7c:55:c5:73:3b:97:bc:b1:d1:
                    a8:e0:7b:4e:43:c6:53:01:a8:eb:4d:8e:02:d7:e4:
                    e7:3c:5f:a5:27:70:99:74:96:d5:96:74:c3:8f:cc:
                    5a:8f:d7:f7:70:42:d4:b9:ac:c8:09:a1:fd:90:7f:
                    14:7a:9e:42:0d:c2:ec:c1:9b:3a:92:34:9c:5b:41:
                    8a:6e:f7:5e:7f:c4:f7:27:89:ab:b9:f6:41:24:1d:
                    82:7d:cb:74:5b:50:fa:2f:47:bc:b1:da:2a:04:c3:
                    55:52:6d:4c:46:b2:46:e2:b6:14:b4:12:df:13:aa:
                    7a:09:3f:c8:59:a2:a1:b0:00:94:d5:b4:cb:1b:6b:
                    ba:ab:76:b6:dd:23:4e:31:cb:28:c5:80:4f:1e:09:
                    26:44:68:16:4b:fa:d3:cc:2b:b1:44:5e:af:f4:7a:
                    e6:16:78:1e:2f:45:4f:86:53:19:4c:21:75:59:9d:
                    6e:e4:cb:3a:ba:e6:57:33:e0:28:b7:fe:da:41:65:
                    19:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:C8:56:84:DA:1B:38:43:E4:37:73:2D:68:EB:D5:5C:98:DE:CB:35
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/HMhWhNobOEPkN3MtaOvVXJjeyzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.87.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:d6:53:7c:7f:e4:61:9f:43:42:19:f6:e4:0d:0c:56:a4:f3:
         74:8c:8b:f6:73:39:82:00:5e:d6:f9:4f:d6:ac:c8:95:37:ef:
         e2:e6:fd:5e:08:1d:19:3d:67:21:17:db:89:df:f5:42:db:3e:
         5e:8e:3d:e8:e2:8d:3a:8d:37:b7:66:51:bb:d8:9c:08:cc:af:
         cd:9d:41:57:f7:cc:d7:26:7b:d7:bc:65:9c:3c:48:e6:ad:65:
         bf:ba:9c:46:e3:89:1a:aa:61:5d:9f:7a:d8:58:1b:f9:3d:e6:
         19:cb:96:02:f6:b5:8b:da:c7:b2:a9:40:f0:62:44:cf:48:4b:
         78:7b:fa:b1:75:2b:1f:82:b3:6d:2b:c8:d9:ab:96:23:9f:b1:
         b1:65:54:e7:14:19:c1:35:e0:5d:cf:b2:69:95:6f:cc:90:5a:
         91:b1:28:45:69:01:f8:03:05:4f:98:6b:8a:13:34:73:6f:8f:
         64:45:b8:95:19:6d:a0:a2:49:63:61:5e:b2:a8:e6:a4:9d:c9:
         a0:53:a5:32:13:95:79:60:6b:21:9b:6f:0f:b9:a2:16:02:34:
         ef:5f:db:e7:bd:b2:70:b9:b3:ea:6c:f4:8f:d5:4b:80:6c:a2:
         b1:d3:a9:da:96:f9:26:f4:4e:17:7a:8c:40:02:20:cc:4e:60:
         cf:1f:51:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gRC8fM5aIoYB0XPsXSCAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjYwMTAyMTYxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2M4NTY4NGRhMWIzODQzZTQzNzczMmQ2OGViZDU1Yzk4ZGVjYjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnI3xblOnB7bz6NLKSGPlOJT4Yh9m
IbEixJh/rcvRvl6EquwFyHiisplxeroILp1RdmHlFJNt/ZzybLolofs0kM18VcVz
O5e8sdGo4HtOQ8ZTAajrTY4C1+TnPF+lJ3CZdJbVlnTDj8xaj9f3cELUuazICaH9
kH8Uep5CDcLswZs6kjScW0GKbvdef8T3J4mrufZBJB2Cfct0W1D6L0e8sdoqBMNV
Um1MRrJG4rYUtBLfE6p6CT/IWaKhsACU1bTLG2u6q3a23SNOMcsoxYBPHgkmRGgW
S/rTzCuxRF6v9HrmFngeL0VPhlMZTCF1WZ1u5Ms6uuZXM+Aot/7aQWUZZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBzIVoTaGzhD5DdzLWjr1VyY3ss1MB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvSE1oV2hOb2JPRVBrTjNNdGFPdlZYSmpleXpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FfLMA0G
CSqGSIb3DQEBCwUAA4IBAQAD1lN8f+Rhn0NCGfbkDQxWpPN0jIv2czmCAF7W+U/W
rMiVN+/i5v1eCB0ZPWchF9uJ3/VC2z5ejj3o4o06jTe3ZlG72JwIzK/NnUFX98zX
JnvXvGWcPEjmrWW/upxG44kaqmFdn3rYWBv5PeYZy5YC9rWL2seyqUDwYkTPSEt4
e/qxdSsfgrNtK8jZq5Yjn7GxZVTnFBnBNeBdz7JplW/MkFqRsShFaQH4AwVPmGuK
EzRzb49kRbiVGW2gokljYV6yqOakncmgU6UyE5V5YGshm28PuaIWAjTvX9vnvbJw
ubPqbPSP1UuAbKKx06nalvkm9E4XeoxAAiDMTmDPH1E1
-----END CERTIFICATE-----