This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f54c57-deca-4685-8106-9fa78075330b/1/HbShzM3qrknCQZp2Tx1NZiWf1jk.roa
File:                     HbShzM3qrknCQZp2Tx1NZiWf1jk.roa (raw, json)
Hash identifier:          YTGorDk65orDuOJJBzhtTtRRAT8YSucZuGLA7eX2VpI=
Subject key identifier:   1D:B4:A1:CC:CD:EA:AE:49:C2:41:9A:76:4F:1D:4D:66:25:9F:D6:39
Certificate issuer:       /CN=68309900e648b65a307a7860102bf78b16f55d75
Certificate serial:       019B7B3548F307C81F2CD34B0B16D352B27C
Authority key identifier: 68:30:99:00:E6:48:B6:5A:30:7A:78:60:10:2B:F7:8B:16:F5:5D:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aDCZAOZItlowenhgECv3ixb1XXU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f54c57-deca-4685-8106-9fa78075330b/1/HbShzM3qrknCQZp2Tx1NZiWf1jk.roa
Signing time:             Thu 01 Jan 2026 20:17:28 +0000
ROA not before:           Thu 01 Jan 2026 20:17:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199315
IP address blocks:        91.218.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f54c57-deca-4685-8106-9fa78075330b/1/aDCZAOZItlowenhgECv3ixb1XXU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f54c57-deca-4685-8106-9fa78075330b/1/aDCZAOZItlowenhgECv3ixb1XXU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aDCZAOZItlowenhgECv3ixb1XXU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:48:f3:07:c8:1f:2c:d3:4b:0b:16:d3:52:b2:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68309900e648b65a307a7860102bf78b16f55d75
        Validity
            Not Before: Jan  1 20:17:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1db4a1cccdeaae49c2419a764f1d4d66259fd639
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:1f:48:74:68:4a:e3:24:8a:32:bd:a2:b2:da:
                    48:86:b6:71:ec:2e:d5:83:d7:11:1a:e5:49:4b:e4:
                    94:3e:c3:1a:be:e6:f8:ad:37:50:c5:6a:68:b6:3c:
                    45:2c:d4:17:69:aa:7c:cd:da:73:38:2d:d1:32:15:
                    f7:0a:b4:7f:3a:2d:ab:2e:df:51:bd:33:fb:5a:ff:
                    0e:8f:ec:84:d3:d9:e6:a9:21:9f:3b:96:f2:32:d0:
                    48:f2:ae:cf:87:3b:3e:b7:e4:3c:60:19:3c:2e:af:
                    3c:da:f7:b9:86:f8:6a:7d:bd:01:21:4d:77:8c:d1:
                    1c:39:83:54:58:0a:b5:d5:ac:c1:b0:73:dc:0c:b6:
                    22:ac:b2:b9:ff:08:ec:b5:f4:b1:d4:0c:06:0c:ce:
                    ea:28:02:28:d2:35:c6:6c:1a:89:3c:82:c9:6f:90:
                    85:e0:96:2b:bf:7e:76:f5:6a:11:c6:80:6d:2e:f8:
                    fd:16:7d:f8:21:16:df:53:8f:cd:5b:3f:fd:96:15:
                    c4:1c:c0:22:5b:e1:c1:48:4e:85:44:41:9b:a9:39:
                    9d:bf:0a:ed:a0:41:d3:0f:2b:aa:8e:70:6d:30:18:
                    77:71:de:e4:73:20:6f:97:56:9e:79:a7:38:91:54:
                    65:0d:8c:62:13:10:0c:73:8a:ec:94:67:be:c8:1f:
                    d0:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:B4:A1:CC:CD:EA:AE:49:C2:41:9A:76:4F:1D:4D:66:25:9F:D6:39
            X509v3 Authority Key Identifier:
                keyid:68:30:99:00:E6:48:B6:5A:30:7A:78:60:10:2B:F7:8B:16:F5:5D:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aDCZAOZItlowenhgECv3ixb1XXU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f54c57-deca-4685-8106-9fa78075330b/1/HbShzM3qrknCQZp2Tx1NZiWf1jk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f54c57-deca-4685-8106-9fa78075330b/1/aDCZAOZItlowenhgECv3ixb1XXU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:0e:d7:b8:45:1b:7b:16:10:26:15:34:a3:87:7a:c3:f2:9f:
         41:3b:b3:0c:2d:d2:a3:41:65:21:1e:18:65:a3:db:9c:5a:c9:
         13:ea:d3:dc:20:8c:cc:12:33:17:8d:23:d7:24:4b:74:a8:b2:
         19:03:8f:ee:2b:30:27:46:46:c1:24:e5:ca:6d:4e:cf:b5:1d:
         a4:b2:05:8f:16:d9:69:ea:9f:6f:55:b1:2a:0e:be:65:e3:4b:
         2f:cf:7d:0a:59:f6:28:20:80:6a:3f:34:7c:b6:6a:cd:97:0c:
         7d:31:b7:46:8a:0e:73:4b:d9:7d:64:18:aa:10:ef:e3:48:67:
         e2:ef:59:3d:de:c4:50:7b:80:68:42:a4:25:56:1e:91:e3:4c:
         2e:3d:74:9a:0e:61:5f:6c:07:8b:e0:ca:95:ce:12:60:6c:c3:
         4d:de:d0:7e:ab:ef:a0:e4:f8:a1:0c:b5:13:db:46:ec:54:cc:
         f8:c5:24:59:30:53:b7:b8:8e:da:5c:6e:60:a6:72:34:b8:e0:
         ec:f3:73:45:af:f6:27:e6:8e:95:c4:44:72:a4:23:07:2c:95:
         89:fe:a7:31:0a:b5:9d:e6:18:26:cd:c3:9a:50:ff:1d:91:26:
         af:9c:cc:35:11:ac:56:88:e2:81:1c:d2:7d:90:ce:46:be:3b:
         b0:6f:5f:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NUjzB8gfLNNLCxbTUrJ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MzA5OTAwZTY0OGI2NWEzMDdhNzg2MDEwMmJmNzhiMTZm
NTVkNzUwHhcNMjYwMTAxMjAxNzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGI0YTFjY2NkZWFhZTQ5YzI0MTlhNzY0ZjFkNGQ2NjI1OWZkNjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApR9IdGhK4ySKMr2istpIhrZx7C7V
g9cRGuVJS+SUPsMavub4rTdQxWpotjxFLNQXaap8zdpzOC3RMhX3CrR/Oi2rLt9R
vTP7Wv8Oj+yE09nmqSGfO5byMtBI8q7Phzs+t+Q8YBk8Lq882ve5hvhqfb0BIU13
jNEcOYNUWAq11azBsHPcDLYirLK5/wjstfSx1AwGDM7qKAIo0jXGbBqJPILJb5CF
4JYrv3529WoRxoBtLvj9Fn34IRbfU4/NWz/9lhXEHMAiW+HBSE6FREGbqTmdvwrt
oEHTDyuqjnBtMBh3cd7kcyBvl1aeeac4kVRlDYxiExAMc4rslGe+yB/QQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB20oczN6q5JwkGadk8dTWYln9Y5MB8GA1UdIwQY
MBaAFGgwmQDmSLZaMHp4YBAr94sW9V11MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYURDWkFPWkl0bG93ZW5oZ0VDdjNpeGIxWFhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTRjNTctZGVjYS00Njg1LTgxMDYt
OWZhNzgwNzUzMzBiLzEvSGJTaHpNM3Fya25DUVpwMlR4MU5aaVdmMWprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTRjNTctZGVjYS00Njg1LTgxMDYtOWZhNzgwNzUzMzBi
LzEvYURDWkFPWkl0bG93ZW5oZ0VDdjNpeGIxWFhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9qtMA0G
CSqGSIb3DQEBCwUAA4IBAQCRDte4RRt7FhAmFTSjh3rD8p9BO7MMLdKjQWUhHhhl
o9ucWskT6tPcIIzMEjMXjSPXJEt0qLIZA4/uKzAnRkbBJOXKbU7PtR2ksgWPFtlp
6p9vVbEqDr5l40svz30KWfYoIIBqPzR8tmrNlwx9MbdGig5zS9l9ZBiqEO/jSGfi
71k93sRQe4BoQqQlVh6R40wuPXSaDmFfbAeL4MqVzhJgbMNN3tB+q++g5PihDLUT
20bsVMz4xSRZMFO3uI7aXG5gpnI0uODs83NFr/Yn5o6VxERypCMHLJWJ/qcxCrWd
5hgmzcOaUP8dkSavnMw1EaxWiOKBHNJ9kM5Gvjuwb1+7
-----END CERTIFICATE-----