This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/80353d-4f22-4d94-bead-dd20e2994cd0/1/4HGQ2m_tsGQ8bwCnPSXfEpO9HVQ.roa
File:                     4HGQ2m_tsGQ8bwCnPSXfEpO9HVQ.roa (raw, json)
Hash identifier:          Q57pytqlVJrw0ni19UPnInhK5SASLjHDFcZbHb2XGnE=
Subject key identifier:   E0:71:90:DA:6F:ED:B0:64:3C:6F:00:A7:3D:25:DF:12:93:BD:1D:54
Certificate issuer:       /CN=aba10057bcd00762eef43823c030e7e32d572241
Certificate serial:       019B797E86155258A4783F34D59D751C370C
Authority key identifier: AB:A1:00:57:BC:D0:07:62:EE:F4:38:23:C0:30:E7:E3:2D:57:22:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q6EAV7zQB2Lu9DgjwDDn4y1XIkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/80353d-4f22-4d94-bead-dd20e2994cd0/1/4HGQ2m_tsGQ8bwCnPSXfEpO9HVQ.roa
Signing time:             Thu 01 Jan 2026 12:18:13 +0000
ROA not before:           Thu 01 Jan 2026 12:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401305
IP address blocks:        160.202.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/80353d-4f22-4d94-bead-dd20e2994cd0/1/q6EAV7zQB2Lu9DgjwDDn4y1XIkE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/80353d-4f22-4d94-bead-dd20e2994cd0/1/q6EAV7zQB2Lu9DgjwDDn4y1XIkE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q6EAV7zQB2Lu9DgjwDDn4y1XIkE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:86:15:52:58:a4:78:3f:34:d5:9d:75:1c:37:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aba10057bcd00762eef43823c030e7e32d572241
        Validity
            Not Before: Jan  1 12:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e07190da6fedb0643c6f00a73d25df1293bd1d54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:bc:cd:6b:e7:a6:96:b7:f8:84:be:4f:92:c6:
                    64:8e:5b:d8:8b:5f:4e:c9:f9:be:8e:b5:18:77:b2:
                    1e:65:d8:9e:2d:f4:23:bc:95:3f:99:88:66:12:17:
                    64:cb:00:02:93:43:de:ac:19:20:d2:05:f2:5c:6a:
                    5a:53:93:cf:0c:fc:cb:24:43:0c:eb:f9:38:5e:83:
                    c9:49:96:84:9f:cd:5a:0f:30:6c:a0:29:d0:a9:44:
                    d5:41:37:8a:52:5f:c0:0e:77:8f:38:aa:32:c8:46:
                    09:48:69:41:8b:bb:f6:d5:3e:a4:18:c4:e1:df:3d:
                    45:06:f9:91:5b:45:da:6a:ee:8f:6c:a1:c5:a1:b4:
                    2d:ce:ea:1c:ea:60:1a:07:53:8e:d7:77:32:9f:53:
                    a2:f3:43:6f:54:7c:62:2a:76:37:b7:b9:8e:7a:67:
                    fe:0c:4b:5b:70:d6:c0:a8:3e:79:72:6d:51:b5:40:
                    db:7e:63:1f:8b:fc:e0:13:52:85:c7:6f:6f:c5:59:
                    1d:fc:61:54:71:c3:c9:8a:db:75:ee:c8:70:9e:19:
                    7f:3d:0a:9a:da:75:cf:39:bd:65:2d:b8:ab:f1:4b:
                    5c:3a:24:68:c4:95:98:b7:ab:92:8c:e8:ba:87:5c:
                    ac:69:a8:13:e7:70:49:37:8e:a1:4a:5b:29:52:79:
                    dc:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:71:90:DA:6F:ED:B0:64:3C:6F:00:A7:3D:25:DF:12:93:BD:1D:54
            X509v3 Authority Key Identifier:
                keyid:AB:A1:00:57:BC:D0:07:62:EE:F4:38:23:C0:30:E7:E3:2D:57:22:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q6EAV7zQB2Lu9DgjwDDn4y1XIkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/80353d-4f22-4d94-bead-dd20e2994cd0/1/4HGQ2m_tsGQ8bwCnPSXfEpO9HVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/80353d-4f22-4d94-bead-dd20e2994cd0/1/q6EAV7zQB2Lu9DgjwDDn4y1XIkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.202.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:82:8b:e4:ff:ca:01:39:97:d1:ca:35:ad:30:73:7b:0b:ae:
         c3:1d:e2:79:f6:1b:f0:a3:4d:90:40:58:0c:93:b4:f3:a8:af:
         1d:16:d1:4e:45:43:5c:32:b2:d3:84:bd:53:50:90:1b:3c:39:
         45:23:50:4a:ce:23:f5:ab:52:42:0a:21:81:d9:5c:c7:e6:21:
         44:64:a7:90:b1:2f:c8:b0:46:5c:d6:01:f9:20:dd:74:6c:16:
         69:8f:ee:0e:fd:26:4f:0d:07:e2:11:c9:06:e3:74:f2:14:22:
         0d:8f:a5:f4:fb:ef:8b:57:c3:42:63:54:89:a0:63:83:a1:8c:
         6e:53:24:2b:fa:a6:ad:2e:04:2f:5b:28:7c:36:e5:66:91:2f:
         c3:0e:58:63:d8:f7:3d:9e:75:8b:8d:0e:06:f7:e2:f0:3a:c7:
         b9:70:99:81:fb:92:e9:90:70:4e:78:79:e2:c3:89:79:10:c9:
         04:64:93:dc:91:f7:19:16:60:40:b2:98:c4:61:c5:fb:40:b2:
         65:1b:66:a5:88:ab:dc:eb:03:1a:ed:bd:3e:5f:b4:42:b9:c8:
         3d:93:61:20:37:6f:3b:7c:d6:c2:d5:02:7a:57:d7:9b:bc:a8:
         90:5a:8a:fe:26:20:d1:bb:bf:a7:00:4e:98:37:45:84:14:e5:
         e7:7d:d1:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5foYVUlikeD801Z11HDcMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYTEwMDU3YmNkMDA3NjJlZWY0MzgyM2MwMzBlN2UzMmQ1
NzIyNDEwHhcNMjYwMTAxMTIxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDcxOTBkYTZmZWRiMDY0M2M2ZjAwYTczZDI1ZGYxMjkzYmQxZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrzNa+emlrf4hL5PksZkjlvYi19O
yfm+jrUYd7IeZdieLfQjvJU/mYhmEhdkywACk0PerBkg0gXyXGpaU5PPDPzLJEMM
6/k4XoPJSZaEn81aDzBsoCnQqUTVQTeKUl/ADnePOKoyyEYJSGlBi7v21T6kGMTh
3z1FBvmRW0Xaau6PbKHFobQtzuoc6mAaB1OO13cyn1Oi80NvVHxiKnY3t7mOemf+
DEtbcNbAqD55cm1RtUDbfmMfi/zgE1KFx29vxVkd/GFUccPJitt17shwnhl/PQqa
2nXPOb1lLbir8UtcOiRoxJWYt6uSjOi6h1ysaagT53BJN46hSlspUnnccQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOBxkNpv7bBkPG8Apz0l3xKTvR1UMB8GA1UdIwQY
MBaAFKuhAFe80Adi7vQ4I8Aw5+MtVyJBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTZFQVY3elFCMkx1OURnandERG40eTFYSWtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi84MDM1M2QtNGYyMi00ZDk0LWJlYWQt
ZGQyMGUyOTk0Y2QwLzEvNEhHUTJtX3RzR1E4YndDblBTWGZFcE85SFZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi84MDM1M2QtNGYyMi00ZDk0LWJlYWQtZGQyMGUyOTk0Y2Qw
LzEvcTZFQVY3elFCMkx1OURnandERG40eTFYSWtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoMoUMA0G
CSqGSIb3DQEBCwUAA4IBAQA2govk/8oBOZfRyjWtMHN7C67DHeJ59hvwo02QQFgM
k7TzqK8dFtFORUNcMrLThL1TUJAbPDlFI1BKziP1q1JCCiGB2VzH5iFEZKeQsS/I
sEZc1gH5IN10bBZpj+4O/SZPDQfiEckG43TyFCINj6X0+++LV8NCY1SJoGODoYxu
UyQr+qatLgQvWyh8NuVmkS/DDlhj2Pc9nnWLjQ4G9+LwOse5cJmB+5LpkHBOeHni
w4l5EMkEZJPckfcZFmBAspjEYcX7QLJlG2aliKvc6wMa7b0+X7RCucg9k2EgN287
fNbC1QJ6V9ebvKiQWor+JiDRu7+nAE6YN0WEFOXnfdG2
-----END CERTIFICATE-----