This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/hsVsux8sHzZqQOz9MIXAz_SM6VI.roa
File:                     hsVsux8sHzZqQOz9MIXAz_SM6VI.roa (raw, json)
Hash identifier:          3Hc4odb8fRJz6qv0eC3Z9gpTtQGDv+DPG+2jWtEDSs8=
Subject key identifier:   86:C5:6C:BB:1F:2C:1F:36:6A:40:EC:FD:30:85:C0:CF:F4:8C:E9:52
Certificate issuer:       /CN=dc7821e1bcbf6e074ea4814aaa5c63e3ba813c5f
Certificate serial:       019B7B365A8F25617367C38B74C166675FD5
Authority key identifier: DC:78:21:E1:BC:BF:6E:07:4E:A4:81:4A:AA:5C:63:E3:BA:81:3C:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/hsVsux8sHzZqQOz9MIXAz_SM6VI.roa
Signing time:             Thu 01 Jan 2026 20:18:38 +0000
ROA not before:           Thu 01 Jan 2026 20:18:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42599
IP address blocks:        2.59.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:5a:8f:25:61:73:67:c3:8b:74:c1:66:67:5f:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc7821e1bcbf6e074ea4814aaa5c63e3ba813c5f
        Validity
            Not Before: Jan  1 20:18:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86c56cbb1f2c1f366a40ecfd3085c0cff48ce952
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:b1:d7:43:90:3b:64:ce:50:ef:af:a2:a8:08:
                    7b:f4:c1:0a:25:1b:09:f0:76:7f:2f:10:d3:a7:8f:
                    0e:16:ee:0b:21:82:d8:ca:da:90:a0:ee:3f:77:af:
                    73:96:22:22:91:25:e9:da:03:47:4c:d0:a1:c6:22:
                    35:25:25:bf:9d:0b:75:8e:ad:3f:b6:ad:75:05:1a:
                    0d:9b:b8:28:bd:e4:d0:c1:84:4f:0c:d0:89:a2:7f:
                    3d:9f:08:46:53:ee:75:9e:b0:34:ff:98:57:93:0e:
                    b6:2a:8d:bc:a1:d1:9b:a8:5a:6e:9d:4d:69:7d:24:
                    35:f5:4b:ac:3d:a6:40:3b:be:a5:56:18:81:c0:d1:
                    b3:8b:b7:39:a0:98:c9:48:ee:5c:90:59:f4:d4:40:
                    63:bb:7d:49:3f:61:32:a4:4b:2f:46:9e:9e:93:7e:
                    a1:ab:5e:f2:ee:6b:03:0c:07:0f:98:90:5e:9f:90:
                    3b:89:6b:df:27:7f:4b:db:f3:95:e4:e4:c7:8c:99:
                    72:3b:af:43:b5:30:23:92:66:cc:7e:31:c1:2e:b2:
                    d4:0a:92:d2:2f:f2:3e:76:8e:e2:f5:06:cf:61:97:
                    ce:10:5a:fb:93:95:8c:b3:39:1a:95:bb:5d:6e:6c:
                    dd:f5:43:68:35:c0:c0:e4:83:88:e4:3f:39:d0:19:
                    40:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:C5:6C:BB:1F:2C:1F:36:6A:40:EC:FD:30:85:C0:CF:F4:8C:E9:52
            X509v3 Authority Key Identifier:
                keyid:DC:78:21:E1:BC:BF:6E:07:4E:A4:81:4A:AA:5C:63:E3:BA:81:3C:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/hsVsux8sHzZqQOz9MIXAz_SM6VI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:e3:f0:cd:87:6e:8f:2f:ec:cf:a3:68:49:27:b7:73:76:bf:
         ef:85:de:3e:7c:e1:67:42:bc:ed:ef:b7:5c:8a:da:bd:7e:97:
         66:fd:24:d5:3a:bd:41:70:12:ac:91:f0:60:88:b0:ca:b6:01:
         77:53:f9:a4:47:5d:ab:c2:63:cc:07:2e:35:8b:be:5e:9e:c6:
         fe:ac:66:99:d8:86:f4:71:f1:23:ac:7c:a4:2d:9b:8c:c6:40:
         38:7f:2c:e4:77:72:a8:b6:e0:49:c7:8f:9a:d6:11:cc:fa:88:
         32:0e:c0:9a:f7:86:6a:d3:c0:d7:37:b3:7d:17:55:8b:09:01:
         bd:93:6f:81:a2:81:61:a5:ed:f2:2c:48:8c:6b:1d:29:2a:33:
         1c:19:87:f3:9b:60:f2:d0:16:ad:36:68:17:db:0a:4d:42:34:
         f6:4a:f4:9d:77:a3:15:53:44:bf:04:29:e6:07:43:91:62:26:
         68:dc:2f:cd:a6:40:41:d8:02:12:db:32:fb:e1:ef:c7:25:f6:
         c4:b5:b1:79:b2:c1:e0:e2:80:55:f1:2c:2c:bb:13:b7:6a:84:
         0a:2d:8d:94:87:28:9f:77:06:18:3a:aa:7a:df:35:be:f1:a8:
         af:d3:65:bd:d7:f6:0d:02:87:6b:69:cf:fe:25:9c:b0:4e:2c:
         67:aa:b5:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NlqPJWFzZ8OLdMFmZ1/VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNzgyMWUxYmNiZjZlMDc0ZWE0ODE0YWFhNWM2M2UzYmE4
MTNjNWYwHhcNMjYwMTAxMjAxODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmM1NmNiYjFmMmMxZjM2NmE0MGVjZmQzMDg1YzBjZmY0OGNlOTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLHXQ5A7ZM5Q76+iqAh79MEKJRsJ
8HZ/LxDTp48OFu4LIYLYytqQoO4/d69zliIikSXp2gNHTNChxiI1JSW/nQt1jq0/
tq11BRoNm7goveTQwYRPDNCJon89nwhGU+51nrA0/5hXkw62Ko28odGbqFpunU1p
fSQ19UusPaZAO76lVhiBwNGzi7c5oJjJSO5ckFn01EBju31JP2EypEsvRp6ek36h
q17y7msDDAcPmJBen5A7iWvfJ39L2/OV5OTHjJlyO69DtTAjkmbMfjHBLrLUCpLS
L/I+do7i9QbPYZfOEFr7k5WMszkalbtdbmzd9UNoNcDA5IOI5D850BlACwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbFbLsfLB82akDs/TCFwM/0jOlSMB8GA1UdIwQY
MBaAFNx4IeG8v24HTqSBSqpcY+O6gTxfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0hnaDRieV9iZ2RPcElGS3FseGo0N3FCUEY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC85ZGFmZjQtZjE1OC00ODBmLWI0MWYt
ZDQ4YjQyZWYxNTliLzEvaHNWc3V4OHNIelpxUU96OU1JWEF6X1NNNlZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC85ZGFmZjQtZjE1OC00ODBmLWI0MWYtZDQ4YjQyZWYxNTli
LzEvM0hnaDRieV9iZ2RPcElGS3FseGo0N3FCUEY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjsNMA0G
CSqGSIb3DQEBCwUAA4IBAQBd4/DNh26PL+zPo2hJJ7dzdr/vhd4+fOFnQrzt77dc
itq9fpdm/STVOr1BcBKskfBgiLDKtgF3U/mkR12rwmPMBy41i75ensb+rGaZ2Ib0
cfEjrHykLZuMxkA4fyzkd3KotuBJx4+a1hHM+ogyDsCa94Zq08DXN7N9F1WLCQG9
k2+BooFhpe3yLEiMax0pKjMcGYfzm2Dy0BatNmgX2wpNQjT2SvSdd6MVU0S/BCnm
B0ORYiZo3C/NpkBB2AIS2zL74e/HJfbEtbF5ssHg4oBV8SwsuxO3aoQKLY2Uhyif
dwYYOqp63zW+8aiv02W91/YNAodrac/+JZywTixnqrVp
-----END CERTIFICATE-----