This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/huWAMVD5OszFJjEyZMJGyZnVtD8.roa
File:                     huWAMVD5OszFJjEyZMJGyZnVtD8.roa (raw, json)
Hash identifier:          GrjeMdAe8buThfTaZfxv43GTKukIwEfBZ4IJ+OfmdQY=
Subject key identifier:   86:E5:80:31:50:F9:3A:CC:C5:26:31:32:64:C2:46:C9:99:D5:B4:3F
Certificate issuer:       /CN=2050df51f0e5bc81db4b05f449f74308d7fcfa2e
Certificate serial:       019B76EB42ACF0242A3F0D15BBE4318443DF
Authority key identifier: 20:50:DF:51:F0:E5:BC:81:DB:4B:05:F4:49:F7:43:08:D7:FC:FA:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IFDfUfDlvIHbSwX0SfdDCNf8-i4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/huWAMVD5OszFJjEyZMJGyZnVtD8.roa
Signing time:             Thu 01 Jan 2026 00:18:07 +0000
ROA not before:           Thu 01 Jan 2026 00:18:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199484
IP address blocks:        212.101.96.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/IFDfUfDlvIHbSwX0SfdDCNf8-i4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/IFDfUfDlvIHbSwX0SfdDCNf8-i4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IFDfUfDlvIHbSwX0SfdDCNf8-i4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:42:ac:f0:24:2a:3f:0d:15:bb:e4:31:84:43:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2050df51f0e5bc81db4b05f449f74308d7fcfa2e
        Validity
            Not Before: Jan  1 00:18:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86e5803150f93accc526313264c246c999d5b43f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:3a:54:4d:d7:09:c5:8f:19:52:e6:28:dc:c8:
                    88:64:df:e2:09:bf:77:72:b5:27:55:3b:db:37:6f:
                    d5:41:be:1b:87:d9:1d:c0:a0:a6:ef:e8:a0:57:71:
                    f8:b1:99:2c:08:d2:02:82:21:06:9e:3b:3b:c7:4d:
                    b5:1f:68:c0:8b:12:6e:fa:49:b6:99:3b:c6:66:f2:
                    60:f7:55:2c:4d:8e:c1:ae:c8:ec:d0:c8:0e:35:79:
                    2d:78:da:4c:2d:02:9c:d5:49:73:e4:c3:d7:8b:33:
                    80:07:eb:e0:06:b9:b9:d0:db:98:fe:40:2a:64:da:
                    f9:04:1d:29:fe:e0:82:f1:df:e6:c4:c7:03:b7:e1:
                    df:86:92:fc:da:00:e5:7b:44:a7:c0:b5:bb:44:c0:
                    a4:7b:b2:32:48:9f:6e:c0:5b:c1:f9:62:c1:73:24:
                    69:77:3f:f9:f7:d2:89:f7:4f:bc:88:de:62:a9:94:
                    ab:95:42:d8:e9:2a:42:3d:c1:bb:9f:04:19:df:5f:
                    5d:99:a4:ad:c2:39:3a:67:e4:db:1f:c1:18:ec:5c:
                    27:f4:06:ed:33:29:92:0e:b2:7e:41:e1:6c:92:77:
                    2d:85:45:41:eb:82:a3:f4:a4:13:12:73:20:34:ea:
                    17:61:82:07:9b:52:8f:c4:30:d3:1d:e4:01:aa:86:
                    b1:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:E5:80:31:50:F9:3A:CC:C5:26:31:32:64:C2:46:C9:99:D5:B4:3F
            X509v3 Authority Key Identifier:
                keyid:20:50:DF:51:F0:E5:BC:81:DB:4B:05:F4:49:F7:43:08:D7:FC:FA:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IFDfUfDlvIHbSwX0SfdDCNf8-i4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/huWAMVD5OszFJjEyZMJGyZnVtD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/IFDfUfDlvIHbSwX0SfdDCNf8-i4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.101.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6c:85:8e:d6:22:e7:9a:e0:57:c8:6a:5e:4a:cf:bc:55:c9:99:
         52:49:22:a8:a4:4a:c4:55:93:e3:f8:c6:bb:71:37:96:65:11:
         e4:fa:de:37:a0:25:7d:a7:b2:49:6e:d8:f1:4e:09:8b:54:ba:
         d8:0b:14:8e:8d:03:37:59:96:16:28:52:25:9f:8d:75:9d:b7:
         04:f8:95:74:f3:9f:00:33:62:07:75:c5:2a:7b:f6:78:8e:82:
         5f:b6:5d:ac:5b:6c:57:62:4e:e9:9c:f3:05:23:99:f8:bc:b4:
         a2:7a:02:b8:52:b7:6b:16:92:26:ff:0d:4f:08:c6:b6:00:a3:
         d6:45:26:56:6e:85:b6:99:45:10:03:32:ee:df:8f:a8:83:2f:
         96:da:63:2c:f8:0a:c4:45:5e:c2:71:e3:d7:a8:be:73:18:c3:
         ec:ef:ad:e8:d2:96:a6:7b:b4:f4:2c:4b:21:8f:2c:93:69:0f:
         79:1c:a1:e6:53:a4:ac:a9:9d:2c:2e:10:f0:0f:b1:68:04:14:
         f2:a4:66:86:31:d5:92:66:45:40:86:1f:a2:de:45:45:43:9e:
         9c:da:b3:96:bd:58:01:cc:5d:37:68:e8:c5:8e:67:c2:b9:f6:
         1e:a2:97:d4:25:8e:c4:f6:7e:fa:36:9c:87:d0:72:87:ac:58:
         c8:c8:e7:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt260Ks8CQqPw0Vu+QxhEPfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNTBkZjUxZjBlNWJjODFkYjRiMDVmNDQ5Zjc0MzA4ZDdm
Y2ZhMmUwHhcNMjYwMTAxMDAxODA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmU1ODAzMTUwZjkzYWNjYzUyNjMxMzI2NGMyNDZjOTk5ZDViNDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7DpUTdcJxY8ZUuYo3MiIZN/iCb93
crUnVTvbN2/VQb4bh9kdwKCm7+igV3H4sZksCNICgiEGnjs7x021H2jAixJu+km2
mTvGZvJg91UsTY7Brsjs0MgONXkteNpMLQKc1Ulz5MPXizOAB+vgBrm50NuY/kAq
ZNr5BB0p/uCC8d/mxMcDt+HfhpL82gDle0SnwLW7RMCke7IySJ9uwFvB+WLBcyRp
dz/599KJ90+8iN5iqZSrlULY6SpCPcG7nwQZ319dmaStwjk6Z+TbH8EY7Fwn9Abt
MymSDrJ+QeFskncthUVB64Kj9KQTEnMgNOoXYYIHm1KPxDDTHeQBqoaxjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIblgDFQ+TrMxSYxMmTCRsmZ1bQ/MB8GA1UdIwQY
MBaAFCBQ31Hw5byB20sF9En3QwjX/PouMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUZEZlVmRGx2SUhiU3dYMFNmZERDTmY4LWk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS82MGUzNzYtOTkzYy00YmFmLWI1OTAt
NmU2NDgxZTU3NjVjLzEvaHVXQU1WRDVPc3pGSmpFeVpNSkd5Wm5WdEQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS82MGUzNzYtOTkzYy00YmFmLWI1OTAtNmU2NDgxZTU3NjVj
LzEvSUZEZlVmRGx2SUhiU3dYMFNmZERDTmY4LWk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1GVgMA0G
CSqGSIb3DQEBCwUAA4IBAQBshY7WIuea4FfIal5Kz7xVyZlSSSKopErEVZPj+Ma7
cTeWZRHk+t43oCV9p7JJbtjxTgmLVLrYCxSOjQM3WZYWKFIln411nbcE+JV0858A
M2IHdcUqe/Z4joJftl2sW2xXYk7pnPMFI5n4vLSiegK4UrdrFpIm/w1PCMa2AKPW
RSZWboW2mUUQAzLu34+ogy+W2mMs+ArERV7CcePXqL5zGMPs763o0pame7T0LEsh
jyyTaQ95HKHmU6SsqZ0sLhDwD7FoBBTypGaGMdWSZkVAhh+i3kVFQ56c2rOWvVgB
zF03aOjFjmfCufYeopfUJY7E9n76NpyH0HKHrFjIyOcg
-----END CERTIFICATE-----