This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/3e0e9a-51f3-49de-9d1b-00cd86af849d/1/HDHJKIBeJ8z6eZzJNfVJfRplMEY.roa
File:                     HDHJKIBeJ8z6eZzJNfVJfRplMEY.roa (raw, json)
Hash identifier:          WSBqT5EgDQanZYLsnHDLCaga6lrPpWZ3B9VRR/DtEdk=
Subject key identifier:   1C:31:C9:28:80:5E:27:CC:FA:79:9C:C9:35:F5:49:7D:1A:65:30:46
Certificate issuer:       /CN=9ca8a132519a242949497363b8caa33e72c673f8
Certificate serial:       019B7F847A68AFF643F201032F5E44BB498C
Authority key identifier: 9C:A8:A1:32:51:9A:24:29:49:49:73:63:B8:CA:A3:3E:72:C6:73:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nKihMlGaJClJSXNjuMqjPnLGc_g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/3e0e9a-51f3-49de-9d1b-00cd86af849d/1/HDHJKIBeJ8z6eZzJNfVJfRplMEY.roa
Signing time:             Fri 02 Jan 2026 16:22:27 +0000
ROA not before:           Fri 02 Jan 2026 16:22:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15943
IP address blocks:        194.45.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/3e0e9a-51f3-49de-9d1b-00cd86af849d/1/nKihMlGaJClJSXNjuMqjPnLGc_g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/3e0e9a-51f3-49de-9d1b-00cd86af849d/1/nKihMlGaJClJSXNjuMqjPnLGc_g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nKihMlGaJClJSXNjuMqjPnLGc_g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:7a:68:af:f6:43:f2:01:03:2f:5e:44:bb:49:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ca8a132519a242949497363b8caa33e72c673f8
        Validity
            Not Before: Jan  2 16:22:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1c31c928805e27ccfa799cc935f5497d1a653046
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:26:84:1a:3d:15:58:47:b3:21:2e:70:e3:0f:
                    7c:64:ac:bf:41:3d:59:5e:25:36:80:1d:2c:1c:a6:
                    6a:75:e0:43:9d:b5:27:44:9c:bf:fd:db:1b:d7:6a:
                    f3:7b:a7:d1:6f:14:f4:44:46:33:93:59:69:01:92:
                    7d:ed:22:ff:d5:c9:50:ed:a7:eb:15:01:7e:39:08:
                    86:a9:ec:f5:f1:21:42:04:a4:21:32:1b:e0:ae:06:
                    81:ed:f4:f0:0f:a9:98:f8:f6:7c:4b:66:ac:7c:58:
                    dc:6c:57:c9:c4:9a:65:ec:cd:f2:d9:47:d8:4f:29:
                    05:99:28:d4:d0:55:1b:50:00:04:9c:49:25:1d:96:
                    1f:d9:d3:db:4a:87:58:01:ef:33:34:26:96:3b:c2:
                    7a:f9:d9:d8:dc:c1:df:f7:08:8f:17:ab:cd:71:f7:
                    56:b4:6c:c8:26:5a:5c:85:87:e2:c0:9d:52:12:47:
                    a1:40:26:71:90:b3:f5:59:11:48:60:f7:8c:b4:1a:
                    5d:97:d9:d4:33:c7:69:6b:b8:04:b7:f4:1c:45:10:
                    04:f6:11:47:4b:69:b6:f8:ae:3d:9b:3c:aa:88:fb:
                    6e:c6:bd:c5:06:aa:c5:7d:b1:d3:26:f7:31:ca:82:
                    c0:b8:76:93:ff:33:fd:66:bd:ff:12:de:15:d6:0e:
                    e9:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:31:C9:28:80:5E:27:CC:FA:79:9C:C9:35:F5:49:7D:1A:65:30:46
            X509v3 Authority Key Identifier:
                keyid:9C:A8:A1:32:51:9A:24:29:49:49:73:63:B8:CA:A3:3E:72:C6:73:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nKihMlGaJClJSXNjuMqjPnLGc_g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/3e0e9a-51f3-49de-9d1b-00cd86af849d/1/HDHJKIBeJ8z6eZzJNfVJfRplMEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/3e0e9a-51f3-49de-9d1b-00cd86af849d/1/nKihMlGaJClJSXNjuMqjPnLGc_g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.45.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:6a:ee:2c:8c:7c:e0:89:74:75:53:2a:1a:c0:ea:be:56:d6:
         b8:95:6b:94:b0:76:44:81:6a:d2:72:f8:c5:a1:e1:bf:a5:04:
         83:e0:9d:e0:af:3f:e8:91:a4:b2:71:7b:83:07:60:25:7b:82:
         e0:d8:91:50:59:3e:84:11:6b:a5:f0:26:31:20:2e:0f:0f:a7:
         99:e8:8b:b1:aa:87:c3:8d:30:cd:d2:c6:8b:b8:76:b9:79:6e:
         aa:55:b8:f9:c2:ca:91:83:d4:13:bd:f4:9d:c5:26:7e:fd:83:
         8d:0d:56:07:0d:1b:85:ab:8f:09:1d:1a:26:33:75:f3:47:ca:
         c7:bf:2d:cb:b7:3c:e0:ec:dc:69:9e:09:7c:a5:62:f8:62:28:
         ef:f7:a6:30:14:b2:e0:dc:4f:97:24:52:06:17:76:da:85:33:
         e7:ba:ce:5d:97:86:56:c7:e6:98:80:94:6a:1e:1b:f0:94:d1:
         f6:04:f2:68:b8:93:67:4e:6e:61:6b:6a:0f:60:15:ec:1b:0c:
         72:5e:12:0a:4b:23:b5:4c:7f:da:c2:e6:2d:bb:1d:17:8b:8f:
         1d:3c:0c:d9:59:85:4a:7e:b3:dc:93:73:ab:45:a6:e7:24:6e:
         da:e7:5d:d2:58:d4:40:b2:20:3b:6c:5e:96:c2:bc:af:56:e9:
         08:69:0e:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hHpor/ZD8gEDL15Eu0mMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYThhMTMyNTE5YTI0Mjk0OTQ5NzM2M2I4Y2FhMzNlNzJj
NjczZjgwHhcNMjYwMTAyMTYyMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzMxYzkyODgwNWUyN2NjZmE3OTljYzkzNWY1NDk3ZDFhNjUzMDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAziaEGj0VWEezIS5w4w98ZKy/QT1Z
XiU2gB0sHKZqdeBDnbUnRJy//dsb12rze6fRbxT0REYzk1lpAZJ97SL/1clQ7afr
FQF+OQiGqez18SFCBKQhMhvgrgaB7fTwD6mY+PZ8S2asfFjcbFfJxJpl7M3y2UfY
TykFmSjU0FUbUAAEnEklHZYf2dPbSodYAe8zNCaWO8J6+dnY3MHf9wiPF6vNcfdW
tGzIJlpchYfiwJ1SEkehQCZxkLP1WRFIYPeMtBpdl9nUM8dpa7gEt/QcRRAE9hFH
S2m2+K49mzyqiPtuxr3FBqrFfbHTJvcxyoLAuHaT/zP9Zr3/Et4V1g7pBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwxySiAXifM+nmcyTX1SX0aZTBGMB8GA1UdIwQY
MBaAFJyooTJRmiQpSUlzY7jKoz5yxnP4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbktpaE1sR2FKQ2xKU1hOanVNcWpQbkxHY19nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8zZTBlOWEtNTFmMy00OWRlLTlkMWIt
MDBjZDg2YWY4NDlkLzEvSERISktJQmVKOHo2ZVp6Sk5mVkpmUnBsTUVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8zZTBlOWEtNTFmMy00OWRlLTlkMWItMDBjZDg2YWY4NDlk
LzEvbktpaE1sR2FKQ2xKU1hOanVNcWpQbkxHY19nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwi0UMA0G
CSqGSIb3DQEBCwUAA4IBAQCIau4sjHzgiXR1UyoawOq+Vta4lWuUsHZEgWrScvjF
oeG/pQSD4J3grz/okaSycXuDB2Ale4Lg2JFQWT6EEWul8CYxIC4PD6eZ6IuxqofD
jTDN0saLuHa5eW6qVbj5wsqRg9QTvfSdxSZ+/YONDVYHDRuFq48JHRomM3XzR8rH
vy3Ltzzg7Nxpngl8pWL4Yijv96YwFLLg3E+XJFIGF3bahTPnus5dl4ZWx+aYgJRq
HhvwlNH2BPJouJNnTm5ha2oPYBXsGwxyXhIKSyO1TH/awuYtux0Xi48dPAzZWYVK
frPck3OrRabnJG7a513SWNRAsiA7bF6WwryvVukIaQ5M
-----END CERTIFICATE-----