This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/a1f351-42fd-4d44-a9b3-d940050e56ca/1/H1VE2ZkBqR8y9rnIA-ZTuzeFoCk.roa
File:                     H1VE2ZkBqR8y9rnIA-ZTuzeFoCk.roa (raw, json)
Hash identifier:          3CEpvrN229vRpcqITP4Y01YD4936c1DOC0Lixuq0wEM=
Subject key identifier:   1F:55:44:D9:99:01:A9:1F:32:F6:B9:C8:03:E6:53:BB:37:85:A0:29
Certificate issuer:       /CN=c8544c778152f0fd85e5dcb44904f001e5987424
Certificate serial:       019B7A5B99C951B0B5BCFB0EFD619026F6B6
Authority key identifier: C8:54:4C:77:81:52:F0:FD:85:E5:DC:B4:49:04:F0:01:E5:98:74:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yFRMd4FS8P2F5dy0SQTwAeWYdCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/a1f351-42fd-4d44-a9b3-d940050e56ca/1/H1VE2ZkBqR8y9rnIA-ZTuzeFoCk.roa
Signing time:             Thu 01 Jan 2026 16:19:41 +0000
ROA not before:           Thu 01 Jan 2026 16:19:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198203
IP address blocks:        185.142.76.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/a1f351-42fd-4d44-a9b3-d940050e56ca/1/yFRMd4FS8P2F5dy0SQTwAeWYdCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/a1f351-42fd-4d44-a9b3-d940050e56ca/1/yFRMd4FS8P2F5dy0SQTwAeWYdCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yFRMd4FS8P2F5dy0SQTwAeWYdCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:99:c9:51:b0:b5:bc:fb:0e:fd:61:90:26:f6:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8544c778152f0fd85e5dcb44904f001e5987424
        Validity
            Not Before: Jan  1 16:19:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f5544d99901a91f32f6b9c803e653bb3785a029
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:dd:de:39:44:bd:c9:9b:13:13:29:63:78:34:
                    8f:ab:de:34:19:26:a6:fb:fa:ee:9e:33:11:ee:ad:
                    4c:96:e0:05:5b:af:2a:ff:86:f1:0a:c3:33:f4:8d:
                    47:ba:ba:98:10:dc:be:17:6e:3f:e0:0c:d5:ee:b4:
                    39:60:c3:4e:d6:4f:64:90:75:70:2a:d2:3c:ce:9e:
                    84:76:de:bb:74:a2:74:06:fb:76:63:e3:59:54:68:
                    c4:3d:7c:42:53:ab:b0:f3:23:49:3a:99:ad:f6:bb:
                    ae:c1:19:99:9c:8f:83:c9:86:50:d6:11:4e:a5:8e:
                    1d:e3:21:c1:2e:0e:4a:6d:5c:96:2d:34:8e:60:7a:
                    20:71:a1:84:b7:cb:de:08:4d:99:df:bb:bf:96:36:
                    a6:5f:4d:ba:a1:42:05:70:a7:42:1d:cb:2e:8b:2e:
                    d8:1e:bc:e1:d2:82:84:7e:e0:f0:10:1f:29:17:53:
                    0e:41:7a:e1:5d:fc:c1:03:5e:62:7f:b8:c3:ab:be:
                    5f:44:83:fa:b2:ba:fe:72:a2:c1:55:75:92:1e:2b:
                    e3:95:87:78:48:a1:d8:7f:12:b2:8a:67:dd:0e:d4:
                    bb:2d:5e:85:90:7f:df:45:23:8d:5a:1c:3a:a2:99:
                    86:99:dd:70:a4:77:24:de:14:d9:f4:8d:5e:3b:0d:
                    ad:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:55:44:D9:99:01:A9:1F:32:F6:B9:C8:03:E6:53:BB:37:85:A0:29
            X509v3 Authority Key Identifier:
                keyid:C8:54:4C:77:81:52:F0:FD:85:E5:DC:B4:49:04:F0:01:E5:98:74:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yFRMd4FS8P2F5dy0SQTwAeWYdCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/a1f351-42fd-4d44-a9b3-d940050e56ca/1/H1VE2ZkBqR8y9rnIA-ZTuzeFoCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/a1f351-42fd-4d44-a9b3-d940050e56ca/1/yFRMd4FS8P2F5dy0SQTwAeWYdCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:45:f1:7b:99:6a:21:45:65:d4:cc:e4:6d:64:83:7b:ac:0d:
         5b:1c:4e:ef:3d:94:17:0d:82:51:15:c4:0a:07:8c:64:79:f0:
         ed:1c:16:bd:80:38:97:37:32:44:3f:be:dc:83:98:85:21:e7:
         1c:ab:08:99:18:e0:c7:b3:1a:b4:1a:02:fb:27:92:3c:25:1a:
         42:23:3d:03:1c:b7:36:59:cb:ae:27:af:ac:1a:a7:13:74:d0:
         f2:13:8c:fb:fb:9d:b4:11:f1:99:a4:ab:15:f6:4a:ce:42:87:
         4c:96:b6:fc:04:f7:84:54:33:f8:03:b8:e0:84:df:cf:94:37:
         82:6d:df:b8:40:d1:6e:fb:3e:4e:ab:ac:9f:d8:30:11:59:04:
         9f:92:ea:d8:f0:56:13:37:39:b2:13:4f:dd:68:9f:e5:f6:5f:
         6b:b2:2d:7f:f8:90:4d:75:c5:4f:2d:49:f9:f7:8c:57:3b:28:
         f4:5b:5e:78:20:41:43:05:29:57:3e:77:07:e9:8e:2b:c5:b3:
         7c:bc:27:66:6a:51:71:6c:4d:af:98:a8:19:c9:3a:47:c4:6c:
         fc:16:7c:36:32:75:97:80:76:41:4d:53:1b:b1:a4:ae:43:8e:
         ff:19:82:58:43:a9:76:3b:6c:70:d3:a7:d4:0e:c8:ec:ef:3d:
         fb:10:df:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6W5nJUbC1vPsO/WGQJva2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NTQ0Yzc3ODE1MmYwZmQ4NWU1ZGNiNDQ5MDRmMDAxZTU5
ODc0MjQwHhcNMjYwMTAxMTYxOTQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjU1NDRkOTk5MDFhOTFmMzJmNmI5YzgwM2U2NTNiYjM3ODVhMDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7d3eOUS9yZsTEyljeDSPq940GSam
+/runjMR7q1MluAFW68q/4bxCsMz9I1HurqYENy+F24/4AzV7rQ5YMNO1k9kkHVw
KtI8zp6Edt67dKJ0Bvt2Y+NZVGjEPXxCU6uw8yNJOpmt9ruuwRmZnI+DyYZQ1hFO
pY4d4yHBLg5KbVyWLTSOYHogcaGEt8veCE2Z37u/ljamX026oUIFcKdCHcsuiy7Y
Hrzh0oKEfuDwEB8pF1MOQXrhXfzBA15if7jDq75fRIP6srr+cqLBVXWSHivjlYd4
SKHYfxKyimfdDtS7LV6FkH/fRSONWhw6opmGmd1wpHck3hTZ9I1eOw2tOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB9VRNmZAakfMva5yAPmU7s3haApMB8GA1UdIwQY
MBaAFMhUTHeBUvD9heXctEkE8AHlmHQkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUZSTWQ0RlM4UDJGNWR5MFNRVHdBZVdZZENRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9hMWYzNTEtNDJmZC00ZDQ0LWE5YjMt
ZDk0MDA1MGU1NmNhLzEvSDFWRTJaa0JxUjh5OXJuSUEtWlR1emVGb0NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9hMWYzNTEtNDJmZC00ZDQ0LWE5YjMtZDk0MDA1MGU1NmNh
LzEveUZSTWQ0RlM4UDJGNWR5MFNRVHdBZVdZZENRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY5MMA0G
CSqGSIb3DQEBCwUAA4IBAQBERfF7mWohRWXUzORtZIN7rA1bHE7vPZQXDYJRFcQK
B4xkefDtHBa9gDiXNzJEP77cg5iFIeccqwiZGODHsxq0GgL7J5I8JRpCIz0DHLc2
WcuuJ6+sGqcTdNDyE4z7+520EfGZpKsV9krOQodMlrb8BPeEVDP4A7jghN/PlDeC
bd+4QNFu+z5Oq6yf2DARWQSfkurY8FYTNzmyE0/daJ/l9l9rsi1/+JBNdcVPLUn5
94xXOyj0W154IEFDBSlXPncH6Y4rxbN8vCdmalFxbE2vmKgZyTpHxGz8Fnw2MnWX
gHZBTVMbsaSuQ47/GYJYQ6l2O2xw06fUDsjs7z37EN84
-----END CERTIFICATE-----