This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/hpn4nKhBKlsinaN3vVc_HD13KvY.roa
File:                     hpn4nKhBKlsinaN3vVc_HD13KvY.roa (raw, json)
Hash identifier:          bzhO685+Hi3OxhZho3Lpnq5Kf5KsQHXcp5yXWuPUGs4=
Subject key identifier:   86:99:F8:9C:A8:41:2A:5B:22:9D:A3:77:BD:57:3F:1C:3D:77:2A:F6
Certificate issuer:       /CN=9374b853dfd9973f2cd994b2e3b75461d9a3fc44
Certificate serial:       019B7CEE44777C838FA3CE0E32D5785BB572
Authority key identifier: 93:74:B8:53:DF:D9:97:3F:2C:D9:94:B2:E3:B7:54:61:D9:A3:FC:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/hpn4nKhBKlsinaN3vVc_HD13KvY.roa
Signing time:             Fri 02 Jan 2026 04:19:08 +0000
ROA not before:           Fri 02 Jan 2026 04:19:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202391
IP address blocks:        95.128.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:44:77:7c:83:8f:a3:ce:0e:32:d5:78:5b:b5:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9374b853dfd9973f2cd994b2e3b75461d9a3fc44
        Validity
            Not Before: Jan  2 04:19:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8699f89ca8412a5b229da377bd573f1c3d772af6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:98:2c:b4:43:24:7b:04:07:a7:00:ad:5c:ae:
                    8d:ed:aa:9b:5a:a6:af:e7:9d:73:48:88:39:f3:3c:
                    80:b7:08:bd:47:83:18:45:df:e0:23:e3:31:d0:ee:
                    f9:6c:ed:74:ba:d7:8b:4d:eb:a2:b5:1d:94:95:9b:
                    66:60:4a:24:aa:9e:d3:c5:fc:50:e6:1b:97:6b:ef:
                    ab:41:4f:ee:12:68:2a:2c:35:8b:2c:64:cd:d5:9b:
                    4f:e5:5d:29:df:df:8d:53:d3:ca:ea:d2:0f:bf:0c:
                    85:8f:18:c6:e6:28:da:dd:06:63:dd:53:99:0b:6c:
                    e1:f1:ee:04:5b:8d:02:7f:5c:08:fc:e5:6f:a7:9d:
                    ed:6e:68:bf:17:1c:a4:01:96:95:fc:2a:14:01:ee:
                    2a:ed:94:02:a4:f2:36:7d:0b:ba:b3:dc:2f:2e:f5:
                    cb:8e:6e:ef:93:81:8e:66:ba:21:16:d2:7c:01:cf:
                    ee:04:0e:9a:1d:76:91:fe:23:5c:4f:87:6e:f5:9b:
                    b4:1d:f8:d9:64:13:99:61:3d:d3:94:ab:8d:2c:f4:
                    11:fd:5a:01:ca:64:8e:c9:e8:e9:03:5d:7a:8d:14:
                    f2:46:89:74:92:7f:35:25:56:72:5f:01:64:66:88:
                    62:61:3b:9b:e0:88:85:dd:38:ec:1c:53:43:c2:b8:
                    a1:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:99:F8:9C:A8:41:2A:5B:22:9D:A3:77:BD:57:3F:1C:3D:77:2A:F6
            X509v3 Authority Key Identifier:
                keyid:93:74:B8:53:DF:D9:97:3F:2C:D9:94:B2:E3:B7:54:61:D9:A3:FC:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/hpn4nKhBKlsinaN3vVc_HD13KvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ba7b33-5cd8-404f-bffd-65bcc8cefdd2/1/k3S4U9_Zlz8s2ZSy47dUYdmj_EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:59:4e:90:44:6b:05:7b:73:58:60:1b:88:ab:10:ed:d8:d3:
         0e:55:cf:c9:a8:c0:60:ed:f2:48:bc:e7:6a:7b:e7:5e:fd:55:
         b2:af:8c:7a:01:3d:dc:8a:99:b7:fc:dd:19:ba:7f:9b:bf:5e:
         69:4c:de:fa:19:23:9a:2c:68:cd:00:15:ea:53:45:eb:00:47:
         50:4b:4f:6d:f8:d2:82:59:bb:cd:31:69:61:79:70:23:93:b3:
         65:85:1c:89:64:aa:f1:56:b5:31:84:23:88:c3:0e:c8:13:68:
         0b:80:0e:48:ae:65:b3:0e:4e:81:6e:f1:ff:b5:78:09:42:54:
         52:9e:a7:fe:66:a9:d8:01:ff:61:16:a0:7c:83:51:86:ed:b2:
         50:af:6e:32:c3:c5:05:22:40:46:99:50:47:53:f6:cf:0e:a3:
         dc:fc:db:34:f6:aa:37:b6:01:76:44:14:82:14:6a:8c:60:da:
         e2:2f:7b:b8:3e:fb:94:03:4b:f7:5c:47:e4:37:b4:eb:67:59:
         d0:44:8c:5c:ea:f6:42:01:d1:05:50:e4:ab:e9:4c:0b:5e:b8:
         2e:49:20:fe:18:42:27:44:16:1a:b3:20:43:8c:61:ed:ae:4d:
         3a:d6:a1:60:a5:78:84:aa:af:8e:ec:81:fb:2e:d5:fe:e9:b9:
         08:cc:d5:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87kR3fIOPo84OMtV4W7VyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNzRiODUzZGZkOTk3M2YyY2Q5OTRiMmUzYjc1NDYxZDlh
M2ZjNDQwHhcNMjYwMTAyMDQxOTA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njk5Zjg5Y2E4NDEyYTViMjI5ZGEzNzdiZDU3M2YxYzNkNzcyYWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5gstEMkewQHpwCtXK6N7aqbWqav
551zSIg58zyAtwi9R4MYRd/gI+Mx0O75bO10uteLTeuitR2UlZtmYEokqp7TxfxQ
5huXa++rQU/uEmgqLDWLLGTN1ZtP5V0p39+NU9PK6tIPvwyFjxjG5ija3QZj3VOZ
C2zh8e4EW40Cf1wI/OVvp53tbmi/FxykAZaV/CoUAe4q7ZQCpPI2fQu6s9wvLvXL
jm7vk4GOZrohFtJ8Ac/uBA6aHXaR/iNcT4du9Zu0HfjZZBOZYT3TlKuNLPQR/VoB
ymSOyejpA116jRTyRol0kn81JVZyXwFkZohiYTub4IiF3TjsHFNDwrihiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIaZ+JyoQSpbIp2jd71XPxw9dyr2MB8GA1UdIwQY
MBaAFJN0uFPf2Zc/LNmUsuO3VGHZo/xEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazNTNFU5X1psejhzMlpTeTQ3ZFVZZG1qX0VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9iYTdiMzMtNWNkOC00MDRmLWJmZmQt
NjViY2M4Y2VmZGQyLzEvaHBuNG5LaEJLbHNpbmFOM3ZWY19IRDEzS3ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9iYTdiMzMtNWNkOC00MDRmLWJmZmQtNjViY2M4Y2VmZGQy
LzEvazNTNFU5X1psejhzMlpTeTQ3ZFVZZG1qX0VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4DGMA0G
CSqGSIb3DQEBCwUAA4IBAQBKWU6QRGsFe3NYYBuIqxDt2NMOVc/JqMBg7fJIvOdq
e+de/VWyr4x6AT3cipm3/N0Zun+bv15pTN76GSOaLGjNABXqU0XrAEdQS09t+NKC
WbvNMWlheXAjk7NlhRyJZKrxVrUxhCOIww7IE2gLgA5IrmWzDk6BbvH/tXgJQlRS
nqf+ZqnYAf9hFqB8g1GG7bJQr24yw8UFIkBGmVBHU/bPDqPc/Ns09qo3tgF2RBSC
FGqMYNriL3u4PvuUA0v3XEfkN7TrZ1nQRIxc6vZCAdEFUOSr6UwLXrguSSD+GEIn
RBYasyBDjGHtrk061qFgpXiEqq+O7IH7LtX+6bkIzNU1
-----END CERTIFICATE-----