This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/33d226-7c43-4c83-94ad-218289d81c53/1/HxmIn0AGzA-g9k-4bheqqTcmLgI.roa
File:                     HxmIn0AGzA-g9k-4bheqqTcmLgI.roa (raw, json)
Hash identifier:          uHSpZAAfzcw7ixBYZphuiZW4nA4GJ515tOk36J46Jqw=
Subject key identifier:   1F:19:88:9F:40:06:CC:0F:A0:F6:4F:B8:6E:17:AA:A9:37:26:2E:02
Certificate issuer:       /CN=8a698a14fb61a687af0a63f7c655c001f6701282
Certificate serial:       019B7F826434C8D35F3C556A7C1571EB9143
Authority key identifier: 8A:69:8A:14:FB:61:A6:87:AF:0A:63:F7:C6:55:C0:01:F6:70:12:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/immKFPthpoevCmP3xlXAAfZwEoI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/33d226-7c43-4c83-94ad-218289d81c53/1/HxmIn0AGzA-g9k-4bheqqTcmLgI.roa
Signing time:             Fri 02 Jan 2026 16:20:10 +0000
ROA not before:           Fri 02 Jan 2026 16:20:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34730
IP address blocks:        195.238.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/33d226-7c43-4c83-94ad-218289d81c53/1/immKFPthpoevCmP3xlXAAfZwEoI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/33d226-7c43-4c83-94ad-218289d81c53/1/immKFPthpoevCmP3xlXAAfZwEoI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/immKFPthpoevCmP3xlXAAfZwEoI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 04:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:64:34:c8:d3:5f:3c:55:6a:7c:15:71:eb:91:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a698a14fb61a687af0a63f7c655c001f6701282
        Validity
            Not Before: Jan  2 16:20:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f19889f4006cc0fa0f64fb86e17aaa937262e02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:2c:ba:fc:6c:e1:e1:5a:f0:cc:f6:73:65:a2:
                    da:84:54:46:6a:2a:49:d7:df:5d:d3:bb:cd:50:61:
                    4a:b9:c3:c4:34:9b:0f:5d:0f:a9:22:72:ad:fb:19:
                    c0:9c:1a:56:f6:8c:63:50:36:2d:a8:1d:eb:e5:8e:
                    35:0e:8f:bb:d7:d8:15:56:ba:ae:8b:39:d9:92:29:
                    48:f0:88:07:e4:81:61:92:77:30:7b:18:1a:4a:c0:
                    e0:1b:cf:43:ea:e1:70:af:16:7b:6d:d3:ee:58:a0:
                    18:53:e7:48:4e:b2:78:81:b3:9b:2d:cd:80:ac:79:
                    3a:ce:a3:da:72:c0:48:2c:21:d3:2c:aa:ba:eb:9f:
                    8b:3b:2e:1a:1f:4b:18:ad:99:91:37:b8:e4:39:eb:
                    64:65:4b:2f:7b:fe:e6:e3:b2:0d:05:6a:3e:b1:98:
                    3f:cd:56:0a:64:9e:6b:06:9f:2c:67:07:1f:06:bd:
                    49:48:09:9b:00:a2:22:b5:e9:be:37:e5:86:f9:7d:
                    db:d4:8c:92:75:80:b5:1c:74:c7:5e:71:d5:69:c7:
                    5e:f9:29:7f:27:5c:dd:a6:8b:6a:51:e7:02:3c:2c:
                    87:19:40:d9:0e:ae:52:f9:ff:fb:50:be:97:e7:57:
                    49:6b:9c:c2:c0:50:14:d3:2e:3f:a4:7e:b7:d7:2e:
                    ae:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:19:88:9F:40:06:CC:0F:A0:F6:4F:B8:6E:17:AA:A9:37:26:2E:02
            X509v3 Authority Key Identifier:
                keyid:8A:69:8A:14:FB:61:A6:87:AF:0A:63:F7:C6:55:C0:01:F6:70:12:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/immKFPthpoevCmP3xlXAAfZwEoI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/33d226-7c43-4c83-94ad-218289d81c53/1/HxmIn0AGzA-g9k-4bheqqTcmLgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/33d226-7c43-4c83-94ad-218289d81c53/1/immKFPthpoevCmP3xlXAAfZwEoI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:ab:dd:15:cb:99:b2:75:6e:a4:37:9c:14:b3:44:07:39:33:
         f2:c6:a3:df:00:d6:eb:08:e8:0b:9e:58:ed:8e:66:bb:fe:9b:
         78:e7:b2:20:f9:e8:44:3d:23:09:13:e6:51:6b:ce:a1:6a:1b:
         ed:0b:e8:87:3e:b0:a9:e7:ee:c2:f6:a1:c7:25:cf:a2:f9:cf:
         c8:66:63:5c:d9:92:1f:95:0b:6b:f7:36:60:cf:72:0a:bc:62:
         7a:c1:e1:6a:65:90:1e:f9:f4:ae:96:73:ec:7f:90:ba:6d:b8:
         d0:f2:56:b3:1e:29:d4:62:ae:4e:bf:c5:da:82:17:81:c2:01:
         52:dc:8b:0d:f4:36:b9:e4:eb:55:0c:da:83:22:92:b9:ae:fe:
         c0:de:07:07:57:10:0e:6e:9c:72:59:62:0a:a0:98:78:f8:b3:
         6c:f1:3c:c5:4b:5e:82:ee:b5:e5:49:bd:b4:b7:6b:df:33:5e:
         eb:a1:93:72:28:57:30:f2:df:2c:4e:34:f7:e6:ae:3d:3e:a6:
         ef:0b:69:88:7b:0e:65:8e:48:88:e4:ae:56:09:52:b0:c2:aa:
         53:68:72:3d:94:10:a1:ff:c0:51:5a:72:bd:b6:1b:83:2e:28:
         68:61:af:6e:88:ad:b0:dc:7b:0d:62:73:79:69:16:d0:1c:5a:
         f4:94:fd:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gmQ0yNNfPFVqfBVx65FDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNjk4YTE0ZmI2MWE2ODdhZjBhNjNmN2M2NTVjMDAxZjY3
MDEyODIwHhcNMjYwMTAyMTYyMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjE5ODg5ZjQwMDZjYzBmYTBmNjRmYjg2ZTE3YWFhOTM3MjYyZTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSy6/Gzh4VrwzPZzZaLahFRGaipJ
199d07vNUGFKucPENJsPXQ+pInKt+xnAnBpW9oxjUDYtqB3r5Y41Do+719gVVrqu
iznZkilI8IgH5IFhkncwexgaSsDgG89D6uFwrxZ7bdPuWKAYU+dITrJ4gbObLc2A
rHk6zqPacsBILCHTLKq665+LOy4aH0sYrZmRN7jkOetkZUsve/7m47INBWo+sZg/
zVYKZJ5rBp8sZwcfBr1JSAmbAKIitem+N+WG+X3b1IySdYC1HHTHXnHVacde+Sl/
J1zdpotqUecCPCyHGUDZDq5S+f/7UL6X51dJa5zCwFAU0y4/pH631y6uaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB8ZiJ9ABswPoPZPuG4Xqqk3Ji4CMB8GA1UdIwQY
MBaAFIppihT7YaaHrwpj98ZVwAH2cBKCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW1tS0ZQdGhwb2V2Q21QM3hsWEFBZlp3RW9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zM2QyMjYtN2M0My00YzgzLTk0YWQt
MjE4Mjg5ZDgxYzUzLzEvSHhtSW4wQUd6QS1nOWstNGJoZXFxVGNtTGdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zM2QyMjYtN2M0My00YzgzLTk0YWQtMjE4Mjg5ZDgxYzUz
LzEvaW1tS0ZQdGhwb2V2Q21QM3hsWEFBZlp3RW9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+71MA0G
CSqGSIb3DQEBCwUAA4IBAQAKq90Vy5mydW6kN5wUs0QHOTPyxqPfANbrCOgLnljt
jma7/pt457Ig+ehEPSMJE+ZRa86hahvtC+iHPrCp5+7C9qHHJc+i+c/IZmNc2ZIf
lQtr9zZgz3IKvGJ6weFqZZAe+fSulnPsf5C6bbjQ8lazHinUYq5Ov8XagheBwgFS
3IsN9Da55OtVDNqDIpK5rv7A3gcHVxAObpxyWWIKoJh4+LNs8TzFS16C7rXlSb20
t2vfM17roZNyKFcw8t8sTjT35q49PqbvC2mIew5ljkiI5K5WCVKwwqpTaHI9lBCh
/8BRWnK9thuDLihoYa9uiK2w3HsNYnN5aRbQHFr0lP0W
-----END CERTIFICATE-----