This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0ad99a-1a0f-42e0-ae7d-f07183773b26/1/hBIKQJotb91PfUz83IlhlDln8Os.roa
File:                     hBIKQJotb91PfUz83IlhlDln8Os.roa (raw, json)
Hash identifier:          FZgPmcaU95wHeFAG7MifAFsuelM+Kr14jElFrFSjrsk=
Subject key identifier:   84:12:0A:40:9A:2D:6F:DD:4F:7D:4C:FC:DC:89:61:94:39:67:F0:EB
Certificate issuer:       /CN=deddd6e7a1feb6fb47c9a2f89918827094dbfc17
Certificate serial:       019B7A5B2079B8D02B132F37214BF62DB491
Authority key identifier: DE:DD:D6:E7:A1:FE:B6:FB:47:C9:A2:F8:99:18:82:70:94:DB:FC:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3t3W56H-tvtHyaL4mRiCcJTb_Bc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0ad99a-1a0f-42e0-ae7d-f07183773b26/1/hBIKQJotb91PfUz83IlhlDln8Os.roa
Signing time:             Thu 01 Jan 2026 16:19:10 +0000
ROA not before:           Thu 01 Jan 2026 16:19:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21113
IP address blocks:        193.202.240.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0ad99a-1a0f-42e0-ae7d-f07183773b26/1/3t3W56H-tvtHyaL4mRiCcJTb_Bc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0ad99a-1a0f-42e0-ae7d-f07183773b26/1/3t3W56H-tvtHyaL4mRiCcJTb_Bc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3t3W56H-tvtHyaL4mRiCcJTb_Bc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 21:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:20:79:b8:d0:2b:13:2f:37:21:4b:f6:2d:b4:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=deddd6e7a1feb6fb47c9a2f89918827094dbfc17
        Validity
            Not Before: Jan  1 16:19:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=84120a409a2d6fdd4f7d4cfcdc8961943967f0eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:6f:d0:d7:a2:70:a5:de:ba:a1:8d:fd:a8:f7:
                    e0:e6:74:a6:93:35:ed:a3:0c:1d:b9:84:ff:c1:cd:
                    56:9d:f1:8a:c5:7e:54:e5:71:49:85:e1:32:ae:fb:
                    0d:45:91:0a:3d:a5:35:91:d6:f7:e7:bb:de:0b:a9:
                    3a:78:43:28:64:a9:3a:e3:ec:b4:64:1e:1f:4e:c4:
                    44:16:3e:3d:55:88:0f:2b:30:07:3e:3a:9c:74:c3:
                    40:a4:0b:11:0f:bd:ab:9e:86:87:6d:24:c2:65:b8:
                    66:7d:30:75:91:d2:8b:78:4b:41:af:f8:04:9a:85:
                    df:14:20:00:7a:58:ff:32:04:74:84:0d:e4:aa:52:
                    30:bf:71:a6:32:e3:59:65:f0:32:69:e4:89:bc:49:
                    ae:bb:b0:73:df:f8:c3:38:7b:00:69:fe:e5:11:97:
                    4b:d4:ce:b9:2c:f7:ab:e0:c7:2d:5e:14:80:cf:19:
                    2d:d0:ec:fa:4b:1b:16:73:8f:70:61:8f:c0:a3:22:
                    57:3d:2b:39:e7:29:89:af:50:78:24:23:04:a8:4c:
                    34:68:58:81:50:65:21:6a:38:d9:27:58:7c:3b:93:
                    2e:d6:13:aa:22:17:2b:9d:e0:5a:6d:c6:e8:e4:89:
                    37:db:a4:30:c8:10:91:a1:11:8d:c2:0e:50:57:ac:
                    6f:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:12:0A:40:9A:2D:6F:DD:4F:7D:4C:FC:DC:89:61:94:39:67:F0:EB
            X509v3 Authority Key Identifier:
                keyid:DE:DD:D6:E7:A1:FE:B6:FB:47:C9:A2:F8:99:18:82:70:94:DB:FC:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3t3W56H-tvtHyaL4mRiCcJTb_Bc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0ad99a-1a0f-42e0-ae7d-f07183773b26/1/hBIKQJotb91PfUz83IlhlDln8Os.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0ad99a-1a0f-42e0-ae7d-f07183773b26/1/3t3W56H-tvtHyaL4mRiCcJTb_Bc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.202.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         58:cb:1e:de:f9:3d:6a:68:38:3b:a5:a8:a4:3e:dc:11:6c:f6:
         17:fe:69:c6:3e:97:0b:47:c6:47:82:c4:c7:8a:61:5b:42:f4:
         0f:8b:94:8a:b3:d8:7e:47:fa:01:98:dc:4c:9f:57:c9:3c:34:
         0d:73:e4:8a:63:4f:17:58:ad:40:6a:c7:c2:89:5e:21:d4:55:
         e6:9a:64:d9:31:f2:de:b7:8c:b2:bc:33:77:a3:e1:10:9b:de:
         ac:99:16:3e:cd:33:c7:af:5d:1b:e6:26:20:5c:61:56:30:f9:
         38:24:cc:4b:c5:2f:96:b9:0b:77:1c:13:35:9c:0c:cd:9d:71:
         e4:f3:d2:c0:47:a1:c6:0b:63:08:e0:e7:d2:af:fa:3c:c8:49:
         6a:56:45:f7:e6:3d:9f:1c:9d:73:c0:16:f3:fd:a8:6a:6d:b9:
         4a:99:aa:0d:6d:29:f1:cb:30:88:d6:95:87:04:f4:21:4b:4b:
         a1:db:bc:99:a1:86:25:8c:e9:ba:d1:2c:01:1d:28:57:8b:43:
         22:16:2f:fa:80:be:46:7c:bc:c3:f4:5a:db:01:d9:40:d0:c0:
         8a:7e:49:7e:fb:7b:b9:6f:94:46:1b:19:e0:94:d9:ba:17:00:
         cc:73:e2:4d:37:f2:58:f8:fc:54:5d:e6:4a:34:60:6b:47:94:
         96:7c:8d:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WyB5uNArEy83IUv2LbSRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZGRkNmU3YTFmZWI2ZmI0N2M5YTJmODk5MTg4MjcwOTRk
YmZjMTcwHhcNMjYwMTAxMTYxOTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDEyMGE0MDlhMmQ2ZmRkNGY3ZDRjZmNkYzg5NjE5NDM5NjdmMGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsm/Q16Jwpd66oY39qPfg5nSmkzXt
owwduYT/wc1WnfGKxX5U5XFJheEyrvsNRZEKPaU1kdb357veC6k6eEMoZKk64+y0
ZB4fTsREFj49VYgPKzAHPjqcdMNApAsRD72rnoaHbSTCZbhmfTB1kdKLeEtBr/gE
moXfFCAAelj/MgR0hA3kqlIwv3GmMuNZZfAyaeSJvEmuu7Bz3/jDOHsAaf7lEZdL
1M65LPer4MctXhSAzxkt0Oz6SxsWc49wYY/AoyJXPSs55ymJr1B4JCMEqEw0aFiB
UGUhajjZJ1h8O5Mu1hOqIhcrneBabcbo5Ik326QwyBCRoRGNwg5QV6xvAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQSCkCaLW/dT31M/NyJYZQ5Z/DrMB8GA1UdIwQY
MBaAFN7d1ueh/rb7R8mi+JkYgnCU2/wXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3QzVzU2SC10dnRIeWFMNG1SaUNjSlRiX0JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wYWQ5OWEtMWEwZi00MmUwLWFlN2Qt
ZjA3MTgzNzczYjI2LzEvaEJJS1FKb3RiOTFQZlV6ODNJbGhsRGxuOE9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wYWQ5OWEtMWEwZi00MmUwLWFlN2QtZjA3MTgzNzczYjI2
LzEvM3QzVzU2SC10dnRIeWFMNG1SaUNjSlRiX0JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwcrwMA0G
CSqGSIb3DQEBCwUAA4IBAQBYyx7e+T1qaDg7paikPtwRbPYX/mnGPpcLR8ZHgsTH
imFbQvQPi5SKs9h+R/oBmNxMn1fJPDQNc+SKY08XWK1AasfCiV4h1FXmmmTZMfLe
t4yyvDN3o+EQm96smRY+zTPHr10b5iYgXGFWMPk4JMxLxS+WuQt3HBM1nAzNnXHk
89LAR6HGC2MI4OfSr/o8yElqVkX35j2fHJ1zwBbz/ahqbblKmaoNbSnxyzCI1pWH
BPQhS0uh27yZoYYljOm60SwBHShXi0MiFi/6gL5GfLzD9FrbAdlA0MCKfkl++3u5
b5RGGxnglNm6FwDMc+JNN/JY+PxUXeZKNGBrR5SWfI1O
-----END CERTIFICATE-----