This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/HN2641Ic23i5F5WkdAwLmaLycbk.roa
File:                     HN2641Ic23i5F5WkdAwLmaLycbk.roa (raw, json)
Hash identifier:          c0xHeIFJfyd97mqYM31NBuwI/+6cje+OH3RH2lHXEnM=
Subject key identifier:   1C:DD:BA:E3:52:1C:DB:78:B9:17:95:A4:74:0C:0B:99:A2:F2:71:B9
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       019B78A218767F91777ECA50CB68359D7025
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/HN2641Ic23i5F5WkdAwLmaLycbk.roa
Signing time:             Thu 01 Jan 2026 08:17:27 +0000
ROA not before:           Thu 01 Jan 2026 08:17:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204335
IP address blocks:        2001:3182::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 20:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:18:76:7f:91:77:7e:ca:50:cb:68:35:9d:70:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Jan  1 08:17:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1cddbae3521cdb78b91795a4740c0b99a2f271b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d4:bc:e7:ea:d3:2a:c0:27:e0:6c:e3:95:d7:
                    fa:ee:6f:f6:56:4f:1a:61:54:ab:9b:76:8b:fb:16:
                    5e:2a:12:72:10:db:eb:a9:1d:82:6d:5a:35:f9:c9:
                    1b:48:ec:7d:78:40:63:71:8d:ed:7e:23:4d:2d:98:
                    3c:68:1f:12:a9:b0:05:8f:ee:db:4b:59:5c:72:42:
                    35:64:99:cc:7b:85:1e:15:b9:ae:bb:bc:54:70:b2:
                    4b:ef:e4:3b:52:92:34:4e:ee:d6:d2:9f:36:c5:66:
                    40:2b:a9:5b:5c:a7:fa:c7:79:5f:58:f3:6e:f1:0a:
                    12:27:48:01:70:5d:e9:52:b5:90:b5:6a:27:9e:eb:
                    3a:ed:3b:25:9f:cf:5e:20:c5:37:f7:1e:ce:bb:e1:
                    ca:32:c2:59:f0:32:9b:3b:91:52:71:f9:a7:18:60:
                    43:f1:72:cd:f4:bd:b6:45:fd:9a:31:fc:01:74:da:
                    b1:3b:93:ef:8f:28:db:40:8b:b7:1d:e0:d7:4b:5d:
                    ff:7e:4a:5c:5f:a7:a8:e1:c5:b1:13:7c:35:2d:6c:
                    93:5f:85:67:d0:9c:26:68:72:30:c9:44:b0:78:9f:
                    29:ab:06:65:e1:c8:da:20:b9:e0:bd:02:26:c3:91:
                    2e:1b:99:2a:6f:9c:4a:19:13:3e:b7:a3:d6:0b:d2:
                    9d:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:DD:BA:E3:52:1C:DB:78:B9:17:95:A4:74:0C:0B:99:A2:F2:71:B9
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/HN2641Ic23i5F5WkdAwLmaLycbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3182::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:d7:13:be:4e:25:84:d0:23:87:5e:d3:d6:a5:f8:3e:5f:ef:
         17:d8:52:85:ac:05:b2:45:8f:1a:5f:af:61:c0:95:6e:3b:5b:
         29:2b:c1:bf:af:b9:b2:85:c0:fd:b1:c6:bc:a5:02:e5:fa:c7:
         86:54:6c:6c:72:4b:72:a5:79:99:f2:6b:22:82:19:97:fe:39:
         03:ec:13:61:a1:14:b6:85:cc:85:10:4e:51:71:d7:94:c8:e7:
         f9:9f:4a:34:51:11:a2:76:60:7e:64:e0:cc:b0:bb:ac:3e:fb:
         21:62:5a:06:25:ff:fc:51:f8:1e:ab:15:3c:ba:81:17:bd:78:
         a8:86:d8:f0:eb:ed:45:15:16:85:a1:2d:01:35:ae:f5:6d:53:
         da:6b:8f:8e:c9:d3:f3:20:be:d7:46:54:11:f2:31:a8:c5:7e:
         45:a4:99:be:cd:b4:65:af:43:9c:e7:91:d1:2a:14:85:cd:ba:
         33:d2:c3:a8:05:78:c8:89:fd:e7:0a:cd:79:1a:7e:65:7c:e2:
         85:4e:66:23:82:34:e1:22:32:ea:08:f5:67:48:98:1e:36:9a:
         dc:8f:39:23:a7:6e:2e:2b:69:b6:7e:5a:8b:9f:db:5d:f8:2c:
         04:8f:4e:3a:9b:3a:d7:9d:db:e4:ec:f2:eb:2d:fa:f9:11:59:
         17:1d:76:90
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt4ohh2f5F3fspQy2g1nXAlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjYwMTAxMDgxNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2RkYmFlMzUyMWNkYjc4YjkxNzk1YTQ3NDBjMGI5OWEyZjI3MWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntS85+rTKsAn4Gzjldf67m/2Vk8a
YVSrm3aL+xZeKhJyENvrqR2CbVo1+ckbSOx9eEBjcY3tfiNNLZg8aB8SqbAFj+7b
S1lcckI1ZJnMe4UeFbmuu7xUcLJL7+Q7UpI0Tu7W0p82xWZAK6lbXKf6x3lfWPNu
8QoSJ0gBcF3pUrWQtWonnus67Tsln89eIMU39x7Ou+HKMsJZ8DKbO5FScfmnGGBD
8XLN9L22Rf2aMfwBdNqxO5PvjyjbQIu3HeDXS13/fkpcX6eo4cWxE3w1LWyTX4Vn
0JwmaHIwyUSweJ8pqwZl4cjaILngvQImw5EuG5kqb5xKGRM+t6PWC9KdUwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBzduuNSHNt4uReVpHQMC5mi8nG5MB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvSE4yNjQxSWMyM2k1RjVXa2RBd0xtYUx5Y2JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAIAExgjAN
BgkqhkiG9w0BAQsFAAOCAQEAHdcTvk4lhNAjh17T1qX4Pl/vF9hShawFskWPGl+v
YcCVbjtbKSvBv6+5soXA/bHGvKUC5frHhlRsbHJLcqV5mfJrIoIZl/45A+wTYaEU
toXMhRBOUXHXlMjn+Z9KNFERonZgfmTgzLC7rD77IWJaBiX//FH4HqsVPLqBF714
qIbY8OvtRRUWhaEtATWu9W1T2muPjsnT8yC+10ZUEfIxqMV+RaSZvs20Za9DnOeR
0SoUhc26M9LDqAV4yIn95wrNeRp+ZXzihU5mI4I04SIy6gj1Z0iYHjaa3I85I6du
Litptn5ai5/bXfgsBI9OOps6153b5Ozy6y36+RFZFx12kA==
-----END CERTIFICATE-----