This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/b78ab4-3490-400b-9019-9edd01d0723c/1/hv5F2fKm7cZ-fqlTGhS4HLwa_Mo.roa
File:                     hv5F2fKm7cZ-fqlTGhS4HLwa_Mo.roa (raw, json)
Hash identifier:          3e8QQ5wpWIE1xn2kF+A/CiSMbxQICMGVp/zM+nv9PN0=
Subject key identifier:   86:FE:45:D9:F2:A6:ED:C6:7E:7E:A9:53:1A:14:B8:1C:BC:1A:FC:CA
Certificate issuer:       /CN=278617740ecd95b704da97a5f9e53c031144426b
Certificate serial:       019B7DC9DD363699C84D97E60D96DF291740
Authority key identifier: 27:86:17:74:0E:CD:95:B7:04:DA:97:A5:F9:E5:3C:03:11:44:42:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J4YXdA7NlbcE2pel-eU8AxFEQms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/b78ab4-3490-400b-9019-9edd01d0723c/1/hv5F2fKm7cZ-fqlTGhS4HLwa_Mo.roa
Signing time:             Fri 02 Jan 2026 08:18:59 +0000
ROA not before:           Fri 02 Jan 2026 08:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212886
IP address blocks:        185.236.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/b78ab4-3490-400b-9019-9edd01d0723c/1/J4YXdA7NlbcE2pel-eU8AxFEQms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/b78ab4-3490-400b-9019-9edd01d0723c/1/J4YXdA7NlbcE2pel-eU8AxFEQms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J4YXdA7NlbcE2pel-eU8AxFEQms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 Jan 2026 20:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:dd:36:36:99:c8:4d:97:e6:0d:96:df:29:17:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278617740ecd95b704da97a5f9e53c031144426b
        Validity
            Not Before: Jan  2 08:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86fe45d9f2a6edc67e7ea9531a14b81cbc1afcca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:8a:2f:11:51:00:e8:a8:76:c1:03:e3:a0:bf:
                    76:a8:cb:c8:93:14:36:6f:6a:b3:9f:57:28:b3:1f:
                    86:59:98:0d:8e:cd:f7:c5:2f:86:cb:15:e3:18:32:
                    f2:c4:0c:06:40:e1:5f:7d:25:46:d6:37:b5:7f:ac:
                    be:ad:30:81:16:fb:36:df:2f:a5:e5:7c:57:57:4a:
                    bf:a5:5a:64:7f:73:c1:fa:83:e9:7a:14:0d:40:31:
                    30:6e:8d:d0:d9:b2:4e:7e:30:ba:94:dc:4a:c1:40:
                    63:1c:03:9c:70:73:fe:c0:8a:29:3d:1c:ec:36:3f:
                    b0:a6:2a:1c:30:85:73:3b:af:e5:f9:af:55:eb:21:
                    78:08:0f:e4:ab:b4:3b:08:f0:3e:3a:86:41:c3:00:
                    0f:a8:50:5c:e8:4b:da:10:2d:34:8e:a9:80:81:03:
                    0b:9e:61:ed:c1:5f:04:80:6d:6e:49:0e:e0:52:9b:
                    2f:87:ec:53:7c:99:a1:b1:b0:35:b7:e0:09:6c:68:
                    5a:bc:de:2c:37:0a:43:f0:c9:ad:b7:e2:c9:2a:75:
                    9f:5c:f0:06:6f:a9:15:6d:7d:9f:62:45:c8:27:d5:
                    be:43:51:93:0e:54:cd:b8:5a:be:14:4e:04:c4:e5:
                    f2:39:96:14:0f:d0:90:eb:14:7e:16:34:ef:87:b2:
                    8b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:FE:45:D9:F2:A6:ED:C6:7E:7E:A9:53:1A:14:B8:1C:BC:1A:FC:CA
            X509v3 Authority Key Identifier:
                keyid:27:86:17:74:0E:CD:95:B7:04:DA:97:A5:F9:E5:3C:03:11:44:42:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J4YXdA7NlbcE2pel-eU8AxFEQms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/b78ab4-3490-400b-9019-9edd01d0723c/1/hv5F2fKm7cZ-fqlTGhS4HLwa_Mo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/b78ab4-3490-400b-9019-9edd01d0723c/1/J4YXdA7NlbcE2pel-eU8AxFEQms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:3d:91:e5:de:36:43:44:f0:d8:0f:0f:03:20:6a:cc:24:8a:
         4e:ae:2e:81:49:a0:cd:15:62:21:2c:51:c5:31:5a:56:d1:bd:
         18:18:7f:6b:ae:d2:69:bf:33:3f:7d:ce:b4:ef:6b:63:f2:b2:
         85:0b:09:05:be:7f:d3:12:2c:cb:e0:0e:f9:8b:0c:69:91:1e:
         c8:85:4b:65:b7:c5:fd:c5:a0:4f:ff:72:35:57:24:b6:62:db:
         58:33:61:3c:a8:56:49:e4:dd:86:2c:ba:bb:08:72:e2:e3:61:
         33:19:ec:ae:85:c7:1f:0e:a0:bc:e9:05:3a:90:76:a4:4a:1c:
         0b:6f:ed:b9:68:bb:6d:cd:98:7a:ce:f7:4f:e5:86:00:2c:b6:
         d7:a3:8b:a0:f3:81:63:e3:bc:99:63:76:9c:fa:92:4a:27:6a:
         65:99:8b:c6:09:c9:69:4b:2f:8c:10:4b:ae:82:f0:4e:4a:d4:
         aa:a6:9b:28:49:a7:35:63:8f:5e:a3:65:0d:29:eb:eb:58:9f:
         c8:df:69:91:20:5c:9a:e3:8b:ec:32:51:3f:22:75:ce:31:85:
         77:41:48:c9:5b:59:6c:6b:fb:56:ca:dc:47:b7:78:78:14:52:
         87:73:d5:63:d2:83:0a:6c:ae:5f:84:dd:28:80:d8:69:e4:95:
         d6:d4:c4:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yd02NpnITZfmDZbfKRdAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ODYxNzc0MGVjZDk1YjcwNGRhOTdhNWY5ZTUzYzAzMTE0
NDQyNmIwHhcNMjYwMTAyMDgxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmZlNDVkOWYyYTZlZGM2N2U3ZWE5NTMxYTE0YjgxY2JjMWFmY2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIovEVEA6Kh2wQPjoL92qMvIkxQ2
b2qzn1cosx+GWZgNjs33xS+GyxXjGDLyxAwGQOFffSVG1je1f6y+rTCBFvs23y+l
5XxXV0q/pVpkf3PB+oPpehQNQDEwbo3Q2bJOfjC6lNxKwUBjHAOccHP+wIopPRzs
Nj+wpiocMIVzO6/l+a9V6yF4CA/kq7Q7CPA+OoZBwwAPqFBc6EvaEC00jqmAgQML
nmHtwV8EgG1uSQ7gUpsvh+xTfJmhsbA1t+AJbGhavN4sNwpD8Mmtt+LJKnWfXPAG
b6kVbX2fYkXIJ9W+Q1GTDlTNuFq+FE4ExOXyOZYUD9CQ6xR+FjTvh7KLEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIb+Rdnypu3Gfn6pUxoUuBy8GvzKMB8GA1UdIwQY
MBaAFCeGF3QOzZW3BNqXpfnlPAMRREJrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjRZWGRBN05sYmNFMnBlbC1lVThBeEZFUW1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iNzhhYjQtMzQ5MC00MDBiLTkwMTkt
OWVkZDAxZDA3MjNjLzEvaHY1RjJmS203Y1otZnFsVEdoUzRITHdhX01vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iNzhhYjQtMzQ5MC00MDBiLTkwMTktOWVkZDAxZDA3MjNj
LzEvSjRZWGRBN05sYmNFMnBlbC1lVThBeEZFUW1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueyAMA0G
CSqGSIb3DQEBCwUAA4IBAQCQPZHl3jZDRPDYDw8DIGrMJIpOri6BSaDNFWIhLFHF
MVpW0b0YGH9rrtJpvzM/fc6072tj8rKFCwkFvn/TEizL4A75iwxpkR7IhUtlt8X9
xaBP/3I1VyS2YttYM2E8qFZJ5N2GLLq7CHLi42EzGeyuhccfDqC86QU6kHakShwL
b+25aLttzZh6zvdP5YYALLbXo4ug84Fj47yZY3ac+pJKJ2plmYvGCclpSy+MEEuu
gvBOStSqppsoSac1Y49eo2UNKevrWJ/I32mRIFya44vsMlE/InXOMYV3QUjJW1ls
a/tWytxHt3h4FFKHc9Vj0oMKbK5fhN0ogNhp5JXW1MSg
-----END CERTIFICATE-----