This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/80d087-4700-4e85-a783-bf24e775b2bc/1/h-VETfFgbFHuxDZMujDztjTttXI.roa
File:                     h-VETfFgbFHuxDZMujDztjTttXI.roa (raw, json)
Hash identifier:          cT0vDAAZEp2yJmwUDRGaScHTPsMyXNmcut9rbqNcbpM=
Subject key identifier:   87:E5:44:4D:F1:60:6C:51:EE:C4:36:4C:BA:30:F3:B6:34:ED:B5:72
Certificate issuer:       /CN=dae6bdfe4278008f716d4d7b0b9f92f7e036eb26
Certificate serial:       019B7F15824FC8145D8CE91430795B571789
Authority key identifier: DA:E6:BD:FE:42:78:00:8F:71:6D:4D:7B:0B:9F:92:F7:E0:36:EB:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ua9_kJ4AI9xbU17C5-S9-A26yY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/80d087-4700-4e85-a783-bf24e775b2bc/1/h-VETfFgbFHuxDZMujDztjTttXI.roa
Signing time:             Fri 02 Jan 2026 14:21:14 +0000
ROA not before:           Fri 02 Jan 2026 14:21:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     37284
IP address blocks:        5.63.0.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/80d087-4700-4e85-a783-bf24e775b2bc/1/2ua9_kJ4AI9xbU17C5-S9-A26yY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/80d087-4700-4e85-a783-bf24e775b2bc/1/2ua9_kJ4AI9xbU17C5-S9-A26yY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ua9_kJ4AI9xbU17C5-S9-A26yY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:82:4f:c8:14:5d:8c:e9:14:30:79:5b:57:17:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dae6bdfe4278008f716d4d7b0b9f92f7e036eb26
        Validity
            Not Before: Jan  2 14:21:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=87e5444df1606c51eec4364cba30f3b634edb572
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b3:e3:dc:d3:20:29:02:ce:01:61:b1:03:fe:
                    87:9e:85:99:02:e4:55:c2:e4:d8:b4:a9:a4:3b:1b:
                    8e:85:83:a9:b5:b6:8b:d7:05:34:d2:63:d7:87:71:
                    b1:3c:5c:84:41:ad:2b:6a:7e:8a:75:d9:e9:64:ba:
                    2d:fd:95:77:6c:06:e6:12:ef:3a:35:53:bc:a9:05:
                    0d:96:f5:77:e1:5e:4e:af:a3:37:fb:46:72:f1:19:
                    65:32:23:d1:ba:f5:63:60:50:f4:f4:4d:ee:6e:43:
                    f6:ea:6d:f8:b1:07:a2:79:43:74:63:22:e0:26:3e:
                    e1:b0:c8:e1:a7:af:d1:79:b4:c4:33:1c:e3:69:ff:
                    1c:fd:fa:3c:5c:6f:63:f3:ae:ce:e6:ba:2b:f1:ca:
                    dd:18:08:18:4f:f3:0e:9e:92:98:20:09:da:25:04:
                    8e:f8:6e:f1:6a:56:cd:9b:63:a2:73:07:ed:65:a9:
                    be:1e:b4:c9:e8:f3:1d:1d:f3:3e:33:f2:ed:84:9c:
                    a9:ac:9f:73:9a:04:3a:dd:a3:ef:72:a5:f3:f7:7e:
                    26:d9:fe:13:c6:bd:03:70:58:c2:f6:4a:22:63:d2:
                    e6:c7:03:47:7a:87:79:4e:fd:e8:61:63:61:83:67:
                    ee:af:4f:9f:03:d4:e4:cf:1a:0a:7e:9d:68:06:c2:
                    3b:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:E5:44:4D:F1:60:6C:51:EE:C4:36:4C:BA:30:F3:B6:34:ED:B5:72
            X509v3 Authority Key Identifier:
                keyid:DA:E6:BD:FE:42:78:00:8F:71:6D:4D:7B:0B:9F:92:F7:E0:36:EB:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ua9_kJ4AI9xbU17C5-S9-A26yY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/80d087-4700-4e85-a783-bf24e775b2bc/1/h-VETfFgbFHuxDZMujDztjTttXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/80d087-4700-4e85-a783-bf24e775b2bc/1/2ua9_kJ4AI9xbU17C5-S9-A26yY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7a:c8:98:c8:ed:f5:51:80:c9:a0:40:d6:a9:4d:72:49:a3:b7:
         bd:48:29:73:75:72:f4:16:71:ee:21:01:b7:9f:b0:8d:c7:f0:
         2e:8d:e3:bf:28:64:fe:bc:0e:69:f3:0d:57:1b:6a:21:50:87:
         85:df:96:8f:92:f4:2b:f2:df:e9:bc:f9:b0:72:38:70:9e:09:
         9b:bf:77:39:4b:25:a1:8a:03:a9:3e:0a:04:ca:c6:c0:73:45:
         5c:b2:1c:f8:22:01:ff:f2:46:84:5b:88:ba:c2:9f:16:44:6d:
         b9:45:e7:b8:50:f5:09:ac:e7:11:c9:0a:96:c0:70:b6:83:f5:
         81:b1:31:dc:4a:4a:84:67:70:42:e8:4d:04:14:ee:fa:f0:9d:
         9c:4d:01:c9:f2:59:ad:67:88:73:aa:4e:d8:91:ba:58:3d:23:
         0b:b3:85:ea:ea:ba:37:89:62:69:28:bc:54:b8:39:da:6e:ac:
         69:fe:8b:c1:88:f1:f6:7e:6f:23:bd:95:a1:4b:e7:c8:9c:20:
         da:38:86:b7:4f:b3:e2:5f:21:b5:34:ac:42:fb:bc:60:c2:18:
         21:df:43:ff:6b:42:09:12:8b:ac:f3:d4:ba:26:39:1a:a2:26:
         0e:f1:34:50:91:2b:24:f2:d6:19:14:9a:3d:e4:e7:26:f8:f6:
         2d:dc:9f:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FYJPyBRdjOkUMHlbVxeJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhZTZiZGZlNDI3ODAwOGY3MTZkNGQ3YjBiOWY5MmY3ZTAz
NmViMjYwHhcNMjYwMTAyMTQyMTE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2U1NDQ0ZGYxNjA2YzUxZWVjNDM2NGNiYTMwZjNiNjM0ZWRiNTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrPj3NMgKQLOAWGxA/6HnoWZAuRV
wuTYtKmkOxuOhYOptbaL1wU00mPXh3GxPFyEQa0ran6KddnpZLot/ZV3bAbmEu86
NVO8qQUNlvV34V5Or6M3+0Zy8RllMiPRuvVjYFD09E3ubkP26m34sQeieUN0YyLg
Jj7hsMjhp6/RebTEMxzjaf8c/fo8XG9j867O5ror8crdGAgYT/MOnpKYIAnaJQSO
+G7xalbNm2OicwftZam+HrTJ6PMdHfM+M/LthJyprJ9zmgQ63aPvcqXz934m2f4T
xr0DcFjC9koiY9LmxwNHeod5Tv3oYWNhg2fur0+fA9TkzxoKfp1oBsI74wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIflRE3xYGxR7sQ2TLow87Y07bVyMB8GA1UdIwQY
MBaAFNrmvf5CeACPcW1NewufkvfgNusmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnVhOV9rSjRBSTl4YlUxN0M1LVM5LUEyNnlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy84MGQwODctNDcwMC00ZTg1LWE3ODMt
YmYyNGU3NzViMmJjLzEvaC1WRVRmRmdiRkh1eERaTXVqRHp0alR0dFhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy84MGQwODctNDcwMC00ZTg1LWE3ODMtYmYyNGU3NzViMmJj
LzEvMnVhOV9rSjRBSTl4YlUxN0M1LVM5LUEyNnlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBT8AMA0G
CSqGSIb3DQEBCwUAA4IBAQB6yJjI7fVRgMmgQNapTXJJo7e9SClzdXL0FnHuIQG3
n7CNx/AujeO/KGT+vA5p8w1XG2ohUIeF35aPkvQr8t/pvPmwcjhwngmbv3c5SyWh
igOpPgoEysbAc0Vcshz4IgH/8kaEW4i6wp8WRG25Ree4UPUJrOcRyQqWwHC2g/WB
sTHcSkqEZ3BC6E0EFO768J2cTQHJ8lmtZ4hzqk7YkbpYPSMLs4Xq6ro3iWJpKLxU
uDnabqxp/ovBiPH2fm8jvZWhS+fInCDaOIa3T7PiXyG1NKxC+7xgwhgh30P/a0IJ
Eous89S6JjkaoiYO8TRQkSsk8tYZFJo95Ocm+PYt3J9/
-----END CERTIFICATE-----