This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/hCuigtGnGrmGxt4fb38OXAzWTfY.roa
File:                     hCuigtGnGrmGxt4fb38OXAzWTfY.roa (raw, json)
Hash identifier:          iil9Ij6qPFCaMYbGlEBHWiblDDvzQIMW27VYLojp5iU=
Subject key identifier:   84:2B:A2:82:D1:A7:1A:B9:86:C6:DE:1F:6F:7F:0E:5C:0C:D6:4D:F6
Certificate issuer:       /CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
Certificate serial:       019B77C67922A8AFDA5800153D03BF2E0DD3
Authority key identifier: EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/hCuigtGnGrmGxt4fb38OXAzWTfY.roa
Signing time:             Thu 01 Jan 2026 04:17:34 +0000
ROA not before:           Thu 01 Jan 2026 04:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199871
IP address blocks:        151.252.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:79:22:a8:af:da:58:00:15:3d:03:bf:2e:0d:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
        Validity
            Not Before: Jan  1 04:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=842ba282d1a71ab986c6de1f6f7f0e5c0cd64df6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a0:52:4f:33:46:ea:d7:10:87:6a:90:10:e3:
                    41:7c:6f:a4:2f:aa:70:fa:ab:be:ee:68:33:0b:49:
                    ed:ee:44:b9:72:d0:82:eb:74:9d:3f:ec:dd:bc:b8:
                    37:5a:ec:6c:fa:c7:6b:0d:b9:73:a6:f4:b6:5e:1c:
                    12:c6:90:64:a6:b7:42:31:2f:f9:2d:9f:15:8f:21:
                    94:4a:c0:5c:24:a7:aa:7e:cf:a2:11:ba:71:f0:84:
                    80:d8:e0:00:97:bf:17:de:69:46:9d:ba:a9:94:3c:
                    7c:1f:8f:82:14:f6:56:2c:5b:b7:bb:25:30:c7:31:
                    d6:0a:55:86:1f:23:3d:2d:16:fd:5b:a5:17:7d:76:
                    3f:37:7b:a1:d8:f0:be:b2:a0:44:04:ee:ef:4a:25:
                    9b:e7:89:dd:b9:b1:52:29:f4:be:81:fb:d8:f4:a5:
                    5a:6e:32:b9:91:62:0d:3b:05:39:94:31:6d:c8:7d:
                    40:9d:9f:6a:05:36:ab:d0:14:f8:8b:86:39:a9:14:
                    ed:cd:23:d5:5e:81:ad:80:54:c8:0d:2e:e8:e8:0a:
                    c1:60:1a:3a:43:44:05:9a:df:49:e6:5e:4a:90:b1:
                    b5:e4:a9:87:af:62:a4:82:8b:f9:93:93:05:5b:3e:
                    e2:d3:7a:fe:9c:06:e2:27:fa:c6:07:3f:3a:a1:0e:
                    89:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:2B:A2:82:D1:A7:1A:B9:86:C6:DE:1F:6F:7F:0E:5C:0C:D6:4D:F6
            X509v3 Authority Key Identifier:
                keyid:EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/hCuigtGnGrmGxt4fb38OXAzWTfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.252.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:05:4a:1f:fd:60:f5:3b:e9:fe:74:25:2e:ac:4b:1e:1c:3c:
         91:9f:3f:c2:e4:8f:53:b0:b3:82:de:76:0e:0c:da:89:1c:0d:
         e4:b0:5e:82:fc:52:d2:07:41:af:e2:5b:e0:10:ea:db:8a:3d:
         ed:12:96:ec:26:8d:64:bc:f7:f0:2b:62:7f:74:89:67:05:c5:
         71:f3:6f:37:2b:5a:ae:08:90:1e:47:44:71:b5:a3:f3:29:09:
         ec:1f:82:1d:24:0b:f1:29:22:43:16:71:83:8b:ce:a7:62:0a:
         6b:74:c7:d2:e6:e6:65:07:5c:ae:da:9a:98:b6:4f:8d:b3:7d:
         1f:07:9d:c6:d1:00:92:02:9b:cc:05:a7:0d:ec:ea:3f:64:ef:
         07:47:0c:de:a6:40:3f:98:f8:ea:e4:bc:5d:32:91:09:bf:a0:
         fd:f2:3d:a3:4f:2a:10:0f:e9:a6:2d:0b:36:61:29:ab:f6:4d:
         d9:fc:1c:2f:4e:49:94:da:fd:8d:93:6c:44:38:ad:e5:84:41:
         cb:b5:c6:24:07:d0:ed:ec:8f:39:34:b1:a2:a9:55:a1:63:7c:
         c6:9f:6e:fc:4e:c5:f6:b1:7c:c2:99:73:ce:5e:7a:1f:5a:30:
         46:04:fb:15:62:4b:dc:4c:86:01:47:8b:e0:81:12:d6:79:12:
         68:50:a9:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xnkiqK/aWAAVPQO/Lg3TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZWM5MDMwYzcwYTNkNDE5MmQ1OWMyOGRjYzhkNTQ3Njk0
MzQwYjMwHhcNMjYwMTAxMDQxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDJiYTI4MmQxYTcxYWI5ODZjNmRlMWY2ZjdmMGU1YzBjZDY0ZGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaBSTzNG6tcQh2qQEONBfG+kL6pw
+qu+7mgzC0nt7kS5ctCC63SdP+zdvLg3Wuxs+sdrDblzpvS2XhwSxpBkprdCMS/5
LZ8VjyGUSsBcJKeqfs+iEbpx8ISA2OAAl78X3mlGnbqplDx8H4+CFPZWLFu3uyUw
xzHWClWGHyM9LRb9W6UXfXY/N3uh2PC+sqBEBO7vSiWb54ndubFSKfS+gfvY9KVa
bjK5kWINOwU5lDFtyH1AnZ9qBTar0BT4i4Y5qRTtzSPVXoGtgFTIDS7o6ArBYBo6
Q0QFmt9J5l5KkLG15KmHr2Kkgov5k5MFWz7i03r+nAbiJ/rGBz86oQ6JUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQrooLRpxq5hsbeH29/DlwM1k32MB8GA1UdIwQY
MBaAFOvskDDHCj1BktWcKNzI1UdpQ0CzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQt
NGE2Zjg2ODMyNjVjLzEvaEN1aWd0R25Hcm1HeHQ0ZmIzOE9YQXpXVGZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQtNGE2Zjg2ODMyNjVj
LzEvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/zHMA0G
CSqGSIb3DQEBCwUAA4IBAQC5BUof/WD1O+n+dCUurEseHDyRnz/C5I9TsLOC3nYO
DNqJHA3ksF6C/FLSB0Gv4lvgEOrbij3tEpbsJo1kvPfwK2J/dIlnBcVx8283K1qu
CJAeR0RxtaPzKQnsH4IdJAvxKSJDFnGDi86nYgprdMfS5uZlB1yu2pqYtk+Ns30f
B53G0QCSApvMBacN7Oo/ZO8HRwzepkA/mPjq5LxdMpEJv6D98j2jTyoQD+mmLQs2
YSmr9k3Z/BwvTkmU2v2Nk2xEOK3lhEHLtcYkB9Dt7I85NLGiqVWhY3zGn278TsX2
sXzCmXPOXnofWjBGBPsVYkvcTIYBR4vggRLWeRJoUKkf
-----END CERTIFICATE-----