This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/0UD8USnVs1ZSqhU24IXDsi5g354.roa
File:                     0UD8USnVs1ZSqhU24IXDsi5g354.roa (raw, json)
Hash identifier:          pEPpVfNtDzByiTlFyJI90XyAL3FYm8Pz2zAEcq8tcpg=
Subject key identifier:   D1:40:FC:51:29:D5:B3:56:52:AA:15:36:E0:85:C3:B2:2E:60:DF:9E
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019B79EC6F8ECC7D7560ED71A5E59D899E59
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/0UD8USnVs1ZSqhU24IXDsi5g354.roa
Signing time:             Thu 01 Jan 2026 14:18:16 +0000
ROA not before:           Thu 01 Jan 2026 14:18:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211673
IP address blocks:        5.181.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:6f:8e:cc:7d:75:60:ed:71:a5:e5:9d:89:9e:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jan  1 14:18:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d140fc5129d5b35652aa1536e085c3b22e60df9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:19:1c:b6:89:a1:5e:6b:7f:60:90:2f:7e:cb:
                    5d:53:6b:3f:ed:b0:27:ca:9e:c2:79:6f:e8:5d:02:
                    02:62:c2:90:d2:01:66:50:6f:0d:33:df:e9:2c:8c:
                    08:67:a4:89:56:44:f2:0d:d0:96:09:23:b9:d7:26:
                    e7:86:f2:8d:87:d9:0b:44:24:94:cb:2d:e7:99:32:
                    f1:a1:28:0e:f0:3a:48:5d:8f:db:1c:d4:52:a1:8d:
                    bd:cd:3e:a4:a9:9c:83:1f:58:13:8e:2a:d4:db:90:
                    ce:4d:24:4d:51:ce:4f:a0:78:c1:5b:ef:b0:cd:0d:
                    59:f5:b7:ac:e2:a8:eb:67:46:24:ff:b0:2e:97:74:
                    c0:2d:74:8a:c9:b2:3a:29:30:f9:4f:9b:40:fe:cc:
                    78:d5:13:cb:2b:df:ed:a9:1f:6a:37:97:50:80:78:
                    f9:ed:cf:02:9a:55:2b:cb:c8:c4:96:18:04:62:7a:
                    3c:a6:ff:2d:ea:cb:c4:ab:68:1d:87:e9:4b:fc:8c:
                    11:4c:a3:09:89:5f:a1:c3:b8:80:33:68:08:8d:36:
                    bc:d9:a0:74:d9:70:aa:43:64:94:91:7c:a3:37:92:
                    aa:df:26:3b:02:8d:0b:da:43:c7:70:92:4a:63:ce:
                    30:c0:01:64:e4:0b:13:e1:d0:53:55:57:66:d8:30:
                    90:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:40:FC:51:29:D5:B3:56:52:AA:15:36:E0:85:C3:B2:2E:60:DF:9E
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/0UD8USnVs1ZSqhU24IXDsi5g354.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:e8:e4:b4:de:04:bf:d3:0d:80:a2:06:91:23:e4:dd:a2:49:
         36:e3:a1:4f:e9:83:a2:f6:bd:77:56:0e:de:5d:1f:c0:40:c7:
         78:30:8e:16:50:87:8b:1a:26:a2:1b:2b:46:d5:19:24:f0:2c:
         16:01:1f:eb:cd:eb:56:05:bb:ba:64:0c:b6:a7:1e:ff:1d:f0:
         d1:15:33:b5:64:e6:99:e3:46:c9:6e:14:85:f7:95:30:53:43:
         97:3d:61:0c:7f:32:7b:60:95:50:62:42:1c:48:73:1b:99:7b:
         26:75:c6:ea:fc:25:ed:48:5f:31:b8:26:1e:01:ef:24:7b:03:
         0e:7e:f0:1f:67:0a:26:72:09:b7:60:7c:85:08:ba:ec:2a:0c:
         88:84:bb:b1:e4:2e:c2:85:b1:d9:28:32:6a:28:df:a2:3a:12:
         dd:33:20:64:cc:f3:78:b8:9d:79:5e:70:fc:45:c2:24:05:82:
         cf:5f:0e:4a:bf:50:83:b2:97:db:74:3d:2a:10:02:94:f5:64:
         98:5f:09:f8:cd:c1:81:d5:58:27:65:ab:fc:a6:07:7f:8c:15:
         0a:9f:35:ed:33:e8:0e:db:83:05:30:b5:86:ba:1c:80:c5:00:
         5b:18:d2:7a:be:7e:71:5d:99:81:57:5c:9b:a6:41:05:c3:08:
         96:84:44:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57G+OzH11YO1xpeWdiZ5ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMTAxMTQxODE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTQwZmM1MTI5ZDViMzU2NTJhYTE1MzZlMDg1YzNiMjJlNjBkZjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hkctomhXmt/YJAvfstdU2s/7bAn
yp7CeW/oXQICYsKQ0gFmUG8NM9/pLIwIZ6SJVkTyDdCWCSO51ybnhvKNh9kLRCSU
yy3nmTLxoSgO8DpIXY/bHNRSoY29zT6kqZyDH1gTjirU25DOTSRNUc5PoHjBW++w
zQ1Z9bes4qjrZ0Yk/7Aul3TALXSKybI6KTD5T5tA/sx41RPLK9/tqR9qN5dQgHj5
7c8CmlUry8jElhgEYno8pv8t6svEq2gdh+lL/IwRTKMJiV+hw7iAM2gIjTa82aB0
2XCqQ2SUkXyjN5Kq3yY7Ao0L2kPHcJJKY84wwAFk5AsT4dBTVVdm2DCQZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFA/FEp1bNWUqoVNuCFw7IuYN+eMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvMFVEOFVTblZzMVpTcWhVMjRJWERzaTVnMzU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbW1MA0G
CSqGSIb3DQEBCwUAA4IBAQCe6OS03gS/0w2AogaRI+Tdokk246FP6YOi9r13Vg7e
XR/AQMd4MI4WUIeLGiaiGytG1Rkk8CwWAR/rzetWBbu6ZAy2px7/HfDRFTO1ZOaZ
40bJbhSF95UwU0OXPWEMfzJ7YJVQYkIcSHMbmXsmdcbq/CXtSF8xuCYeAe8kewMO
fvAfZwomcgm3YHyFCLrsKgyIhLux5C7ChbHZKDJqKN+iOhLdMyBkzPN4uJ15XnD8
RcIkBYLPXw5Kv1CDspfbdD0qEAKU9WSYXwn4zcGB1VgnZav8pgd/jBUKnzXtM+gO
24MFMLWGuhyAxQBbGNJ6vn5xXZmBV1ybpkEFwwiWhETW
-----END CERTIFICATE-----