This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/e243d0-19fe-4da3-a20a-e6effd3cef32/1/hhSORRB_cbi8J7UPYVa8deItbjI.roa
File:                     hhSORRB_cbi8J7UPYVa8deItbjI.roa (raw, json)
Hash identifier:          tbnenU0D5ezQqQe74bKynFZLzheD+pCDrBBIC6BR1ds=
Subject key identifier:   86:14:8E:45:10:7F:71:B8:BC:27:B5:0F:61:56:BC:75:E2:2D:6E:32
Certificate issuer:       /CN=06c3b8b5f37e21068250571f4db83b4714468a2c
Certificate serial:       019B791050EB26516B1FD6B7CD0D8271666B
Authority key identifier: 06:C3:B8:B5:F3:7E:21:06:82:50:57:1F:4D:B8:3B:47:14:46:8A:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BsO4tfN-IQaCUFcfTbg7RxRGiiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/e243d0-19fe-4da3-a20a-e6effd3cef32/1/hhSORRB_cbi8J7UPYVa8deItbjI.roa
Signing time:             Thu 01 Jan 2026 10:17:51 +0000
ROA not before:           Thu 01 Jan 2026 10:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59695
IP address blocks:        5.152.248.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/e243d0-19fe-4da3-a20a-e6effd3cef32/1/BsO4tfN-IQaCUFcfTbg7RxRGiiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/e243d0-19fe-4da3-a20a-e6effd3cef32/1/BsO4tfN-IQaCUFcfTbg7RxRGiiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BsO4tfN-IQaCUFcfTbg7RxRGiiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 19:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:50:eb:26:51:6b:1f:d6:b7:cd:0d:82:71:66:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06c3b8b5f37e21068250571f4db83b4714468a2c
        Validity
            Not Before: Jan  1 10:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86148e45107f71b8bc27b50f6156bc75e22d6e32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9d:88:1a:1c:13:58:6a:d7:0b:0f:d4:68:4b:
                    4b:5b:17:13:e5:de:b0:57:7b:cf:8a:91:b2:63:36:
                    91:de:57:84:46:e4:42:19:37:71:f5:d4:5d:ad:b3:
                    5e:54:d1:4b:f4:c0:be:c3:5b:ec:1a:45:ee:f7:39:
                    97:10:81:c3:7a:97:21:99:72:9f:34:a9:bf:96:a9:
                    d5:37:7e:77:60:71:f6:ec:e9:93:bb:b2:ec:36:eb:
                    0b:89:30:44:e7:08:88:52:e7:05:e4:64:52:85:c7:
                    5e:35:26:ae:79:29:43:70:b4:57:9e:fd:75:9b:88:
                    80:38:99:58:bd:1d:3f:0e:77:0f:4c:f3:83:91:05:
                    e5:85:99:81:56:67:56:21:c3:27:c0:26:1d:d0:23:
                    ad:af:05:fc:c7:b6:70:28:e0:ca:ea:f2:2c:91:69:
                    b2:51:a8:81:b7:c6:90:24:f5:d6:ec:49:b5:4a:88:
                    a1:5c:32:36:12:62:8b:a4:85:bb:a1:1a:5a:0d:6a:
                    a9:01:10:4f:2a:6f:6b:a6:ab:b4:bb:d5:6a:1a:73:
                    66:a6:c0:de:6f:a5:a5:05:ec:e8:70:c1:24:5e:eb:
                    06:e2:33:89:42:bf:64:7d:73:93:bf:cf:1f:02:1d:
                    52:fd:2a:28:36:1d:60:d7:3e:be:0f:4d:aa:7f:02:
                    17:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:14:8E:45:10:7F:71:B8:BC:27:B5:0F:61:56:BC:75:E2:2D:6E:32
            X509v3 Authority Key Identifier:
                keyid:06:C3:B8:B5:F3:7E:21:06:82:50:57:1F:4D:B8:3B:47:14:46:8A:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BsO4tfN-IQaCUFcfTbg7RxRGiiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/e243d0-19fe-4da3-a20a-e6effd3cef32/1/hhSORRB_cbi8J7UPYVa8deItbjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/e243d0-19fe-4da3-a20a-e6effd3cef32/1/BsO4tfN-IQaCUFcfTbg7RxRGiiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.152.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4f:87:03:37:ae:87:08:f6:dc:e2:7c:ea:85:60:4a:5b:82:67:
         c4:b0:46:d2:78:8d:17:ba:99:75:f5:d4:12:92:61:03:32:37:
         96:02:0a:6c:4e:7d:46:c4:b2:3a:88:5e:bf:ba:6c:11:29:a5:
         2f:4b:4b:4f:e5:52:0f:ce:c1:6d:0e:03:dd:94:d4:16:42:8b:
         ec:4a:bf:0b:5d:f8:ac:5a:cb:8b:36:dd:66:bd:ba:82:9c:0b:
         39:3f:51:54:53:41:fc:7e:f7:a7:03:43:f5:63:02:f9:3b:b8:
         16:9f:e5:59:21:2a:54:04:8f:0d:8f:8c:a5:08:79:cc:54:57:
         a7:15:de:6e:d1:f6:e7:e6:c0:fb:62:97:9a:c1:f5:28:d3:9c:
         6f:00:9a:f0:f2:1b:e4:8d:73:b1:70:80:62:8e:61:98:67:51:
         e6:b9:05:0c:fe:b1:12:d7:83:53:96:81:e1:77:38:5d:89:32:
         8f:40:a3:e8:2a:15:69:b9:91:ff:e5:f5:82:89:ca:a2:23:26:
         ec:2d:37:e4:c6:6c:1c:0b:44:31:64:e7:a4:dc:94:6f:44:1b:
         36:d8:82:c0:62:db:1a:0e:37:74:cd:d8:3e:b6:cf:81:bd:2f:
         e9:c8:f9:19:ce:9f:c5:57:48:5c:bd:b0:af:b4:1a:78:39:cb:
         91:46:c1:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EFDrJlFrH9a3zQ2CcWZrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YzNiOGI1ZjM3ZTIxMDY4MjUwNTcxZjRkYjgzYjQ3MTQ0
NjhhMmMwHhcNMjYwMTAxMTAxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjE0OGU0NTEwN2Y3MWI4YmMyN2I1MGY2MTU2YmM3NWUyMmQ2ZTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZ2IGhwTWGrXCw/UaEtLWxcT5d6w
V3vPipGyYzaR3leERuRCGTdx9dRdrbNeVNFL9MC+w1vsGkXu9zmXEIHDepchmXKf
NKm/lqnVN353YHH27OmTu7LsNusLiTBE5wiIUucF5GRShcdeNSaueSlDcLRXnv11
m4iAOJlYvR0/DncPTPODkQXlhZmBVmdWIcMnwCYd0COtrwX8x7ZwKODK6vIskWmy
UaiBt8aQJPXW7Em1SoihXDI2EmKLpIW7oRpaDWqpARBPKm9rpqu0u9VqGnNmpsDe
b6WlBezocMEkXusG4jOJQr9kfXOTv88fAh1S/SooNh1g1z6+D02qfwIXXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYUjkUQf3G4vCe1D2FWvHXiLW4yMB8GA1UdIwQY
MBaAFAbDuLXzfiEGglBXH024O0cURoosMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnNPNHRmTi1JUWFDVUZjZlRiZzdSeFJHaWl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9lMjQzZDAtMTlmZS00ZGEzLWEyMGEt
ZTZlZmZkM2NlZjMyLzEvaGhTT1JSQl9jYmk4SjdVUFlWYThkZUl0YmpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9lMjQzZDAtMTlmZS00ZGEzLWEyMGEtZTZlZmZkM2NlZjMy
LzEvQnNPNHRmTi1JUWFDVUZjZlRiZzdSeFJHaWl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBZj4MA0G
CSqGSIb3DQEBCwUAA4IBAQBPhwM3rocI9tzifOqFYEpbgmfEsEbSeI0Xupl19dQS
kmEDMjeWAgpsTn1GxLI6iF6/umwRKaUvS0tP5VIPzsFtDgPdlNQWQovsSr8LXfis
WsuLNt1mvbqCnAs5P1FUU0H8fvenA0P1YwL5O7gWn+VZISpUBI8Nj4ylCHnMVFen
Fd5u0fbn5sD7YpeawfUo05xvAJrw8hvkjXOxcIBijmGYZ1HmuQUM/rES14NTloHh
dzhdiTKPQKPoKhVpuZH/5fWCicqiIybsLTfkxmwcC0QxZOek3JRvRBs22ILAYtsa
Djd0zdg+ts+BvS/pyPkZzp/FV0hcvbCvtBp4OcuRRsFZ
-----END CERTIFICATE-----