This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/3gU7NhjisunKtWd9bMSnuuSwYC8.roa
File:                     3gU7NhjisunKtWd9bMSnuuSwYC8.roa (raw, json)
Hash identifier:          H2bs2cRSvlTY1OqjGcleIYpLZgO+1sCjkGoKHt5c3Io=
Subject key identifier:   DE:05:3B:36:18:E2:B2:E9:CA:B5:67:7D:6C:C4:A7:BA:E4:B0:60:2F
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019B7F15E3E69F39E423211FC0A3A482571C
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/3gU7NhjisunKtWd9bMSnuuSwYC8.roa
Signing time:             Fri 02 Jan 2026 14:21:39 +0000
ROA not before:           Fri 02 Jan 2026 14:21:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47585
IP address blocks:        5.181.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 Jan 2026 14:32:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:e3:e6:9f:39:e4:23:21:1f:c0:a3:a4:82:57:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  2 14:21:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de053b3618e2b2e9cab5677d6cc4a7bae4b0602f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:6e:6e:28:66:df:ba:87:d1:65:47:a1:dd:6a:
                    f6:de:9e:88:cd:2b:64:13:3b:67:12:b8:ba:38:e9:
                    19:ef:19:5f:cc:57:bc:b4:97:a8:6a:87:3a:d9:c3:
                    cc:34:d0:fd:6e:6f:9b:aa:14:6f:3c:1b:d5:4c:37:
                    cc:3d:04:6f:38:90:30:f2:97:b7:34:ef:2d:30:65:
                    44:bb:c8:47:22:c2:71:e3:ef:ed:c2:f3:28:c0:06:
                    78:6c:97:5e:b2:66:46:93:f8:af:97:0b:7a:43:99:
                    d3:57:bc:cb:ba:25:8d:8e:6d:12:cd:37:8b:bc:ed:
                    25:40:5d:be:ce:4e:ef:95:01:b5:19:34:65:29:55:
                    cc:4c:46:fe:c8:8b:e0:83:3e:1b:da:eb:c0:b1:0a:
                    73:03:f5:cd:67:27:2e:7b:b4:9f:f6:62:cb:29:35:
                    31:05:d6:d9:58:6d:77:2a:05:bb:eb:31:7f:6a:f4:
                    47:93:81:1b:bb:19:f2:ff:d1:28:4a:b9:99:30:2a:
                    b8:34:f8:45:51:fb:d6:ae:4d:aa:ff:5f:6a:e2:0e:
                    b0:5d:cd:e7:f2:a5:15:6c:3b:ac:81:f0:ef:22:59:
                    94:f7:5c:7c:cf:40:7b:8a:bc:98:72:c5:a2:9f:0e:
                    4e:9b:fc:66:7f:53:72:f3:04:17:2d:d0:6d:55:7a:
                    8c:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:05:3B:36:18:E2:B2:E9:CA:B5:67:7D:6C:C4:A7:BA:E4:B0:60:2F
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/3gU7NhjisunKtWd9bMSnuuSwYC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:b5:57:64:5e:91:0e:af:7b:87:b7:7d:c4:de:c9:8b:a4:2e:
         2c:d6:3e:3f:b5:d0:52:0f:0e:21:be:44:0b:8f:d8:bb:fd:7d:
         28:54:5c:f4:8c:c7:05:23:23:8e:b3:f3:48:70:cb:4a:fe:80:
         b6:8e:e6:cc:36:35:24:75:7c:ce:b6:f8:09:62:ed:ab:a1:86:
         85:ec:30:89:91:53:3d:a4:89:f4:aa:b4:3b:d4:a0:54:29:d2:
         11:5e:63:f4:eb:64:4c:47:c7:4a:93:e6:60:68:ee:d7:15:79:
         92:dc:dc:5e:aa:05:de:94:21:46:0c:c8:0d:36:8c:ab:21:c6:
         c6:88:e8:bf:dd:f7:e1:53:42:ef:67:fa:45:29:d9:bc:37:b2:
         79:1f:53:bd:98:23:97:79:26:ed:a1:a0:d3:0e:20:f4:b2:64:
         19:64:e5:4c:2d:4f:cb:e5:84:9a:ef:13:79:f0:26:be:fa:45:
         7b:bf:17:54:0d:b4:2a:1c:a4:ac:b9:78:26:fc:49:49:7a:9a:
         c1:26:0a:06:25:af:1b:53:d1:2a:6c:98:cf:5a:2c:8f:25:e1:
         5a:24:33:1c:de:4a:22:bd:6b:a8:dc:96:ac:66:35:17:5b:8c:
         64:f5:c5:31:40:f3:90:cc:cc:4d:a9:4f:3b:1e:8a:68:40:ad:
         00:41:f8:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FePmnznkIyEfwKOkglccMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwMTAyMTQyMTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTA1M2IzNjE4ZTJiMmU5Y2FiNTY3N2Q2Y2M0YTdiYWU0YjA2MDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtW5uKGbfuofRZUeh3Wr23p6IzStk
EztnEri6OOkZ7xlfzFe8tJeoaoc62cPMNND9bm+bqhRvPBvVTDfMPQRvOJAw8pe3
NO8tMGVEu8hHIsJx4+/twvMowAZ4bJdesmZGk/ivlwt6Q5nTV7zLuiWNjm0SzTeL
vO0lQF2+zk7vlQG1GTRlKVXMTEb+yIvggz4b2uvAsQpzA/XNZycue7Sf9mLLKTUx
BdbZWG13KgW76zF/avRHk4Ebuxny/9EoSrmZMCq4NPhFUfvWrk2q/19q4g6wXc3n
8qUVbDusgfDvIlmU91x8z0B7iryYcsWinw5Om/xmf1Ny8wQXLdBtVXqM5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN4FOzYY4rLpyrVnfWzEp7rksGAvMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvM2dVN05oamlzdW5LdFdkOWJNU251dVN3WUM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbVXMA0G
CSqGSIb3DQEBCwUAA4IBAQAEtVdkXpEOr3uHt33E3smLpC4s1j4/tdBSDw4hvkQL
j9i7/X0oVFz0jMcFIyOOs/NIcMtK/oC2jubMNjUkdXzOtvgJYu2roYaF7DCJkVM9
pIn0qrQ71KBUKdIRXmP062RMR8dKk+ZgaO7XFXmS3NxeqgXelCFGDMgNNoyrIcbG
iOi/3ffhU0LvZ/pFKdm8N7J5H1O9mCOXeSbtoaDTDiD0smQZZOVMLU/L5YSa7xN5
8Ca++kV7vxdUDbQqHKSsuXgm/ElJeprBJgoGJa8bU9EqbJjPWiyPJeFaJDMc3koi
vWuo3JasZjUXW4xk9cUxQPOQzMxNqU87HopoQK0AQfgF
-----END CERTIFICATE-----