This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/uzOMoeJNBKtBO6lc_o6UFQNTwEc.roa
File:                     uzOMoeJNBKtBO6lc_o6UFQNTwEc.roa (raw, json)
Hash identifier:          rJl0eajYLc2stvn18GnrCCke/2hQuDa/alUQcQX4MLg=
Subject key identifier:   BB:33:8C:A1:E2:4D:04:AB:41:3B:A9:5C:FE:8E:94:15:03:53:C0:47
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019BCCE2E021BED99EF81B2DAE8F3AA8AEEF
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/uzOMoeJNBKtBO6lc_o6UFQNTwEc.roa
Signing time:             Sat 17 Jan 2026 16:56:19 +0000
ROA not before:           Sat 17 Jan 2026 16:56:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43260
IP address blocks:        5.181.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:cc:e2:e0:21:be:d9:9e:f8:1b:2d:ae:8f:3a:a8:ae:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan 17 16:56:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bb338ca1e24d04ab413ba95cfe8e94150353c047
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:19:06:11:ad:a8:83:af:e5:e6:6d:41:32:ba:
                    4d:5e:82:a5:b5:c4:08:7a:83:8b:9f:4f:11:d9:5c:
                    48:1c:8d:a2:1c:a7:c1:01:58:03:90:96:3d:4b:d1:
                    dc:b0:8d:94:71:f1:ef:cf:3e:f1:7f:97:5c:f0:35:
                    00:9c:71:25:46:61:5e:03:45:12:dc:ce:59:cc:4f:
                    f0:d4:c8:35:59:8d:ce:5c:8d:52:2a:eb:94:46:a1:
                    9e:42:76:7e:49:d7:3e:fe:a9:a3:9f:55:e7:af:a7:
                    2a:fa:78:5f:97:5b:0e:58:99:b7:73:fa:d2:06:82:
                    27:9d:59:ea:86:57:64:f8:b7:7f:4f:26:8d:7c:88:
                    40:90:7b:e4:1d:54:09:e3:e3:75:78:8c:00:ba:ac:
                    e8:20:ca:5c:96:b0:fd:a5:a5:74:c2:7b:44:a3:c1:
                    3c:55:ff:21:56:60:fc:34:13:cc:08:bb:3a:94:7a:
                    3a:54:75:7a:4b:c0:89:cb:9c:24:ef:96:a6:18:df:
                    99:70:f2:39:63:21:d2:d0:c9:7e:42:68:81:ea:e1:
                    17:ae:dd:12:d1:cb:cd:7d:8d:fa:f7:b8:a7:45:bc:
                    2a:4f:d6:ac:e7:75:b3:4a:24:f1:72:35:24:01:97:
                    ee:73:ff:8c:ff:13:d3:e2:f2:64:35:15:26:27:99:
                    c7:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:33:8C:A1:E2:4D:04:AB:41:3B:A9:5C:FE:8E:94:15:03:53:C0:47
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/uzOMoeJNBKtBO6lc_o6UFQNTwEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:e5:8c:7f:95:3b:75:f3:3d:32:55:6f:d6:d2:ed:5b:b8:b5:
         6c:6e:d1:08:47:54:ea:27:3c:05:cc:bf:b0:c3:fd:b9:8e:c8:
         6f:dd:49:b8:fd:6a:cb:5d:eb:2e:0c:e1:dd:e5:bb:b7:50:f1:
         06:6f:61:fa:f5:e2:86:77:94:63:46:0b:1b:49:d4:1b:a3:d3:
         f0:84:b4:f5:76:81:04:14:85:da:b1:de:15:46:f1:7d:01:d8:
         37:ac:cc:88:4c:fc:b9:a8:23:6f:49:b8:d8:39:fb:dd:0e:45:
         53:17:94:25:40:d3:7b:9f:57:b8:53:45:7a:4f:cb:a4:2b:5f:
         c4:ee:7d:a7:14:81:9f:d4:de:5b:bf:69:b9:f5:68:45:3f:e0:
         5e:ba:aa:81:cd:3b:de:18:2f:1b:be:75:9c:d6:d2:2d:75:4f:
         1a:2c:00:19:ca:8f:bd:76:b5:81:c0:11:7e:b4:dc:e0:7e:4f:
         e6:ba:cc:fe:ce:0a:8d:48:31:93:a2:ef:81:78:71:cf:83:de:
         51:74:75:ab:b4:fd:e4:91:a8:0c:67:2f:56:81:67:51:d8:5d:
         17:25:b7:2c:a9:a9:7a:87:a3:fe:a6:60:ea:f4:a8:37:6f:d8:
         1f:22:96:0f:1a:e6:b8:0a:5c:d9:45:6c:c3:16:87:ec:82:38:
         13:3a:44:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvM4uAhvtme+Bstro86qK7vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwMTE3MTY1NjE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjMzOGNhMWUyNGQwNGFiNDEzYmE5NWNmZThlOTQxNTAzNTNjMDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRkGEa2og6/l5m1BMrpNXoKltcQI
eoOLn08R2VxIHI2iHKfBAVgDkJY9S9HcsI2UcfHvzz7xf5dc8DUAnHElRmFeA0US
3M5ZzE/w1Mg1WY3OXI1SKuuURqGeQnZ+Sdc+/qmjn1Xnr6cq+nhfl1sOWJm3c/rS
BoInnVnqhldk+Ld/TyaNfIhAkHvkHVQJ4+N1eIwAuqzoIMpclrD9paV0wntEo8E8
Vf8hVmD8NBPMCLs6lHo6VHV6S8CJy5wk75amGN+ZcPI5YyHS0Ml+QmiB6uEXrt0S
0cvNfY3697inRbwqT9as53WzSiTxcjUkAZfuc/+M/xPT4vJkNRUmJ5nHFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLszjKHiTQSrQTupXP6OlBUDU8BHMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvdXpPTW9lSk5CS3RCTzZsY19vNlVGUU5Ud0VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbVUMA0G
CSqGSIb3DQEBCwUAA4IBAQAz5Yx/lTt18z0yVW/W0u1buLVsbtEIR1TqJzwFzL+w
w/25jshv3Um4/WrLXesuDOHd5bu3UPEGb2H69eKGd5RjRgsbSdQbo9PwhLT1doEE
FIXasd4VRvF9Adg3rMyITPy5qCNvSbjYOfvdDkVTF5QlQNN7n1e4U0V6T8ukK1/E
7n2nFIGf1N5bv2m59WhFP+BeuqqBzTveGC8bvnWc1tItdU8aLAAZyo+9drWBwBF+
tNzgfk/musz+zgqNSDGTou+BeHHPg95RdHWrtP3kkagMZy9WgWdR2F0XJbcsqal6
h6P+pmDq9Kg3b9gfIpYPGua4ClzZRWzDFofsgjgTOkQN
-----END CERTIFICATE-----