This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/HbjKNiw4d3SEg0dTumigj0PGsTM.roa
File:                     HbjKNiw4d3SEg0dTumigj0PGsTM.roa (raw, json)
Hash identifier:          nW4tvMSwJMcIQf6OvnWLF1rZzRY1A2YzlXfxp1Y/+GE=
Subject key identifier:   1D:B8:CA:36:2C:38:77:74:84:83:47:53:BA:68:A0:8F:43:C6:B1:33
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       019B7DCA2F3489EED12E2E58B283361D2114
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/HbjKNiw4d3SEg0dTumigj0PGsTM.roa
Signing time:             Fri 02 Jan 2026 08:19:20 +0000
ROA not before:           Fri 02 Jan 2026 08:19:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216127
IP address blocks:        5.104.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:2f:34:89:ee:d1:2e:2e:58:b2:83:36:1d:21:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 08:19:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1db8ca362c38777484834753ba68a08f43c6b133
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:2c:13:6e:28:dd:67:1a:55:09:e5:eb:32:56:
                    e0:48:23:6f:d0:f2:6c:f2:a7:20:a7:54:25:f9:08:
                    9f:22:0f:bb:8d:1f:8b:43:82:f7:d4:f8:04:40:52:
                    62:3a:1f:a5:4d:93:d0:02:5b:18:27:14:df:91:ce:
                    9a:41:96:67:ee:fe:d8:7a:1c:a7:a8:2a:a5:a7:c1:
                    9c:70:1c:4d:c2:a2:0f:68:85:fb:07:d3:68:70:9d:
                    f0:a2:ec:f1:0b:a1:4b:28:cd:04:eb:cf:91:cc:74:
                    34:15:09:21:10:35:bf:82:71:15:a8:0e:8a:6a:30:
                    8e:68:23:c5:48:88:3d:be:64:0a:95:32:3c:48:64:
                    6a:9f:88:f9:34:78:08:bf:4a:64:fa:5d:7d:da:38:
                    73:d7:71:84:95:4b:4c:1c:83:aa:94:6d:74:68:a5:
                    6f:7a:f5:23:a6:06:bd:82:ab:30:49:5d:69:26:31:
                    26:aa:96:fa:bf:f1:2a:c4:77:58:f2:68:10:d8:56:
                    a9:d4:8b:72:b5:20:57:37:5b:67:09:76:1c:09:b4:
                    74:f1:53:58:d3:62:dc:c2:25:0b:a8:82:de:64:f1:
                    c4:dd:8c:98:a8:9f:bb:39:a8:ba:37:53:29:c5:4b:
                    82:24:e6:9f:df:0c:19:15:86:63:53:3e:be:43:02:
                    87:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:B8:CA:36:2C:38:77:74:84:83:47:53:BA:68:A0:8F:43:C6:B1:33
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/HbjKNiw4d3SEg0dTumigj0PGsTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:da:2b:53:cf:8e:93:dc:4c:3d:ab:ee:93:f7:01:b1:f0:3f:
         b4:7e:42:c6:87:a4:aa:56:3d:64:19:ce:03:9d:27:45:0e:d4:
         f9:5e:00:c8:0b:22:2d:7c:28:85:f0:b7:f1:f7:bc:7e:7f:fc:
         03:ba:2a:bf:62:34:eb:e9:1b:8a:cf:67:7d:d8:3b:8c:95:77:
         17:fd:36:a8:8a:7e:29:62:0c:de:13:6e:11:a7:25:35:29:fd:
         ce:0b:ba:2b:eb:16:56:24:a8:0f:1d:66:87:13:35:62:19:85:
         04:91:c6:32:a3:63:1b:6b:7c:4f:d0:15:33:73:e3:01:92:e9:
         cb:63:04:70:ed:91:7f:e6:4f:21:75:30:7f:5e:2d:f8:af:3d:
         42:8f:ac:c2:3d:ac:5e:8e:38:7f:df:01:99:14:e6:c3:59:e6:
         27:1d:05:da:e1:8c:ff:5e:2a:48:c8:a0:dd:53:66:b1:de:c6:
         55:9a:cc:31:39:66:68:b2:e1:59:ee:fc:9c:9d:e4:42:79:58:
         6f:fa:03:a5:4e:bd:f6:c6:74:9b:8a:68:04:2b:52:f8:3f:5d:
         44:36:b7:67:a1:54:0d:e1:9d:fe:ce:6e:e9:21:94:65:51:29:
         01:16:dd:e0:cb:71:f3:a1:24:7d:76:0c:a8:7d:f8:42:21:46:
         d4:cf:a1:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yi80ie7RLi5YsoM2HSEUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjYwMTAyMDgxOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGI4Y2EzNjJjMzg3Nzc0ODQ4MzQ3NTNiYTY4YTA4ZjQzYzZiMTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCwTbijdZxpVCeXrMlbgSCNv0PJs
8qcgp1Ql+QifIg+7jR+LQ4L31PgEQFJiOh+lTZPQAlsYJxTfkc6aQZZn7v7Yehyn
qCqlp8GccBxNwqIPaIX7B9NocJ3wouzxC6FLKM0E68+RzHQ0FQkhEDW/gnEVqA6K
ajCOaCPFSIg9vmQKlTI8SGRqn4j5NHgIv0pk+l192jhz13GElUtMHIOqlG10aKVv
evUjpga9gqswSV1pJjEmqpb6v/EqxHdY8mgQ2Fap1ItytSBXN1tnCXYcCbR08VNY
02LcwiULqILeZPHE3YyYqJ+7Oai6N1MpxUuCJOaf3wwZFYZjUz6+QwKH/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB24yjYsOHd0hINHU7pooI9DxrEzMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvSGJqS05pdzRkM1NFZzBkVHVtaWdqMFBHc1RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABWhLMA0G
CSqGSIb3DQEBCwUAA4IBAQB12itTz46T3Ew9q+6T9wGx8D+0fkLGh6SqVj1kGc4D
nSdFDtT5XgDICyItfCiF8Lfx97x+f/wDuiq/YjTr6RuKz2d92DuMlXcX/Taoin4p
YgzeE24RpyU1Kf3OC7or6xZWJKgPHWaHEzViGYUEkcYyo2Mba3xP0BUzc+MBkunL
YwRw7ZF/5k8hdTB/Xi34rz1Cj6zCPaxejjh/3wGZFObDWeYnHQXa4Yz/XipIyKDd
U2ax3sZVmswxOWZosuFZ7vycneRCeVhv+gOlTr32xnSbimgEK1L4P11ENrdnoVQN
4Z3+zm7pIZRlUSkBFt3gy3HzoSR9dgyoffhCIUbUz6Ga
-----END CERTIFICATE-----