This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/30523b-8b3c-46cb-abbc-e101477efb8a/1/hD5yM-bTRcXqw7hsAje6CKQSULU.roa
File:                     hD5yM-bTRcXqw7hsAje6CKQSULU.roa (raw, json)
Hash identifier:          BoKM+q4JQCN0QltCSwaO5romaCSLzyBz/YnHCsh+0Uw=
Subject key identifier:   84:3E:72:33:E6:D3:45:C5:EA:C3:B8:6C:02:37:BA:08:A4:12:50:B5
Certificate issuer:       /CN=e3d5159882e77a67f797f8f8b996b62c4ebabc20
Certificate serial:       019B7D5AEBE76BA0411F4CEB9BE89A066802
Authority key identifier: E3:D5:15:98:82:E7:7A:67:F7:97:F8:F8:B9:96:B6:2C:4E:BA:BC:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49UVmILnemf3l_j4uZa2LE66vCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/30523b-8b3c-46cb-abbc-e101477efb8a/1/hD5yM-bTRcXqw7hsAje6CKQSULU.roa
Signing time:             Fri 02 Jan 2026 06:17:49 +0000
ROA not before:           Fri 02 Jan 2026 06:17:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39306
IP address blocks:        193.37.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/30523b-8b3c-46cb-abbc-e101477efb8a/1/49UVmILnemf3l_j4uZa2LE66vCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/30523b-8b3c-46cb-abbc-e101477efb8a/1/49UVmILnemf3l_j4uZa2LE66vCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49UVmILnemf3l_j4uZa2LE66vCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5a:eb:e7:6b:a0:41:1f:4c:eb:9b:e8:9a:06:68:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d5159882e77a67f797f8f8b996b62c4ebabc20
        Validity
            Not Before: Jan  2 06:17:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=843e7233e6d345c5eac3b86c0237ba08a41250b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:75:58:fa:d3:0e:14:ad:4b:62:b7:52:c4:e6:
                    4a:8c:b0:df:d5:8d:54:0a:aa:69:80:d9:7f:bb:ff:
                    64:8a:02:5e:40:ed:e9:04:e3:f7:a6:3d:87:45:79:
                    1a:30:d2:a7:7b:20:06:14:4b:43:4e:a5:df:a4:08:
                    4f:51:5f:62:af:c5:3e:5c:48:08:ea:52:50:83:39:
                    fd:15:c0:12:43:6e:59:c1:34:52:e3:d4:ae:13:19:
                    b4:32:dd:dc:07:41:c1:12:23:25:76:fb:bc:09:e4:
                    32:87:b7:cb:df:37:43:d6:63:f7:54:ce:10:5b:9a:
                    75:35:e9:74:5f:d4:09:df:01:ee:3a:3f:af:20:73:
                    82:2e:59:00:86:71:c2:a9:24:48:6b:a3:22:ee:35:
                    bc:f7:65:6c:92:31:8b:c3:ad:44:7d:35:ce:c5:5b:
                    1e:12:35:48:57:44:41:61:bf:d9:02:6c:dd:af:bd:
                    9d:69:d4:d7:4f:b0:34:57:e4:e2:ad:b5:1a:88:df:
                    c7:26:0b:cc:2a:66:54:bd:6f:2b:e1:10:f8:41:34:
                    86:a3:2e:b7:2f:ad:27:2e:b3:75:22:18:23:c1:81:
                    cd:9d:ed:01:f8:74:57:8d:2e:ef:d4:2f:7a:24:20:
                    47:60:33:b2:2e:5a:11:a9:de:14:b6:c2:07:d0:e6:
                    bb:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:3E:72:33:E6:D3:45:C5:EA:C3:B8:6C:02:37:BA:08:A4:12:50:B5
            X509v3 Authority Key Identifier:
                keyid:E3:D5:15:98:82:E7:7A:67:F7:97:F8:F8:B9:96:B6:2C:4E:BA:BC:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49UVmILnemf3l_j4uZa2LE66vCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/30523b-8b3c-46cb-abbc-e101477efb8a/1/hD5yM-bTRcXqw7hsAje6CKQSULU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/30523b-8b3c-46cb-abbc-e101477efb8a/1/49UVmILnemf3l_j4uZa2LE66vCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:af:9d:5c:82:0c:c6:ec:93:fc:e6:e1:00:34:84:14:7a:37:
         84:74:de:8d:ad:a4:39:c6:06:26:7c:15:18:44:18:e3:05:a4:
         be:83:92:7a:9a:7b:30:4c:46:6b:5c:94:2d:36:f2:b5:2c:70:
         26:78:49:70:b7:6f:5a:1a:e8:f6:1b:7b:be:01:2b:57:79:e6:
         3c:11:39:cf:10:36:52:1e:a7:b9:6f:26:05:18:68:43:48:07:
         d4:d9:20:3f:8f:0c:15:82:2b:19:60:e8:ed:d2:4e:8b:9c:e1:
         9a:d5:b3:e2:89:14:34:50:32:d2:5a:73:90:28:3f:c0:fc:b7:
         4e:db:96:f3:67:f7:d2:71:11:e1:54:6f:e6:98:c7:bd:cb:ef:
         d2:8a:e9:17:05:14:0e:dc:b9:5b:36:bb:5f:77:ed:8d:37:ec:
         73:94:5f:34:bc:8b:4d:01:4d:f9:88:38:d0:71:54:bd:13:01:
         47:31:6c:eb:ca:8d:45:8b:34:aa:b9:47:23:ee:36:55:98:93:
         d5:22:9f:a8:44:f0:c5:e3:d3:25:be:62:26:bf:7c:e8:d8:b8:
         fe:75:d4:16:d7:79:e3:37:cd:dc:7c:4e:38:a7:bb:d8:f3:ff:
         af:c4:49:64:0b:17:a7:fd:70:d6:79:79:22:77:f2:50:90:24:
         e4:35:bb:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9Wuvna6BBH0zrm+iaBmgCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDUxNTk4ODJlNzdhNjdmNzk3ZjhmOGI5OTZiNjJjNGVi
YWJjMjAwHhcNMjYwMTAyMDYxNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDNlNzIzM2U2ZDM0NWM1ZWFjM2I4NmMwMjM3YmEwOGE0MTI1MGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnVY+tMOFK1LYrdSxOZKjLDf1Y1U
CqppgNl/u/9kigJeQO3pBOP3pj2HRXkaMNKneyAGFEtDTqXfpAhPUV9ir8U+XEgI
6lJQgzn9FcASQ25ZwTRS49SuExm0Mt3cB0HBEiMldvu8CeQyh7fL3zdD1mP3VM4Q
W5p1Nel0X9QJ3wHuOj+vIHOCLlkAhnHCqSRIa6Mi7jW892VskjGLw61EfTXOxVse
EjVIV0RBYb/ZAmzdr72dadTXT7A0V+TirbUaiN/HJgvMKmZUvW8r4RD4QTSGoy63
L60nLrN1IhgjwYHNne0B+HRXjS7v1C96JCBHYDOyLloRqd4UtsIH0Oa7wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQ+cjPm00XF6sO4bAI3ugikElC1MB8GA1UdIwQY
MBaAFOPVFZiC53pn95f4+LmWtixOurwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlVVm1JTG5lbWYzbF9qNHVaYTJMRTY2dkNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8zMDUyM2ItOGIzYy00NmNiLWFiYmMt
ZTEwMTQ3N2VmYjhhLzEvaEQ1eU0tYlRSY1hxdzdoc0FqZTZDS1FTVUxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8zMDUyM2ItOGIzYy00NmNiLWFiYmMtZTEwMTQ3N2VmYjhh
LzEvNDlVVm1JTG5lbWYzbF9qNHVaYTJMRTY2dkNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSWKMA0G
CSqGSIb3DQEBCwUAA4IBAQAQr51cggzG7JP85uEANIQUejeEdN6NraQ5xgYmfBUY
RBjjBaS+g5J6mnswTEZrXJQtNvK1LHAmeElwt29aGuj2G3u+AStXeeY8ETnPEDZS
Hqe5byYFGGhDSAfU2SA/jwwVgisZYOjt0k6LnOGa1bPiiRQ0UDLSWnOQKD/A/LdO
25bzZ/fScRHhVG/mmMe9y+/SiukXBRQO3LlbNrtfd+2NN+xzlF80vItNAU35iDjQ
cVS9EwFHMWzryo1FizSquUcj7jZVmJPVIp+oRPDF49MlvmImv3zo2Lj+ddQW13nj
N83cfE44p7vY8/+vxElkCxen/XDWeXkid/JQkCTkNbsz
-----END CERTIFICATE-----