This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/DPEXaJsdpwunEHWISAhP8hFXOUI.roa
File:                     DPEXaJsdpwunEHWISAhP8hFXOUI.roa (raw, json)
Hash identifier:          +8xOQY/MLqFDz3F9RapHgwM88JkcxWRhi/gr4+Z5Fes=
Subject key identifier:   0C:F1:17:68:9B:1D:A7:0B:A7:10:75:88:48:08:4F:F2:11:57:39:42
Certificate issuer:       /CN=1e4a2020b82d0294e90a2d6b2c0f28d1173b6465
Certificate serial:       019B7FF1A314D08BD4DFACB9ED6250FD2174
Authority key identifier: 1E:4A:20:20:B8:2D:02:94:E9:0A:2D:6B:2C:0F:28:D1:17:3B:64:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HkogILgtApTpCi1rLA8o0Rc7ZGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/DPEXaJsdpwunEHWISAhP8hFXOUI.roa
Signing time:             Fri 02 Jan 2026 18:21:40 +0000
ROA not before:           Fri 02 Jan 2026 18:21:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44066
IP address blocks:        5.132.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/HkogILgtApTpCi1rLA8o0Rc7ZGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/HkogILgtApTpCi1rLA8o0Rc7ZGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HkogILgtApTpCi1rLA8o0Rc7ZGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:a3:14:d0:8b:d4:df:ac:b9:ed:62:50:fd:21:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e4a2020b82d0294e90a2d6b2c0f28d1173b6465
        Validity
            Not Before: Jan  2 18:21:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0cf117689b1da70ba710758848084ff211573942
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:3d:40:de:99:eb:01:52:d1:f0:38:dd:c0:54:
                    02:2f:a9:09:0c:4d:a7:e1:f3:50:41:40:14:7e:39:
                    e2:1e:69:46:03:90:ed:41:26:9e:d8:12:24:e6:ae:
                    07:f3:06:97:ea:f4:8b:25:12:5f:43:05:5b:22:b4:
                    e7:78:6d:3c:c7:52:fc:31:fc:b1:0c:b2:d9:c2:3e:
                    93:73:c1:d4:ec:09:b5:2c:6e:1e:20:74:bf:4b:2c:
                    ea:00:57:8d:3d:9d:c5:b4:54:5e:74:e6:16:58:fb:
                    2e:e1:dc:9e:21:f5:35:bb:74:99:fa:ae:bf:ae:66:
                    e7:43:fb:09:2c:4b:ca:e7:d9:78:4e:da:64:d8:6f:
                    38:cf:cb:70:46:aa:58:e7:a8:2e:8c:f8:23:a6:89:
                    8c:15:bc:e0:c9:0b:85:9b:bc:3c:5c:d2:44:58:83:
                    b1:7d:0b:ae:20:4c:85:4b:96:09:7d:00:52:dd:6a:
                    2c:47:49:f3:63:f5:da:31:6e:7f:10:e4:d2:5a:7f:
                    ec:c0:f1:78:b9:1c:14:cc:b1:e9:db:6a:aa:a6:42:
                    56:a5:6f:e5:50:4e:85:d7:c1:c0:51:78:bd:98:ac:
                    1e:b3:a8:56:a2:a7:55:e0:f5:b4:22:c5:df:28:ae:
                    5f:9a:27:29:97:ef:a8:b2:74:91:8e:91:c0:fa:7b:
                    3b:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:F1:17:68:9B:1D:A7:0B:A7:10:75:88:48:08:4F:F2:11:57:39:42
            X509v3 Authority Key Identifier:
                keyid:1E:4A:20:20:B8:2D:02:94:E9:0A:2D:6B:2C:0F:28:D1:17:3B:64:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HkogILgtApTpCi1rLA8o0Rc7ZGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/DPEXaJsdpwunEHWISAhP8hFXOUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/HkogILgtApTpCi1rLA8o0Rc7ZGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.132.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:e3:dd:60:b0:a3:a6:38:4a:3a:ae:02:6b:3e:de:76:8d:53:
         24:b6:54:16:29:6e:12:17:e5:d1:c4:f7:9c:8e:9a:f1:7f:1e:
         fd:3b:bf:2b:5e:38:d4:6c:8b:3d:3f:c3:95:bd:e6:85:25:e0:
         8e:67:10:68:17:d9:b5:4b:7a:7a:53:da:66:4c:61:17:09:8a:
         6d:13:84:ca:ae:e7:c6:8a:ca:df:01:a9:8c:65:c0:2f:60:c7:
         5c:9c:fb:a9:5f:f9:88:ba:4d:32:b6:7b:56:c2:16:56:1e:ce:
         5e:f1:00:6b:9b:06:f1:87:58:5d:5f:06:ea:72:10:48:c1:0c:
         bc:cf:0d:d1:bd:04:90:ff:dd:50:ad:fa:b3:63:86:d3:d6:9c:
         ed:df:26:c2:95:ca:6f:9c:09:5d:6c:10:b5:73:38:62:77:1c:
         38:e9:2d:c4:4a:4c:e1:51:25:b0:36:b8:63:a4:d7:92:c8:ba:
         07:cf:dd:3f:08:ea:a0:6c:a3:69:6d:c2:e5:4c:ad:2d:23:26:
         0a:f5:54:9c:77:15:47:27:42:4e:75:e8:f0:8c:3b:a4:2b:88:
         93:ac:ae:b3:1b:28:43:03:16:4c:02:82:29:97:cc:69:c6:41:
         4d:f6:b8:4e:61:f4:68:6e:97:a4:ba:e9:bb:c2:d2:38:4a:9f:
         3e:a2:12:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8aMU0IvU36y57WJQ/SF0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNGEyMDIwYjgyZDAyOTRlOTBhMmQ2YjJjMGYyOGQxMTcz
YjY0NjUwHhcNMjYwMTAyMTgyMTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2YxMTc2ODliMWRhNzBiYTcxMDc1ODg0ODA4NGZmMjExNTczOTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz1A3pnrAVLR8DjdwFQCL6kJDE2n
4fNQQUAUfjniHmlGA5DtQSae2BIk5q4H8waX6vSLJRJfQwVbIrTneG08x1L8Mfyx
DLLZwj6Tc8HU7Am1LG4eIHS/SyzqAFeNPZ3FtFRedOYWWPsu4dyeIfU1u3SZ+q6/
rmbnQ/sJLEvK59l4Ttpk2G84z8twRqpY56gujPgjpomMFbzgyQuFm7w8XNJEWIOx
fQuuIEyFS5YJfQBS3WosR0nzY/XaMW5/EOTSWn/swPF4uRwUzLHp22qqpkJWpW/l
UE6F18HAUXi9mKwes6hWoqdV4PW0IsXfKK5fmicpl++osnSRjpHA+ns7WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzxF2ibHacLpxB1iEgIT/IRVzlCMB8GA1UdIwQY
MBaAFB5KICC4LQKU6QotaywPKNEXO2RlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGtvZ0lMZ3RBcFRwQ2kxckxBOG8wUmM3WkdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy80YzQ4YmItMzY2Yy00MWY1LTliMmQt
NTMwNDQwYzRmYTI5LzEvRFBFWGFKc2Rwd3VuRUhXSVNBaFA4aEZYT1VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy80YzQ4YmItMzY2Yy00MWY1LTliMmQtNTMwNDQwYzRmYTI5
LzEvSGtvZ0lMZ3RBcFRwQ2kxckxBOG8wUmM3WkdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYSeMA0G
CSqGSIb3DQEBCwUAA4IBAQBA491gsKOmOEo6rgJrPt52jVMktlQWKW4SF+XRxPec
jprxfx79O78rXjjUbIs9P8OVveaFJeCOZxBoF9m1S3p6U9pmTGEXCYptE4TKrufG
isrfAamMZcAvYMdcnPupX/mIuk0ytntWwhZWHs5e8QBrmwbxh1hdXwbqchBIwQy8
zw3RvQSQ/91QrfqzY4bT1pzt3ybClcpvnAldbBC1czhidxw46S3ESkzhUSWwNrhj
pNeSyLoHz90/COqgbKNpbcLlTK0tIyYK9VScdxVHJ0JOdejwjDukK4iTrK6zGyhD
AxZMAoIpl8xpxkFN9rhOYfRobpekuum7wtI4Sp8+ohKW
-----END CERTIFICATE-----