This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/H4QLFR4-VWtTH3wvuaow12NPB4c.roa
File:                     H4QLFR4-VWtTH3wvuaow12NPB4c.roa (raw, json)
Hash identifier:          bdQlsc3BPSHO6Zn9QaadsNsV4OnEPV5+i5GaKzval08=
Subject key identifier:   1F:84:0B:15:1E:3E:55:6B:53:1F:7C:2F:B9:AA:30:D7:63:4F:07:87
Certificate issuer:       /CN=e631b080d4ea6fd0616a6e701c7c815d6ff87c00
Certificate serial:       019B76EAD0A2313707156AEC9A68357171B9
Authority key identifier: E6:31:B0:80:D4:EA:6F:D0:61:6A:6E:70:1C:7C:81:5D:6F:F8:7C:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5jGwgNTqb9Bham5wHHyBXW_4fAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/H4QLFR4-VWtTH3wvuaow12NPB4c.roa
Signing time:             Thu 01 Jan 2026 00:17:38 +0000
ROA not before:           Thu 01 Jan 2026 00:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50377
IP address blocks:        5.180.140.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/5jGwgNTqb9Bham5wHHyBXW_4fAA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/5jGwgNTqb9Bham5wHHyBXW_4fAA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5jGwgNTqb9Bham5wHHyBXW_4fAA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:d0:a2:31:37:07:15:6a:ec:9a:68:35:71:71:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e631b080d4ea6fd0616a6e701c7c815d6ff87c00
        Validity
            Not Before: Jan  1 00:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1f840b151e3e556b531f7c2fb9aa30d7634f0787
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0b:9f:05:b4:84:cf:ea:9e:f1:cf:d5:78:3c:
                    3b:62:87:59:1c:d1:1d:5e:1e:50:b4:66:02:f2:d2:
                    91:a6:5a:32:7c:37:f4:4b:c6:34:de:4a:f5:ae:e6:
                    08:ed:86:a4:5d:5f:23:9a:4d:0d:70:13:e6:72:cb:
                    0d:42:a6:dd:19:32:4e:0b:19:bc:80:f8:b8:6d:a5:
                    98:a8:c5:fa:6c:da:a8:fe:d7:48:a6:88:ac:de:4c:
                    2c:90:d7:c9:d2:d9:c7:3e:c1:8d:00:85:21:3b:60:
                    ac:66:e2:0a:33:94:c6:9b:33:cf:27:e3:c7:82:22:
                    67:86:18:09:2b:e8:ef:8a:c0:57:2a:ea:3a:a5:16:
                    26:7f:dd:52:bf:fe:cc:3f:9d:6f:47:8a:99:94:31:
                    73:78:9f:e6:1e:69:ce:b6:96:63:33:ad:53:1e:49:
                    d1:98:95:44:fd:3b:f2:cb:7e:c4:c8:b0:2b:f6:68:
                    3d:5c:21:45:b2:fa:cd:0c:40:d7:94:bd:ac:3c:5f:
                    23:f5:2a:81:70:3b:4c:60:6e:09:c2:24:49:da:a1:
                    cc:f2:d5:21:e1:99:93:c7:24:86:e7:85:73:b7:82:
                    81:09:58:90:eb:fc:9f:d7:69:61:b3:90:c0:33:ea:
                    43:b9:a7:a1:a4:17:88:25:16:7b:23:61:ac:52:3f:
                    23:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:84:0B:15:1E:3E:55:6B:53:1F:7C:2F:B9:AA:30:D7:63:4F:07:87
            X509v3 Authority Key Identifier:
                keyid:E6:31:B0:80:D4:EA:6F:D0:61:6A:6E:70:1C:7C:81:5D:6F:F8:7C:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5jGwgNTqb9Bham5wHHyBXW_4fAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/H4QLFR4-VWtTH3wvuaow12NPB4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/5jGwgNTqb9Bham5wHHyBXW_4fAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:fe:76:8b:6c:69:ec:64:50:e8:90:71:1b:59:0e:73:b0:66:
         1f:db:d9:73:9c:28:23:6a:bc:d7:ed:c9:53:fb:49:77:ed:94:
         85:2d:ca:ac:d9:d9:cf:c4:35:2e:3e:8f:f3:58:45:fc:6b:43:
         a4:0f:1b:af:1b:2d:06:49:84:af:c6:a3:0b:4a:6e:32:fd:aa:
         04:78:9a:d7:d9:67:03:83:d8:c0:d0:52:7d:a0:87:23:54:bf:
         c9:77:45:81:bf:01:8e:54:e9:e0:99:2d:2e:bf:3c:3b:40:78:
         f5:fa:52:87:af:54:94:59:0c:a7:63:4f:c1:0d:7a:53:ef:37:
         6a:ec:07:7c:d7:9a:06:3c:dc:6b:94:42:31:6d:1b:36:16:42:
         fa:b0:9a:4a:93:e8:b1:89:6e:ce:09:ed:56:cc:0f:cb:9c:89:
         66:6e:5f:2c:96:3c:2e:5c:5f:8e:71:b0:36:49:54:d8:07:7b:
         b2:b4:0a:4d:a3:63:14:9d:84:6e:a6:9c:a0:83:f1:0b:b5:bb:
         2e:ed:66:75:f2:1d:d9:28:55:41:b7:f2:4b:74:14:78:cc:6d:
         30:e1:16:8b:38:c9:76:e3:a6:68:84:3f:ef:e5:fc:d1:c8:62:
         e0:c3:ef:6e:cd:5c:dc:53:5a:55:92:a1:82:46:1e:7c:86:cb:
         ce:f7:e9:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26tCiMTcHFWrsmmg1cXG5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MzFiMDgwZDRlYTZmZDA2MTZhNmU3MDFjN2M4MTVkNmZm
ODdjMDAwHhcNMjYwMTAxMDAxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjg0MGIxNTFlM2U1NTZiNTMxZjdjMmZiOWFhMzBkNzYzNGYwNzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugufBbSEz+qe8c/VeDw7YodZHNEd
Xh5QtGYC8tKRployfDf0S8Y03kr1ruYI7YakXV8jmk0NcBPmcssNQqbdGTJOCxm8
gPi4baWYqMX6bNqo/tdIpois3kwskNfJ0tnHPsGNAIUhO2CsZuIKM5TGmzPPJ+PH
giJnhhgJK+jvisBXKuo6pRYmf91Sv/7MP51vR4qZlDFzeJ/mHmnOtpZjM61THknR
mJVE/Tvyy37EyLAr9mg9XCFFsvrNDEDXlL2sPF8j9SqBcDtMYG4JwiRJ2qHM8tUh
4ZmTxySG54Vzt4KBCViQ6/yf12lhs5DAM+pDuaehpBeIJRZ7I2GsUj8jUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+ECxUePlVrUx98L7mqMNdjTweHMB8GA1UdIwQY
MBaAFOYxsIDU6m/QYWpucBx8gV1v+HwAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWpHd2dOVHFiOUJoYW01d0hIeUJYV180ZkFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9kY2RhZTYtZDY5NS00MjY2LWJhOWIt
OTNiM2EzNjk2ZDk2LzEvSDRRTEZSNC1WV3RUSDN3dnVhb3cxMk5QQjRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9kY2RhZTYtZDY5NS00MjY2LWJhOWItOTNiM2EzNjk2ZDk2
LzEvNWpHd2dOVHFiOUJoYW01d0hIeUJYV180ZkFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbSMMA0G
CSqGSIb3DQEBCwUAA4IBAQBn/naLbGnsZFDokHEbWQ5zsGYf29lznCgjarzX7clT
+0l37ZSFLcqs2dnPxDUuPo/zWEX8a0OkDxuvGy0GSYSvxqMLSm4y/aoEeJrX2WcD
g9jA0FJ9oIcjVL/Jd0WBvwGOVOngmS0uvzw7QHj1+lKHr1SUWQynY0/BDXpT7zdq
7Ad815oGPNxrlEIxbRs2FkL6sJpKk+ixiW7OCe1WzA/LnIlmbl8sljwuXF+OcbA2
SVTYB3uytApNo2MUnYRuppygg/ELtbsu7WZ18h3ZKFVBt/JLdBR4zG0w4RaLOMl2
46ZohD/v5fzRyGLgw+9uzVzcU1pVkqGCRh58hsvO9+nD
-----END CERTIFICATE-----