This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/123124-ef66-48d1-91d0-f0d119c527ff/1/EPXKmqElYBSkf6c75SMxNqoPXOM.roa
File:                     EPXKmqElYBSkf6c75SMxNqoPXOM.roa (raw, json)
Hash identifier:          88ED4Nzg4K7nQUP80hvnZrkZ3+U3+WnyKYH02jE3Mk0=
Subject key identifier:   10:F5:CA:9A:A1:25:60:14:A4:7F:A7:3B:E5:23:31:36:AA:0F:5C:E3
Certificate issuer:       /CN=3adea4b7af8cce5cfd3775cb01fb97c4f951a9a2
Certificate serial:       019B7FF2C0E9DFA21CC660F86FFE828C1E9A
Authority key identifier: 3A:DE:A4:B7:AF:8C:CE:5C:FD:37:75:CB:01:FB:97:C4:F9:51:A9:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ot6kt6-Mzlz9N3XLAfuXxPlRqaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/123124-ef66-48d1-91d0-f0d119c527ff/1/EPXKmqElYBSkf6c75SMxNqoPXOM.roa
Signing time:             Fri 02 Jan 2026 18:22:54 +0000
ROA not before:           Fri 02 Jan 2026 18:22:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48728
IP address blocks:        5.180.38.0/24 maxlen: 24
                          5.180.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/123124-ef66-48d1-91d0-f0d119c527ff/1/Ot6kt6-Mzlz9N3XLAfuXxPlRqaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/123124-ef66-48d1-91d0-f0d119c527ff/1/Ot6kt6-Mzlz9N3XLAfuXxPlRqaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ot6kt6-Mzlz9N3XLAfuXxPlRqaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 Jan 2026 03:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:c0:e9:df:a2:1c:c6:60:f8:6f:fe:82:8c:1e:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3adea4b7af8cce5cfd3775cb01fb97c4f951a9a2
        Validity
            Not Before: Jan  2 18:22:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=10f5ca9aa1256014a47fa73be5233136aa0f5ce3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b4:44:72:37:d7:bd:75:4f:e8:1a:e1:a9:9a:
                    74:7e:fb:b8:4e:42:09:96:fd:9c:cf:7f:d0:8a:46:
                    45:30:49:bd:8b:d4:2d:ac:ab:32:e5:25:96:7d:cf:
                    46:f7:f9:92:25:bb:5c:e4:09:78:86:81:50:7f:7b:
                    85:14:fc:a9:2a:58:11:ce:25:5c:b6:02:83:ed:a5:
                    b8:61:e7:e7:7b:b7:cb:e4:8a:c6:5a:d1:c3:83:67:
                    09:a8:2f:ec:25:6d:49:a9:b7:5c:d4:9c:f4:4f:28:
                    6a:15:ae:46:33:69:39:a7:03:00:2b:c4:06:ab:d5:
                    5a:85:dd:86:3d:11:67:1b:41:21:1a:6e:a8:6f:e5:
                    4f:a1:fb:02:b3:d6:0d:d9:c4:11:31:06:4c:3d:7c:
                    eb:9e:eb:54:71:e9:db:d8:46:b1:cc:d3:29:92:ba:
                    68:bd:a0:94:76:17:6e:27:b1:59:38:12:f7:54:1f:
                    5d:eb:2b:b2:1c:46:96:2b:e7:d9:7c:7a:36:fd:09:
                    17:77:88:f7:bd:36:15:38:b5:99:db:f8:66:90:6e:
                    4d:e5:e4:a5:cb:94:98:5f:04:39:27:9c:f0:62:e3:
                    cb:d2:f6:11:d4:5d:7b:86:3a:fd:0b:80:6b:5d:8a:
                    c6:f5:4e:24:24:17:fa:9a:e4:2e:0e:40:b0:38:ed:
                    40:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:F5:CA:9A:A1:25:60:14:A4:7F:A7:3B:E5:23:31:36:AA:0F:5C:E3
            X509v3 Authority Key Identifier:
                keyid:3A:DE:A4:B7:AF:8C:CE:5C:FD:37:75:CB:01:FB:97:C4:F9:51:A9:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ot6kt6-Mzlz9N3XLAfuXxPlRqaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/123124-ef66-48d1-91d0-f0d119c527ff/1/EPXKmqElYBSkf6c75SMxNqoPXOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/123124-ef66-48d1-91d0-f0d119c527ff/1/Ot6kt6-Mzlz9N3XLAfuXxPlRqaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:90:6a:43:14:8c:16:8c:ce:11:4e:47:53:d0:e1:62:36:d1:
         c7:d8:a0:f5:e4:26:38:bf:a4:c3:53:40:ff:e9:fd:38:38:67:
         d7:1a:a5:a0:53:4c:bf:0f:cf:02:c2:50:50:50:4b:e0:ac:70:
         5b:7f:82:19:1e:62:09:f0:6f:8a:84:3d:50:02:fe:88:df:f6:
         05:6d:8d:1f:eb:5b:60:e3:c3:e1:fd:c8:dd:ab:f1:0d:8a:39:
         de:35:d0:8e:21:40:cd:c3:e5:d6:a7:01:3d:2a:b8:0d:66:4d:
         3a:b7:4d:ba:b9:d7:1b:86:5e:08:7a:a3:e0:cd:19:83:00:9f:
         f3:c6:3d:dc:45:b9:c5:5e:4b:a8:74:74:ce:b7:b6:f2:97:bf:
         1c:3b:6d:5d:77:82:43:63:31:f7:20:a6:9c:c5:7d:e8:d9:34:
         c1:a1:cf:80:fb:3a:8b:e2:cc:9c:c3:5f:a1:b5:7e:44:f8:05:
         99:ed:93:1c:f5:95:7b:a1:25:50:cf:38:8e:29:6f:a7:92:f4:
         65:2b:bd:14:d5:f3:58:ff:bc:dc:df:5e:75:df:dd:2c:b0:ac:
         c8:88:cf:e1:1a:da:de:b5:bb:92:33:ba:ce:de:17:37:eb:5b:
         29:2c:f5:2d:38:fd:1b:9d:5a:c6:22:20:ae:30:21:25:e3:60:
         23:58:3f:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8sDp36IcxmD4b/6CjB6aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZGVhNGI3YWY4Y2NlNWNmZDM3NzVjYjAxZmI5N2M0Zjk1
MWE5YTIwHhcNMjYwMTAyMTgyMjU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGY1Y2E5YWExMjU2MDE0YTQ3ZmE3M2JlNTIzMzEzNmFhMGY1Y2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrREcjfXvXVP6BrhqZp0fvu4TkIJ
lv2cz3/QikZFMEm9i9QtrKsy5SWWfc9G9/mSJbtc5Al4hoFQf3uFFPypKlgRziVc
tgKD7aW4Yefne7fL5IrGWtHDg2cJqC/sJW1Jqbdc1Jz0TyhqFa5GM2k5pwMAK8QG
q9Vahd2GPRFnG0EhGm6ob+VPofsCs9YN2cQRMQZMPXzrnutUcenb2EaxzNMpkrpo
vaCUdhduJ7FZOBL3VB9d6yuyHEaWK+fZfHo2/QkXd4j3vTYVOLWZ2/hmkG5N5eSl
y5SYXwQ5J5zwYuPL0vYR1F17hjr9C4BrXYrG9U4kJBf6muQuDkCwOO1AMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBD1ypqhJWAUpH+nO+UjMTaqD1zjMB8GA1UdIwQY
MBaAFDrepLevjM5c/Td1ywH7l8T5UamiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3Q2a3Q2LU16bHo5TjNYTEFmdVh4UGxScWFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8xMjMxMjQtZWY2Ni00OGQxLTkxZDAt
ZjBkMTE5YzUyN2ZmLzEvRVBYS21xRWxZQlNrZjZjNzVTTXhOcW9QWE9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8xMjMxMjQtZWY2Ni00OGQxLTkxZDAtZjBkMTE5YzUyN2Zm
LzEvT3Q2a3Q2LU16bHo5TjNYTEFmdVh4UGxScWFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBbQmMA0G
CSqGSIb3DQEBCwUAA4IBAQCOkGpDFIwWjM4RTkdT0OFiNtHH2KD15CY4v6TDU0D/
6f04OGfXGqWgU0y/D88CwlBQUEvgrHBbf4IZHmIJ8G+KhD1QAv6I3/YFbY0f61tg
48Ph/cjdq/ENijneNdCOIUDNw+XWpwE9KrgNZk06t026udcbhl4IeqPgzRmDAJ/z
xj3cRbnFXkuodHTOt7byl78cO21dd4JDYzH3IKacxX3o2TTBoc+A+zqL4sycw1+h
tX5E+AWZ7ZMc9ZV7oSVQzziOKW+nkvRlK70U1fNY/7zc3151390ssKzIiM/hGtre
tbuSM7rO3hc361spLPUtOP0bnVrGIiCuMCEl42AjWD9Q
-----END CERTIFICATE-----