This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/67eb49-ff08-4ea4-bb9e-2efb461fd413/1/C5_CXUA-hhdUx_k-OWHw-aFPQjg.roa
File:                     C5_CXUA-hhdUx_k-OWHw-aFPQjg.roa (raw, json)
Hash identifier:          5m8YSeYQsWZWPbqEN+OxCEF2VsF88Ekcd12LgCTpyv8=
Subject key identifier:   0B:9F:C2:5D:40:3E:86:17:54:C7:F9:3E:39:61:F0:F9:A1:4F:42:38
Certificate issuer:       /CN=ea0f08d4ee1f94f984493b467bd8aca2adfa2866
Certificate serial:       019B79109AD98DC643072D3216B08382AE2B
Authority key identifier: EA:0F:08:D4:EE:1F:94:F9:84:49:3B:46:7B:D8:AC:A2:AD:FA:28:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6g8I1O4flPmESTtGe9isoq36KGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/67eb49-ff08-4ea4-bb9e-2efb461fd413/1/C5_CXUA-hhdUx_k-OWHw-aFPQjg.roa
Signing time:             Thu 01 Jan 2026 10:18:09 +0000
ROA not before:           Thu 01 Jan 2026 10:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35625
IP address blocks:        217.18.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/67eb49-ff08-4ea4-bb9e-2efb461fd413/1/6g8I1O4flPmESTtGe9isoq36KGY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/67eb49-ff08-4ea4-bb9e-2efb461fd413/1/6g8I1O4flPmESTtGe9isoq36KGY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6g8I1O4flPmESTtGe9isoq36KGY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:9a:d9:8d:c6:43:07:2d:32:16:b0:83:82:ae:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea0f08d4ee1f94f984493b467bd8aca2adfa2866
        Validity
            Not Before: Jan  1 10:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b9fc25d403e861754c7f93e3961f0f9a14f4238
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:b7:a2:54:86:e9:8b:38:f0:63:05:b4:8a:58:
                    ce:32:1d:2f:d5:2f:b3:73:d4:ef:16:a9:d0:6c:ed:
                    a7:00:df:cc:9d:d1:ee:4c:91:6d:8c:45:88:a9:09:
                    59:74:03:3f:63:95:38:f5:98:ab:fb:0d:ba:f0:7d:
                    4a:54:67:ad:3c:7a:b9:ed:0c:2d:56:ad:67:6e:a5:
                    74:79:f3:34:a3:10:d9:59:5b:dd:1d:66:f1:d6:61:
                    bd:33:28:5f:a0:db:b5:9f:e3:70:88:e2:1c:c1:81:
                    b0:4f:fc:d8:51:33:62:87:08:3d:2e:d2:2d:71:18:
                    e3:5e:00:76:1f:1d:04:5f:c2:83:90:57:76:0d:9d:
                    ed:8d:1f:9f:72:ba:43:93:4f:d3:f3:74:86:29:bc:
                    4c:01:5f:fd:76:03:3e:bc:c9:30:3b:48:94:64:4d:
                    41:4b:55:67:19:d3:37:80:89:38:3b:98:c4:96:95:
                    ea:35:8a:76:64:01:2b:3f:55:82:85:ba:16:e8:da:
                    07:a0:1f:7f:4a:64:65:be:d7:72:2c:6f:9f:c9:fb:
                    95:2f:72:f9:74:de:5e:05:fa:c0:25:ea:8c:f3:5f:
                    f1:7a:76:71:2c:01:ff:4e:1d:3c:bd:8c:94:6d:da:
                    0a:13:c3:f8:98:c6:c6:5a:db:9c:72:59:2f:dd:60:
                    46:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:9F:C2:5D:40:3E:86:17:54:C7:F9:3E:39:61:F0:F9:A1:4F:42:38
            X509v3 Authority Key Identifier:
                keyid:EA:0F:08:D4:EE:1F:94:F9:84:49:3B:46:7B:D8:AC:A2:AD:FA:28:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6g8I1O4flPmESTtGe9isoq36KGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/67eb49-ff08-4ea4-bb9e-2efb461fd413/1/C5_CXUA-hhdUx_k-OWHw-aFPQjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/67eb49-ff08-4ea4-bb9e-2efb461fd413/1/6g8I1O4flPmESTtGe9isoq36KGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:fb:86:68:d5:c9:17:67:58:33:94:60:95:86:0d:f4:73:a2:
         8c:aa:dd:fe:e8:95:04:5f:7e:27:8d:0f:f9:38:8a:88:cf:24:
         fa:b3:32:32:bf:91:9b:da:5e:4b:1d:6a:38:47:5d:f6:ca:24:
         6a:ef:a6:25:76:9f:ef:e5:94:fa:eb:e0:91:c4:c0:e2:33:df:
         a8:79:b7:94:68:f6:4d:d7:7f:6a:5a:73:66:d4:cc:e8:5a:19:
         a7:16:27:78:b8:6d:65:c7:c2:f7:00:b0:65:b5:3b:9d:16:a1:
         4d:74:3f:c5:58:4e:08:fb:f9:a7:67:ed:ac:aa:07:a2:30:45:
         6c:1d:f6:72:49:68:c7:08:06:93:89:18:04:0b:1f:92:88:3e:
         6c:3d:df:f1:9e:6e:56:7f:78:b1:74:09:82:53:17:d6:2d:8f:
         6f:fe:9c:1e:9c:8f:9f:d4:6b:46:37:d1:c6:12:56:27:01:29:
         96:3c:00:72:b5:66:eb:5a:37:ce:ac:fa:d1:94:ad:5c:7e:46:
         32:96:40:74:ba:a7:66:2d:86:fd:e9:84:3c:6c:fa:b5:7b:e0:
         da:53:16:de:85:7f:b6:b8:11:cc:9c:eb:fb:81:8a:25:50:59:
         ba:67:63:59:fd:f3:3c:cc:64:99:af:fb:52:67:dc:c8:1e:08:
         bd:16:f7:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EJrZjcZDBy0yFrCDgq4rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMGYwOGQ0ZWUxZjk0Zjk4NDQ5M2I0NjdiZDhhY2EyYWRm
YTI4NjYwHhcNMjYwMTAxMTAxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjlmYzI1ZDQwM2U4NjE3NTRjN2Y5M2UzOTYxZjBmOWExNGY0MjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbeiVIbpizjwYwW0iljOMh0v1S+z
c9TvFqnQbO2nAN/MndHuTJFtjEWIqQlZdAM/Y5U49Zir+w268H1KVGetPHq57Qwt
Vq1nbqV0efM0oxDZWVvdHWbx1mG9MyhfoNu1n+NwiOIcwYGwT/zYUTNihwg9LtIt
cRjjXgB2Hx0EX8KDkFd2DZ3tjR+fcrpDk0/T83SGKbxMAV/9dgM+vMkwO0iUZE1B
S1VnGdM3gIk4O5jElpXqNYp2ZAErP1WChboW6NoHoB9/SmRlvtdyLG+fyfuVL3L5
dN5eBfrAJeqM81/xenZxLAH/Th08vYyUbdoKE8P4mMbGWtucclkv3WBGbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAufwl1APoYXVMf5Pjlh8PmhT0I4MB8GA1UdIwQY
MBaAFOoPCNTuH5T5hEk7RnvYrKKt+ihmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmc4STFPNGZsUG1FU1R0R2U5aXNvcTM2S0dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC82N2ViNDktZmYwOC00ZWE0LWJiOWUt
MmVmYjQ2MWZkNDEzLzEvQzVfQ1hVQS1oaGRVeF9rLU9XSHctYUZQUWpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC82N2ViNDktZmYwOC00ZWE0LWJiOWUtMmVmYjQ2MWZkNDEz
LzEvNmc4STFPNGZsUG1FU1R0R2U5aXNvcTM2S0dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RLdMA0G
CSqGSIb3DQEBCwUAA4IBAQAK+4Zo1ckXZ1gzlGCVhg30c6KMqt3+6JUEX34njQ/5
OIqIzyT6szIyv5Gb2l5LHWo4R132yiRq76Yldp/v5ZT66+CRxMDiM9+oebeUaPZN
139qWnNm1MzoWhmnFid4uG1lx8L3ALBltTudFqFNdD/FWE4I+/mnZ+2sqgeiMEVs
HfZySWjHCAaTiRgECx+SiD5sPd/xnm5Wf3ixdAmCUxfWLY9v/pwenI+f1GtGN9HG
ElYnASmWPABytWbrWjfOrPrRlK1cfkYylkB0uqdmLYb96YQ8bPq1e+DaUxbehX+2
uBHMnOv7gYolUFm6Z2NZ/fM8zGSZr/tSZ9zIHgi9Fveq
-----END CERTIFICATE-----