This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/02kOZkpvmw6H06A_7TJUg4SFXaQ.roa
File:                     02kOZkpvmw6H06A_7TJUg4SFXaQ.roa (raw, json)
Hash identifier:          TpRuYePLiA4791T1EEAGr2x5CqL+fTtzRjsvGFbZMFE=
Subject key identifier:   D3:69:0E:66:4A:6F:9B:0E:87:D3:A0:3F:ED:32:54:83:84:85:5D:A4
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       019B7AC95095AE083412AC3983DB93FBC0F3
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/02kOZkpvmw6H06A_7TJUg4SFXaQ.roa
Signing time:             Thu 01 Jan 2026 18:19:32 +0000
ROA not before:           Thu 01 Jan 2026 18:19:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34977
IP address blocks:        5.23.12.0/22 maxlen: 22
                          5.23.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:50:95:ae:08:34:12:ac:39:83:db:93:fb:c0:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: Jan  1 18:19:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3690e664a6f9b0e87d3a03fed32548384855da4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:52:ed:4e:cc:3a:44:a9:66:03:60:e8:63:5f:
                    40:d3:70:78:3a:16:e8:cc:e1:5c:a1:23:21:91:33:
                    c2:8e:27:97:a1:7e:bf:64:e1:99:b0:9e:f5:23:8a:
                    be:2b:62:5a:13:a6:71:c0:5f:ea:a9:d5:6c:4e:0b:
                    6d:6a:a3:56:12:f5:13:cb:5a:3e:91:88:9d:76:6c:
                    5e:e6:0b:3a:c7:e1:96:9c:7e:54:71:8b:7b:70:b2:
                    c3:66:0c:3f:b9:60:30:46:4c:4a:e0:8e:a9:f6:6f:
                    fb:d4:87:d8:e9:95:c4:92:2d:17:12:e9:47:a5:86:
                    f0:19:d5:f8:b9:10:09:8a:a7:59:30:0b:9b:cb:c2:
                    06:58:f0:2b:74:3f:18:0a:af:15:30:94:59:35:b2:
                    99:5a:f7:06:a3:62:39:29:87:21:7b:89:e5:a6:db:
                    08:f8:1f:10:d2:f2:a4:d5:31:b5:33:eb:a5:07:6e:
                    ff:67:ab:a7:cd:ed:f7:77:f0:4f:62:35:88:87:78:
                    e7:9b:bf:e5:64:35:ef:53:00:f4:36:1b:93:87:4f:
                    6b:c8:98:27:94:76:50:f4:e3:12:92:bf:3c:0d:e0:
                    d6:28:73:77:cf:dc:f8:3f:73:62:95:03:f6:95:2d:
                    f7:0b:7c:46:83:09:c0:60:6b:19:0d:8b:2b:f0:2e:
                    10:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:69:0E:66:4A:6F:9B:0E:87:D3:A0:3F:ED:32:54:83:84:85:5D:A4
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/02kOZkpvmw6H06A_7TJUg4SFXaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.23.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         af:83:1b:48:0d:47:f2:0f:e1:2f:39:d3:1e:88:50:be:5d:94:
         a7:00:b6:f1:53:e9:84:6c:98:79:af:eb:b7:34:c5:fd:4e:58:
         57:ab:d8:84:19:ac:63:0d:0d:30:b9:a7:34:cb:ed:ba:74:f5:
         f0:62:81:59:c1:cc:e0:56:38:1e:f8:6e:5c:ce:90:e6:6d:b6:
         98:95:bf:ee:ce:a2:30:11:44:05:00:b6:bc:a9:98:d2:99:b5:
         e8:d0:53:92:95:51:7c:05:1e:f8:f7:27:e2:32:24:00:b5:de:
         da:d1:97:4b:39:2a:0d:25:d4:64:49:b9:0a:a1:59:f8:45:e3:
         27:f7:b3:72:f3:13:dd:23:cb:33:bd:dd:46:fe:e6:e1:f2:b7:
         53:ab:46:1c:92:17:3c:21:70:87:9a:53:22:fc:d3:2e:b9:c0:
         9d:2d:0c:fd:46:8b:f6:da:80:bb:93:e7:ed:20:42:b5:e8:55:
         5a:0a:47:48:ee:c3:09:fd:6d:b6:29:78:9d:54:03:24:62:11:
         7a:38:01:84:12:34:08:a2:d3:a2:f6:d1:93:a2:4c:63:1a:f1:
         74:b9:8e:ee:06:f7:92:64:75:eb:da:a7:89:b1:2e:1e:24:2f:
         17:92:77:bb:d7:a0:46:0e:88:5c:33:bb:ec:6e:8c:01:c5:84:
         ab:ad:d0:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yVCVrgg0Eqw5g9uT+8DzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjYwMTAxMTgxOTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzY5MGU2NjRhNmY5YjBlODdkM2EwM2ZlZDMyNTQ4Mzg0ODU1ZGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1LtTsw6RKlmA2DoY19A03B4Ohbo
zOFcoSMhkTPCjieXoX6/ZOGZsJ71I4q+K2JaE6ZxwF/qqdVsTgttaqNWEvUTy1o+
kYiddmxe5gs6x+GWnH5UcYt7cLLDZgw/uWAwRkxK4I6p9m/71IfY6ZXEki0XEulH
pYbwGdX4uRAJiqdZMAuby8IGWPArdD8YCq8VMJRZNbKZWvcGo2I5KYche4nlptsI
+B8Q0vKk1TG1M+ulB27/Z6unze33d/BPYjWIh3jnm7/lZDXvUwD0NhuTh09ryJgn
lHZQ9OMSkr88DeDWKHN3z9z4P3NilQP2lS33C3xGgwnAYGsZDYsr8C4QbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNpDmZKb5sOh9OgP+0yVIOEhV2kMB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvMDJrT1prcHZtdzZIMDZBXzdUSlVnNFNGWGFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBRcMMA0G
CSqGSIb3DQEBCwUAA4IBAQCvgxtIDUfyD+EvOdMeiFC+XZSnALbxU+mEbJh5r+u3
NMX9TlhXq9iEGaxjDQ0wuac0y+26dPXwYoFZwczgVjge+G5czpDmbbaYlb/uzqIw
EUQFALa8qZjSmbXo0FOSlVF8BR749yfiMiQAtd7a0ZdLOSoNJdRkSbkKoVn4ReMn
97Ny8xPdI8szvd1G/ubh8rdTq0Yckhc8IXCHmlMi/NMuucCdLQz9Rov22oC7k+ft
IEK16FVaCkdI7sMJ/W22KXidVAMkYhF6OAGEEjQIotOi9tGTokxjGvF0uY7uBveS
ZHXr2qeJsS4eJC8Xkne716BGDohcM7vsbowBxYSrrdBf
-----END CERTIFICATE-----