This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/lTPOzMZpg6OdVupew9ZjU2_lpvE.roa
File:                     lTPOzMZpg6OdVupew9ZjU2_lpvE.roa (raw, json)
Hash identifier:          ZPbvR2hjypfPkQpNeYSZpOXKwwYAVSdHPl7WM1QQ/xU=
Subject key identifier:   95:33:CE:CC:C6:69:83:A3:9D:56:EA:5E:C3:D6:63:53:6F:E5:A6:F1
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       019B791075ACF59A8459626C636B34AF38B6
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/lTPOzMZpg6OdVupew9ZjU2_lpvE.roa
Signing time:             Thu 01 Jan 2026 10:18:00 +0000
ROA not before:           Thu 01 Jan 2026 10:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205203
IP address blocks:        5.144.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:75:ac:f5:9a:84:59:62:6c:63:6b:34:af:38:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jan  1 10:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9533ceccc66983a39d56ea5ec3d663536fe5a6f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6b:b3:e9:79:63:ce:c8:f7:16:14:92:93:da:
                    6b:8a:b5:4c:c4:93:94:bb:71:36:ec:86:d6:16:c8:
                    52:32:58:7c:9a:8b:79:c6:93:35:fc:f0:41:66:ff:
                    3b:3e:05:49:77:56:d0:ea:41:ef:de:17:3d:00:50:
                    23:af:27:9b:f5:e0:9b:db:b4:04:f3:21:f7:22:56:
                    a9:50:a9:90:27:fb:cb:6b:4b:5e:59:58:3f:c8:07:
                    03:90:bc:10:0b:64:c2:36:5b:37:ea:b2:b1:c4:00:
                    7a:80:25:8e:2b:bf:24:45:e5:17:73:be:54:64:c7:
                    f4:6f:9c:4a:2d:21:8c:e8:2f:13:12:59:49:f6:40:
                    0e:1d:bd:7b:5b:e5:e9:5a:92:d3:53:3b:9f:6a:7d:
                    b7:2e:ab:48:aa:68:2c:5d:82:3f:3a:4c:15:91:c8:
                    de:0e:29:a9:32:a6:8a:b2:0d:82:31:53:fb:45:ec:
                    35:a0:80:d4:9d:d7:25:c4:62:fc:87:d8:8e:32:ab:
                    05:de:a8:ae:4e:05:57:e0:ef:76:14:53:9a:22:dd:
                    d2:23:a5:51:ca:96:9b:cb:7f:e6:2d:ff:6c:15:af:
                    ec:58:4c:7f:ca:83:ab:2b:0b:98:7e:ea:4e:f7:a2:
                    0c:86:a0:10:7a:d8:7b:11:51:6f:2f:c8:f7:f5:81:
                    7d:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:33:CE:CC:C6:69:83:A3:9D:56:EA:5E:C3:D6:63:53:6F:E5:A6:F1
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/lTPOzMZpg6OdVupew9ZjU2_lpvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.144.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:04:ff:e5:61:8a:7d:3a:8f:12:b2:9c:8d:d8:d9:77:d8:21:
         9d:14:99:be:68:9b:38:f0:e1:26:bf:b0:06:0a:94:e9:f9:e9:
         ea:8c:c4:af:45:86:01:87:66:b4:09:54:c3:75:df:31:be:c5:
         fa:03:e9:4d:f1:fd:32:aa:87:3f:56:21:84:b9:ae:00:f8:2f:
         3e:83:62:06:fa:54:80:98:6a:b0:fa:3e:c0:02:74:41:1a:44:
         fc:84:98:3f:46:88:74:7d:53:5f:cf:f0:24:b0:50:f3:42:ce:
         c8:ab:1e:94:0e:65:7a:73:7b:2c:a2:2b:d2:33:66:5f:9a:73:
         49:59:ec:59:3d:aa:a3:eb:2c:ab:04:36:f8:81:6b:82:1d:2e:
         9b:e0:29:69:9f:3b:38:09:33:87:73:6a:0b:32:64:81:0a:a9:
         b0:57:2b:3e:25:e8:a8:27:4d:62:cf:3f:88:ab:94:62:e1:1a:
         6f:37:fb:38:c0:22:96:16:c6:dc:c4:a3:58:0c:22:4d:0c:02:
         8c:ce:c1:a9:83:14:ff:36:ae:3d:ed:65:56:87:6d:fd:c9:fe:
         68:d6:3b:36:8c:c8:17:21:7f:ac:fa:2e:e5:02:a0:62:05:2c:
         9b:54:63:8d:db:c6:ef:dd:c7:a8:c0:e4:48:b5:34:01:de:d1:
         58:4f:b9:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EHWs9ZqEWWJsY2s0rzi2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjYwMTAxMTAxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTMzY2VjY2M2Njk4M2EzOWQ1NmVhNWVjM2Q2NjM1MzZmZTVhNmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGuz6Xljzsj3FhSSk9prirVMxJOU
u3E27IbWFshSMlh8mot5xpM1/PBBZv87PgVJd1bQ6kHv3hc9AFAjryeb9eCb27QE
8yH3IlapUKmQJ/vLa0teWVg/yAcDkLwQC2TCNls36rKxxAB6gCWOK78kReUXc75U
ZMf0b5xKLSGM6C8TEllJ9kAOHb17W+XpWpLTUzufan23LqtIqmgsXYI/OkwVkcje
DimpMqaKsg2CMVP7Rew1oIDUndclxGL8h9iOMqsF3qiuTgVX4O92FFOaIt3SI6VR
ypaby3/mLf9sFa/sWEx/yoOrKwuYfupO96IMhqAQeth7EVFvL8j39YF9NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUzzszGaYOjnVbqXsPWY1Nv5abxMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvbFRQT3pNWnBnNk9kVnVwZXc5WmpVMl9scHZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZCyMA0G
CSqGSIb3DQEBCwUAA4IBAQCsBP/lYYp9Oo8SspyN2Nl32CGdFJm+aJs48OEmv7AG
CpTp+enqjMSvRYYBh2a0CVTDdd8xvsX6A+lN8f0yqoc/ViGEua4A+C8+g2IG+lSA
mGqw+j7AAnRBGkT8hJg/Roh0fVNfz/AksFDzQs7Iqx6UDmV6c3ssoivSM2ZfmnNJ
WexZPaqj6yyrBDb4gWuCHS6b4Clpnzs4CTOHc2oLMmSBCqmwVys+JeioJ01izz+I
q5Ri4RpvN/s4wCKWFsbcxKNYDCJNDAKMzsGpgxT/Nq497WVWh239yf5o1js2jMgX
IX+s+i7lAqBiBSybVGON28bv3ceowORItTQB3tFYT7nS
-----END CERTIFICATE-----