This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/5xaOtvdRRcRbWJ7RO2zXZTBbzHo.roa
File:                     5xaOtvdRRcRbWJ7RO2zXZTBbzHo.roa (raw, json)
Hash identifier:          jVjnXKJCmaM69ihXNF4Fvp6wlNMh49T6+g/No1R59Xw=
Subject key identifier:   E7:16:8E:B6:F7:51:45:C4:5B:58:9E:D1:3B:6C:D7:65:30:5B:CC:7A
Certificate issuer:       /CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
Certificate serial:       019B79111DD6B1D26D93AAEE7CA1206E4510
Authority key identifier: 5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/5xaOtvdRRcRbWJ7RO2zXZTBbzHo.roa
Signing time:             Thu 01 Jan 2026 10:18:43 +0000
ROA not before:           Thu 01 Jan 2026 10:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215267
IP address blocks:        45.89.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:1d:d6:b1:d2:6d:93:aa:ee:7c:a1:20:6e:45:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
        Validity
            Not Before: Jan  1 10:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e7168eb6f75145c45b589ed13b6cd765305bcc7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:15:1f:66:5c:68:98:71:23:cb:e6:66:00:88:
                    a7:d7:5c:cc:6f:4c:f5:b6:4b:b6:65:ca:ce:b1:e1:
                    6f:00:4d:9e:8d:aa:4d:86:30:96:10:ca:a3:0d:bb:
                    f0:09:de:7d:f3:1f:fc:ef:f8:0b:f1:fc:f9:fa:49:
                    fa:bc:60:b6:9b:c6:c1:b5:4a:39:27:25:45:ac:df:
                    63:e0:48:b7:22:19:ef:4f:f1:84:bb:74:69:25:c3:
                    0c:b2:de:29:f3:5c:db:12:07:ae:0b:5b:f3:58:1b:
                    7a:b3:25:d3:87:d8:ea:51:c0:63:d3:f7:f2:96:55:
                    40:aa:79:da:e8:e2:83:bb:50:f7:53:1f:00:87:0d:
                    4c:68:72:4c:86:61:ed:9a:88:3b:26:be:37:6f:52:
                    1b:4a:8f:64:1b:50:2d:34:f2:53:20:07:e5:19:5a:
                    94:31:6f:ba:83:42:11:0c:6f:ec:13:e1:aa:f0:f7:
                    62:93:d0:6d:00:0e:75:63:61:0d:0b:5c:ca:60:84:
                    f6:f3:57:39:c9:01:b2:dd:3e:00:86:59:aa:ea:fb:
                    52:0f:ce:55:0f:7f:8b:63:85:77:06:f1:43:52:7a:
                    f7:97:03:31:0a:65:d3:09:d3:c8:92:ce:d8:a8:7f:
                    a4:bc:0b:5f:33:72:52:ec:07:89:00:c9:07:c1:f6:
                    e6:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:16:8E:B6:F7:51:45:C4:5B:58:9E:D1:3B:6C:D7:65:30:5B:CC:7A
            X509v3 Authority Key Identifier:
                keyid:5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/5xaOtvdRRcRbWJ7RO2zXZTBbzHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:76:6a:9a:37:9d:a6:12:44:8f:30:95:06:a9:83:6a:e4:1e:
         c3:5e:b1:29:86:1b:c5:d1:66:c4:80:b2:9a:ad:c8:46:bb:ba:
         87:33:c1:70:8d:2e:3e:8d:ad:cf:07:65:07:b8:1c:7e:24:38:
         19:63:19:66:b0:42:e6:15:44:0a:3b:1d:57:35:9d:56:95:22:
         f6:94:0d:5f:f1:82:7e:c1:b4:46:0c:6c:43:57:82:d7:67:26:
         c8:5e:61:23:66:4e:ef:e7:5e:42:55:13:42:55:47:e3:db:b3:
         3c:99:fb:cf:6d:79:66:59:28:76:c9:85:9f:88:36:67:7f:0a:
         4c:3c:85:fe:70:29:d4:4b:d6:32:0f:e8:18:3d:55:08:1e:f4:
         56:0d:2e:86:7c:cc:73:36:33:aa:fa:84:79:81:db:72:f3:01:
         42:01:07:a6:4c:57:b2:06:7c:2a:f8:30:ea:ba:3e:92:5f:bc:
         e9:b5:bd:9f:62:a3:3f:0c:6d:93:30:c9:e2:93:f9:5a:fa:7f:
         56:c6:d1:52:d6:13:25:f2:e5:3a:bf:a1:a6:72:a0:87:9c:bf:
         6e:ca:5b:e1:f7:4f:3a:7c:67:94:72:a9:4e:9c:da:30:be:5b:
         ab:ff:33:cd:1e:3d:de:26:42:7f:67:2c:d7:bf:63:93:bb:7d:
         ce:d5:c1:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ER3WsdJtk6rufKEgbkUQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZWUwZDdlNzMwODRhNDJlNGM3ZjcxMThmMjM4M2ZjZmYz
NjliYTQwHhcNMjYwMTAxMTAxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzE2OGViNmY3NTE0NWM0NWI1ODllZDEzYjZjZDc2NTMwNWJjYzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixUfZlxomHEjy+ZmAIin11zMb0z1
tku2ZcrOseFvAE2ejapNhjCWEMqjDbvwCd598x/87/gL8fz5+kn6vGC2m8bBtUo5
JyVFrN9j4Ei3IhnvT/GEu3RpJcMMst4p81zbEgeuC1vzWBt6syXTh9jqUcBj0/fy
llVAqnna6OKDu1D3Ux8Ahw1MaHJMhmHtmog7Jr43b1IbSo9kG1AtNPJTIAflGVqU
MW+6g0IRDG/sE+Gq8Pdik9BtAA51Y2ENC1zKYIT281c5yQGy3T4Ahlmq6vtSD85V
D3+LY4V3BvFDUnr3lwMxCmXTCdPIks7YqH+kvAtfM3JS7AeJAMkHwfbm3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcWjrb3UUXEW1ie0Tts12UwW8x6MB8GA1UdIwQY
MBaAFF7uDX5zCEpC5Mf3EY8jg/z/NpukMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgt
ZGRjMjY2NTY0NmNjLzEvNXhhT3R2ZFJSY1JiV0o3Uk8yelhaVEJiekhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgtZGRjMjY2NTY0NmNj
LzEvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVkcMA0G
CSqGSIb3DQEBCwUAA4IBAQCpdmqaN52mEkSPMJUGqYNq5B7DXrEphhvF0WbEgLKa
rchGu7qHM8FwjS4+ja3PB2UHuBx+JDgZYxlmsELmFUQKOx1XNZ1WlSL2lA1f8YJ+
wbRGDGxDV4LXZybIXmEjZk7v515CVRNCVUfj27M8mfvPbXlmWSh2yYWfiDZnfwpM
PIX+cCnUS9YyD+gYPVUIHvRWDS6GfMxzNjOq+oR5gdty8wFCAQemTFeyBnwq+DDq
uj6SX7zptb2fYqM/DG2TMMnik/la+n9WxtFS1hMl8uU6v6GmcqCHnL9uylvh9086
fGeUcqlOnNowvlur/zPNHj3eJkJ/ZyzXv2OTu33O1cHW
-----END CERTIFICATE-----