This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/GStnKDxU2VExQ_xcPN4egFEKjLo.roa
File:                     GStnKDxU2VExQ_xcPN4egFEKjLo.roa (raw, json)
Hash identifier:          siSBOiPXXJh3GCU5grMPMkb/iUn8KcQ7coKcPhWce6E=
Subject key identifier:   19:2B:67:28:3C:54:D9:51:31:43:FC:5C:3C:DE:1E:80:51:0A:8C:BA
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       019B797EA68C6C4D14504380EE238F099D5B
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/GStnKDxU2VExQ_xcPN4egFEKjLo.roa
Signing time:             Thu 01 Jan 2026 12:18:21 +0000
ROA not before:           Thu 01 Jan 2026 12:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209447
IP address blocks:        5.253.168.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:a6:8c:6c:4d:14:50:43:80:ee:23:8f:09:9d:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Jan  1 12:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=192b67283c54d9513143fc5c3cde1e80510a8cba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0e:2c:85:03:e2:39:b6:2c:7f:5e:3d:3a:c5:
                    1b:59:5a:81:12:3f:fe:13:bf:01:15:82:a0:12:1b:
                    71:d5:80:1b:a0:04:d6:66:c4:76:6e:a0:2d:6f:46:
                    c5:81:53:69:55:97:bb:6d:a6:0b:dd:45:6c:7a:3b:
                    8c:0d:62:1c:99:7a:4f:5b:81:85:64:78:66:eb:e8:
                    c5:66:37:59:82:6b:8e:f7:93:9b:fb:59:02:51:79:
                    be:58:f8:4f:1c:fe:50:1a:8c:09:2f:ac:32:48:67:
                    c1:78:5a:28:99:e6:b0:66:c8:fa:ac:66:25:da:3f:
                    94:f1:ef:7a:5b:7a:72:db:38:0b:22:7c:ff:cb:23:
                    ec:8c:48:47:62:f0:7e:35:f7:7d:ea:44:57:ed:57:
                    3f:c7:a5:e2:7e:47:38:bc:98:34:34:a2:82:2e:a1:
                    38:8c:6e:98:8f:50:79:17:9f:ae:74:78:58:d4:5a:
                    d3:b3:f7:ef:98:cd:60:ba:8d:96:83:a0:d7:5f:76:
                    a4:18:bb:bf:73:20:10:f8:7e:22:5d:5a:1d:cf:3c:
                    3e:ea:74:60:9a:4a:39:cc:04:09:32:1d:d1:b5:54:
                    89:25:8c:ee:c2:e1:22:ba:8d:53:0a:22:79:99:c2:
                    e0:80:66:7b:5b:3a:27:4e:d3:b1:de:99:4e:9a:c6:
                    83:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:2B:67:28:3C:54:D9:51:31:43:FC:5C:3C:DE:1E:80:51:0A:8C:BA
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/GStnKDxU2VExQ_xcPN4egFEKjLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:f1:6e:89:24:06:f3:88:16:f2:74:c3:20:6c:ad:31:9d:2c:
         d7:61:df:cd:bc:d9:41:bc:f4:08:b6:bd:9e:e9:57:b6:32:b2:
         d7:0c:f2:89:cd:a3:a8:ea:bc:d1:95:a8:c8:5f:6e:ee:db:65:
         ff:e0:30:17:91:a4:25:30:50:a8:0a:a0:c3:ca:b8:36:52:bd:
         62:57:72:79:b2:2a:df:89:9f:e5:95:9c:98:b8:8d:31:03:17:
         85:7f:4e:85:8b:f6:63:d9:05:04:31:55:00:66:ee:b2:fa:35:
         8c:6d:d2:b8:f9:bb:95:4e:97:44:e6:2a:2d:ae:47:60:42:c2:
         39:c6:1f:91:be:ce:78:5f:0a:58:2a:d4:1f:0d:55:5d:0d:19:
         ed:13:58:b4:2f:0f:da:31:22:7e:50:a7:fa:77:38:8c:cc:3f:
         27:62:5c:66:54:fa:41:46:4f:88:3d:c8:cd:48:25:b4:a8:fa:
         96:60:14:fc:88:56:fa:e4:0f:50:10:b5:01:a7:15:44:02:99:
         dc:e3:6e:64:f7:90:47:bb:83:68:3f:e6:09:70:52:e0:d0:a1:
         8f:30:df:c9:11:f1:29:d3:fd:fc:dc:e4:a6:4f:b5:fd:cc:8e:
         6e:90:7b:d6:72:71:3d:47:32:44:1f:b8:c8:7a:75:86:94:a9:
         32:9c:f0:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fqaMbE0UUEOA7iOPCZ1bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjYwMTAxMTIxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTJiNjcyODNjNTRkOTUxMzE0M2ZjNWMzY2RlMWU4MDUxMGE4Y2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvw4shQPiObYsf149OsUbWVqBEj/+
E78BFYKgEhtx1YAboATWZsR2bqAtb0bFgVNpVZe7baYL3UVsejuMDWIcmXpPW4GF
ZHhm6+jFZjdZgmuO95Ob+1kCUXm+WPhPHP5QGowJL6wySGfBeFoomeawZsj6rGYl
2j+U8e96W3py2zgLInz/yyPsjEhHYvB+Nfd96kRX7Vc/x6Xifkc4vJg0NKKCLqE4
jG6Yj1B5F5+udHhY1FrTs/fvmM1guo2Wg6DXX3akGLu/cyAQ+H4iXVodzzw+6nRg
mko5zAQJMh3RtVSJJYzuwuEiuo1TCiJ5mcLggGZ7WzonTtOx3plOmsaDNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBkrZyg8VNlRMUP8XDzeHoBRCoy6MB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvR1N0bktEeFUyVkV4UV94Y1BONGVnRkVLakxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBf2oMA0G
CSqGSIb3DQEBCwUAA4IBAQAe8W6JJAbziBbydMMgbK0xnSzXYd/NvNlBvPQItr2e
6Ve2MrLXDPKJzaOo6rzRlajIX27u22X/4DAXkaQlMFCoCqDDyrg2Ur1iV3J5sirf
iZ/llZyYuI0xAxeFf06Fi/Zj2QUEMVUAZu6y+jWMbdK4+buVTpdE5iotrkdgQsI5
xh+Rvs54XwpYKtQfDVVdDRntE1i0Lw/aMSJ+UKf6dziMzD8nYlxmVPpBRk+IPcjN
SCW0qPqWYBT8iFb65A9QELUBpxVEApnc425k95BHu4NoP+YJcFLg0KGPMN/JEfEp
0/383OSmT7X9zI5ukHvWcnE9RzJEH7jIenWGlKkynPDO
-----END CERTIFICATE-----