This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/a21c9e-87f1-4983-8394-de37673c409c/1/tP-zd4fvUG5Ghj_hj4jy-iA0H5M.roa
File:                     tP-zd4fvUG5Ghj_hj4jy-iA0H5M.roa (raw, json)
Hash identifier:          dncyiHvUZh8Otlmg0Vs+Wpy7Azdi/J7dNn/2EsRGlWE=
Subject key identifier:   B4:FF:B3:77:87:EF:50:6E:46:86:3F:E1:8F:88:F2:FA:20:34:1F:93
Certificate issuer:       /CN=aa54c4763ea018c3dc70203d04efe71fd4b1b066
Certificate serial:       019B7D5D2CF05B9526D155756AC111228E47
Authority key identifier: AA:54:C4:76:3E:A0:18:C3:DC:70:20:3D:04:EF:E7:1F:D4:B1:B0:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qlTEdj6gGMPccCA9BO_nH9SxsGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/a21c9e-87f1-4983-8394-de37673c409c/1/tP-zd4fvUG5Ghj_hj4jy-iA0H5M.roa
Signing time:             Fri 02 Jan 2026 06:20:16 +0000
ROA not before:           Fri 02 Jan 2026 06:20:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42010
IP address blocks:        5.175.56.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/a21c9e-87f1-4983-8394-de37673c409c/1/qlTEdj6gGMPccCA9BO_nH9SxsGY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/a21c9e-87f1-4983-8394-de37673c409c/1/qlTEdj6gGMPccCA9BO_nH9SxsGY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qlTEdj6gGMPccCA9BO_nH9SxsGY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 21:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:2c:f0:5b:95:26:d1:55:75:6a:c1:11:22:8e:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa54c4763ea018c3dc70203d04efe71fd4b1b066
        Validity
            Not Before: Jan  2 06:20:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4ffb37787ef506e46863fe18f88f2fa20341f93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:46:96:48:4b:b2:a7:74:ed:0d:bb:8d:29:cd:
                    04:86:15:ba:37:c8:09:1e:2a:2c:2f:55:b9:67:d9:
                    ad:f4:69:88:78:48:eb:4c:f3:66:fb:c3:a6:8a:0f:
                    2e:cf:70:bf:66:08:94:52:a0:51:6e:4f:5e:ce:3f:
                    5e:cb:2a:42:2a:52:ce:c6:31:f2:7f:f3:f4:d3:e0:
                    3a:1c:ee:bc:c1:f1:4d:c0:0e:3f:31:37:30:4d:a3:
                    bd:a0:fd:5d:c4:4b:18:c8:73:8a:b4:79:c5:c9:1e:
                    32:86:48:e7:f5:df:b5:28:f9:96:d9:cd:c6:1f:b5:
                    23:2d:2a:76:5c:84:a6:b9:ea:62:83:62:c4:35:58:
                    20:dd:10:57:5b:a5:72:85:ad:57:4f:53:96:ac:92:
                    86:1c:38:1e:64:80:07:f8:c4:fd:dc:fd:31:2b:53:
                    34:7d:0b:ce:ea:5d:ca:bc:8b:2e:86:5e:15:41:aa:
                    39:6b:71:f3:fe:b6:fa:03:82:9e:71:83:29:8a:3f:
                    9d:36:a9:bb:26:da:3f:e6:76:42:0f:cb:3a:45:cf:
                    53:7f:28:99:2a:87:43:dd:bc:34:f0:75:37:4a:7f:
                    8f:eb:1d:4d:dc:c1:2c:3e:99:d6:d9:64:6e:7f:8d:
                    8c:37:9b:c2:f1:3a:e4:c0:bc:88:a4:a8:5b:d7:79:
                    b1:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:FF:B3:77:87:EF:50:6E:46:86:3F:E1:8F:88:F2:FA:20:34:1F:93
            X509v3 Authority Key Identifier:
                keyid:AA:54:C4:76:3E:A0:18:C3:DC:70:20:3D:04:EF:E7:1F:D4:B1:B0:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qlTEdj6gGMPccCA9BO_nH9SxsGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/a21c9e-87f1-4983-8394-de37673c409c/1/tP-zd4fvUG5Ghj_hj4jy-iA0H5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/a21c9e-87f1-4983-8394-de37673c409c/1/qlTEdj6gGMPccCA9BO_nH9SxsGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ac:84:f6:89:27:60:92:e3:ba:81:98:05:8f:b5:54:66:24:4e:
         58:d5:a5:2c:b8:52:71:68:6b:42:c1:47:67:1f:5e:f4:a2:3a:
         34:5c:1e:09:89:42:9e:b8:0b:ec:16:d3:f7:69:51:6c:7c:b2:
         46:93:f1:96:2f:dc:9a:7b:6d:0d:8b:19:0b:b0:01:8e:19:78:
         d2:a1:d9:73:20:97:2e:f8:b2:27:6c:a2:f4:ff:c2:76:69:03:
         39:a7:98:54:25:5c:5e:71:a1:1a:5d:fa:ac:85:f7:d7:b6:98:
         12:31:96:78:b4:78:ea:2d:cc:4f:81:20:7f:3c:f6:be:3d:94:
         c3:68:60:47:5a:cb:5c:11:f2:b5:ed:be:a9:4b:eb:87:a4:f2:
         77:53:f2:b4:56:d0:3c:a3:f2:52:a1:49:72:5f:c2:ea:4b:ce:
         aa:cf:75:cf:86:0f:a5:ae:93:3a:91:aa:e2:41:bb:92:5d:ff:
         13:9f:e6:a1:54:ec:f5:62:14:06:60:eb:81:89:90:c9:82:69:
         9d:9f:82:74:3f:01:c1:23:22:9f:c8:34:91:ed:03:79:0e:25:
         4b:35:1a:59:7e:39:e5:67:ea:1e:ea:a2:9c:46:95:fb:5f:58:
         45:e2:1e:b3:f6:8a:37:41:5f:24:cb:97:a8:ac:40:be:67:3c:
         8f:3d:c9:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XSzwW5Um0VV1asERIo5HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNTRjNDc2M2VhMDE4YzNkYzcwMjAzZDA0ZWZlNzFmZDRi
MWIwNjYwHhcNMjYwMTAyMDYyMDE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGZmYjM3Nzg3ZWY1MDZlNDY4NjNmZTE4Zjg4ZjJmYTIwMzQxZjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4EaWSEuyp3TtDbuNKc0EhhW6N8gJ
HiosL1W5Z9mt9GmIeEjrTPNm+8Omig8uz3C/ZgiUUqBRbk9ezj9eyypCKlLOxjHy
f/P00+A6HO68wfFNwA4/MTcwTaO9oP1dxEsYyHOKtHnFyR4yhkjn9d+1KPmW2c3G
H7UjLSp2XISmuepig2LENVgg3RBXW6Vyha1XT1OWrJKGHDgeZIAH+MT93P0xK1M0
fQvO6l3KvIsuhl4VQao5a3Hz/rb6A4KecYMpij+dNqm7Jto/5nZCD8s6Rc9TfyiZ
KodD3bw08HU3Sn+P6x1N3MEsPpnW2WRuf42MN5vC8TrkwLyIpKhb13mx3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLT/s3eH71BuRoY/4Y+I8vogNB+TMB8GA1UdIwQY
MBaAFKpUxHY+oBjD3HAgPQTv5x/UsbBmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWxURWRqNmdHTVBjY0NBOUJPX25IOVN4c0dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9hMjFjOWUtODdmMS00OTgzLTgzOTQt
ZGUzNzY3M2M0MDljLzEvdFAtemQ0ZnZVRzVHaGpfaGo0anktaUEwSDVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9hMjFjOWUtODdmMS00OTgzLTgzOTQtZGUzNzY3M2M0MDlj
LzEvcWxURWRqNmdHTVBjY0NBOUJPX25IOVN4c0dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBa84MA0G
CSqGSIb3DQEBCwUAA4IBAQCshPaJJ2CS47qBmAWPtVRmJE5Y1aUsuFJxaGtCwUdn
H170ojo0XB4JiUKeuAvsFtP3aVFsfLJGk/GWL9yae20NixkLsAGOGXjSodlzIJcu
+LInbKL0/8J2aQM5p5hUJVxecaEaXfqshffXtpgSMZZ4tHjqLcxPgSB/PPa+PZTD
aGBHWstcEfK17b6pS+uHpPJ3U/K0VtA8o/JSoUlyX8LqS86qz3XPhg+lrpM6kari
QbuSXf8Tn+ahVOz1YhQGYOuBiZDJgmmdn4J0PwHBIyKfyDSR7QN5DiVLNRpZfjnl
Z+oe6qKcRpX7X1hF4h6z9oo3QV8ky5eorEC+ZzyPPcl7
-----END CERTIFICATE-----