This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/TBrPU9fPKBDqqHBRaNxMA1UegDw.roa
File:                     TBrPU9fPKBDqqHBRaNxMA1UegDw.roa (raw, json)
Hash identifier:          W7DQYQNuoI+QoqbkUzHRzRQaCn8sMhNXKaSmuQh0wgA=
Subject key identifier:   4C:1A:CF:53:D7:CF:28:10:EA:A8:70:51:68:DC:4C:03:55:1E:80:3C
Certificate issuer:       /CN=25ae551af0bb5d7977ea73f6896f25f1eca28f9d
Certificate serial:       019B7B3689B2CDA24FD24EC3E1F425899AF0
Authority key identifier: 25:AE:55:1A:F0:BB:5D:79:77:EA:73:F6:89:6F:25:F1:EC:A2:8F:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ja5VGvC7XXl36nP2iW8l8eyij50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/TBrPU9fPKBDqqHBRaNxMA1UegDw.roa
Signing time:             Thu 01 Jan 2026 20:18:50 +0000
ROA not before:           Thu 01 Jan 2026 20:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201121
IP address blocks:        5.158.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/Ja5VGvC7XXl36nP2iW8l8eyij50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/Ja5VGvC7XXl36nP2iW8l8eyij50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ja5VGvC7XXl36nP2iW8l8eyij50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:89:b2:cd:a2:4f:d2:4e:c3:e1:f4:25:89:9a:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25ae551af0bb5d7977ea73f6896f25f1eca28f9d
        Validity
            Not Before: Jan  1 20:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c1acf53d7cf2810eaa8705168dc4c03551e803c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:82:6f:88:82:b8:36:01:42:46:c6:4d:bd:45:
                    06:2e:12:6b:93:92:78:57:eb:61:25:e3:59:a0:3a:
                    8a:ce:73:b8:a3:ae:b4:2b:a3:08:a4:c7:5d:90:cf:
                    07:08:3b:5d:cf:ce:4e:b8:da:1c:75:1d:07:f0:a6:
                    9c:ca:cd:43:3d:b8:8d:91:ba:d2:94:c0:54:b8:f8:
                    44:72:fa:f6:48:94:e1:91:b7:7d:2d:e8:68:2d:42:
                    ca:0a:f2:cd:92:9b:8e:7b:5e:d0:a7:47:c3:b1:24:
                    2c:cd:ca:b6:7a:9f:bd:9b:1f:bd:09:e8:66:24:f2:
                    80:99:f5:96:bb:5a:ed:cb:c1:e8:d1:ed:63:63:a3:
                    c9:85:f2:d5:e5:44:9d:46:72:0d:55:c7:6b:ff:90:
                    47:fa:88:5f:d5:b8:29:87:f2:c4:2d:c3:21:45:01:
                    fc:42:ca:95:9c:7d:32:d2:59:e8:db:81:90:6a:a9:
                    a2:a6:54:18:cc:15:d0:7f:a3:44:ae:02:96:fd:f0:
                    0d:3b:de:31:4c:9c:57:71:df:21:c3:d0:6f:97:bb:
                    73:cc:fd:6b:fe:cd:57:57:52:23:e5:85:04:01:36:
                    61:28:89:69:0f:45:90:c9:bf:10:d8:e4:8b:06:2f:
                    0f:77:98:6c:87:60:c5:77:d6:8b:f1:ae:0b:0e:ea:
                    07:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:1A:CF:53:D7:CF:28:10:EA:A8:70:51:68:DC:4C:03:55:1E:80:3C
            X509v3 Authority Key Identifier:
                keyid:25:AE:55:1A:F0:BB:5D:79:77:EA:73:F6:89:6F:25:F1:EC:A2:8F:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ja5VGvC7XXl36nP2iW8l8eyij50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/TBrPU9fPKBDqqHBRaNxMA1UegDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/Ja5VGvC7XXl36nP2iW8l8eyij50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.158.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:82:62:42:85:a1:c8:ce:bd:1f:85:e7:85:57:64:22:14:bb:
         f5:d9:1f:f9:de:7a:4a:72:16:18:84:b5:ea:e6:47:df:6c:b6:
         aa:8d:85:a1:84:ff:2a:b6:5a:03:ad:b3:a6:1d:b0:88:62:96:
         2e:38:23:25:7a:9f:2c:56:26:60:bd:fe:a6:83:b8:7d:c5:b8:
         1a:a2:5f:30:7a:b4:59:75:64:d2:16:dd:27:0f:f4:1c:95:52:
         e0:d8:cd:b2:4b:39:a5:13:8d:9b:f6:16:38:81:30:dc:62:7e:
         95:ef:f9:7d:20:65:0e:18:ca:13:48:86:df:fd:20:a9:f9:d7:
         89:a2:a0:be:e0:8e:94:be:d0:79:df:16:58:40:c9:54:d4:d8:
         08:74:27:ab:32:65:74:d3:0c:f2:b7:97:b7:fb:27:8c:d3:ca:
         06:c0:10:9d:fb:b9:e9:98:5e:c3:18:c7:bc:b6:f0:08:1e:27:
         92:ec:88:f6:77:6f:ef:cd:c0:98:ec:c3:0e:81:08:2b:5b:45:
         91:e0:67:2a:90:af:18:e8:d2:a3:19:d3:e4:38:88:27:5c:d4:
         f7:d8:33:94:de:9e:1e:12:cf:6a:a9:4c:36:4c:e8:61:bd:5d:
         b8:e0:3c:4e:86:fe:95:72:e8:ea:1b:49:c7:99:14:07:13:1c:
         dc:e4:3d:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NomyzaJP0k7D4fQliZrwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YWU1NTFhZjBiYjVkNzk3N2VhNzNmNjg5NmYyNWYxZWNh
MjhmOWQwHhcNMjYwMTAxMjAxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzFhY2Y1M2Q3Y2YyODEwZWFhODcwNTE2OGRjNGMwMzU1MWU4MDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYJviIK4NgFCRsZNvUUGLhJrk5J4
V+thJeNZoDqKznO4o660K6MIpMddkM8HCDtdz85OuNocdR0H8Kacys1DPbiNkbrS
lMBUuPhEcvr2SJThkbd9LehoLULKCvLNkpuOe17Qp0fDsSQszcq2ep+9mx+9Cehm
JPKAmfWWu1rty8Ho0e1jY6PJhfLV5USdRnINVcdr/5BH+ohf1bgph/LELcMhRQH8
QsqVnH0y0lno24GQaqmiplQYzBXQf6NErgKW/fANO94xTJxXcd8hw9Bvl7tzzP1r
/s1XV1Ij5YUEATZhKIlpD0WQyb8Q2OSLBi8Pd5hsh2DFd9aL8a4LDuoHzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwaz1PXzygQ6qhwUWjcTANVHoA8MB8GA1UdIwQY
MBaAFCWuVRrwu115d+pz9olvJfHsoo+dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmE1Vkd2QzdYWGwzNm5QMmlXOGw4ZXlpajUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny80MmY4MWItYzQyYy00MjU0LWFiYjkt
MjE0MmY4ZmI2NzZlLzEvVEJyUFU5ZlBLQkRxcUhCUmFOeE1BMVVlZ0R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny80MmY4MWItYzQyYy00MjU0LWFiYjktMjE0MmY4ZmI2NzZl
LzEvSmE1Vkd2QzdYWGwzNm5QMmlXOGw4ZXlpajUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZ5XMA0G
CSqGSIb3DQEBCwUAA4IBAQCXgmJChaHIzr0fheeFV2QiFLv12R/53npKchYYhLXq
5kffbLaqjYWhhP8qtloDrbOmHbCIYpYuOCMlep8sViZgvf6mg7h9xbgaol8werRZ
dWTSFt0nD/QclVLg2M2ySzmlE42b9hY4gTDcYn6V7/l9IGUOGMoTSIbf/SCp+deJ
oqC+4I6UvtB53xZYQMlU1NgIdCerMmV00wzyt5e3+yeM08oGwBCd+7npmF7DGMe8
tvAIHieS7Ij2d2/vzcCY7MMOgQgrW0WR4GcqkK8Y6NKjGdPkOIgnXNT32DOU3p4e
Es9qqUw2TOhhvV244DxOhv6VcujqG0nHmRQHExzc5D3/
-----END CERTIFICATE-----