This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/0fa280-02dd-4517-89a7-3b8178dbb94c/1/xl2dBFAq27Jc7XAbjqmjx5SGLQg.roa
File:                     xl2dBFAq27Jc7XAbjqmjx5SGLQg.roa (raw, json)
Hash identifier:          LWS6130jm9DNYynRHuAyBdYfUPrAY2AEwbKHUYPs/I0=
Subject key identifier:   C6:5D:9D:04:50:2A:DB:B2:5C:ED:70:1B:8E:A9:A3:C7:94:86:2D:08
Certificate issuer:       /CN=a36619427c283fa3b2bb7b45cc35a51286398961
Certificate serial:       019ACEEB249FD6297ABC9762A168FF51A115
Authority key identifier: A3:66:19:42:7C:28:3F:A3:B2:BB:7B:45:CC:35:A5:12:86:39:89:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2YZQnwoP6Oyu3tFzDWlEoY5iWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/0fa280-02dd-4517-89a7-3b8178dbb94c/1/xl2dBFAq27Jc7XAbjqmjx5SGLQg.roa
Signing time:             Sat 29 Nov 2025 09:21:48 +0000
ROA not before:           Sat 29 Nov 2025 09:21:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43395
IP address blocks:        212.108.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/0fa280-02dd-4517-89a7-3b8178dbb94c/1/o2YZQnwoP6Oyu3tFzDWlEoY5iWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/0fa280-02dd-4517-89a7-3b8178dbb94c/1/o2YZQnwoP6Oyu3tFzDWlEoY5iWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o2YZQnwoP6Oyu3tFzDWlEoY5iWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 12:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:ce:eb:24:9f:d6:29:7a:bc:97:62:a1:68:ff:51:a1:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a36619427c283fa3b2bb7b45cc35a51286398961
        Validity
            Not Before: Nov 29 09:21:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c65d9d04502adbb25ced701b8ea9a3c794862d08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:56:79:99:fd:9a:36:29:d2:5b:70:e9:0a:86:
                    52:6b:bd:be:e9:39:1e:f2:d9:3d:49:81:fd:79:b0:
                    c1:61:8b:ed:b5:24:ef:97:88:da:65:09:d9:2b:81:
                    59:51:9f:3d:f7:0a:c4:4e:17:d9:30:32:78:05:de:
                    02:a8:e5:25:49:01:e2:e2:44:33:4b:49:02:21:5f:
                    fc:0d:bf:27:d2:af:9d:bd:44:a6:a2:e7:e8:49:ec:
                    1b:ff:06:04:1a:ec:a5:b4:47:7e:89:50:8d:4a:2c:
                    50:9a:97:18:1b:15:15:2f:08:97:ab:81:9b:bf:37:
                    64:05:85:c3:be:86:5b:b9:60:d3:cd:13:a2:95:07:
                    6e:20:43:12:ca:ae:f4:18:4e:a1:c0:8f:78:1f:e2:
                    48:bb:98:bc:30:ca:32:fd:84:89:da:c9:29:bb:ef:
                    23:73:fa:91:1e:13:7d:0c:62:bd:7e:f5:02:ae:db:
                    5f:bf:a9:10:79:f3:19:a5:35:4d:aa:8b:4b:e5:83:
                    bd:d1:52:a1:57:0d:fa:d1:49:94:1c:c8:07:c7:d5:
                    5d:c9:ff:a2:9e:bb:64:5d:24:9e:be:84:c6:3e:37:
                    fa:29:85:11:c3:51:8c:90:44:b2:14:d2:38:6c:37:
                    0f:9a:54:86:52:29:c4:f3:3e:00:84:4d:2f:30:93:
                    48:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:5D:9D:04:50:2A:DB:B2:5C:ED:70:1B:8E:A9:A3:C7:94:86:2D:08
            X509v3 Authority Key Identifier:
                keyid:A3:66:19:42:7C:28:3F:A3:B2:BB:7B:45:CC:35:A5:12:86:39:89:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2YZQnwoP6Oyu3tFzDWlEoY5iWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/0fa280-02dd-4517-89a7-3b8178dbb94c/1/xl2dBFAq27Jc7XAbjqmjx5SGLQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/0fa280-02dd-4517-89a7-3b8178dbb94c/1/o2YZQnwoP6Oyu3tFzDWlEoY5iWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.108.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:98:0b:de:0c:5c:91:f0:7f:eb:a9:84:cf:8b:25:0a:ee:73:
         9d:40:50:ce:be:43:92:cd:fc:32:82:d3:f0:8d:ec:a5:d6:99:
         aa:21:41:4f:0c:dd:c3:6b:fd:b6:57:8c:0c:77:b5:a0:fa:d1:
         89:c7:5e:a1:6f:b4:2b:17:e5:95:68:17:9a:42:bc:14:60:91:
         98:d4:ea:34:19:59:ae:d0:4a:16:52:44:c8:1f:75:77:8a:3e:
         ae:cd:e1:89:b7:52:a6:dd:62:87:dc:bc:cb:71:47:82:bb:fb:
         de:ce:54:72:ee:6c:e4:2d:71:22:51:56:78:93:25:c9:79:40:
         d2:62:66:12:47:4b:f8:93:37:21:cf:4b:62:a1:c3:a1:ef:0e:
         1a:48:af:be:91:92:4c:01:ad:61:dc:81:cc:65:91:5d:8a:fe:
         76:f7:28:45:f4:a8:66:14:20:44:23:b9:6f:2e:90:41:e9:fe:
         89:7b:24:8b:16:c1:77:ff:9e:7a:9d:3c:38:d1:24:b7:f6:cf:
         e0:1e:26:64:f8:60:51:fc:dd:db:ad:1e:d8:c5:ec:0f:6f:40:
         32:97:08:3e:20:42:ee:7c:8c:ae:a9:82:91:bb:ca:53:91:6a:
         1c:f1:60:7a:84:90:a7:42:8d:9f:8c:4d:bf:51:db:a8:38:90:
         52:0b:a2:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrO6ySf1il6vJdioWj/UaEVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjYxOTQyN2MyODNmYTNiMmJiN2I0NWNjMzVhNTEyODYz
OTg5NjEwHhcNMjUxMTI5MDkyMTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjVkOWQwNDUwMmFkYmIyNWNlZDcwMWI4ZWE5YTNjNzk0ODYyZDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1Z5mf2aNinSW3DpCoZSa72+6Tke
8tk9SYH9ebDBYYvttSTvl4jaZQnZK4FZUZ899wrEThfZMDJ4Bd4CqOUlSQHi4kQz
S0kCIV/8Db8n0q+dvUSmoufoSewb/wYEGuyltEd+iVCNSixQmpcYGxUVLwiXq4Gb
vzdkBYXDvoZbuWDTzROilQduIEMSyq70GE6hwI94H+JIu5i8MMoy/YSJ2skpu+8j
c/qRHhN9DGK9fvUCrttfv6kQefMZpTVNqotL5YO90VKhVw360UmUHMgHx9Vdyf+i
nrtkXSSevoTGPjf6KYURw1GMkESyFNI4bDcPmlSGUinE8z4AhE0vMJNIoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZdnQRQKtuyXO1wG46po8eUhi0IMB8GA1UdIwQY
MBaAFKNmGUJ8KD+jsrt7Rcw1pRKGOYlhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJZWlFud29QNk95dTN0RnpEV2xFb1k1aVdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8wZmEyODAtMDJkZC00NTE3LTg5YTct
M2I4MTc4ZGJiOTRjLzEveGwyZEJGQXEyN0pjN1hBYmpxbWp4NVNHTFFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8wZmEyODAtMDJkZC00NTE3LTg5YTctM2I4MTc4ZGJiOTRj
LzEvbzJZWlFud29QNk95dTN0RnpEV2xFb1k1aVdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Gx9MA0G
CSqGSIb3DQEBCwUAA4IBAQBomAveDFyR8H/rqYTPiyUK7nOdQFDOvkOSzfwygtPw
jeyl1pmqIUFPDN3Da/22V4wMd7Wg+tGJx16hb7QrF+WVaBeaQrwUYJGY1Oo0GVmu
0EoWUkTIH3V3ij6uzeGJt1Km3WKH3LzLcUeCu/vezlRy7mzkLXEiUVZ4kyXJeUDS
YmYSR0v4kzchz0tiocOh7w4aSK++kZJMAa1h3IHMZZFdiv529yhF9KhmFCBEI7lv
LpBB6f6JeySLFsF3/556nTw40SS39s/gHiZk+GBR/N3brR7YxewPb0Aylwg+IELu
fIyuqYKRu8pTkWoc8WB6hJCnQo2fjE2/UduoOJBSC6KY
-----END CERTIFICATE-----