This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/ODgdHM7EjChq_YSS9774P5Z46A4.roa
File:                     ODgdHM7EjChq_YSS9774P5Z46A4.roa (raw, json)
Hash identifier:          rb40TvEnd+AdrLvOEOoEZJPQ/zWoQJO/3tdPwyMpcH8=
Subject key identifier:   38:38:1D:1C:CE:C4:8C:28:6A:FD:84:92:F7:BE:F8:3F:96:78:E8:0E
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019B7E38C4198800083AFCFFE5AFDC4E43A7
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/ODgdHM7EjChq_YSS9774P5Z46A4.roa
Signing time:             Fri 02 Jan 2026 10:20:08 +0000
ROA not before:           Fri 02 Jan 2026 10:20:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207019
IP address blocks:        5.56.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:c4:19:88:00:08:3a:fc:ff:e5:af:dc:4e:43:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Jan  2 10:20:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=38381d1ccec48c286afd8492f7bef83f9678e80e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d4:ec:79:42:c8:8f:a2:fc:eb:d0:55:60:41:
                    44:42:c0:57:1f:35:da:24:5e:6c:8d:c7:2f:e3:a8:
                    02:a7:6d:a6:8c:87:01:03:3b:d4:95:f7:dc:3d:bc:
                    d0:bf:85:62:72:ba:dc:fe:37:90:40:bc:7c:10:c0:
                    63:10:b0:c2:d3:82:53:88:8f:84:d2:53:56:43:0e:
                    42:20:eb:7d:bf:1f:fe:9c:1d:91:2d:0d:7f:13:39:
                    57:8c:ac:39:ff:19:35:4f:d4:12:44:36:05:03:0d:
                    16:4d:03:21:e9:c9:ed:4a:4e:8f:dc:43:6f:4a:64:
                    9e:1f:91:9a:db:b0:26:6f:c7:96:43:d1:94:0d:ce:
                    ca:71:27:d6:3f:25:a7:fa:8c:c1:59:0e:b4:9b:6f:
                    2d:94:48:da:92:5a:dd:95:3b:99:9e:32:89:65:24:
                    32:bf:9c:46:24:bf:eb:8f:88:39:ee:cc:4a:3d:61:
                    3b:5f:4f:4f:76:a9:ba:54:8d:79:c3:e8:1f:f0:12:
                    12:33:34:50:37:d8:d6:0c:82:5e:b9:fb:dd:09:5e:
                    e6:a5:75:b6:c1:ae:94:52:d3:0e:b9:a5:d0:96:43:
                    76:fe:7f:8a:82:74:9c:24:53:6e:97:16:1a:23:83:
                    4d:2a:03:bc:12:6b:5d:53:76:86:4f:28:65:9b:c2:
                    a8:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:38:1D:1C:CE:C4:8C:28:6A:FD:84:92:F7:BE:F8:3F:96:78:E8:0E
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/ODgdHM7EjChq_YSS9774P5Z46A4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:96:21:bf:97:a3:0f:14:52:22:6d:c4:45:ff:3b:c9:6b:57:
         62:cf:fa:21:79:82:49:9f:17:7f:e5:2e:7a:16:d5:34:cc:4a:
         7d:d5:f7:2f:39:97:c9:62:67:f9:33:dc:48:19:e8:90:8e:f4:
         2b:5a:7f:28:82:f2:3d:5e:2a:0b:eb:4f:e8:60:75:e6:a2:dd:
         24:27:f3:b0:5a:46:c0:ee:6e:ce:7d:23:c8:f5:61:a7:84:3e:
         ef:9a:90:fa:ba:5d:1e:f3:75:4d:52:5e:74:bc:63:54:6d:75:
         52:b7:a2:b8:aa:53:be:f7:5f:2e:b2:d9:03:f2:0e:67:51:90:
         47:80:27:bc:ba:f5:0f:f0:28:b1:a4:ca:b9:f0:9a:52:ca:cd:
         80:ec:84:96:04:b2:c9:e8:f1:0a:04:54:d3:1b:4e:49:ea:9d:
         9a:40:0c:fd:02:c9:c7:71:88:3e:e8:78:1d:34:f1:72:1c:c1:
         bf:cb:12:c9:4a:0d:69:51:ed:b5:b9:dd:44:42:99:a2:28:dc:
         04:c7:4c:e1:22:57:bd:6a:9e:e4:df:30:94:a3:ab:bb:37:4b:
         d6:d8:01:ca:2f:26:0c:55:8e:51:1a:9c:29:99:75:c1:da:38:
         7f:55:a8:4e:fa:99:a6:fd:a7:60:d9:be:84:03:c2:f4:52:10:
         81:01:78:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OMQZiAAIOvz/5a/cTkOnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjYwMTAyMTAyMDA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODM4MWQxY2NlYzQ4YzI4NmFmZDg0OTJmN2JlZjgzZjk2NzhlODBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdTseULIj6L869BVYEFEQsBXHzXa
JF5sjccv46gCp22mjIcBAzvUlffcPbzQv4Vicrrc/jeQQLx8EMBjELDC04JTiI+E
0lNWQw5CIOt9vx/+nB2RLQ1/EzlXjKw5/xk1T9QSRDYFAw0WTQMh6cntSk6P3ENv
SmSeH5Ga27Amb8eWQ9GUDc7KcSfWPyWn+ozBWQ60m28tlEjaklrdlTuZnjKJZSQy
v5xGJL/rj4g57sxKPWE7X09Pdqm6VI15w+gf8BISMzRQN9jWDIJeufvdCV7mpXW2
wa6UUtMOuaXQlkN2/n+KgnScJFNulxYaI4NNKgO8EmtdU3aGTyhlm8KoiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDg4HRzOxIwoav2Ekve++D+WeOgOMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvT0RnZEhNN0VqQ2hxX1lTUzk3NzRQNVo0NkE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABTgZMA0G
CSqGSIb3DQEBCwUAA4IBAQBXliG/l6MPFFIibcRF/zvJa1diz/oheYJJnxd/5S56
FtU0zEp91fcvOZfJYmf5M9xIGeiQjvQrWn8ogvI9XioL60/oYHXmot0kJ/OwWkbA
7m7OfSPI9WGnhD7vmpD6ul0e83VNUl50vGNUbXVSt6K4qlO+918ustkD8g5nUZBH
gCe8uvUP8CixpMq58JpSys2A7ISWBLLJ6PEKBFTTG05J6p2aQAz9AsnHcYg+6Hgd
NPFyHMG/yxLJSg1pUe21ud1EQpmiKNwEx0zhIle9ap7k3zCUo6u7N0vW2AHKLyYM
VY5RGpwpmXXB2jh/VahO+pmm/adg2b6EA8L0UhCBAXgv
-----END CERTIFICATE-----