This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/RTDS83BZPr8GOwxlBuZwrgifhpE.roa
File:                     RTDS83BZPr8GOwxlBuZwrgifhpE.roa (raw, json)
Hash identifier:          dlJ9uDPjVjDJVz0OiQ96/4glzXs5xczVqBOYnJ5HiV4=
Subject key identifier:   45:30:D2:F3:70:59:3E:BF:06:3B:0C:65:06:E6:70:AE:08:9F:86:91
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019B7CEE42BFE757CD9E86EB9B525491DED1
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/RTDS83BZPr8GOwxlBuZwrgifhpE.roa
Signing time:             Fri 02 Jan 2026 04:19:07 +0000
ROA not before:           Fri 02 Jan 2026 04:19:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     270172
IP address blocks:        5.102.108.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:42:bf:e7:57:cd:9e:86:eb:9b:52:54:91:de:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  2 04:19:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4530d2f370593ebf063b0c6506e670ae089f8691
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d8:14:42:1c:d8:f1:84:91:e9:e1:15:71:3d:
                    7a:bd:7c:ce:6a:d6:6d:ac:50:ff:31:90:16:17:d2:
                    e1:1c:39:70:07:7c:d2:ae:4c:2a:5f:70:d5:e4:f0:
                    81:2d:c5:4c:b6:2f:5c:53:c6:0a:78:28:9c:7f:da:
                    be:55:21:2c:51:6b:02:6f:89:ad:59:7f:93:d5:94:
                    da:50:8b:83:2e:a0:eb:92:98:15:40:41:32:97:15:
                    32:58:af:24:8f:e4:73:5b:70:45:a5:0f:36:f6:0a:
                    a0:fd:e9:ce:09:88:b9:47:c7:b2:a8:4d:2a:eb:c7:
                    56:bd:77:36:8f:4e:29:d9:ee:b6:5b:f5:c2:5c:f5:
                    81:ad:75:0b:de:58:1d:4f:66:c1:10:f5:22:30:96:
                    a5:0e:aa:ed:1e:c2:b1:4e:cc:7a:db:72:06:1d:e7:
                    8c:d5:e1:ed:6e:18:79:ba:57:62:1d:e6:51:21:a1:
                    17:a1:b3:45:12:5b:67:39:19:15:cb:96:2a:e6:fd:
                    d6:28:58:b8:be:73:21:bc:a3:5d:85:9c:12:a2:f2:
                    f9:24:06:11:6e:3c:bd:37:cd:59:78:44:99:a9:0c:
                    31:44:37:86:7a:b5:84:32:92:cc:99:d5:f5:f8:22:
                    b5:87:c9:07:06:6f:87:c3:6b:33:9e:f8:56:ce:a9:
                    7d:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:30:D2:F3:70:59:3E:BF:06:3B:0C:65:06:E6:70:AE:08:9F:86:91
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/RTDS83BZPr8GOwxlBuZwrgifhpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:fd:db:7b:0b:7b:51:82:05:e7:3f:47:fc:db:b4:f1:d9:12:
         33:d6:de:0f:b4:88:4e:a3:84:16:7d:bb:73:5c:93:8f:1e:3c:
         e3:59:e6:04:0f:4c:1c:58:68:fa:5b:57:de:ac:47:4f:7a:27:
         5b:4c:49:48:fc:94:4c:14:e8:e3:c1:47:af:7d:dd:17:a7:d2:
         49:c3:22:01:ff:2d:b1:93:32:7e:e1:9c:71:2b:9b:08:44:e8:
         8a:4f:df:7a:40:30:de:0a:d4:bc:d1:6a:6e:43:1f:0e:da:08:
         a5:01:df:22:5d:42:58:00:e7:fd:8a:bf:b0:5e:50:e5:15:75:
         8e:7e:be:cc:d7:55:38:01:e9:9a:b7:63:15:7d:53:0c:49:c4:
         a1:0c:fb:a7:25:86:49:13:fa:d6:4a:14:85:94:b8:61:cc:fc:
         83:96:ee:a4:92:b7:21:58:62:e0:90:92:9f:ba:fc:52:dd:f9:
         4e:48:bb:e6:c7:0b:49:23:c6:db:96:1e:c4:2c:fe:8e:73:b2:
         46:92:05:b3:f6:10:75:15:2c:72:04:68:f3:97:c0:80:7f:c0:
         50:7b:ed:be:79:0f:12:b8:a9:a7:88:30:0f:75:1f:7f:82:94:
         de:26:ea:b7:5d:ad:75:96:29:cc:18:c9:5d:a4:41:ed:68:1a:
         da:7e:a6:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87kK/51fNnobrm1JUkd7RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjYwMTAyMDQxOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTMwZDJmMzcwNTkzZWJmMDYzYjBjNjUwNmU2NzBhZTA4OWY4NjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNgUQhzY8YSR6eEVcT16vXzOatZt
rFD/MZAWF9LhHDlwB3zSrkwqX3DV5PCBLcVMti9cU8YKeCicf9q+VSEsUWsCb4mt
WX+T1ZTaUIuDLqDrkpgVQEEylxUyWK8kj+RzW3BFpQ829gqg/enOCYi5R8eyqE0q
68dWvXc2j04p2e62W/XCXPWBrXUL3lgdT2bBEPUiMJalDqrtHsKxTsx623IGHeeM
1eHtbhh5uldiHeZRIaEXobNFEltnORkVy5Yq5v3WKFi4vnMhvKNdhZwSovL5JAYR
bjy9N81ZeESZqQwxRDeGerWEMpLMmdX1+CK1h8kHBm+Hw2sznvhWzql98QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEUw0vNwWT6/BjsMZQbmcK4In4aRMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvUlREUzgzQlpQcjhHT3d4bEJ1WndyZ2lmaHBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBWZsMA0G
CSqGSIb3DQEBCwUAA4IBAQCF/dt7C3tRggXnP0f827Tx2RIz1t4PtIhOo4QWfbtz
XJOPHjzjWeYED0wcWGj6W1ferEdPeidbTElI/JRMFOjjwUevfd0Xp9JJwyIB/y2x
kzJ+4ZxxK5sIROiKT996QDDeCtS80WpuQx8O2gilAd8iXUJYAOf9ir+wXlDlFXWO
fr7M11U4Aemat2MVfVMMScShDPunJYZJE/rWShSFlLhhzPyDlu6kkrchWGLgkJKf
uvxS3flOSLvmxwtJI8bblh7ELP6Oc7JGkgWz9hB1FSxyBGjzl8CAf8BQe+2+eQ8S
uKmniDAPdR9/gpTeJuq3Xa11linMGMldpEHtaBrafqZS
-----END CERTIFICATE-----