This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/d5r0W7DTPQ3gTqs_-NBseisWlCo.roa
File:                     d5r0W7DTPQ3gTqs_-NBseisWlCo.roa (raw, json)
Hash identifier:          d47i9og2b8C2O7tuxenulALhI1Vd+GOyXorTmCH8MG8=
Subject key identifier:   77:9A:F4:5B:B0:D3:3D:0D:E0:4E:AB:3F:F8:D0:6C:7A:2B:16:94:2A
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019B7CEE3B091AF62D3DCD4DB2449AC6F601
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/d5r0W7DTPQ3gTqs_-NBseisWlCo.roa
Signing time:             Fri 02 Jan 2026 04:19:06 +0000
ROA not before:           Fri 02 Jan 2026 04:19:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29802
IP address blocks:        5.102.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:3b:09:1a:f6:2d:3d:cd:4d:b2:44:9a:c6:f6:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  2 04:19:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=779af45bb0d33d0de04eab3ff8d06c7a2b16942a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:4f:ca:1b:7b:dd:0c:8a:8f:47:1a:90:80:8f:
                    21:8a:9f:f3:f8:a2:e1:a3:9e:3e:40:07:a6:f1:f5:
                    45:75:26:44:62:70:94:13:91:69:fa:c7:46:0e:e3:
                    21:bb:97:a2:6b:8e:3d:f1:46:5d:1b:fd:c9:5a:a0:
                    20:9f:96:52:6f:22:20:8a:98:e3:aa:87:12:4d:e8:
                    4c:cb:2a:26:1e:49:85:9c:6d:08:6d:1c:89:20:6d:
                    52:e7:91:1e:1e:63:59:2c:c7:a0:c2:b3:22:4e:8e:
                    7e:d7:ab:0d:5e:78:03:f7:71:f4:04:53:4a:46:7f:
                    ec:c8:3f:b3:42:f3:2d:16:35:82:37:09:d6:5c:58:
                    c6:7d:e9:8e:39:e8:e0:15:e4:6d:3e:0b:9d:32:54:
                    4b:2a:f1:31:c8:b1:01:bb:a1:55:5c:c2:5d:0b:d8:
                    92:bf:14:7f:57:3b:b0:f3:72:2d:70:fa:7f:a5:5b:
                    9c:6b:95:d6:ad:d8:f9:33:b3:cf:6c:bb:f2:2a:86:
                    bf:d8:4b:ad:c5:c3:4e:3b:35:6b:b3:7d:64:22:e2:
                    48:dc:9f:1c:2d:bd:5b:dd:47:56:a4:44:f5:e8:30:
                    68:35:81:c1:dd:6c:32:ad:5c:f7:39:97:d4:e1:87:
                    5e:73:27:10:22:39:2f:be:6b:a7:25:c1:e3:85:41:
                    d5:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:9A:F4:5B:B0:D3:3D:0D:E0:4E:AB:3F:F8:D0:6C:7A:2B:16:94:2A
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/d5r0W7DTPQ3gTqs_-NBseisWlCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:f6:35:40:bb:7b:44:ee:f6:aa:3b:f2:e9:7a:05:36:dc:94:
         08:3b:7d:c9:56:08:f8:5d:83:ec:2a:01:9b:33:fa:40:ac:0a:
         f6:a3:e9:e8:e2:c3:a8:15:c6:74:6d:37:7e:8c:90:cb:89:5d:
         21:bb:ab:b8:9f:fa:2c:47:a8:83:19:4a:fb:fb:3d:53:23:58:
         73:26:0d:32:ea:cf:ca:af:73:f8:df:4e:64:d8:e1:c6:35:56:
         6d:fa:41:0d:7a:67:f4:a6:65:ec:c8:2a:d2:d7:8b:51:96:51:
         c6:aa:59:3e:14:3b:49:d7:56:4d:22:c1:58:55:dc:f6:81:b5:
         52:ab:8e:72:14:b8:4b:8e:04:37:59:93:52:f7:59:07:f4:79:
         19:83:41:fa:59:9d:de:a7:62:da:5e:69:5e:b9:17:a1:ff:9b:
         af:70:6f:f6:ae:37:00:9a:48:ef:5b:27:68:c4:ba:c2:a3:25:
         ee:fb:b6:98:d9:4e:51:24:2b:06:37:7e:5e:1e:5a:de:b4:25:
         e1:19:47:b5:02:d3:e5:16:47:13:51:32:aa:5a:f6:e1:13:e4:
         47:15:ef:eb:71:7d:1e:86:36:ce:d8:69:41:05:a7:8c:f0:f8:
         31:b9:77:75:c1:95:5c:78:fd:fb:b1:69:bd:6b:51:bd:e9:7d:
         c9:fa:fe:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87jsJGvYtPc1NskSaxvYBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjYwMTAyMDQxOTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzlhZjQ1YmIwZDMzZDBkZTA0ZWFiM2ZmOGQwNmM3YTJiMTY5NDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqE/KG3vdDIqPRxqQgI8hip/z+KLh
o54+QAem8fVFdSZEYnCUE5Fp+sdGDuMhu5eia4498UZdG/3JWqAgn5ZSbyIgipjj
qocSTehMyyomHkmFnG0IbRyJIG1S55EeHmNZLMegwrMiTo5+16sNXngD93H0BFNK
Rn/syD+zQvMtFjWCNwnWXFjGfemOOejgFeRtPgudMlRLKvExyLEBu6FVXMJdC9iS
vxR/Vzuw83ItcPp/pVuca5XWrdj5M7PPbLvyKoa/2EutxcNOOzVrs31kIuJI3J8c
Lb1b3UdWpET16DBoNYHB3WwyrVz3OZfU4YdecycQIjkvvmunJcHjhUHVfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHea9Fuw0z0N4E6rP/jQbHorFpQqMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvZDVyMFc3RFRQUTNnVHFzXy1OQnNlaXNXbENvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBWZoMA0G
CSqGSIb3DQEBCwUAA4IBAQBi9jVAu3tE7vaqO/LpegU23JQIO33JVgj4XYPsKgGb
M/pArAr2o+no4sOoFcZ0bTd+jJDLiV0hu6u4n/osR6iDGUr7+z1TI1hzJg0y6s/K
r3P4305k2OHGNVZt+kENemf0pmXsyCrS14tRllHGqlk+FDtJ11ZNIsFYVdz2gbVS
q45yFLhLjgQ3WZNS91kH9HkZg0H6WZ3ep2LaXmleuReh/5uvcG/2rjcAmkjvWydo
xLrCoyXu+7aY2U5RJCsGN35eHlretCXhGUe1AtPlFkcTUTKqWvbhE+RHFe/rcX0e
hjbO2GlBBaeM8PgxuXd1wZVceP37sWm9a1G96X3J+v4M
-----END CERTIFICATE-----