This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/tFdZOVm-PrcIf_Tv6ZA86VKLE0A.roa
File:                     tFdZOVm-PrcIf_Tv6ZA86VKLE0A.roa (raw, json)
Hash identifier:          f+mSSCLTTZwRD7r4dreo2vc8CPrb2fYZFXUXgRgCL9E=
Subject key identifier:   B4:57:59:39:59:BE:3E:B7:08:7F:F4:EF:E9:90:3C:E9:52:8B:13:40
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019B7CEE421851F8DC9CFC0A9882130918CB
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/tFdZOVm-PrcIf_Tv6ZA86VKLE0A.roa
Signing time:             Fri 02 Jan 2026 04:19:07 +0000
ROA not before:           Fri 02 Jan 2026 04:19:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     270158
IP address blocks:        5.102.108.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:42:18:51:f8:dc:9c:fc:0a:98:82:13:09:18:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  2 04:19:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b457593959be3eb7087ff4efe9903ce9528b1340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:eb:b9:ef:05:44:19:ea:13:5a:f7:93:ff:7e:
                    f9:8c:50:77:36:f4:d2:bb:ba:d4:46:96:75:24:12:
                    eb:96:09:b7:87:d4:05:c7:c1:57:a8:5e:93:7e:30:
                    df:61:87:ad:3c:0f:05:a5:44:86:bc:5c:51:f2:85:
                    59:38:69:15:b5:5a:6b:7e:f8:28:c9:70:8b:d9:89:
                    fb:08:a5:c0:70:b5:84:ce:0b:31:99:94:51:9c:7b:
                    a7:ac:0a:52:84:ac:e6:95:fc:ca:2d:e7:4d:49:b6:
                    d7:bd:bf:cd:82:13:c0:a6:db:e4:e6:8a:6b:a6:8e:
                    c6:51:95:fe:ec:a9:2f:37:8c:59:2e:91:9d:e0:0f:
                    e7:a2:aa:a7:eb:66:a5:57:6b:15:9c:e9:8c:ee:a7:
                    16:b0:b8:63:77:9c:9d:b7:83:63:ae:15:4d:ad:1c:
                    94:a1:0a:a1:98:79:a9:93:60:0c:69:de:98:b0:e9:
                    1e:b8:44:50:52:b9:a9:e4:36:11:de:37:af:bd:1c:
                    d3:56:6b:35:5a:ca:b2:ae:48:66:8e:84:6c:73:2e:
                    ca:81:07:78:9a:78:6c:03:22:a9:10:ca:33:36:79:
                    52:71:d1:58:69:96:e6:74:27:30:c8:b8:fd:05:7a:
                    ba:ec:f5:a0:01:52:f8:94:4b:51:c4:41:ab:29:bc:
                    cf:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:57:59:39:59:BE:3E:B7:08:7F:F4:EF:E9:90:3C:E9:52:8B:13:40
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/tFdZOVm-PrcIf_Tv6ZA86VKLE0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:1f:6c:72:76:e8:45:0b:23:19:4e:7c:80:5f:e8:e7:31:ff:
         98:a5:90:11:e8:97:2a:7d:80:b4:e3:9d:1a:fd:2e:ab:46:f2:
         e9:9e:bc:b6:76:a0:39:8a:67:d7:d1:dd:23:92:9a:11:27:61:
         54:1d:f9:7a:22:1d:9a:c5:4b:b4:ce:da:35:c5:59:69:13:b6:
         b8:14:a6:b2:74:54:bf:e1:f5:ad:8c:db:26:30:54:77:d4:e6:
         dd:32:e3:fe:41:93:9f:f1:19:80:2d:e5:7a:4d:33:54:98:e7:
         5c:fb:c9:45:71:7f:63:bd:ae:e5:dc:1a:b9:16:7d:5a:2d:8f:
         86:71:be:3f:07:2c:d4:3f:02:7a:f9:73:af:b8:f2:57:23:fe:
         46:68:8e:21:d8:2e:ec:b0:c5:a2:d5:f3:5a:84:7e:ca:7c:51:
         6e:fd:d8:7e:d8:21:33:d0:b1:c2:7d:2c:7e:58:30:63:2f:af:
         f6:a5:07:77:3c:3b:99:71:e3:a2:5c:ca:4c:a4:b9:79:cb:bf:
         21:06:25:a6:35:de:23:8e:dc:e0:4c:88:b6:81:ae:45:a2:dc:
         53:07:ac:b9:ae:e0:fd:30:68:3f:d6:93:a3:5b:34:78:b9:b5:
         b8:d6:8a:e3:c4:e2:b5:6e:cb:53:c5:3a:21:2c:23:fe:3e:1e:
         17:8d:3b:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87kIYUfjcnPwKmIITCRjLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjYwMTAyMDQxOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDU3NTkzOTU5YmUzZWI3MDg3ZmY0ZWZlOTkwM2NlOTUyOGIxMzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuu57wVEGeoTWveT/375jFB3NvTS
u7rURpZ1JBLrlgm3h9QFx8FXqF6TfjDfYYetPA8FpUSGvFxR8oVZOGkVtVprfvgo
yXCL2Yn7CKXAcLWEzgsxmZRRnHunrApShKzmlfzKLedNSbbXvb/NghPAptvk5opr
po7GUZX+7KkvN4xZLpGd4A/noqqn62alV2sVnOmM7qcWsLhjd5ydt4NjrhVNrRyU
oQqhmHmpk2AMad6YsOkeuERQUrmp5DYR3jevvRzTVms1WsqyrkhmjoRscy7KgQd4
mnhsAyKpEMozNnlScdFYaZbmdCcwyLj9BXq67PWgAVL4lEtRxEGrKbzPwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRXWTlZvj63CH/07+mQPOlSixNAMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvdEZkWk9WbS1QcmNJZl9UdjZaQTg2VktMRTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBWZsMA0G
CSqGSIb3DQEBCwUAA4IBAQAWH2xyduhFCyMZTnyAX+jnMf+YpZAR6JcqfYC0450a
/S6rRvLpnry2dqA5imfX0d0jkpoRJ2FUHfl6Ih2axUu0zto1xVlpE7a4FKaydFS/
4fWtjNsmMFR31ObdMuP+QZOf8RmALeV6TTNUmOdc+8lFcX9jva7l3Bq5Fn1aLY+G
cb4/ByzUPwJ6+XOvuPJXI/5GaI4h2C7ssMWi1fNahH7KfFFu/dh+2CEz0LHCfSx+
WDBjL6/2pQd3PDuZceOiXMpMpLl5y78hBiWmNd4jjtzgTIi2ga5FotxTB6y5ruD9
MGg/1pOjWzR4ubW41orjxOK1bstTxTohLCP+Ph4XjTtc
-----END CERTIFICATE-----