This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/6c83e7-a352-4e21-a731-157b5ad6ab7b/1/5PEM24BMPrcvxY-cL8Z6QKGwr1U.roa
File:                     5PEM24BMPrcvxY-cL8Z6QKGwr1U.roa (raw, json)
Hash identifier:          9iefR/dFPM3ozUCII4KvIo+RC9gYE16NJW6hpn8+KmU=
Subject key identifier:   E4:F1:0C:DB:80:4C:3E:B7:2F:C5:8F:9C:2F:C6:7A:40:A1:B0:AF:55
Certificate issuer:       /CN=bf628b93661e905887359fc8e9a1888075db3cd8
Certificate serial:       019B7CECEDA3855D7957F9EAB6437ED3CAEF
Authority key identifier: BF:62:8B:93:66:1E:90:58:87:35:9F:C8:E9:A1:88:80:75:DB:3C:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v2KLk2YekFiHNZ_I6aGIgHXbPNg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/6c83e7-a352-4e21-a731-157b5ad6ab7b/1/5PEM24BMPrcvxY-cL8Z6QKGwr1U.roa
Signing time:             Fri 02 Jan 2026 04:17:40 +0000
ROA not before:           Fri 02 Jan 2026 04:17:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25540
IP address blocks:        185.52.84.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/6c83e7-a352-4e21-a731-157b5ad6ab7b/1/v2KLk2YekFiHNZ_I6aGIgHXbPNg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/6c83e7-a352-4e21-a731-157b5ad6ab7b/1/v2KLk2YekFiHNZ_I6aGIgHXbPNg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v2KLk2YekFiHNZ_I6aGIgHXbPNg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 19:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ec:ed:a3:85:5d:79:57:f9:ea:b6:43:7e:d3:ca:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf628b93661e905887359fc8e9a1888075db3cd8
        Validity
            Not Before: Jan  2 04:17:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e4f10cdb804c3eb72fc58f9c2fc67a40a1b0af55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c4:ee:1a:2d:a7:bd:32:ca:67:7b:70:1c:d7:
                    85:05:5a:4d:73:df:00:1c:1e:ce:81:16:37:16:4c:
                    d0:63:16:0e:f3:f0:41:3e:13:1c:d8:a9:51:9c:ea:
                    7d:99:b7:ec:9b:a9:5d:da:42:74:87:2a:20:23:0c:
                    70:ce:a8:04:aa:0d:52:d0:98:8b:6d:23:00:8c:34:
                    12:84:b4:23:35:2c:98:8f:f8:b4:9d:46:c4:86:15:
                    89:1b:7c:18:fc:22:92:0a:6c:5e:9d:b7:98:0a:de:
                    56:c9:02:a6:3e:2a:85:e5:60:d4:67:07:e5:c6:7a:
                    c7:0f:50:05:41:48:80:02:0a:37:42:c3:68:4c:93:
                    08:28:ec:8f:2f:c8:05:7f:bc:b6:93:1e:3a:94:c6:
                    a5:d3:69:95:e3:d3:fc:4e:31:51:97:9e:66:fd:54:
                    c4:35:df:89:30:b9:f3:c5:dd:63:79:34:72:f2:dc:
                    2a:ff:fa:e0:b9:43:f1:9a:61:a8:bb:50:cf:70:d4:
                    46:a4:cd:27:a2:73:54:1d:74:3c:b1:79:46:24:56:
                    63:5c:9f:40:d9:2d:63:7f:b8:8f:6a:4e:fd:b2:98:
                    64:d0:da:45:c8:da:15:95:96:ae:46:79:3a:4e:b4:
                    44:03:c3:08:6a:33:51:fa:8b:2f:ca:40:0b:55:83:
                    c2:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:F1:0C:DB:80:4C:3E:B7:2F:C5:8F:9C:2F:C6:7A:40:A1:B0:AF:55
            X509v3 Authority Key Identifier:
                keyid:BF:62:8B:93:66:1E:90:58:87:35:9F:C8:E9:A1:88:80:75:DB:3C:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v2KLk2YekFiHNZ_I6aGIgHXbPNg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/6c83e7-a352-4e21-a731-157b5ad6ab7b/1/5PEM24BMPrcvxY-cL8Z6QKGwr1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/6c83e7-a352-4e21-a731-157b5ad6ab7b/1/v2KLk2YekFiHNZ_I6aGIgHXbPNg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.52.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:0c:d0:db:46:02:a1:d1:80:c5:1c:d0:b0:70:d9:7f:2e:87:
         f7:bf:bd:ec:a4:93:79:9c:74:0b:9a:d9:66:31:05:24:27:5a:
         d2:7e:5d:28:9c:0d:10:87:82:8f:3e:b9:62:99:b0:14:c7:cb:
         44:87:2c:de:4e:6e:21:58:14:bf:70:e4:56:ea:16:d4:c5:4a:
         75:ca:c6:48:53:ea:7a:58:e1:9d:01:8e:35:d9:57:50:e5:a4:
         bb:ff:27:60:f8:c3:9f:33:31:9b:ca:e7:d5:6f:ca:9f:49:48:
         15:52:ef:a7:a0:34:ea:0b:7b:e6:c1:a2:49:2d:16:3a:be:4f:
         dc:7c:eb:19:22:0e:75:49:55:c3:80:4f:da:74:41:1d:54:5e:
         9d:e8:89:6c:3d:0c:0a:b6:82:c6:24:55:02:e0:2d:f7:1f:95:
         46:ea:75:34:e6:30:fc:52:cc:ee:69:c1:c1:a3:36:b4:4f:ad:
         60:3b:50:fd:05:86:a8:0e:0c:b6:23:f6:35:f7:c8:ba:15:fa:
         91:19:0e:d7:4c:b7:2f:01:c8:55:3e:e0:f0:c1:59:17:ab:94:
         68:05:07:86:ea:43:cf:b3:ca:b6:0c:4c:9b:6d:ff:fa:3c:26:
         95:b3:1c:96:c5:7d:bf:a8:92:0a:23:53:7f:70:2d:9f:35:75:
         6b:5d:38:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87O2jhV15V/nqtkN+08rvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNjI4YjkzNjYxZTkwNTg4NzM1OWZjOGU5YTE4ODgwNzVk
YjNjZDgwHhcNMjYwMTAyMDQxNzQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGYxMGNkYjgwNGMzZWI3MmZjNThmOWMyZmM2N2E0MGExYjBhZjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucTuGi2nvTLKZ3twHNeFBVpNc98A
HB7OgRY3FkzQYxYO8/BBPhMc2KlRnOp9mbfsm6ld2kJ0hyogIwxwzqgEqg1S0JiL
bSMAjDQShLQjNSyYj/i0nUbEhhWJG3wY/CKSCmxenbeYCt5WyQKmPiqF5WDUZwfl
xnrHD1AFQUiAAgo3QsNoTJMIKOyPL8gFf7y2kx46lMal02mV49P8TjFRl55m/VTE
Nd+JMLnzxd1jeTRy8twq//rguUPxmmGou1DPcNRGpM0nonNUHXQ8sXlGJFZjXJ9A
2S1jf7iPak79sphk0NpFyNoVlZauRnk6TrREA8MIajNR+osvykALVYPCCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOTxDNuATD63L8WPnC/GekChsK9VMB8GA1UdIwQY
MBaAFL9ii5NmHpBYhzWfyOmhiIB12zzYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjJLTGsyWWVrRmlITlpfSTZhR0lnSFhiUE5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi82YzgzZTctYTM1Mi00ZTIxLWE3MzEt
MTU3YjVhZDZhYjdiLzEvNVBFTTI0Qk1QcmN2eFktY0w4WjZRS0d3cjFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi82YzgzZTctYTM1Mi00ZTIxLWE3MzEtMTU3YjVhZDZhYjdi
LzEvdjJLTGsyWWVrRmlITlpfSTZhR0lnSFhiUE5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTRUMA0G
CSqGSIb3DQEBCwUAA4IBAQA6DNDbRgKh0YDFHNCwcNl/Lof3v73spJN5nHQLmtlm
MQUkJ1rSfl0onA0Qh4KPPrlimbAUx8tEhyzeTm4hWBS/cORW6hbUxUp1ysZIU+p6
WOGdAY412VdQ5aS7/ydg+MOfMzGbyufVb8qfSUgVUu+noDTqC3vmwaJJLRY6vk/c
fOsZIg51SVXDgE/adEEdVF6d6IlsPQwKtoLGJFUC4C33H5VG6nU05jD8UszuacHB
oza0T61gO1D9BYaoDgy2I/Y198i6FfqRGQ7XTLcvAchVPuDwwVkXq5RoBQeG6kPP
s8q2DEybbf/6PCaVsxyWxX2/qJIKI1N/cC2fNXVrXThr
-----END CERTIFICATE-----