This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/I2KpdLXbpYuKcc5P2UrERlbUmQI.roa
File:                     I2KpdLXbpYuKcc5P2UrERlbUmQI.roa (raw, json)
Hash identifier:          QwjjNYoou+Yqw7bbIshNHDY3CQQBCro8tQly5UuqIPQ=
Subject key identifier:   23:62:A9:74:B5:DB:A5:8B:8A:71:CE:4F:D9:4A:C4:46:56:D4:99:02
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       019B775944A53035D1304FB4779D41669713
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/I2KpdLXbpYuKcc5P2UrERlbUmQI.roa
Signing time:             Thu 01 Jan 2026 02:18:17 +0000
ROA not before:           Thu 01 Jan 2026 02:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213365
IP address blocks:        5.133.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:44:a5:30:35:d1:30:4f:b4:77:9d:41:66:97:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jan  1 02:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2362a974b5dba58b8a71ce4fd94ac44656d49902
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:da:84:99:d0:31:c3:ec:2e:a7:31:4f:bc:cc:
                    53:1a:83:09:98:be:5d:86:4e:08:bd:bc:4c:46:78:
                    32:b5:df:b7:ac:ca:c9:18:fc:b3:43:80:86:fb:86:
                    12:0e:5a:91:02:3e:c6:76:42:8f:0f:48:fc:7a:61:
                    8a:dc:7e:76:5a:d5:85:cd:5e:49:40:0c:14:a8:e3:
                    9b:53:59:e1:33:c2:7a:1e:42:eb:10:2d:12:48:ab:
                    f0:e2:24:81:d0:8a:76:d5:f8:86:75:b1:42:eb:8e:
                    70:9f:e0:3a:ea:aa:b9:c4:d9:79:35:31:77:73:35:
                    09:cb:b7:9b:34:5a:66:e2:5e:cc:b3:64:ae:19:94:
                    59:f9:9d:3e:01:fb:b1:57:e9:8e:d3:3f:b3:46:37:
                    1e:0c:f5:7a:33:b2:7c:c2:8d:0c:a2:9b:4e:45:46:
                    25:11:9b:5b:d6:0e:ba:d5:45:5e:44:f3:ef:93:87:
                    84:d9:5a:69:e4:a3:df:92:a6:c7:a0:b5:26:5c:42:
                    88:2d:ba:f7:1c:57:e0:b4:04:35:42:fe:ab:8d:3f:
                    04:11:b7:c8:a4:6a:f2:50:9e:be:77:0a:6b:ff:28:
                    5c:dc:4d:96:51:8f:0a:e7:62:60:44:12:7a:eb:94:
                    37:cc:eb:50:d7:b4:54:ec:bc:04:85:82:8a:63:ef:
                    f6:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:62:A9:74:B5:DB:A5:8B:8A:71:CE:4F:D9:4A:C4:46:56:D4:99:02
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/I2KpdLXbpYuKcc5P2UrERlbUmQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:37:e0:af:60:67:fa:86:d5:ff:b1:38:37:a5:e4:3a:89:fc:
         81:f6:4a:ab:a1:79:a4:e8:81:b1:59:d6:bc:7f:6a:2a:7a:ee:
         e4:f1:d8:df:af:5f:ae:a4:09:01:78:a6:f2:b0:1c:dc:04:da:
         27:da:96:8e:39:d8:eb:3e:77:0a:c3:ae:e6:25:00:c2:88:7c:
         d9:7b:a0:2f:ce:b3:5a:cf:c8:3b:a2:aa:72:69:1c:4e:99:ca:
         c4:22:51:12:57:7b:c9:be:65:82:d0:78:a2:ea:18:f4:26:6d:
         dc:b4:5c:1d:e0:44:40:e8:4e:c4:61:2f:54:70:d5:f4:09:97:
         8f:7a:ce:62:4d:65:18:29:0b:eb:72:17:00:83:40:7a:2b:ca:
         36:e2:e9:21:95:98:ba:ce:cf:95:12:d6:2a:1b:71:87:87:98:
         03:e8:1a:70:33:4d:ef:c3:03:f5:31:5f:61:d5:79:b1:e7:d8:
         87:3d:1c:bf:8e:d1:ee:86:40:7d:f1:89:f5:75:51:0a:99:0e:
         82:ef:95:f8:1c:48:10:01:07:35:8e:d6:97:bc:98:5a:cd:6a:
         5b:9e:85:e1:d5:e6:a5:f9:57:d4:e2:f2:47:2d:90:5d:bc:27:
         93:4b:1d:d9:41:f1:af:31:49:c1:eb:c1:7e:60:11:f5:97:63:
         20:92:64:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WUSlMDXRME+0d51BZpcTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjYwMTAxMDIxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzYyYTk3NGI1ZGJhNThiOGE3MWNlNGZkOTRhYzQ0NjU2ZDQ5OTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7dqEmdAxw+wupzFPvMxTGoMJmL5d
hk4IvbxMRngytd+3rMrJGPyzQ4CG+4YSDlqRAj7GdkKPD0j8emGK3H52WtWFzV5J
QAwUqOObU1nhM8J6HkLrEC0SSKvw4iSB0Ip21fiGdbFC645wn+A66qq5xNl5NTF3
czUJy7ebNFpm4l7Ms2SuGZRZ+Z0+AfuxV+mO0z+zRjceDPV6M7J8wo0MoptORUYl
EZtb1g661UVeRPPvk4eE2Vpp5KPfkqbHoLUmXEKILbr3HFfgtAQ1Qv6rjT8EEbfI
pGryUJ6+dwpr/yhc3E2WUY8K52JgRBJ665Q3zOtQ17RU7LwEhYKKY+/24wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNiqXS126WLinHOT9lKxEZW1JkCMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvSTJLcGRMWGJwWXVLY2M1UDJVckVSbGJVbVFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYVAMA0G
CSqGSIb3DQEBCwUAA4IBAQC8N+CvYGf6htX/sTg3peQ6ifyB9kqroXmk6IGxWda8
f2oqeu7k8djfr1+upAkBeKbysBzcBNon2paOOdjrPncKw67mJQDCiHzZe6AvzrNa
z8g7oqpyaRxOmcrEIlESV3vJvmWC0Hii6hj0Jm3ctFwd4ERA6E7EYS9UcNX0CZeP
es5iTWUYKQvrchcAg0B6K8o24ukhlZi6zs+VEtYqG3GHh5gD6BpwM03vwwP1MV9h
1Xmx59iHPRy/jtHuhkB98Yn1dVEKmQ6C75X4HEgQAQc1jtaXvJhazWpbnoXh1eal
+VfU4vJHLZBdvCeTSx3ZQfGvMUnB68F+YBH1l2MgkmTc
-----END CERTIFICATE-----