This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/5bf5CwJmQOVXufa2Bw359AZEO9s.roa
File:                     5bf5CwJmQOVXufa2Bw359AZEO9s.roa (raw, json)
Hash identifier:          vE+kqAcM+EoC006Mvnftc/u8n7NMMiAT3ni4cuysV1M=
Subject key identifier:   E5:B7:F9:0B:02:66:40:E5:57:B9:F6:B6:07:0D:F9:F4:06:44:3B:DB
Certificate issuer:       /CN=d0aa4a1a7a3ad23faae2aeae9fa6194f02128129
Certificate serial:       019B7C80A23000BAFB40E76ABDB9D7881088
Authority key identifier: D0:AA:4A:1A:7A:3A:D2:3F:AA:E2:AE:AE:9F:A6:19:4F:02:12:81:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/5bf5CwJmQOVXufa2Bw359AZEO9s.roa
Signing time:             Fri 02 Jan 2026 02:19:23 +0000
ROA not before:           Fri 02 Jan 2026 02:19:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51318
IP address blocks:        195.89.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:a2:30:00:ba:fb:40:e7:6a:bd:b9:d7:88:10:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0aa4a1a7a3ad23faae2aeae9fa6194f02128129
        Validity
            Not Before: Jan  2 02:19:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e5b7f90b026640e557b9f6b6070df9f406443bdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:4e:65:46:75:56:a4:39:20:6e:dd:f3:6e:62:
                    3f:05:7d:64:74:e7:c5:66:d0:3e:1c:b4:13:fc:e3:
                    d2:fe:84:23:10:cf:1f:0b:e7:7c:29:6d:74:ff:c1:
                    5e:a7:d8:af:dc:59:53:02:42:64:99:a0:1d:6a:b0:
                    8a:2a:fd:b0:94:ae:a1:45:8b:cc:ec:a4:b8:af:e0:
                    88:b1:d0:4e:2f:90:f8:32:e8:42:99:98:68:0f:f6:
                    1d:61:22:f4:ae:34:ab:50:84:ad:f5:0f:05:7d:a3:
                    5b:d2:13:4b:6a:04:76:ec:8c:d7:3e:e3:67:4b:27:
                    54:db:35:db:83:b9:dc:3b:03:72:83:28:cc:7d:99:
                    d1:57:eb:4e:1c:09:fd:41:f3:2d:c4:00:e3:2f:f2:
                    1c:8e:1f:df:67:c7:b9:98:9e:91:09:fd:dc:e1:87:
                    3a:3b:29:9d:fd:ff:58:b1:5c:da:10:5e:ff:b4:14:
                    4f:40:2e:5d:d9:fe:f5:b7:fa:73:1e:bb:f8:48:ed:
                    c3:b9:00:e3:9d:b8:cc:05:b0:56:57:c8:e3:9d:c0:
                    ce:59:bc:98:ee:81:e7:09:bf:53:21:0e:7e:0e:09:
                    47:e4:fa:d2:44:37:22:ab:f2:85:9b:7c:53:78:db:
                    6d:6d:ea:94:2c:65:5e:70:e4:65:ab:0a:9e:5e:56:
                    15:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:B7:F9:0B:02:66:40:E5:57:B9:F6:B6:07:0D:F9:F4:06:44:3B:DB
            X509v3 Authority Key Identifier:
                keyid:D0:AA:4A:1A:7A:3A:D2:3F:AA:E2:AE:AE:9F:A6:19:4F:02:12:81:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/5bf5CwJmQOVXufa2Bw359AZEO9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.89.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:6d:60:e7:f9:a9:7a:7c:f3:fd:80:f9:24:39:89:b9:53:b5:
         f1:ee:a1:fd:87:e6:12:34:16:6d:42:86:2f:ac:c6:92:d4:2f:
         2f:a0:e6:0b:29:76:56:7d:48:29:79:1d:7b:c7:f5:12:c5:14:
         b8:ad:9c:19:6f:dd:ec:26:77:9b:c4:4a:b8:83:dc:82:3c:b4:
         3a:45:ed:c9:31:f9:21:ea:59:40:3e:e2:fd:55:bf:8f:a3:06:
         af:f1:89:13:1d:65:bd:bf:12:40:e4:ba:8f:04:04:d7:4a:c9:
         57:28:7c:8d:63:a3:b2:be:f7:8c:6f:65:9e:67:8e:eb:9c:c4:
         30:b4:78:7e:91:c3:12:27:bf:91:39:58:b9:b8:5d:7f:22:25:
         41:52:cc:0f:9a:0b:4f:c7:43:2c:14:c6:6d:1a:36:a6:3a:6b:
         2f:4e:f5:ac:20:48:29:c8:8a:78:02:68:90:6c:dc:f0:d6:ca:
         fb:33:5d:6c:f6:19:ab:0b:42:b3:d9:8e:8d:fb:21:12:d3:ef:
         18:6d:bb:46:fb:ef:a9:e1:ee:05:c0:f8:a7:29:d0:2b:96:c5:
         cc:68:13:38:eb:81:18:ee:6b:e1:8c:ed:c1:b7:a1:d5:8c:bb:
         dc:91:dd:77:6b:ca:95:79:47:36:94:30:23:87:97:77:34:9d:
         65:31:e9:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gKIwALr7QOdqvbnXiBCIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYWE0YTFhN2EzYWQyM2ZhYWUyYWVhZTlmYTYxOTRmMDIx
MjgxMjkwHhcNMjYwMTAyMDIxOTIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWI3ZjkwYjAyNjY0MGU1NTdiOWY2YjYwNzBkZjlmNDA2NDQzYmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuU5lRnVWpDkgbt3zbmI/BX1kdOfF
ZtA+HLQT/OPS/oQjEM8fC+d8KW10/8Fep9iv3FlTAkJkmaAdarCKKv2wlK6hRYvM
7KS4r+CIsdBOL5D4MuhCmZhoD/YdYSL0rjSrUISt9Q8FfaNb0hNLagR27IzXPuNn
SydU2zXbg7ncOwNygyjMfZnRV+tOHAn9QfMtxADjL/Icjh/fZ8e5mJ6RCf3c4Yc6
Oymd/f9YsVzaEF7/tBRPQC5d2f71t/pzHrv4SO3DuQDjnbjMBbBWV8jjncDOWbyY
7oHnCb9TIQ5+DglH5PrSRDciq/KFm3xTeNttbeqULGVecORlqwqeXlYVKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOW3+QsCZkDlV7n2tgcN+fQGRDvbMB8GA1UdIwQY
MBaAFNCqShp6OtI/quKurp+mGU8CEoEpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEtwS0dubzYwai1xNHE2dW42WVpUd0lTZ1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS83NjU1NmUtYTFkOC00ZTBhLTg0Njgt
MjIxNGYxOGViMzI5LzEvNWJmNUN3Sm1RT1ZYdWZhMkJ3MzU5QVpFTzlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS83NjU1NmUtYTFkOC00ZTBhLTg0NjgtMjIxNGYxOGViMzI5
LzEvMEtwS0dubzYwai1xNHE2dW42WVpUd0lTZ1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1kNMA0G
CSqGSIb3DQEBCwUAA4IBAQBXbWDn+al6fPP9gPkkOYm5U7Xx7qH9h+YSNBZtQoYv
rMaS1C8voOYLKXZWfUgpeR17x/USxRS4rZwZb93sJnebxEq4g9yCPLQ6Re3JMfkh
6llAPuL9Vb+Powav8YkTHWW9vxJA5LqPBATXSslXKHyNY6OyvveMb2WeZ47rnMQw
tHh+kcMSJ7+ROVi5uF1/IiVBUswPmgtPx0MsFMZtGjamOmsvTvWsIEgpyIp4AmiQ
bNzw1sr7M11s9hmrC0Kz2Y6N+yES0+8YbbtG+++p4e4FwPinKdArlsXMaBM464EY
7mvhjO3Bt6HVjLvckd13a8qVeUc2lDAjh5d3NJ1lMekg
-----END CERTIFICATE-----