This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/h2pRRcfbGh5xYWPZmNPcg07HGwI.roa
File:                     h2pRRcfbGh5xYWPZmNPcg07HGwI.roa (raw, json)
Hash identifier:          Z6ZhVS46gHATyM0aGGRgcBxfrYoZzGS1OhveuOM8zEs=
Subject key identifier:   87:6A:51:45:C7:DB:1A:1E:71:61:63:D9:98:D3:DC:83:4E:C7:1B:02
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       019BEB1D165C883DCE945F7A0365645C1864
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/h2pRRcfbGh5xYWPZmNPcg07HGwI.roa
Signing time:             Fri 23 Jan 2026 13:48:30 +0000
ROA not before:           Fri 23 Jan 2026 13:48:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202000
IP address blocks:        5.183.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:eb:1d:16:5c:88:3d:ce:94:5f:7a:03:65:64:5c:18:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan 23 13:48:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=876a5145c7db1a1e716163d998d3dc834ec71b02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:63:9c:10:9a:83:dd:78:eb:8b:cb:72:80:36:
                    de:95:cd:e4:28:cf:a4:a5:87:8a:13:b4:4c:5a:5e:
                    19:d2:37:80:0b:24:85:17:fe:d1:a5:4e:5b:f4:0e:
                    6f:ed:94:b0:cc:58:ce:71:61:3a:d1:15:cf:d2:3e:
                    49:96:e1:c7:df:ff:7a:2c:00:f0:b8:f6:88:72:7b:
                    9a:c6:5e:16:dd:56:56:fc:08:73:2b:b1:4d:44:09:
                    b3:15:cd:9d:32:52:a9:17:14:68:a1:e5:9f:fc:9b:
                    86:d3:7d:26:39:f4:90:8f:d8:e9:51:fe:f1:a6:80:
                    3b:89:59:be:f0:19:96:9f:a0:5d:a0:4d:b2:74:b4:
                    55:c2:53:40:1e:24:1f:d0:28:8a:bc:02:cf:18:4f:
                    20:04:f4:d6:1e:37:e7:6c:3b:92:46:27:39:db:66:
                    4c:36:8c:2e:88:0c:ef:cf:42:6d:8c:6e:19:19:73:
                    c3:0e:13:b5:b9:8b:ab:98:81:4d:76:db:7d:56:a4:
                    1d:21:e2:3d:47:a0:1c:b8:87:de:01:c7:94:23:c9:
                    a3:e5:0a:79:37:fa:2f:e9:37:06:74:98:71:7b:4e:
                    a5:3e:16:39:ce:52:bf:36:1c:77:12:e6:0c:53:4f:
                    f9:53:45:6a:43:6a:f8:03:79:a6:52:7d:ff:da:88:
                    bd:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:6A:51:45:C7:DB:1A:1E:71:61:63:D9:98:D3:DC:83:4E:C7:1B:02
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/h2pRRcfbGh5xYWPZmNPcg07HGwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:7f:51:1b:9a:4d:8c:80:2e:fa:a2:e1:89:a1:4d:2c:56:ef:
         19:e2:72:90:3d:59:44:37:48:ac:c3:3b:69:d6:c5:2c:3e:dc:
         74:d9:14:28:f6:e8:5b:7a:37:99:da:92:1e:b3:39:c5:8d:2e:
         40:d1:94:14:19:51:bf:22:86:32:08:f1:4a:90:b6:d0:24:4a:
         2a:2f:4d:e1:92:b6:85:bf:b4:9a:87:19:3e:50:26:5b:16:d4:
         28:77:88:9b:e1:6f:b7:3e:24:6c:fb:18:bc:46:4e:78:3b:38:
         3d:f7:88:c6:78:84:62:6d:15:f4:19:49:d2:a2:c1:2a:5e:9a:
         4d:a1:22:dc:06:7c:d3:aa:d4:0e:98:23:84:96:62:e7:21:2d:
         45:0d:b1:80:e2:71:80:ef:1a:95:9c:c2:ca:bd:ce:08:35:67:
         ca:15:81:cd:fa:cc:84:06:a8:00:de:4d:f6:bc:54:62:48:26:
         c4:e4:1c:da:1e:26:e2:a4:bb:c8:d1:95:aa:d2:e6:f8:03:ec:
         08:3c:68:42:f8:77:76:cd:9c:e9:be:2b:4c:31:92:2e:ca:b6:
         c4:ba:d4:c8:5f:0a:e5:71:33:2d:69:fb:ed:2a:c2:7c:2d:0f:
         c0:32:28:31:9f:80:67:54:45:e7:31:9d:ff:72:82:de:23:a9:
         1c:70:fe:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvrHRZciD3OlF96A2VkXBhkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjYwMTIzMTM0ODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzZhNTE0NWM3ZGIxYTFlNzE2MTYzZDk5OGQzZGM4MzRlYzcxYjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0GOcEJqD3Xjri8tygDbelc3kKM+k
pYeKE7RMWl4Z0jeACySFF/7RpU5b9A5v7ZSwzFjOcWE60RXP0j5JluHH3/96LADw
uPaIcnuaxl4W3VZW/AhzK7FNRAmzFc2dMlKpFxRooeWf/JuG030mOfSQj9jpUf7x
poA7iVm+8BmWn6BdoE2ydLRVwlNAHiQf0CiKvALPGE8gBPTWHjfnbDuSRic522ZM
NowuiAzvz0JtjG4ZGXPDDhO1uYurmIFNdtt9VqQdIeI9R6AcuIfeAceUI8mj5Qp5
N/ov6TcGdJhxe06lPhY5zlK/Nhx3EuYMU0/5U0VqQ2r4A3mmUn3/2oi9TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIdqUUXH2xoecWFj2ZjT3INOxxsCMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvaDJwUlJjZmJHaDV4WVdQWm1OUGNnMDdIR3dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbeZMA0G
CSqGSIb3DQEBCwUAA4IBAQBif1Ebmk2MgC76ouGJoU0sVu8Z4nKQPVlEN0iswztp
1sUsPtx02RQo9uhbejeZ2pIesznFjS5A0ZQUGVG/IoYyCPFKkLbQJEoqL03hkraF
v7Sahxk+UCZbFtQod4ib4W+3PiRs+xi8Rk54Ozg994jGeIRibRX0GUnSosEqXppN
oSLcBnzTqtQOmCOElmLnIS1FDbGA4nGA7xqVnMLKvc4INWfKFYHN+syEBqgA3k32
vFRiSCbE5BzaHibipLvI0ZWq0ub4A+wIPGhC+Hd2zZzpvitMMZIuyrbEutTIXwrl
cTMtafvtKsJ8LQ/AMigxn4BnVEXnMZ3/coLeI6kccP7F
-----END CERTIFICATE-----