This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/A5iuXW_cORbsvixFXow7PusXUbs.roa
File:                     A5iuXW_cORbsvixFXow7PusXUbs.roa (raw, json)
Hash identifier:          +5gLj6Wt4ZaNqfSC+m0HrIiKPOrW2+yDa66ixdPJ/8M=
Subject key identifier:   03:98:AE:5D:6F:DC:39:16:EC:BE:2C:45:5E:8C:3B:3E:EB:17:51:BB
Certificate issuer:       /CN=aa5212958d8e1baa144a82a821f93a890dcba49a
Certificate serial:       019B7E37D580502F9AEC047FE1CC6FBBD265
Authority key identifier: AA:52:12:95:8D:8E:1B:AA:14:4A:82:A8:21:F9:3A:89:0D:CB:A4:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qlISlY2OG6oUSoKoIfk6iQ3LpJo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/A5iuXW_cORbsvixFXow7PusXUbs.roa
Signing time:             Fri 02 Jan 2026 10:19:06 +0000
ROA not before:           Fri 02 Jan 2026 10:19:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     38547
IP address blocks:        43.226.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/qlISlY2OG6oUSoKoIfk6iQ3LpJo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/qlISlY2OG6oUSoKoIfk6iQ3LpJo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qlISlY2OG6oUSoKoIfk6iQ3LpJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:d5:80:50:2f:9a:ec:04:7f:e1:cc:6f:bb:d2:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa5212958d8e1baa144a82a821f93a890dcba49a
        Validity
            Not Before: Jan  2 10:19:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0398ae5d6fdc3916ecbe2c455e8c3b3eeb1751bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:2f:1c:95:14:6e:19:2e:4c:7b:49:87:c4:73:
                    9d:29:77:7d:5e:9a:c6:ca:bb:ae:ba:63:e8:59:c1:
                    92:46:14:7e:11:2b:a3:cc:25:7f:33:fd:5d:f0:5f:
                    d8:73:35:63:66:ad:53:06:24:20:45:04:82:40:d6:
                    c1:23:72:5d:76:e6:4b:6b:f4:db:10:8b:c6:a7:1a:
                    65:0c:31:5e:4d:c0:7a:f9:3f:34:33:c4:5d:36:e0:
                    cf:e7:61:b0:93:a4:d3:29:2f:7e:b9:18:4d:b6:13:
                    e3:24:a0:f2:42:13:bd:a1:cc:76:36:f7:45:08:17:
                    f5:59:78:f4:8c:b8:be:37:b0:56:95:44:dd:05:1a:
                    06:de:66:f7:96:c9:31:7b:2d:cc:8d:f0:96:92:09:
                    60:dc:78:a0:1e:97:b6:6b:63:f2:93:91:62:f9:e2:
                    22:24:f4:ef:ce:99:b5:d5:9b:f9:10:8f:ec:c1:84:
                    bd:6f:87:c1:ec:5a:7d:12:38:fb:1f:8e:16:73:55:
                    fe:95:dc:b4:79:50:96:8e:dc:2a:ff:d2:d5:d8:7e:
                    29:75:8b:47:35:83:4a:69:e8:08:de:3e:57:10:ab:
                    54:48:6a:3c:9e:c8:52:13:85:74:46:6f:53:3f:06:
                    32:7f:a1:9e:95:31:80:1d:a6:c3:b2:f1:0e:78:e5:
                    09:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:98:AE:5D:6F:DC:39:16:EC:BE:2C:45:5E:8C:3B:3E:EB:17:51:BB
            X509v3 Authority Key Identifier:
                keyid:AA:52:12:95:8D:8E:1B:AA:14:4A:82:A8:21:F9:3A:89:0D:CB:A4:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qlISlY2OG6oUSoKoIfk6iQ3LpJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/A5iuXW_cORbsvixFXow7PusXUbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/qlISlY2OG6oUSoKoIfk6iQ3LpJo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.226.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:94:f3:82:e1:34:7b:8f:f7:8f:05:0a:3e:93:b1:7e:08:0e:
         09:42:29:03:26:f9:53:02:0f:06:69:e1:35:17:f9:aa:42:db:
         51:11:76:bd:13:ae:7b:bd:c0:61:f4:63:bd:ad:36:6e:33:d7:
         9f:be:74:80:a0:a4:cb:12:b7:67:6b:3f:50:81:69:37:b4:df:
         94:95:22:51:0a:a1:75:49:ab:a6:8b:2c:11:03:7e:cd:60:9c:
         5f:18:7c:04:7e:78:f0:b3:81:c5:99:93:62:01:8f:6f:2a:2f:
         4d:34:a8:85:5a:19:8d:49:7e:eb:89:65:3a:4b:fe:df:5b:d1:
         38:64:c1:7f:51:11:62:05:3f:6d:83:ed:17:7d:05:5a:35:db:
         6c:bc:cb:58:9e:af:1b:5f:1f:38:33:81:fc:81:94:48:20:68:
         d5:7c:63:43:90:5a:bc:94:34:8a:a8:3c:e6:43:b5:4d:88:13:
         8e:a1:0e:79:cb:59:83:50:3a:3f:60:12:00:9e:77:81:37:4c:
         e9:80:09:b7:c6:ea:a2:95:20:77:a6:d6:89:2d:8d:4c:33:17:
         fb:24:25:80:16:a1:fa:63:bd:65:72:09:8d:4a:5e:ec:00:c7:
         29:91:ad:67:66:71:bf:1d:81:0a:18:f8:59:c3:19:8b:7a:67:
         fd:00:13:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N9WAUC+a7AR/4cxvu9JlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNTIxMjk1OGQ4ZTFiYWExNDRhODJhODIxZjkzYTg5MGRj
YmE0OWEwHhcNMjYwMTAyMTAxOTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzk4YWU1ZDZmZGMzOTE2ZWNiZTJjNDU1ZThjM2IzZWViMTc1MWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyS8clRRuGS5Me0mHxHOdKXd9XprG
yruuumPoWcGSRhR+ESujzCV/M/1d8F/YczVjZq1TBiQgRQSCQNbBI3JdduZLa/Tb
EIvGpxplDDFeTcB6+T80M8RdNuDP52Gwk6TTKS9+uRhNthPjJKDyQhO9ocx2NvdF
CBf1WXj0jLi+N7BWlUTdBRoG3mb3lskxey3MjfCWkglg3HigHpe2a2Pyk5Fi+eIi
JPTvzpm11Zv5EI/swYS9b4fB7Fp9Ejj7H44Wc1X+ldy0eVCWjtwq/9LV2H4pdYtH
NYNKaegI3j5XEKtUSGo8nshSE4V0Rm9TPwYyf6GelTGAHabDsvEOeOUJnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAOYrl1v3DkW7L4sRV6MOz7rF1G7MB8GA1UdIwQY
MBaAFKpSEpWNjhuqFEqCqCH5OokNy6SaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWxJU2xZMk9HNm9VU29Lb0lmazZpUTNMcEpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9kOGU1ZTMtZjg5Ny00ZGEyLTlkZjYt
YjQwMWE0YTA0NDkyLzEvQTVpdVhXX2NPUmJzdml4RlhvdzdQdXNYVWJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9kOGU1ZTMtZjg5Ny00ZGEyLTlkZjYtYjQwMWE0YTA0NDky
LzEvcWxJU2xZMk9HNm9VU29Lb0lmazZpUTNMcEpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAK+LgMA0G
CSqGSIb3DQEBCwUAA4IBAQC3lPOC4TR7j/ePBQo+k7F+CA4JQikDJvlTAg8GaeE1
F/mqQttREXa9E657vcBh9GO9rTZuM9efvnSAoKTLErdnaz9QgWk3tN+UlSJRCqF1
SaumiywRA37NYJxfGHwEfnjws4HFmZNiAY9vKi9NNKiFWhmNSX7riWU6S/7fW9E4
ZMF/URFiBT9tg+0XfQVaNdtsvMtYnq8bXx84M4H8gZRIIGjVfGNDkFq8lDSKqDzm
Q7VNiBOOoQ55y1mDUDo/YBIAnneBN0zpgAm3xuqilSB3ptaJLY1MMxf7JCWAFqH6
Y71lcgmNSl7sAMcpka1nZnG/HYEKGPhZwxmLemf9ABMN
-----END CERTIFICATE-----