This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/dIGZhkcQjwXD6TRRSDLTBNo_khY.roa
File:                     dIGZhkcQjwXD6TRRSDLTBNo_khY.roa (raw, json)
Hash identifier:          iHaZdF9YmqdeJqR3BWg40wlZURcExcqa9x9g9e5Q+Sw=
Subject key identifier:   74:81:99:86:47:10:8F:05:C3:E9:34:51:48:32:D3:04:DA:3F:92:16
Certificate issuer:       /CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
Certificate serial:       019B791087A44707D9760A828637650FA5B4
Authority key identifier: B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/dIGZhkcQjwXD6TRRSDLTBNo_khY.roa
Signing time:             Thu 01 Jan 2026 10:18:04 +0000
ROA not before:           Thu 01 Jan 2026 10:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197389
IP address blocks:        5.172.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:87:a4:47:07:d9:76:0a:82:86:37:65:0f:a5:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
        Validity
            Not Before: Jan  1 10:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7481998647108f05c3e934514832d304da3f9216
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:56:46:c1:d2:82:3a:76:42:5f:b5:02:27:73:
                    fa:bf:96:23:ae:16:f1:a2:d0:d2:8f:23:40:3b:07:
                    c9:57:3a:52:45:77:7f:18:c3:e3:d7:08:64:ca:e3:
                    60:59:cd:1a:29:c6:89:19:0d:59:68:30:5f:b2:e8:
                    05:fb:e3:58:8e:44:6c:c6:9f:b9:e6:c5:2b:ab:37:
                    28:c5:d4:79:c0:25:d9:d4:88:47:fc:a3:6c:75:da:
                    95:b8:4b:bb:dd:4e:d9:1a:bd:83:e8:80:9b:43:89:
                    78:13:18:74:53:71:48:9d:b2:dd:a7:f9:cc:1e:30:
                    e8:fb:f6:2c:73:a7:61:97:43:97:b9:58:16:8e:65:
                    76:f9:a2:3f:a4:3f:fc:f5:2d:24:65:1e:ee:c7:7a:
                    6d:53:7b:b7:c3:22:33:40:75:95:7b:b2:c8:b9:bd:
                    dc:3f:dd:2d:91:cd:e2:c3:11:25:a1:4b:6a:8a:7d:
                    07:2f:b3:88:4b:2d:7d:fe:c6:69:bc:32:3a:b0:a8:
                    b3:f9:ca:fa:5e:8a:3c:50:c4:15:d2:06:45:8a:8e:
                    96:64:12:24:14:52:1f:a1:88:be:02:79:96:17:41:
                    b6:cd:9a:3d:35:8f:d3:4c:8c:01:73:82:07:f1:6f:
                    49:e4:d4:80:75:c7:29:2b:58:a0:1e:1f:34:2f:c0:
                    d9:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:81:99:86:47:10:8F:05:C3:E9:34:51:48:32:D3:04:DA:3F:92:16
            X509v3 Authority Key Identifier:
                keyid:B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/dIGZhkcQjwXD6TRRSDLTBNo_khY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.172.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:02:e0:46:6d:11:44:07:3c:c1:a8:98:aa:04:89:3e:44:e4:
         68:3f:e6:8c:7f:39:d1:76:ff:39:59:fb:ad:e3:a6:e3:42:76:
         51:18:ea:0e:1a:d0:d2:f0:e3:1f:00:82:9e:bb:00:6b:69:23:
         a3:35:47:3c:33:6d:7c:b4:17:65:11:5d:0a:20:5e:d7:58:5f:
         70:65:cf:64:23:b2:44:73:39:5a:0b:e4:cc:28:28:11:25:83:
         d4:7b:6c:21:33:63:0e:de:b8:7f:af:80:e6:34:b7:3c:06:34:
         31:b2:fd:cb:44:23:ab:8a:30:59:98:7a:92:26:d5:a4:76:82:
         c3:06:6a:9a:7b:f1:4f:dd:39:fb:fc:5f:2d:77:28:3e:df:4d:
         9f:89:34:1f:48:ce:2f:33:50:5e:c9:a0:a5:c6:69:96:94:95:
         52:f5:c6:e0:de:a6:ce:06:3a:6c:08:7d:11:54:59:73:84:9c:
         c5:9b:11:cf:21:62:c2:a3:db:63:15:23:43:a7:a6:04:9c:37:
         b6:99:67:4b:6f:6d:2a:71:07:59:88:42:bc:e1:a5:e5:de:66:
         90:be:68:98:fa:0b:1e:45:41:a8:5e:a7:61:e7:83:14:66:f7:
         73:e3:15:7d:28:1a:a0:61:67:7c:c7:d6:a2:b0:48:d9:8c:48:
         bf:51:28:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EIekRwfZdgqChjdlD6W0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYzUxYjBjMDYzY2ZjMTY5NDNmYzlhNDdlMmM4MDU5OTBm
NmVhYWUwHhcNMjYwMTAxMTAxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDgxOTk4NjQ3MTA4ZjA1YzNlOTM0NTE0ODMyZDMwNGRhM2Y5MjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6VZGwdKCOnZCX7UCJ3P6v5Yjrhbx
otDSjyNAOwfJVzpSRXd/GMPj1whkyuNgWc0aKcaJGQ1ZaDBfsugF++NYjkRsxp+5
5sUrqzcoxdR5wCXZ1IhH/KNsddqVuEu73U7ZGr2D6ICbQ4l4Exh0U3FInbLdp/nM
HjDo+/Ysc6dhl0OXuVgWjmV2+aI/pD/89S0kZR7ux3ptU3u3wyIzQHWVe7LIub3c
P90tkc3iwxEloUtqin0HL7OISy19/sZpvDI6sKiz+cr6Xoo8UMQV0gZFio6WZBIk
FFIfoYi+AnmWF0G2zZo9NY/TTIwBc4IH8W9J5NSAdccpK1igHh80L8DZGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHSBmYZHEI8Fw+k0UUgy0wTaP5IWMB8GA1UdIwQY
MBaAFLPFGwwGPPwWlD/JpH4sgFmQ9uquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEt
ZmY1ZjFhZDY5MjY2LzEvZElHWmhrY1Fqd1hENlRSUlNETFRCTm9fa2hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEtZmY1ZjFhZDY5MjY2
LzEvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABazIMA0G
CSqGSIb3DQEBCwUAA4IBAQCdAuBGbRFEBzzBqJiqBIk+RORoP+aMfznRdv85Wfut
46bjQnZRGOoOGtDS8OMfAIKeuwBraSOjNUc8M218tBdlEV0KIF7XWF9wZc9kI7JE
czlaC+TMKCgRJYPUe2whM2MO3rh/r4DmNLc8BjQxsv3LRCOrijBZmHqSJtWkdoLD
Bmqae/FP3Tn7/F8tdyg+302fiTQfSM4vM1BeyaClxmmWlJVS9cbg3qbOBjpsCH0R
VFlzhJzFmxHPIWLCo9tjFSNDp6YEnDe2mWdLb20qcQdZiEK84aXl3maQvmiY+gse
RUGoXqdh54MUZvdz4xV9KBqgYWd8x9aisEjZjEi/UShJ
-----END CERTIFICATE-----