This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/5deMRBbWVqmht1sOWTPO9NesZX8.roa
File:                     5deMRBbWVqmht1sOWTPO9NesZX8.roa (raw, json)
Hash identifier:          C1Nush/54sAAZxYCTt1+o50yyXszTnYgfSJMssdqdQs=
Subject key identifier:   E5:D7:8C:44:16:D6:56:A9:A1:B7:5B:0E:59:33:CE:F4:D7:AC:65:7F
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019B77C714323BB665A0D61730CFFEED7E6B
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/5deMRBbWVqmht1sOWTPO9NesZX8.roa
Signing time:             Thu 01 Jan 2026 04:18:14 +0000
ROA not before:           Thu 01 Jan 2026 04:18:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200436
IP address blocks:        85.133.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:14:32:3b:b6:65:a0:d6:17:30:cf:fe:ed:7e:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Jan  1 04:18:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e5d78c4416d656a9a1b75b0e5933cef4d7ac657f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:e2:41:13:75:a4:52:2a:54:69:64:71:0c:be:
                    6f:94:42:25:96:ce:e5:ef:59:18:b1:9e:18:85:d4:
                    df:84:de:b7:6c:f5:79:08:6c:80:e4:08:ae:2a:d9:
                    e8:cf:d0:8d:51:45:52:90:e5:13:36:21:34:93:95:
                    ce:9e:20:c3:cb:9c:15:35:e5:ef:fe:08:cc:a6:7c:
                    59:14:8c:29:cb:e9:3a:4f:a7:0f:bc:5f:5a:0e:a1:
                    86:a9:7c:4f:e0:bb:df:60:10:1c:2d:e6:fd:1e:ed:
                    3a:da:3a:1b:78:59:b1:2e:a2:71:8c:1f:11:49:46:
                    70:5e:0b:fc:8b:1e:d8:8b:ff:ca:4f:f1:0f:89:54:
                    3c:81:1a:6f:69:2a:ac:85:05:25:b4:25:53:7a:77:
                    1b:ba:b1:f2:3f:72:d3:9e:90:1f:d4:41:bc:1a:51:
                    f9:e4:51:d6:32:07:bd:7a:85:a1:3c:26:4d:c7:c3:
                    9c:84:03:0d:e8:f7:67:09:36:74:ca:8f:59:2e:ab:
                    75:ba:03:be:11:3f:8f:d8:e0:99:3e:c3:98:fe:e3:
                    f9:3a:8e:bb:d4:98:1d:88:8e:4b:60:4e:25:5e:d5:
                    be:77:e0:23:53:3f:71:5c:11:50:33:9e:a0:03:ab:
                    0a:25:2f:14:00:02:4f:75:0e:8e:6c:e3:e5:92:6b:
                    ec:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:D7:8C:44:16:D6:56:A9:A1:B7:5B:0E:59:33:CE:F4:D7:AC:65:7F
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/5deMRBbWVqmht1sOWTPO9NesZX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:90:4e:45:fe:21:9c:9f:49:9b:65:fa:32:73:85:a1:ed:0c:
         e7:64:20:93:ea:31:84:fd:97:13:b0:9f:23:22:b7:76:ab:f1:
         62:68:ef:1f:42:da:7a:9e:e3:e0:0a:b8:4f:93:9b:b4:b2:ea:
         36:ec:b8:67:5a:fb:90:ab:1f:8f:8a:8e:2d:33:04:d5:03:43:
         b2:84:b1:49:47:80:43:b3:0b:2b:5f:bf:81:64:d4:31:ce:ca:
         bc:13:0d:7a:96:8d:de:45:df:b7:3a:90:46:47:37:b8:44:c4:
         d9:eb:0b:d6:26:31:d2:ed:62:1a:e3:cc:d3:05:84:cf:ca:4b:
         34:9c:c5:d0:ba:f4:fb:a5:13:52:f8:1f:ec:57:e4:f1:10:5c:
         94:c0:1e:fa:ca:4a:10:78:4f:09:4e:1e:47:7f:1d:80:5d:aa:
         83:74:25:47:e9:71:6a:2d:16:8c:eb:be:38:c4:71:ef:10:15:
         6e:ca:df:9e:97:b9:06:ca:0d:f3:3a:ca:8b:bc:f5:bb:3f:21:
         2c:ed:63:e6:f3:5c:5e:16:2f:cd:58:b8:20:f6:6a:28:31:c1:
         9d:54:9a:1b:b0:e0:88:5e:0b:73:cf:16:36:65:74:b3:21:65:
         0e:07:0a:40:7c:2a:58:cc:96:77:fb:9d:35:b3:ae:b9:80:41:
         9e:79:86:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xxQyO7ZloNYXMM/+7X5rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjYwMTAxMDQxODE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWQ3OGM0NDE2ZDY1NmE5YTFiNzViMGU1OTMzY2VmNGQ3YWM2NTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+OJBE3WkUipUaWRxDL5vlEIlls7l
71kYsZ4YhdTfhN63bPV5CGyA5AiuKtnoz9CNUUVSkOUTNiE0k5XOniDDy5wVNeXv
/gjMpnxZFIwpy+k6T6cPvF9aDqGGqXxP4LvfYBAcLeb9Hu062jobeFmxLqJxjB8R
SUZwXgv8ix7Yi//KT/EPiVQ8gRpvaSqshQUltCVTencburHyP3LTnpAf1EG8GlH5
5FHWMge9eoWhPCZNx8OchAMN6PdnCTZ0yo9ZLqt1ugO+ET+P2OCZPsOY/uP5Oo67
1JgdiI5LYE4lXtW+d+AjUz9xXBFQM56gA6sKJS8UAAJPdQ6ObOPlkmvssQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOXXjEQW1lapobdbDlkzzvTXrGV/MB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvNWRlTVJCYldWcW1odDFzT1dUUE85TmVzWlg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYXNMA0G
CSqGSIb3DQEBCwUAA4IBAQBikE5F/iGcn0mbZfoyc4Wh7QznZCCT6jGE/ZcTsJ8j
Ird2q/FiaO8fQtp6nuPgCrhPk5u0suo27LhnWvuQqx+Pio4tMwTVA0OyhLFJR4BD
swsrX7+BZNQxzsq8Ew16lo3eRd+3OpBGRze4RMTZ6wvWJjHS7WIa48zTBYTPyks0
nMXQuvT7pRNS+B/sV+TxEFyUwB76ykoQeE8JTh5Hfx2AXaqDdCVH6XFqLRaM6744
xHHvEBVuyt+el7kGyg3zOsqLvPW7PyEs7WPm81xeFi/NWLgg9mooMcGdVJobsOCI
XgtzzxY2ZXSzIWUOBwpAfCpYzJZ3+501s665gEGeeYY/
-----END CERTIFICATE-----