This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/bjhFYOFZ-xC7XR4fq9sH2F_CHsw.roa
File:                     bjhFYOFZ-xC7XR4fq9sH2F_CHsw.roa (raw, json)
Hash identifier:          CH3yAkxTg1a1rBrO6AxTLFrXcTl9BlH3ujNjxJpNEUQ=
Subject key identifier:   6E:38:45:60:E1:59:FB:10:BB:5D:1E:1F:AB:DB:07:D8:5F:C2:1E:CC
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       019B7F82D23FA2AEB859672CC2FD2FA64974
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/bjhFYOFZ-xC7XR4fq9sH2F_CHsw.roa
Signing time:             Fri 02 Jan 2026 16:20:38 +0000
ROA not before:           Fri 02 Jan 2026 16:20:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209181
IP address blocks:        5.182.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 Jan 2026 15:31:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:d2:3f:a2:ae:b8:59:67:2c:c2:fd:2f:a6:49:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 16:20:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6e384560e159fb10bb5d1e1fabdb07d85fc21ecc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:9c:55:b2:78:08:1e:33:40:d1:d0:48:fe:02:
                    b4:e3:4d:8d:91:f6:45:10:7e:50:fe:7e:93:7e:94:
                    fe:91:77:f0:6e:9d:da:f5:bf:21:a8:98:9a:c3:da:
                    57:fc:e4:c5:17:6f:06:21:aa:b2:0c:ee:b6:ca:ce:
                    93:2f:66:10:1d:68:f8:bc:25:d9:53:9b:2f:c0:59:
                    b4:c7:f8:e9:18:2f:e4:60:4b:4b:59:79:96:04:8e:
                    30:c0:c0:8a:96:84:62:86:44:8e:74:65:60:23:3b:
                    90:75:b8:38:4e:5d:ac:5d:ec:61:cd:ab:c8:0e:d8:
                    9d:10:c7:ec:e4:55:14:79:a7:e3:d2:67:da:d3:dc:
                    9e:4c:24:7c:19:ca:af:fe:be:18:f0:7e:b3:52:ab:
                    30:fa:e0:bb:71:47:58:eb:e2:23:b4:8f:ba:5b:81:
                    1d:13:6e:00:12:1e:4d:d2:75:b7:7c:68:6a:61:b6:
                    4a:96:01:78:00:de:26:d8:7d:21:4a:3c:31:95:ab:
                    4e:33:94:cc:8e:c5:69:2d:43:bb:08:49:17:f2:d8:
                    ef:1a:7c:8e:9e:43:86:16:d1:3e:43:49:c3:bd:59:
                    4c:41:35:68:50:74:c3:69:3f:17:3a:33:c8:a6:15:
                    cf:c7:fe:bb:53:34:44:8e:9d:2f:de:73:e5:9a:5e:
                    8e:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:38:45:60:E1:59:FB:10:BB:5D:1E:1F:AB:DB:07:D8:5F:C2:1E:CC
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/bjhFYOFZ-xC7XR4fq9sH2F_CHsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:b5:41:17:76:25:c2:07:99:80:ea:51:74:e6:c6:82:68:1b:
         12:ad:6d:36:b9:ce:f9:db:25:25:4f:c9:f8:59:4f:e9:1d:14:
         5e:eb:2a:06:64:9a:9b:9d:21:8e:64:ca:6a:f1:c6:0d:48:5f:
         02:58:79:e0:35:57:66:34:1a:80:c8:92:50:e3:e8:1f:c1:0d:
         4a:ef:20:27:d6:75:ee:8f:dd:2f:a3:d9:a4:3d:0c:0a:10:c5:
         da:08:d9:f5:60:92:3b:1f:2d:fc:6d:04:6e:92:f3:d1:69:8e:
         67:2e:0a:9d:d2:9c:c9:8d:12:e4:1d:19:40:35:49:af:ef:6c:
         f3:15:a0:80:6d:99:6d:d5:3e:b6:33:fb:e3:e4:6c:19:00:c4:
         0b:fe:09:a4:fd:3e:37:6e:21:9c:fe:7e:1f:4f:bc:f3:88:9f:
         70:97:cb:8e:22:96:b1:9e:6b:24:c0:d8:5d:71:68:99:8c:ef:
         dc:fc:9b:14:08:c3:f9:16:1e:d0:e4:b4:15:05:f6:5f:b8:89:
         44:e9:3d:ee:f0:9e:85:4e:a5:b1:41:9a:54:49:c0:b3:ed:a1:
         56:ac:9f:4d:66:f2:80:e4:18:f1:5a:6d:f5:fa:d7:b9:85:c6:
         59:92:07:62:6c:4a:20:ac:1f:4e:ab:06:1f:29:3c:28:fc:1c:
         73:26:5a:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gtI/oq64WWcswv0vpkl0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjYwMTAyMTYyMDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTM4NDU2MGUxNTlmYjEwYmI1ZDFlMWZhYmRiMDdkODVmYzIxZWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZxVsngIHjNA0dBI/gK0402NkfZF
EH5Q/n6TfpT+kXfwbp3a9b8hqJiaw9pX/OTFF28GIaqyDO62ys6TL2YQHWj4vCXZ
U5svwFm0x/jpGC/kYEtLWXmWBI4wwMCKloRihkSOdGVgIzuQdbg4Tl2sXexhzavI
DtidEMfs5FUUeafj0mfa09yeTCR8Gcqv/r4Y8H6zUqsw+uC7cUdY6+IjtI+6W4Ed
E24AEh5N0nW3fGhqYbZKlgF4AN4m2H0hSjwxlatOM5TMjsVpLUO7CEkX8tjvGnyO
nkOGFtE+Q0nDvVlMQTVoUHTDaT8XOjPIphXPx/67UzREjp0v3nPlml6O4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG44RWDhWfsQu10eH6vbB9hfwh7MMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvYmpoRllPRloteEM3WFI0ZnE5c0gyRl9DSHN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbYxMA0G
CSqGSIb3DQEBCwUAA4IBAQCMtUEXdiXCB5mA6lF05saCaBsSrW02uc752yUlT8n4
WU/pHRRe6yoGZJqbnSGOZMpq8cYNSF8CWHngNVdmNBqAyJJQ4+gfwQ1K7yAn1nXu
j90vo9mkPQwKEMXaCNn1YJI7Hy38bQRukvPRaY5nLgqd0pzJjRLkHRlANUmv72zz
FaCAbZlt1T62M/vj5GwZAMQL/gmk/T43biGc/n4fT7zziJ9wl8uOIpaxnmskwNhd
cWiZjO/c/JsUCMP5Fh7Q5LQVBfZfuIlE6T3u8J6FTqWxQZpUScCz7aFWrJ9NZvKA
5BjxWm31+te5hcZZkgdibEogrB9OqwYfKTwo/BxzJlqw
-----END CERTIFICATE-----