This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/TiR8QFwckEMxwPl-PAh7U5fs35U.roa
File:                     TiR8QFwckEMxwPl-PAh7U5fs35U.roa (raw, json)
Hash identifier:          avpvLl5kDQnSVzp8att+Y28D633txbj1l2EesQOu57g=
Subject key identifier:   4E:24:7C:40:5C:1C:90:43:31:C0:F9:7E:3C:08:7B:53:97:EC:DF:95
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019B7D34EA625B67917C1DD3DC9F9AAFF8E4
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/TiR8QFwckEMxwPl-PAh7U5fs35U.roa
Signing time:             Fri 02 Jan 2026 05:36:18 +0000
ROA not before:           Fri 02 Jan 2026 05:36:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     146943
IP address blocks:        5.175.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 14:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:34:ea:62:5b:67:91:7c:1d:d3:dc:9f:9a:af:f8:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jan  2 05:36:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4e247c405c1c904331c0f97e3c087b5397ecdf95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:bf:ce:08:08:5e:31:07:1e:40:77:09:2c:33:
                    94:f1:27:98:00:31:05:76:c4:92:c1:cb:90:68:83:
                    41:45:a0:92:45:7a:e6:c7:65:7c:64:71:4b:91:16:
                    2a:9c:c7:a3:f5:a3:8b:c3:a9:c4:0c:66:cd:f7:94:
                    16:eb:c2:0e:cb:e5:12:ad:ad:b9:d2:05:3b:59:cd:
                    dd:3d:c5:2f:ca:33:37:4b:6d:24:38:14:05:4d:aa:
                    b0:de:a7:f7:2f:eb:3f:f3:75:27:fe:80:88:8c:aa:
                    8f:19:7f:27:1e:3e:7e:b7:8a:ff:b2:d1:bb:78:b6:
                    98:22:7f:c2:6f:12:d7:9d:e5:9e:c9:b0:e0:9c:b1:
                    05:85:ad:ab:83:88:c2:a5:1f:cb:e6:65:a8:ab:04:
                    81:4d:da:ab:1d:ef:bf:5f:08:94:66:60:22:32:a1:
                    6b:0d:2b:b1:4c:5c:aa:29:82:48:2d:fe:b5:4e:4f:
                    7a:ca:d5:cb:6d:f9:b3:3a:a0:d5:45:12:6e:68:1a:
                    26:ea:71:b9:44:1d:43:0d:de:91:df:0d:13:6b:74:
                    f9:c8:ee:cb:d8:b6:6a:dd:d1:b6:38:a4:d4:a9:2f:
                    52:07:9c:05:18:d1:5d:d0:04:3b:3d:ac:d8:87:7d:
                    92:37:3a:32:51:76:aa:06:61:a9:11:01:c8:da:a0:
                    99:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:24:7C:40:5C:1C:90:43:31:C0:F9:7E:3C:08:7B:53:97:EC:DF:95
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/TiR8QFwckEMxwPl-PAh7U5fs35U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:90:ff:90:45:97:89:84:1c:45:d9:8f:b8:b0:6a:08:07:e4:
         df:75:10:54:c6:d7:3c:b7:cd:8f:b1:1c:35:5a:97:02:59:ad:
         88:d7:22:df:1c:a3:d9:42:bf:24:bc:05:df:ec:11:d8:08:22:
         20:ed:e5:de:13:c7:99:67:d4:d5:71:9a:ee:26:3c:da:c0:2d:
         4c:ec:1f:44:60:20:a4:73:fb:e5:15:fb:13:bf:c1:64:81:83:
         7f:4f:f6:c3:21:ec:2c:52:f6:f5:14:e7:1a:15:c2:0a:76:6d:
         c0:b9:b1:55:06:ea:0d:1d:5c:2a:df:c3:b7:cb:a9:f7:9d:de:
         1c:3c:0d:33:7e:92:b7:96:10:71:c6:f5:4f:19:a9:87:85:cd:
         93:4e:8d:43:bc:03:62:87:1e:60:d7:47:81:c6:52:16:77:eb:
         c2:f4:80:81:80:4e:0f:52:8b:0f:68:b4:e0:ad:5c:6b:b9:d7:
         59:29:ec:0f:24:a0:cc:f7:41:57:3a:0e:60:2d:72:45:f4:ac:
         91:cd:29:8d:81:1b:b3:3c:34:59:80:47:ac:ec:7d:d1:0c:9a:
         0a:d3:54:aa:19:ff:8d:9e:d3:f5:ed:b7:7e:90:62:81:9f:65:
         ec:d3:cb:f7:e3:c7:dd:b8:45:b9:6c:6c:6b:84:bb:5d:50:b2:
         2f:e6:71:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9NOpiW2eRfB3T3J+ar/jkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwMTAyMDUzNjE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTI0N2M0MDVjMWM5MDQzMzFjMGY5N2UzYzA4N2I1Mzk3ZWNkZjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtr/OCAheMQceQHcJLDOU8SeYADEF
dsSSwcuQaINBRaCSRXrmx2V8ZHFLkRYqnMej9aOLw6nEDGbN95QW68IOy+USra25
0gU7Wc3dPcUvyjM3S20kOBQFTaqw3qf3L+s/83Un/oCIjKqPGX8nHj5+t4r/stG7
eLaYIn/CbxLXneWeybDgnLEFha2rg4jCpR/L5mWoqwSBTdqrHe+/XwiUZmAiMqFr
DSuxTFyqKYJILf61Tk96ytXLbfmzOqDVRRJuaBom6nG5RB1DDd6R3w0Ta3T5yO7L
2LZq3dG2OKTUqS9SB5wFGNFd0AQ7PazYh32SNzoyUXaqBmGpEQHI2qCZlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE4kfEBcHJBDMcD5fjwIe1OX7N+VMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvVGlSOFFGd2NrRU14d1BsLVBBaDdVNWZzMzVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABa+LMA0G
CSqGSIb3DQEBCwUAA4IBAQBekP+QRZeJhBxF2Y+4sGoIB+TfdRBUxtc8t82PsRw1
WpcCWa2I1yLfHKPZQr8kvAXf7BHYCCIg7eXeE8eZZ9TVcZruJjzawC1M7B9EYCCk
c/vlFfsTv8FkgYN/T/bDIewsUvb1FOcaFcIKdm3AubFVBuoNHVwq38O3y6n3nd4c
PA0zfpK3lhBxxvVPGamHhc2TTo1DvANihx5g10eBxlIWd+vC9ICBgE4PUosPaLTg
rVxruddZKewPJKDM90FXOg5gLXJF9KyRzSmNgRuzPDRZgEes7H3RDJoK01SqGf+N
ntP17bd+kGKBn2Xs08v348fduEW5bGxrhLtdULIv5nGo
-----END CERTIFICATE-----