This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/cRZBLvwfG42IgA2VwGwZYLBrrxc.roa
File:                     cRZBLvwfG42IgA2VwGwZYLBrrxc.roa (raw, json)
Hash identifier:          7IQjTn7JGC3fq2gU6SfO7RRPxPo2iqhTvmjNMej7CyI=
Subject key identifier:   71:16:41:2E:FC:1F:1B:8D:88:80:0D:95:C0:6C:19:60:B0:6B:AF:17
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019B7C12F4B02ECA12DB94739F887D83A09E
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/cRZBLvwfG42IgA2VwGwZYLBrrxc.roa
Signing time:             Fri 02 Jan 2026 00:19:35 +0000
ROA not before:           Fri 02 Jan 2026 00:19:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209242
IP address blocks:        5.175.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 14:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:f4:b0:2e:ca:12:db:94:73:9f:88:7d:83:a0:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jan  2 00:19:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7116412efc1f1b8d88800d95c06c1960b06baf17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:79:7b:e2:aa:06:12:f2:e9:56:95:6b:84:87:
                    0c:34:13:a1:0c:c0:de:77:35:11:85:7a:1c:c4:ab:
                    fe:3c:79:f6:cc:3e:e0:c1:47:67:8d:5c:a9:0f:e6:
                    3e:d8:cd:78:16:71:b3:52:36:7f:a1:e0:4b:18:82:
                    53:8d:cf:4b:b4:14:66:03:a8:e2:96:47:4e:96:9d:
                    ab:37:7d:c7:a9:da:80:dc:69:ad:e4:d2:f3:b0:97:
                    28:dd:e9:24:35:71:f1:1e:08:7a:80:d8:9f:dc:f8:
                    da:ac:44:c1:bc:1f:77:5b:f5:5d:f3:7b:45:39:36:
                    a8:25:1c:ef:4f:d7:76:1b:a1:3e:70:aa:f3:22:e6:
                    17:78:e7:fe:28:f7:2b:0b:43:b3:be:13:13:9b:61:
                    97:63:8f:46:62:f4:58:08:c1:bd:35:d9:b6:c4:37:
                    ca:d8:ee:f5:a0:87:7c:a6:75:4b:d2:47:34:cc:de:
                    2d:fd:b2:74:8b:3f:6e:c9:20:c1:21:53:83:50:74:
                    60:6b:c4:22:1f:7b:2f:b8:f8:8c:1d:44:57:b6:7b:
                    f7:f7:42:fa:29:6a:94:7b:a2:16:ac:9c:8b:a2:c0:
                    2c:8f:6b:db:ea:ce:de:01:af:e6:c2:30:88:49:dc:
                    c0:46:65:16:75:a7:1a:50:f5:9c:27:ce:3f:5f:bc:
                    09:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:16:41:2E:FC:1F:1B:8D:88:80:0D:95:C0:6C:19:60:B0:6B:AF:17
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/cRZBLvwfG42IgA2VwGwZYLBrrxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:7f:39:34:a0:fb:42:16:5f:a5:dc:e8:ef:72:48:cc:78:09:
         7d:c9:10:7d:2f:8a:aa:fc:3c:cf:05:92:fc:b7:d8:9e:d0:13:
         40:b1:ea:04:c8:89:bb:21:9f:01:d3:52:51:5f:41:38:47:4d:
         18:79:c3:86:61:0a:06:fc:6f:65:4c:d3:41:24:a2:f6:b6:05:
         43:e2:61:3b:0f:6b:e1:db:ca:24:80:3d:1c:d4:26:db:5f:e1:
         67:1d:5a:24:b4:cf:68:9c:37:f4:5a:0f:cd:2d:e4:a7:53:7f:
         0b:f4:d5:a5:9c:9d:ec:55:7e:a4:b9:af:b5:06:ac:16:ef:e7:
         39:33:e4:3f:e8:82:0f:ee:c0:95:99:0e:2b:c4:86:91:a9:e0:
         4d:1b:b0:a2:50:8e:79:56:99:71:ca:5e:ca:d9:b6:f0:40:c5:
         22:d9:58:eb:aa:e3:e9:9b:0f:3f:74:b5:30:a3:74:d7:ce:64:
         22:ce:7a:f5:60:b6:4c:d0:7c:05:75:ce:17:22:c0:60:04:fc:
         8c:bd:dc:fd:38:07:ad:e0:5d:9e:40:e2:47:10:8b:45:fd:39:
         c6:ed:f7:90:1e:4e:b7:50:5c:c7:3d:90:32:a4:c8:30:1b:67:
         65:2f:b8:73:d3:b6:13:ac:ed:af:fa:b4:7b:ae:90:29:0e:a8:
         ba:3c:23:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EvSwLsoS25Rzn4h9g6CeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwMTAyMDAxOTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTE2NDEyZWZjMWYxYjhkODg4MDBkOTVjMDZjMTk2MGIwNmJhZjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunl74qoGEvLpVpVrhIcMNBOhDMDe
dzURhXocxKv+PHn2zD7gwUdnjVypD+Y+2M14FnGzUjZ/oeBLGIJTjc9LtBRmA6ji
lkdOlp2rN33HqdqA3Gmt5NLzsJco3ekkNXHxHgh6gNif3PjarETBvB93W/Vd83tF
OTaoJRzvT9d2G6E+cKrzIuYXeOf+KPcrC0OzvhMTm2GXY49GYvRYCMG9Ndm2xDfK
2O71oId8pnVL0kc0zN4t/bJ0iz9uySDBIVODUHRga8QiH3svuPiMHURXtnv390L6
KWqUe6IWrJyLosAsj2vb6s7eAa/mwjCISdzARmUWdacaUPWcJ84/X7wJlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEWQS78HxuNiIANlcBsGWCwa68XMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvY1JaQkx2d2ZHNDJJZ0EyVndHd1pZTEJycnhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABa+NMA0G
CSqGSIb3DQEBCwUAA4IBAQCyfzk0oPtCFl+l3OjvckjMeAl9yRB9L4qq/DzPBZL8
t9ie0BNAseoEyIm7IZ8B01JRX0E4R00YecOGYQoG/G9lTNNBJKL2tgVD4mE7D2vh
28okgD0c1CbbX+FnHVoktM9onDf0Wg/NLeSnU38L9NWlnJ3sVX6kua+1BqwW7+c5
M+Q/6IIP7sCVmQ4rxIaRqeBNG7CiUI55Vplxyl7K2bbwQMUi2VjrquPpmw8/dLUw
o3TXzmQiznr1YLZM0HwFdc4XIsBgBPyMvdz9OAet4F2eQOJHEItF/TnG7feQHk63
UFzHPZAypMgwG2dlL7hz07YTrO2v+rR7rpApDqi6PCPq
-----END CERTIFICATE-----