This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/edd7af-2ff0-45dc-b14b-77d516be7a87/1/cIW1NaRR4MnpEAYWVEYRn3myJ7A.roa
File:                     cIW1NaRR4MnpEAYWVEYRn3myJ7A.roa (raw, json)
Hash identifier:          2eOp6aCZfu2yFIk/ZDyv7dqr0KWAjWjEtDLzMW5xaqg=
Subject key identifier:   70:85:B5:35:A4:51:E0:C9:E9:10:06:16:54:46:11:9F:79:B2:27:B0
Certificate issuer:       /CN=c42978d532698fb20840f942b0247c01c8f578b2
Certificate serial:       019B7F15F35D1022EF6C2EE6D196E89789E9
Authority key identifier: C4:29:78:D5:32:69:8F:B2:08:40:F9:42:B0:24:7C:01:C8:F5:78:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xCl41TJpj7IIQPlCsCR8Acj1eLI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/edd7af-2ff0-45dc-b14b-77d516be7a87/1/cIW1NaRR4MnpEAYWVEYRn3myJ7A.roa
Signing time:             Fri 02 Jan 2026 14:21:43 +0000
ROA not before:           Fri 02 Jan 2026 14:21:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209549
IP address blocks:        5.180.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/edd7af-2ff0-45dc-b14b-77d516be7a87/1/xCl41TJpj7IIQPlCsCR8Acj1eLI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/edd7af-2ff0-45dc-b14b-77d516be7a87/1/xCl41TJpj7IIQPlCsCR8Acj1eLI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xCl41TJpj7IIQPlCsCR8Acj1eLI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:f3:5d:10:22:ef:6c:2e:e6:d1:96:e8:97:89:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c42978d532698fb20840f942b0247c01c8f578b2
        Validity
            Not Before: Jan  2 14:21:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7085b535a451e0c9e91006165446119f79b227b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:6b:23:16:10:da:c6:1c:fc:0d:cb:a6:d3:9b:
                    ba:97:af:6e:e1:5f:c3:60:71:8a:a6:aa:00:e1:a5:
                    71:35:41:c3:f6:96:02:d4:27:85:09:dc:8d:ef:0f:
                    6f:fb:21:b7:b6:d7:d1:8f:db:d3:77:74:cf:cf:a5:
                    87:d9:36:1e:e8:90:6f:e5:1b:e8:2d:21:c7:a0:49:
                    d2:44:cb:55:c6:b9:e5:57:0d:88:81:a7:a7:97:40:
                    38:ba:47:2e:28:a2:fd:a6:f2:a2:d3:b5:c2:22:ef:
                    94:99:91:7d:62:6d:8b:9f:f6:be:6a:13:04:5b:d9:
                    fb:9a:5e:48:c8:c6:aa:37:12:94:e8:39:de:71:d5:
                    3e:36:f3:04:3a:e4:4d:79:4d:1a:0f:fc:e7:76:cb:
                    28:60:6d:e6:a2:ed:0e:85:f0:5e:2d:a4:b8:fa:4e:
                    1a:2e:b8:83:df:ed:d4:6c:e8:51:12:c4:cc:c9:8e:
                    0e:0c:71:07:99:e9:a4:c4:58:4d:56:9a:80:6b:32:
                    3a:36:29:8a:f0:ea:d6:57:bf:65:65:22:64:d8:c0:
                    fc:d9:c6:d4:84:14:66:8a:af:cd:af:88:9a:ab:ea:
                    2d:d3:06:12:01:64:ac:8e:86:63:42:1f:52:d7:0b:
                    b3:ce:8f:96:22:64:55:67:b9:1f:dd:ae:57:44:0e:
                    d7:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:85:B5:35:A4:51:E0:C9:E9:10:06:16:54:46:11:9F:79:B2:27:B0
            X509v3 Authority Key Identifier:
                keyid:C4:29:78:D5:32:69:8F:B2:08:40:F9:42:B0:24:7C:01:C8:F5:78:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xCl41TJpj7IIQPlCsCR8Acj1eLI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/edd7af-2ff0-45dc-b14b-77d516be7a87/1/cIW1NaRR4MnpEAYWVEYRn3myJ7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/edd7af-2ff0-45dc-b14b-77d516be7a87/1/xCl41TJpj7IIQPlCsCR8Acj1eLI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:00:df:d5:07:60:f4:7d:49:15:2a:83:cd:37:dd:8b:a2:73:
         14:fc:4d:2b:b2:03:6b:db:72:fd:f3:2b:ff:3c:e2:e2:ba:67:
         83:c6:fc:ed:12:bd:52:14:48:64:d3:5f:91:09:4b:a1:36:a8:
         41:fe:14:5c:27:04:d0:60:82:cf:7e:8a:9b:3f:8f:71:13:76:
         89:b3:04:ce:15:36:1a:d4:41:c4:fe:68:ce:d8:4a:96:8e:e8:
         cb:2d:90:c0:8a:60:52:6d:50:db:44:1d:af:33:35:7b:ff:e8:
         48:ee:60:bf:82:14:3a:39:1f:07:db:fc:fb:5a:a3:ca:ca:05:
         c2:0a:42:00:10:10:e7:36:e7:96:fa:82:f6:2d:5c:9d:e6:30:
         9b:ac:37:e6:0a:dc:de:26:95:78:09:c8:fe:26:25:72:f1:bb:
         fd:4e:75:9c:2a:58:02:3e:e0:2e:d2:29:d5:aa:4f:29:16:f4:
         47:5b:aa:8b:97:af:f9:17:1e:91:64:0b:ac:5c:c4:1a:30:cf:
         14:80:25:a6:bd:9e:52:58:3e:6a:fe:d9:6c:5f:cc:21:1c:b9:
         38:22:91:04:18:1e:f9:19:96:ab:f8:15:81:b5:a7:a6:6c:01:
         ad:4f:93:99:7d:20:c1:b5:49:eb:b7:43:a6:9c:f8:1f:dc:41:
         30:b0:29:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FfNdECLvbC7m0Zbol4npMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0Mjk3OGQ1MzI2OThmYjIwODQwZjk0MmIwMjQ3YzAxYzhm
NTc4YjIwHhcNMjYwMTAyMTQyMTQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDg1YjUzNWE0NTFlMGM5ZTkxMDA2MTY1NDQ2MTE5Zjc5YjIyN2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWsjFhDaxhz8Dcum05u6l69u4V/D
YHGKpqoA4aVxNUHD9pYC1CeFCdyN7w9v+yG3ttfRj9vTd3TPz6WH2TYe6JBv5Rvo
LSHHoEnSRMtVxrnlVw2Igaenl0A4ukcuKKL9pvKi07XCIu+UmZF9Ym2Ln/a+ahME
W9n7ml5IyMaqNxKU6DnecdU+NvMEOuRNeU0aD/zndssoYG3mou0OhfBeLaS4+k4a
LriD3+3UbOhREsTMyY4ODHEHmemkxFhNVpqAazI6NimK8OrWV79lZSJk2MD82cbU
hBRmiq/Nr4iaq+ot0wYSAWSsjoZjQh9S1wuzzo+WImRVZ7kf3a5XRA7XAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCFtTWkUeDJ6RAGFlRGEZ95siewMB8GA1UdIwQY
MBaAFMQpeNUyaY+yCED5QrAkfAHI9XiyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveENsNDFUSnBqN0lJUVBsQ3NDUjhBY2oxZUxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9lZGQ3YWYtMmZmMC00NWRjLWIxNGIt
NzdkNTE2YmU3YTg3LzEvY0lXMU5hUlI0TW5wRUFZV1ZFWVJuM215SjdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9lZGQ3YWYtMmZmMC00NWRjLWIxNGItNzdkNTE2YmU3YTg3
LzEveENsNDFUSnBqN0lJUVBsQ3NDUjhBY2oxZUxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbR8MA0G
CSqGSIb3DQEBCwUAA4IBAQAyAN/VB2D0fUkVKoPNN92LonMU/E0rsgNr23L98yv/
POLiumeDxvztEr1SFEhk01+RCUuhNqhB/hRcJwTQYILPfoqbP49xE3aJswTOFTYa
1EHE/mjO2EqWjujLLZDAimBSbVDbRB2vMzV7/+hI7mC/ghQ6OR8H2/z7WqPKygXC
CkIAEBDnNueW+oL2LVyd5jCbrDfmCtzeJpV4Ccj+JiVy8bv9TnWcKlgCPuAu0inV
qk8pFvRHW6qLl6/5Fx6RZAusXMQaMM8UgCWmvZ5SWD5q/tlsX8whHLk4IpEEGB75
GZar+BWBtaembAGtT5OZfSDBtUnrt0OmnPgf3EEwsCnt
-----END CERTIFICATE-----