This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/5gSf1-VDKOYVBkqkgnQrEMypzTg.roa
File:                     5gSf1-VDKOYVBkqkgnQrEMypzTg.roa (raw, json)
Hash identifier:          z6ZcdBsDa7Hg3rkYAPzvBooMd+rknZS/02yCZUcFlGI=
Subject key identifier:   E6:04:9F:D7:E5:43:28:E6:15:06:4A:A4:82:74:2B:10:CC:A9:CD:38
Certificate issuer:       /CN=833e0e480411b9c88e916def90fc3a901026394a
Certificate serial:       019B791052253FDC95066E9AB1915758F275
Authority key identifier: 83:3E:0E:48:04:11:B9:C8:8E:91:6D:EF:90:FC:3A:90:10:26:39:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4OSAQRuciOkW3vkPw6kBAmOUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/5gSf1-VDKOYVBkqkgnQrEMypzTg.roa
Signing time:             Thu 01 Jan 2026 10:17:51 +0000
ROA not before:           Thu 01 Jan 2026 10:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        185.7.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/gz4OSAQRuciOkW3vkPw6kBAmOUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/gz4OSAQRuciOkW3vkPw6kBAmOUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4OSAQRuciOkW3vkPw6kBAmOUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:52:25:3f:dc:95:06:6e:9a:b1:91:57:58:f2:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e0e480411b9c88e916def90fc3a901026394a
        Validity
            Not Before: Jan  1 10:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e6049fd7e54328e615064aa482742b10cca9cd38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:16:3a:e7:88:fd:94:a1:9b:1b:7d:8e:b8:4e:
                    98:3e:b1:d1:06:96:55:f8:d4:53:19:00:fd:24:77:
                    d9:60:b9:3f:3a:b1:7f:a1:e8:d9:2e:22:d9:03:c9:
                    81:f7:55:d1:0b:b4:55:fc:3d:76:be:e3:f6:05:8b:
                    67:5c:b5:06:d1:35:89:fe:09:08:ce:d0:e4:5a:b0:
                    45:b3:cd:d3:6d:e8:95:9b:13:7b:20:cb:43:57:9c:
                    e0:94:ff:b5:3c:b4:e4:6e:6f:9b:37:87:e5:6a:be:
                    05:0a:e8:d7:1f:82:57:d6:c4:84:42:6f:6b:79:63:
                    1e:ad:3e:68:91:b6:de:29:f5:0c:cf:2c:96:9c:c0:
                    2f:6f:b9:73:eb:78:37:89:7f:09:9e:50:f5:15:60:
                    fd:cb:91:fa:c1:fd:01:0a:25:66:14:88:13:cb:53:
                    5a:17:ac:06:ca:f8:7f:38:29:87:77:20:70:de:a1:
                    d5:f4:c3:ce:46:a0:af:f4:5e:65:bc:0a:7f:f1:d8:
                    6d:7a:13:37:81:13:23:e0:1b:02:32:43:ff:28:a9:
                    66:ca:a1:be:b9:8e:d9:ef:16:3c:37:04:08:50:26:
                    3e:28:41:3e:fc:fb:f2:fd:8d:26:56:02:d8:21:e2:
                    d8:fa:1c:39:32:d3:ec:4a:72:83:b1:1b:3b:31:4b:
                    c2:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:04:9F:D7:E5:43:28:E6:15:06:4A:A4:82:74:2B:10:CC:A9:CD:38
            X509v3 Authority Key Identifier:
                keyid:83:3E:0E:48:04:11:B9:C8:8E:91:6D:EF:90:FC:3A:90:10:26:39:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4OSAQRuciOkW3vkPw6kBAmOUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/5gSf1-VDKOYVBkqkgnQrEMypzTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/gz4OSAQRuciOkW3vkPw6kBAmOUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:6f:24:3f:58:c3:cb:67:71:f4:f6:60:4d:88:c8:ce:0a:18:
         d1:75:a0:f5:2e:2b:46:22:34:e6:0e:23:1c:b9:31:10:be:20:
         ea:a1:fa:fc:95:c4:5b:74:74:75:1a:35:0e:a8:9f:2b:45:f9:
         51:23:36:80:31:4c:31:d2:72:0c:8b:0b:60:eb:03:4a:9e:90:
         ab:85:22:14:ca:dc:38:72:1e:6f:b7:72:e9:e2:f5:c7:38:fa:
         b8:90:82:a1:46:2e:85:8b:7f:8d:da:b0:c7:a7:4b:7c:34:83:
         84:ea:97:0a:78:26:3a:7c:85:ff:24:f9:cb:b5:b0:ff:ff:5c:
         e9:5f:46:2a:a1:80:5f:c9:f6:bf:c7:1e:73:48:80:8b:4f:d1:
         34:56:17:a4:80:42:0c:59:be:93:b2:9c:ed:57:36:3a:0b:97:
         cb:00:4b:ae:57:15:20:96:3a:0c:1f:88:5c:f9:f4:61:80:a2:
         a4:5c:12:a9:8c:06:d7:9f:37:62:56:28:1a:5a:f4:a7:42:1f:
         29:38:40:57:fe:41:dd:29:14:e1:93:32:52:ff:23:7b:1a:12:
         e2:85:b3:fd:26:be:a6:ed:89:5e:0a:d6:2e:ec:8c:2b:2e:59:
         5d:32:2d:4e:00:62:2a:e7:2f:97:c7:e4:d4:92:00:9d:54:a5:
         16:b4:e0:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EFIlP9yVBm6asZFXWPJ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UwZTQ4MDQxMWI5Yzg4ZTkxNmRlZjkwZmMzYTkwMTAy
NjM5NGEwHhcNMjYwMTAxMTAxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjA0OWZkN2U1NDMyOGU2MTUwNjRhYTQ4Mjc0MmIxMGNjYTljZDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBY654j9lKGbG32OuE6YPrHRBpZV
+NRTGQD9JHfZYLk/OrF/oejZLiLZA8mB91XRC7RV/D12vuP2BYtnXLUG0TWJ/gkI
ztDkWrBFs83TbeiVmxN7IMtDV5zglP+1PLTkbm+bN4flar4FCujXH4JX1sSEQm9r
eWMerT5okbbeKfUMzyyWnMAvb7lz63g3iX8JnlD1FWD9y5H6wf0BCiVmFIgTy1Na
F6wGyvh/OCmHdyBw3qHV9MPORqCv9F5lvAp/8dhtehM3gRMj4BsCMkP/KKlmyqG+
uY7Z7xY8NwQIUCY+KEE+/Pvy/Y0mVgLYIeLY+hw5MtPsSnKDsRs7MUvCHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYEn9flQyjmFQZKpIJ0KxDMqc04MB8GA1UdIwQY
MBaAFIM+DkgEEbnIjpFt75D8OpAQJjlKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0T1NBUVJ1Y2lPa1czdmtQdzZrQkFtT1VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9hNzgyY2MtMWUwOS00NDgwLWE2ZGMt
NmMyMGViYWYzMGE5LzEvNWdTZjEtVkRLT1lWQmtxa2duUXJFTXlwelRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9hNzgyY2MtMWUwOS00NDgwLWE2ZGMtNmMyMGViYWYzMGE5
LzEvZ3o0T1NBUVJ1Y2lPa1czdmtQdzZrQkFtT1VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQdJMA0G
CSqGSIb3DQEBCwUAA4IBAQCVbyQ/WMPLZ3H09mBNiMjOChjRdaD1LitGIjTmDiMc
uTEQviDqofr8lcRbdHR1GjUOqJ8rRflRIzaAMUwx0nIMiwtg6wNKnpCrhSIUytw4
ch5vt3Lp4vXHOPq4kIKhRi6Fi3+N2rDHp0t8NIOE6pcKeCY6fIX/JPnLtbD//1zp
X0YqoYBfyfa/xx5zSICLT9E0VhekgEIMWb6TspztVzY6C5fLAEuuVxUgljoMH4hc
+fRhgKKkXBKpjAbXnzdiVigaWvSnQh8pOEBX/kHdKRThkzJS/yN7GhLihbP9Jr6m
7YleCtYu7IwrLlldMi1OAGIq5y+Xx+TUkgCdVKUWtODZ
-----END CERTIFICATE-----
Generated at Fri Jan 2 09:27:21 2026 by rpki-client