This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/BAXDlRr4hsZOEW_53viwbbS5xzI.roa
File:                     BAXDlRr4hsZOEW_53viwbbS5xzI.roa (raw, json)
Hash identifier:          gMocBTTYk/YSixcQRlGi2Xf0s9GjCcV7bqy4EjzuHxo=
Subject key identifier:   04:05:C3:95:1A:F8:86:C6:4E:11:6F:F9:DE:F8:B0:6D:B4:B9:C7:32
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       019B791076AEBC4DDD3FA39D6CF0886B3A8C
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/BAXDlRr4hsZOEW_53viwbbS5xzI.roa
Signing time:             Thu 01 Jan 2026 10:18:00 +0000
ROA not before:           Thu 01 Jan 2026 10:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209604
IP address blocks:        5.144.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 20:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:76:ae:bc:4d:dd:3f:a3:9d:6c:f0:88:6b:3a:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jan  1 10:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0405c3951af886c64e116ff9def8b06db4b9c732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a2:bc:f4:5c:03:bc:d2:d5:b6:c6:8d:60:07:
                    e2:fa:d4:08:42:79:36:d6:f3:14:4f:6d:3c:5c:3b:
                    4d:35:68:20:bb:71:52:0a:2b:ee:2d:25:a5:c5:b5:
                    67:12:27:fe:75:2e:22:52:4c:a3:b1:85:f7:13:7c:
                    34:c5:dc:81:03:9b:13:96:da:0b:79:c1:22:5f:68:
                    8e:f0:17:cc:41:1a:95:5d:0f:14:a0:56:ef:63:f7:
                    65:13:15:e1:78:79:d3:aa:e8:ba:35:57:cc:6c:40:
                    b0:ab:62:c4:0f:58:05:f5:c1:ab:f2:2b:46:70:54:
                    10:35:1d:a3:04:57:b7:2f:e9:dd:b0:a5:cd:49:ad:
                    a6:2a:2a:dc:77:a0:43:c6:6d:f9:0a:6f:2f:f4:39:
                    1d:27:b0:ef:10:5a:ec:8c:7c:93:15:c3:d5:90:9e:
                    30:84:dc:c5:cf:9a:7b:8b:a1:ab:14:45:d7:70:8f:
                    01:19:2e:f0:bd:5f:ab:61:68:64:c1:4d:06:d9:d2:
                    44:51:15:c0:b4:88:ca:da:8d:75:97:35:fc:ba:bc:
                    0b:ea:21:a2:6f:78:b3:85:83:f4:32:a7:43:fb:90:
                    68:de:82:6b:9a:f6:45:cd:28:f5:5b:03:06:58:24:
                    a9:30:7d:ec:cd:ce:8f:0a:c8:e5:71:19:5a:64:96:
                    aa:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:05:C3:95:1A:F8:86:C6:4E:11:6F:F9:DE:F8:B0:6D:B4:B9:C7:32
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/BAXDlRr4hsZOEW_53viwbbS5xzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.144.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:28:47:ee:18:44:36:16:15:2f:12:d0:99:ab:f0:f4:6f:ab:
         83:25:c1:cf:70:2b:cc:aa:cb:b9:a5:7c:17:22:a2:8f:32:31:
         bd:3f:38:35:60:92:1d:fb:0c:d3:b5:48:57:37:00:3f:c8:11:
         2f:c0:ce:09:a8:3a:af:b2:24:7c:73:cc:41:bd:7a:5f:d6:b7:
         78:60:2e:f9:d0:aa:d8:e0:ae:a9:fe:46:30:31:77:e7:e1:9c:
         ca:25:5b:f4:2e:79:f7:ad:f0:4a:28:f6:8e:17:61:95:69:17:
         32:ef:06:18:70:5c:6e:8a:de:b6:06:8c:50:e0:a8:41:47:7a:
         05:67:66:58:a4:f4:5f:70:e9:73:7f:d5:1b:d0:5b:52:ff:cb:
         99:e3:9f:f1:a4:3e:27:20:cf:cf:11:de:48:bb:4b:92:9a:47:
         39:22:8d:5d:e5:98:96:1b:bd:b7:21:c2:8f:65:88:ec:ee:44:
         47:4b:4f:a5:aa:60:ab:93:5a:c2:e1:32:20:ab:4e:f1:f3:f0:
         6a:81:35:2c:9b:eb:22:90:7c:a2:37:0f:37:10:60:1c:26:e4:
         1a:e3:46:1e:9b:1b:f9:00:3c:61:41:37:2d:ea:01:74:a5:39:
         6c:bd:04:d0:de:1d:16:31:ba:aa:fb:df:60:75:67:f2:3b:62:
         5b:3e:c7:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EHauvE3dP6OdbPCIazqMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjYwMTAxMTAxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDA1YzM5NTFhZjg4NmM2NGUxMTZmZjlkZWY4YjA2ZGI0YjljNzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqK89FwDvNLVtsaNYAfi+tQIQnk2
1vMUT208XDtNNWggu3FSCivuLSWlxbVnEif+dS4iUkyjsYX3E3w0xdyBA5sTltoL
ecEiX2iO8BfMQRqVXQ8UoFbvY/dlExXheHnTqui6NVfMbECwq2LED1gF9cGr8itG
cFQQNR2jBFe3L+ndsKXNSa2mKircd6BDxm35Cm8v9DkdJ7DvEFrsjHyTFcPVkJ4w
hNzFz5p7i6GrFEXXcI8BGS7wvV+rYWhkwU0G2dJEURXAtIjK2o11lzX8urwL6iGi
b3izhYP0MqdD+5Bo3oJrmvZFzSj1WwMGWCSpMH3szc6PCsjlcRlaZJaqLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQFw5Ua+IbGThFv+d74sG20uccyMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvQkFYRGxScjRoc1pPRVdfNTN2aXdiYlM1eHpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZCxMA0G
CSqGSIb3DQEBCwUAA4IBAQBEKEfuGEQ2FhUvEtCZq/D0b6uDJcHPcCvMqsu5pXwX
IqKPMjG9Pzg1YJId+wzTtUhXNwA/yBEvwM4JqDqvsiR8c8xBvXpf1rd4YC750KrY
4K6p/kYwMXfn4ZzKJVv0Lnn3rfBKKPaOF2GVaRcy7wYYcFxuit62BoxQ4KhBR3oF
Z2ZYpPRfcOlzf9Ub0FtS/8uZ45/xpD4nIM/PEd5Iu0uSmkc5Io1d5ZiWG723IcKP
ZYjs7kRHS0+lqmCrk1rC4TIgq07x8/BqgTUsm+sikHyiNw83EGAcJuQa40Yemxv5
ADxhQTct6gF0pTlsvQTQ3h0WMbqq+99gdWfyO2JbPsdQ
-----END CERTIFICATE-----