This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/48b50b-adfe-4dfb-ad80-103b206ba28b/1/5FdT73JkLCgHgzugWWXpOCrhVgc.roa
File:                     5FdT73JkLCgHgzugWWXpOCrhVgc.roa (raw, json)
Hash identifier:          oluoiDxtzFoApZrsUB2VZK/Twzibw5WYce0WItyA/mY=
Subject key identifier:   E4:57:53:EF:72:64:2C:28:07:83:3B:A0:59:65:E9:38:2A:E1:56:07
Certificate issuer:       /CN=f724cba521c080db72a6e54a1b8cf4495cbbc7d6
Certificate serial:       019B76EB3FCA562C5ED45C805C6B20259491
Authority key identifier: F7:24:CB:A5:21:C0:80:DB:72:A6:E5:4A:1B:8C:F4:49:5C:BB:C7:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9yTLpSHAgNtypuVKG4z0SVy7x9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/48b50b-adfe-4dfb-ad80-103b206ba28b/1/5FdT73JkLCgHgzugWWXpOCrhVgc.roa
Signing time:             Thu 01 Jan 2026 00:18:07 +0000
ROA not before:           Thu 01 Jan 2026 00:18:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207996
IP address blocks:        185.203.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/48b50b-adfe-4dfb-ad80-103b206ba28b/1/9yTLpSHAgNtypuVKG4z0SVy7x9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/48b50b-adfe-4dfb-ad80-103b206ba28b/1/9yTLpSHAgNtypuVKG4z0SVy7x9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9yTLpSHAgNtypuVKG4z0SVy7x9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 18:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:3f:ca:56:2c:5e:d4:5c:80:5c:6b:20:25:94:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f724cba521c080db72a6e54a1b8cf4495cbbc7d6
        Validity
            Not Before: Jan  1 00:18:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e45753ef72642c2807833ba05965e9382ae15607
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:fe:27:c7:b4:f1:ba:00:c0:d7:ff:f6:38:e0:
                    43:e1:a0:a2:9d:f0:73:2e:cf:04:2e:68:30:70:19:
                    09:d0:35:0e:a2:ff:b3:9e:29:a1:74:87:b9:42:40:
                    58:19:45:3e:ad:1e:14:f4:08:3f:fb:3b:0c:66:4f:
                    99:60:58:b1:79:f1:29:08:e8:2c:2b:01:6f:4b:85:
                    44:1a:da:0f:7b:c4:70:c7:76:0b:1e:d1:20:3b:0a:
                    24:92:e0:bf:86:23:93:84:72:7d:26:9c:57:40:c8:
                    11:90:b1:51:66:c8:53:96:03:2f:0d:5f:96:97:bc:
                    f7:6c:0c:9c:ac:75:29:51:da:20:d0:9e:83:1e:80:
                    b3:69:bc:9a:72:72:85:63:30:9a:1d:02:02:67:70:
                    12:4f:00:a2:05:23:14:cf:cb:2b:de:61:dc:e5:19:
                    0c:c2:47:e4:60:b5:2a:76:d3:6d:8d:0e:1e:e0:14:
                    6a:e5:d1:a3:ae:05:d0:d1:c3:ee:46:65:ad:53:96:
                    03:54:83:b3:5a:87:3b:d0:43:47:41:79:19:19:ca:
                    92:22:08:2b:c3:f6:13:b1:0d:7d:5a:9b:5e:74:03:
                    b8:d2:dd:be:3e:b6:bf:53:77:35:4a:9c:c8:88:a8:
                    bb:21:29:44:be:14:8f:ea:bc:41:8c:c9:87:68:0e:
                    14:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:57:53:EF:72:64:2C:28:07:83:3B:A0:59:65:E9:38:2A:E1:56:07
            X509v3 Authority Key Identifier:
                keyid:F7:24:CB:A5:21:C0:80:DB:72:A6:E5:4A:1B:8C:F4:49:5C:BB:C7:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9yTLpSHAgNtypuVKG4z0SVy7x9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/48b50b-adfe-4dfb-ad80-103b206ba28b/1/5FdT73JkLCgHgzugWWXpOCrhVgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/48b50b-adfe-4dfb-ad80-103b206ba28b/1/9yTLpSHAgNtypuVKG4z0SVy7x9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:6e:fc:c4:e8:ef:7e:64:d2:c1:ac:2e:44:b3:26:f3:d2:30:
         d1:ce:39:1d:d0:08:14:cc:08:56:b3:c5:15:72:52:cd:c2:dd:
         02:58:2c:d3:57:b0:7f:6f:9b:4c:cb:36:32:13:1d:4c:39:09:
         76:1d:18:61:30:e8:6c:54:be:5f:14:bd:cc:cb:97:de:0c:8a:
         c8:03:b7:c2:27:b5:88:16:21:51:9f:91:44:60:b2:08:00:5c:
         a3:44:29:64:dc:90:f6:34:57:67:38:a0:94:9b:11:3f:a3:70:
         7e:fb:3a:e6:21:4d:af:b2:87:b3:a0:68:81:d1:2d:20:28:64:
         04:97:05:df:98:7b:67:44:b7:e2:83:b8:b3:7b:bf:1d:bb:07:
         df:d2:81:a2:fa:e4:42:09:d8:7f:0e:9d:e2:0f:bc:ee:f7:fb:
         fb:56:19:f8:86:82:d2:bf:74:21:8d:22:e6:5b:74:f7:d0:00:
         c5:77:45:0d:03:cc:9a:19:68:3b:0b:36:86:a4:1b:0e:71:24:
         f0:53:5b:a7:c1:bb:d8:3c:4d:27:b0:3f:56:3d:01:5b:29:a4:
         8e:85:67:38:7a:28:b8:dc:02:6d:0f:1d:54:7e:25:70:67:80:
         ce:60:a1:6d:52:12:24:fc:e1:70:35:ed:13:90:28:89:76:1f:
         c2:e4:b3:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26z/KVixe1FyAXGsgJZSRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MjRjYmE1MjFjMDgwZGI3MmE2ZTU0YTFiOGNmNDQ5NWNi
YmM3ZDYwHhcNMjYwMTAxMDAxODA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDU3NTNlZjcyNjQyYzI4MDc4MzNiYTA1OTY1ZTkzODJhZTE1NjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnv4nx7TxugDA1//2OOBD4aCinfBz
Ls8ELmgwcBkJ0DUOov+znimhdIe5QkBYGUU+rR4U9Ag/+zsMZk+ZYFixefEpCOgs
KwFvS4VEGtoPe8Rwx3YLHtEgOwokkuC/hiOThHJ9JpxXQMgRkLFRZshTlgMvDV+W
l7z3bAycrHUpUdog0J6DHoCzabyacnKFYzCaHQICZ3ASTwCiBSMUz8sr3mHc5RkM
wkfkYLUqdtNtjQ4e4BRq5dGjrgXQ0cPuRmWtU5YDVIOzWoc70ENHQXkZGcqSIggr
w/YTsQ19WptedAO40t2+Pra/U3c1SpzIiKi7ISlEvhSP6rxBjMmHaA4UIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFORXU+9yZCwoB4M7oFll6Tgq4VYHMB8GA1UdIwQY
MBaAFPcky6UhwIDbcqblShuM9Elcu8fWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXlUTHBTSEFnTnR5cHVWS0c0ejBTVnk3eDlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy80OGI1MGItYWRmZS00ZGZiLWFkODAt
MTAzYjIwNmJhMjhiLzEvNUZkVDczSmtMQ2dIZ3p1Z1dXWHBPQ3JoVmdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy80OGI1MGItYWRmZS00ZGZiLWFkODAtMTAzYjIwNmJhMjhi
LzEvOXlUTHBTSEFnTnR5cHVWS0c0ejBTVnk3eDlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuctxMA0G
CSqGSIb3DQEBCwUAA4IBAQB1bvzE6O9+ZNLBrC5Esybz0jDRzjkd0AgUzAhWs8UV
clLNwt0CWCzTV7B/b5tMyzYyEx1MOQl2HRhhMOhsVL5fFL3My5feDIrIA7fCJ7WI
FiFRn5FEYLIIAFyjRClk3JD2NFdnOKCUmxE/o3B++zrmIU2vsoezoGiB0S0gKGQE
lwXfmHtnRLfig7ize78duwff0oGi+uRCCdh/Dp3iD7zu9/v7Vhn4hoLSv3QhjSLm
W3T30ADFd0UNA8yaGWg7CzaGpBsOcSTwU1unwbvYPE0nsD9WPQFbKaSOhWc4eii4
3AJtDx1UfiVwZ4DOYKFtUhIk/OFwNe0TkCiJdh/C5LNK
-----END CERTIFICATE-----