This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/wR3FRofdhHlnFMGmk3AwnVUVhio.roa
File:                     wR3FRofdhHlnFMGmk3AwnVUVhio.roa (raw, json)
Hash identifier:          myXGfURCgl+/Z3rIhWeSP+Xuo3dktQVzI214fzGppBo=
Subject key identifier:   C1:1D:C5:46:87:DD:84:79:67:14:C1:A6:93:70:30:9D:55:15:86:2A
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019B7B35FA3FA626DD31622B2886EE9DBB9D
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/wR3FRofdhHlnFMGmk3AwnVUVhio.roa
Signing time:             Thu 01 Jan 2026 20:18:13 +0000
ROA not before:           Thu 01 Jan 2026 20:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42260
IP address blocks:        5.1.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 Jan 2026 04:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:fa:3f:a6:26:dd:31:62:2b:28:86:ee:9d:bb:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan  1 20:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c11dc54687dd84796714c1a69370309d5515862a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:10:d7:42:84:77:6c:ff:ed:88:29:52:7b:69:
                    d1:f7:f6:11:82:e9:7c:be:f0:81:df:a9:bc:03:d6:
                    79:34:79:14:02:da:b7:f0:2e:c6:a0:b4:69:fe:64:
                    45:4c:6a:2e:e1:18:56:12:c8:2f:cd:aa:8a:e6:36:
                    c1:83:60:c5:c6:3a:6f:7e:ea:39:bc:0e:8a:34:11:
                    aa:b8:65:4b:8a:23:76:b9:3d:37:3c:08:07:21:d4:
                    65:9a:04:c3:01:5f:24:7b:f8:ec:4b:ca:a1:06:42:
                    c3:7e:40:84:9e:2e:bf:aa:a4:12:f1:89:0a:31:b2:
                    28:64:1d:82:38:5f:b8:f3:6c:52:79:5d:0e:e2:12:
                    28:e0:fb:c8:9d:3e:7c:b8:8c:34:7f:ce:7d:10:b2:
                    30:98:99:8c:ce:b6:e1:a2:14:c4:a2:09:15:a6:02:
                    23:e6:0e:c2:b4:db:a2:97:7a:bf:0c:04:0b:65:0e:
                    32:3b:d6:9f:a5:64:1f:f4:6a:04:5f:02:e0:86:b7:
                    ed:79:1a:8d:c8:5b:21:e8:83:9a:f7:60:4d:ae:0c:
                    7e:16:be:ac:72:fb:a2:bc:f2:31:66:93:3d:c5:8d:
                    2b:2b:eb:ec:b1:ce:89:ed:4b:57:01:55:64:9f:cf:
                    19:64:cc:57:5f:93:86:2d:f3:a1:a3:cd:4c:9a:65:
                    8e:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:1D:C5:46:87:DD:84:79:67:14:C1:A6:93:70:30:9D:55:15:86:2A
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/wR3FRofdhHlnFMGmk3AwnVUVhio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:49:80:86:d6:bd:d1:dd:d2:ea:05:7c:73:77:40:92:6e:07:
         ca:b9:79:9c:a5:40:ed:f8:1f:7a:b5:90:53:b5:6e:b0:e3:82:
         91:b1:be:07:c1:71:20:76:8d:20:d5:e6:72:e0:4d:8f:5c:e4:
         45:cc:f0:b7:8a:16:e6:a4:80:aa:ef:90:b6:88:2b:d0:02:5b:
         d5:e5:b7:d6:8b:2f:6b:a9:57:04:26:db:0e:43:f9:ae:17:cc:
         40:af:0f:b9:d7:19:f7:78:60:33:1d:81:8c:10:cc:ed:f9:ec:
         6b:b6:e3:05:61:da:90:bb:5d:f6:6a:b6:ee:20:a3:7a:1a:f2:
         db:a4:9e:39:d5:3b:c6:ff:f7:3c:0a:74:5a:eb:20:e1:41:6f:
         c0:f1:e9:0b:d5:aa:86:da:bd:00:68:d4:b6:38:b0:d4:7e:c0:
         a7:00:e3:1d:c0:01:75:4b:ea:8d:f8:59:af:29:b9:ee:eb:cd:
         61:15:16:78:dc:f5:bb:36:84:cf:f5:46:18:77:84:b2:86:a8:
         b6:91:37:a9:a6:a3:07:6b:f3:0e:8d:da:c9:c6:3a:59:b9:3a:
         61:5d:a9:83:0c:ea:4c:df:ee:11:01:14:ab:d0:b7:6b:43:8d:
         60:8b:37:4b:1d:7c:0b:1e:32:f9:73:da:c9:3a:fa:41:05:70:
         34:14:4f:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Nfo/pibdMWIrKIbunbudMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwMTAxMjAxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTFkYzU0Njg3ZGQ4NDc5NjcxNGMxYTY5MzcwMzA5ZDU1MTU4NjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7BDXQoR3bP/tiClSe2nR9/YRgul8
vvCB36m8A9Z5NHkUAtq38C7GoLRp/mRFTGou4RhWEsgvzaqK5jbBg2DFxjpvfuo5
vA6KNBGquGVLiiN2uT03PAgHIdRlmgTDAV8ke/jsS8qhBkLDfkCEni6/qqQS8YkK
MbIoZB2COF+482xSeV0O4hIo4PvInT58uIw0f859ELIwmJmMzrbhohTEogkVpgIj
5g7CtNuil3q/DAQLZQ4yO9afpWQf9GoEXwLghrfteRqNyFsh6IOa92BNrgx+Fr6s
cvuivPIxZpM9xY0rK+vssc6J7UtXAVVkn88ZZMxXX5OGLfOho81MmmWOewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMEdxUaH3YR5ZxTBppNwMJ1VFYYqMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvd1IzRlJvZmRoSGxuRk1HbWszQXduVlVWaGlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQEvMA0G
CSqGSIb3DQEBCwUAA4IBAQAjSYCG1r3R3dLqBXxzd0CSbgfKuXmcpUDt+B96tZBT
tW6w44KRsb4HwXEgdo0g1eZy4E2PXORFzPC3ihbmpICq75C2iCvQAlvV5bfWiy9r
qVcEJtsOQ/muF8xArw+51xn3eGAzHYGMEMzt+exrtuMFYdqQu132arbuIKN6GvLb
pJ451TvG//c8CnRa6yDhQW/A8ekL1aqG2r0AaNS2OLDUfsCnAOMdwAF1S+qN+Fmv
Kbnu681hFRZ43PW7NoTP9UYYd4Syhqi2kTeppqMHa/MOjdrJxjpZuTphXamDDOpM
3+4RARSr0LdrQ41gizdLHXwLHjL5c9rJOvpBBXA0FE+N
-----END CERTIFICATE-----