This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/AHwZLzMSIzjdiILFlHimNy1KVH0.roa
File:                     AHwZLzMSIzjdiILFlHimNy1KVH0.roa (raw, json)
Hash identifier:          y5lR675u3Up+2TOOlskI792uCxkPkEvihlTIWi4xd1I=
Subject key identifier:   00:7C:19:2F:33:12:23:38:DD:88:82:C5:94:78:A6:37:2D:4A:54:7D
Certificate issuer:       /CN=d0b849b9bc9042a1557331937e4ad71518af61cf
Certificate serial:       019B7AC8B159E595289D8CF99D62EF2CF025
Authority key identifier: D0:B8:49:B9:BC:90:42:A1:55:73:31:93:7E:4A:D7:15:18:AF:61:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/AHwZLzMSIzjdiILFlHimNy1KVH0.roa
Signing time:             Thu 01 Jan 2026 18:18:51 +0000
ROA not before:           Thu 01 Jan 2026 18:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60201
IP address blocks:        5.183.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:b1:59:e5:95:28:9d:8c:f9:9d:62:ef:2c:f0:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0b849b9bc9042a1557331937e4ad71518af61cf
        Validity
            Not Before: Jan  1 18:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=007c192f33122338dd8882c59478a6372d4a547d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:32:9a:1c:a2:b8:44:bb:27:fb:1b:1e:bc:4d:
                    1e:d0:77:92:7c:70:b9:c7:0b:02:06:74:fb:9a:e4:
                    8f:e3:2d:fa:dd:e5:e5:ef:4d:bb:ec:d3:bf:4f:14:
                    74:72:65:d9:00:62:51:0b:2e:2a:b1:59:d6:46:00:
                    fd:96:f1:88:3f:e7:8e:17:78:3b:29:39:ef:6b:d8:
                    61:65:cb:8f:73:cb:e4:21:96:72:82:4c:ea:df:fa:
                    eb:60:f0:85:22:32:1c:98:1f:94:8b:8e:14:0d:bc:
                    ef:ec:a2:c3:22:01:f1:f0:80:f2:87:79:ce:99:26:
                    9e:e5:ae:52:fe:27:f7:ee:e8:15:9a:b6:5f:64:85:
                    7d:52:d5:68:0a:c2:0d:b7:32:f4:04:a8:1f:a2:5f:
                    51:2e:ae:ed:88:98:23:b0:8f:2c:94:53:20:54:dd:
                    c8:ea:3a:8b:88:d3:c8:08:fb:40:25:c5:8b:a0:77:
                    83:bc:b6:4f:dd:e6:09:97:90:ce:1c:20:cf:72:95:
                    06:66:3b:db:90:f7:1e:59:cb:43:b3:6d:2e:a3:bc:
                    cb:cb:70:e2:b6:d6:71:79:65:63:24:fe:40:28:f2:
                    32:42:69:bc:68:27:8d:dc:d3:7f:ea:a2:5c:76:40:
                    06:f4:ab:9d:74:a9:d5:c2:56:be:d7:0e:d5:8c:11:
                    e8:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:7C:19:2F:33:12:23:38:DD:88:82:C5:94:78:A6:37:2D:4A:54:7D
            X509v3 Authority Key Identifier:
                keyid:D0:B8:49:B9:BC:90:42:A1:55:73:31:93:7E:4A:D7:15:18:AF:61:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/AHwZLzMSIzjdiILFlHimNy1KVH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:c5:35:b2:3d:de:c3:02:17:64:6c:34:8e:67:f4:5d:69:76:
         5b:2a:59:5c:18:45:0f:0c:0f:4f:42:2c:9b:71:db:a0:c0:54:
         82:43:4d:1e:a5:68:e8:00:8e:ed:87:38:34:db:49:68:b0:ab:
         a4:01:cd:21:cd:54:89:76:80:c8:39:cc:c9:34:6e:b5:c9:47:
         c0:f6:6c:91:6d:75:79:46:e7:76:f6:6f:4b:75:27:e9:1f:f4:
         19:da:ca:bd:b0:16:9c:0c:b8:2b:70:29:7a:9e:6c:ff:c7:38:
         e0:cb:b5:74:99:02:f6:3b:d2:e7:08:10:07:57:6c:80:eb:62:
         fc:18:77:a7:a0:20:dd:35:28:7e:ca:80:f1:32:db:53:59:f7:
         16:e2:e3:2c:73:bf:76:d0:77:72:74:ff:35:6f:ac:08:bb:71:
         bd:25:bc:c4:af:2b:b1:e0:28:e5:15:b2:2b:11:7f:84:69:d5:
         59:93:5c:bf:18:8c:d1:60:2e:ee:6b:d2:d4:88:c4:50:32:d9:
         67:6c:44:b6:fd:60:6a:df:2b:77:6a:2b:1f:b8:d4:fc:64:a4:
         2a:eb:6f:14:b8:ac:bb:fe:34:80:1b:db:28:3d:db:62:c0:07:
         61:43:1a:09:ee:5b:1a:57:7e:35:e3:ee:59:d8:f2:38:11:1d:
         e8:92:55:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yLFZ5ZUonYz5nWLvLPAlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYjg0OWI5YmM5MDQyYTE1NTczMzE5MzdlNGFkNzE1MThh
ZjYxY2YwHhcNMjYwMTAxMTgxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDdjMTkyZjMzMTIyMzM4ZGQ4ODgyYzU5NDc4YTYzNzJkNGE1NDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojKaHKK4RLsn+xsevE0e0HeSfHC5
xwsCBnT7muSP4y363eXl70277NO/TxR0cmXZAGJRCy4qsVnWRgD9lvGIP+eOF3g7
KTnva9hhZcuPc8vkIZZygkzq3/rrYPCFIjIcmB+Ui44UDbzv7KLDIgHx8IDyh3nO
mSae5a5S/if37ugVmrZfZIV9UtVoCsINtzL0BKgfol9RLq7tiJgjsI8slFMgVN3I
6jqLiNPICPtAJcWLoHeDvLZP3eYJl5DOHCDPcpUGZjvbkPceWctDs20uo7zLy3Di
ttZxeWVjJP5AKPIyQmm8aCeN3NN/6qJcdkAG9KuddKnVwla+1w7VjBHonwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAB8GS8zEiM43YiCxZR4pjctSlR9MB8GA1UdIwQY
MBaAFNC4Sbm8kEKhVXMxk35K1xUYr2HPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMExoSnVieVFRcUZWY3pHVGZrclhGUml2WWM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9hM2ZiNjctZDUxNC00YWVlLWFkYjkt
NzJiYWQ5ZDczYzgwLzEvQUh3Wkx6TVNJempkaUlMRmxIaW1OeTFLVkgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9hM2ZiNjctZDUxNC00YWVlLWFkYjktNzJiYWQ5ZDczYzgw
LzEvMExoSnVieVFRcUZWY3pHVGZrclhGUml2WWM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbeoMA0G
CSqGSIb3DQEBCwUAA4IBAQBXxTWyPd7DAhdkbDSOZ/RdaXZbKllcGEUPDA9PQiyb
cdugwFSCQ00epWjoAI7thzg020losKukAc0hzVSJdoDIOczJNG61yUfA9myRbXV5
Rud29m9LdSfpH/QZ2sq9sBacDLgrcCl6nmz/xzjgy7V0mQL2O9LnCBAHV2yA62L8
GHenoCDdNSh+yoDxMttTWfcW4uMsc7920HdydP81b6wIu3G9JbzEryux4CjlFbIr
EX+EadVZk1y/GIzRYC7ua9LUiMRQMtlnbES2/WBq3yt3aisfuNT8ZKQq628UuKy7
/jSAG9soPdtiwAdhQxoJ7lsaV3414+5Z2PI4ER3oklWw
-----END CERTIFICATE-----