This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/5vrsmyjFleJ0yUVHYDa_0rWWAj8.roa
File:                     5vrsmyjFleJ0yUVHYDa_0rWWAj8.roa (raw, json)
Hash identifier:          nIs8/R3vM6q19N29/Vbny98FGr35vW2896YebXXJgRc=
Subject key identifier:   E6:FA:EC:9B:28:C5:95:E2:74:C9:45:47:60:36:BF:D2:B5:96:02:3F
Certificate issuer:       /CN=21e86ff9973c93abe6398f031966c29d75a3ba86
Certificate serial:       019B7910E5F9CEFD43EE67179AE901A86644
Authority key identifier: 21:E8:6F:F9:97:3C:93:AB:E6:39:8F:03:19:66:C2:9D:75:A3:BA:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/5vrsmyjFleJ0yUVHYDa_0rWWAj8.roa
Signing time:             Thu 01 Jan 2026 10:18:29 +0000
ROA not before:           Thu 01 Jan 2026 10:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202745
IP address blocks:        144.2.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 15:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:e5:f9:ce:fd:43:ee:67:17:9a:e9:01:a8:66:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21e86ff9973c93abe6398f031966c29d75a3ba86
        Validity
            Not Before: Jan  1 10:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e6faec9b28c595e274c945476036bfd2b596023f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:30:85:cc:39:36:a1:cd:7a:04:ab:f7:e1:2e:
                    8a:71:9a:1f:df:48:ea:a0:1d:c0:86:c9:1d:55:67:
                    77:d1:40:e6:c7:be:9b:e7:16:29:61:6b:9f:85:45:
                    5f:5c:62:ac:24:e4:a1:43:f2:63:f0:ae:3d:58:4b:
                    d7:f5:6e:b6:50:4d:b0:d3:da:62:14:a4:bd:7b:0d:
                    7d:d9:11:37:58:9b:19:78:87:47:48:7f:b4:bc:10:
                    7c:32:59:9b:2d:5f:0b:4e:74:8b:b5:13:71:9f:0c:
                    dc:26:c7:ee:d8:a7:58:00:c4:6d:83:a3:04:56:fa:
                    86:90:85:28:10:33:da:29:8f:32:58:fc:47:21:d1:
                    f4:b6:c7:f2:be:3f:09:37:02:b8:d2:f6:5b:61:d6:
                    e5:0a:30:2f:73:7c:da:b0:bc:fd:66:01:a8:46:31:
                    d6:b1:a8:37:9a:9d:a9:a3:4a:a9:d5:8d:d9:e0:51:
                    5c:f1:03:e5:2d:5c:81:34:94:ac:e9:26:6d:c0:3a:
                    e5:07:bc:0e:b2:4c:f5:3f:30:7f:c7:a8:c5:6b:83:
                    6b:9b:ba:ce:cf:f5:12:55:ff:c8:ca:f2:db:82:91:
                    97:9f:d9:a0:f8:8f:dc:43:4b:35:bd:e6:88:b1:75:
                    01:f1:69:30:04:d9:c8:43:32:c0:85:4c:e6:b8:81:
                    72:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:FA:EC:9B:28:C5:95:E2:74:C9:45:47:60:36:BF:D2:B5:96:02:3F
            X509v3 Authority Key Identifier:
                keyid:21:E8:6F:F9:97:3C:93:AB:E6:39:8F:03:19:66:C2:9D:75:A3:BA:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/5vrsmyjFleJ0yUVHYDa_0rWWAj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.2.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:c6:8b:94:39:fd:6a:14:88:ca:ba:d7:9e:e5:5f:2c:f0:61:
         b2:98:ce:aa:57:f1:ba:e2:50:60:52:01:22:ad:ff:8d:60:3b:
         03:8f:a9:95:86:00:af:76:2b:eb:32:42:a3:9b:ea:75:2c:17:
         79:0d:6d:c2:1a:39:57:3a:38:be:6b:58:a8:10:3c:86:e2:c5:
         79:72:08:dc:98:6b:52:a6:d2:44:db:e8:b3:11:74:e0:fb:e8:
         a8:15:5a:00:5e:52:a8:ba:ce:31:69:ac:27:9d:d9:16:bf:c3:
         4a:70:b8:f2:3f:51:9e:a3:2a:f5:c1:f5:44:70:cb:6e:5c:42:
         53:6b:14:f9:30:f1:da:62:d9:31:20:74:c7:c8:49:0b:ce:cc:
         1b:50:4c:03:70:a7:c1:04:ac:83:87:da:e1:a5:47:9a:e8:f0:
         64:45:e2:f9:48:76:92:e2:b2:d2:c7:dc:9e:b6:03:f5:03:6a:
         78:86:52:a8:c5:f1:34:25:00:2d:d1:cb:51:1e:6d:8e:b5:94:
         db:0b:e2:3b:79:0f:d6:5f:47:0d:56:00:fe:94:4e:f7:89:97:
         f3:2d:4d:9e:0a:4a:3b:0c:52:8b:9d:5a:4d:4c:29:3b:5f:b5:
         06:1e:bc:a0:79:22:06:01:ea:30:d2:50:4e:84:f6:b8:2a:3f:
         d9:25:68:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EOX5zv1D7mcXmukBqGZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxZTg2ZmY5OTczYzkzYWJlNjM5OGYwMzE5NjZjMjlkNzVh
M2JhODYwHhcNMjYwMTAxMTAxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmZhZWM5YjI4YzU5NWUyNzRjOTQ1NDc2MDM2YmZkMmI1OTYwMjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0TCFzDk2oc16BKv34S6KcZof30jq
oB3AhskdVWd30UDmx76b5xYpYWufhUVfXGKsJOShQ/Jj8K49WEvX9W62UE2w09pi
FKS9ew192RE3WJsZeIdHSH+0vBB8MlmbLV8LTnSLtRNxnwzcJsfu2KdYAMRtg6ME
VvqGkIUoEDPaKY8yWPxHIdH0tsfyvj8JNwK40vZbYdblCjAvc3zasLz9ZgGoRjHW
sag3mp2po0qp1Y3Z4FFc8QPlLVyBNJSs6SZtwDrlB7wOskz1PzB/x6jFa4Nrm7rO
z/USVf/IyvLbgpGXn9mg+I/cQ0s1veaIsXUB8WkwBNnIQzLAhUzmuIFy+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOb67JsoxZXidMlFR2A2v9K1lgI/MB8GA1UdIwQY
MBaAFCHob/mXPJOr5jmPAxlmwp11o7qGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWVodi1aYzhrNnZtT1k4REdXYkNuWFdqdW9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8yZjZkZDAtYjc2Zi00N2Q1LWE0YWIt
MzJmZWViNTY2ZWU2LzEvNXZyc215akZsZUoweVVWSFlEYV8wcldXQWo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8yZjZkZDAtYjc2Zi00N2Q1LWE0YWItMzJmZWViNTY2ZWU2
LzEvSWVodi1aYzhrNnZtT1k4REdXYkNuWFdqdW9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkALfMA0G
CSqGSIb3DQEBCwUAA4IBAQA2xouUOf1qFIjKutee5V8s8GGymM6qV/G64lBgUgEi
rf+NYDsDj6mVhgCvdivrMkKjm+p1LBd5DW3CGjlXOji+a1ioEDyG4sV5cgjcmGtS
ptJE2+izEXTg++ioFVoAXlKous4xaawnndkWv8NKcLjyP1Geoyr1wfVEcMtuXEJT
axT5MPHaYtkxIHTHyEkLzswbUEwDcKfBBKyDh9rhpUea6PBkReL5SHaS4rLSx9ye
tgP1A2p4hlKoxfE0JQAt0ctRHm2OtZTbC+I7eQ/WX0cNVgD+lE73iZfzLU2eCko7
DFKLnVpNTCk7X7UGHrygeSIGAeow0lBOhPa4Kj/ZJWgq
-----END CERTIFICATE-----