This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/dc8e13-6dd3-44f9-90f6-7cd1f652d925/1/5aHaMqVeMBDhBaX6C5G4xJdeGbA.roa
File:                     5aHaMqVeMBDhBaX6C5G4xJdeGbA.roa (raw, json)
Hash identifier:          QOZBNzX+3r101BCPDJTA6RgBDInLW/e+aTQmcxCkTxw=
Subject key identifier:   E5:A1:DA:32:A5:5E:30:10:E1:05:A5:FA:0B:91:B8:C4:97:5E:19:B0
Certificate issuer:       /CN=7b5516af4b74a1142bef13c3fd707059e61a6b95
Certificate serial:       019B77C6760C41C20C06608D6881BFF1D74A
Authority key identifier: 7B:55:16:AF:4B:74:A1:14:2B:EF:13:C3:FD:70:70:59:E6:1A:6B:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1UWr0t0oRQr7xPD_XBwWeYaa5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/dc8e13-6dd3-44f9-90f6-7cd1f652d925/1/5aHaMqVeMBDhBaX6C5G4xJdeGbA.roa
Signing time:             Thu 01 Jan 2026 04:17:33 +0000
ROA not before:           Thu 01 Jan 2026 04:17:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2856
IP address blocks:        109.205.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/dc8e13-6dd3-44f9-90f6-7cd1f652d925/1/e1UWr0t0oRQr7xPD_XBwWeYaa5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/dc8e13-6dd3-44f9-90f6-7cd1f652d925/1/e1UWr0t0oRQr7xPD_XBwWeYaa5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1UWr0t0oRQr7xPD_XBwWeYaa5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 Jan 2026 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:76:0c:41:c2:0c:06:60:8d:68:81:bf:f1:d7:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5516af4b74a1142bef13c3fd707059e61a6b95
        Validity
            Not Before: Jan  1 04:17:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e5a1da32a55e3010e105a5fa0b91b8c4975e19b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a8:e0:03:e0:30:30:4b:da:5d:3a:de:f0:96:
                    a8:83:91:0d:9d:02:ae:c0:83:4e:a8:7e:c6:95:63:
                    67:a4:1f:bd:85:14:41:07:eb:8e:c0:48:46:0d:cb:
                    61:59:67:8c:1c:7f:75:6c:fd:fe:bb:b1:44:19:8e:
                    f9:89:f5:61:5a:40:6f:be:30:dc:7c:c8:8e:09:36:
                    94:c2:cf:b0:2c:73:03:ad:33:03:c9:ff:22:e0:6e:
                    2b:fd:60:04:0d:4b:d3:22:42:37:dd:c4:15:7c:24:
                    27:da:17:a7:f0:c7:0f:43:ce:e7:7c:00:f9:bd:53:
                    c0:b7:8e:36:dd:61:11:2b:71:ff:ef:10:62:5d:6b:
                    56:0d:79:7c:45:73:27:3c:0e:40:2b:f7:75:2e:98:
                    5b:48:32:46:f0:48:f6:84:1f:0d:c8:ae:b1:bd:ef:
                    73:b5:17:23:51:66:2a:db:a9:51:5d:90:b0:e7:9a:
                    9d:7c:30:ff:4d:7e:00:83:18:9d:ec:25:5c:c8:e4:
                    30:29:5b:a6:37:3c:3f:3d:c6:a6:04:8a:ec:1b:af:
                    75:76:19:f3:c1:d5:88:f2:34:c2:fa:90:b5:9b:1d:
                    b8:d7:c4:38:e7:79:db:52:f9:d4:c5:37:3a:75:59:
                    91:bf:a4:6e:57:74:fe:28:34:2f:84:23:ff:b8:35:
                    64:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:A1:DA:32:A5:5E:30:10:E1:05:A5:FA:0B:91:B8:C4:97:5E:19:B0
            X509v3 Authority Key Identifier:
                keyid:7B:55:16:AF:4B:74:A1:14:2B:EF:13:C3:FD:70:70:59:E6:1A:6B:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1UWr0t0oRQr7xPD_XBwWeYaa5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/dc8e13-6dd3-44f9-90f6-7cd1f652d925/1/5aHaMqVeMBDhBaX6C5G4xJdeGbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/dc8e13-6dd3-44f9-90f6-7cd1f652d925/1/e1UWr0t0oRQr7xPD_XBwWeYaa5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:70:55:51:b9:d0:81:e9:db:d5:f0:18:b0:d4:c5:7e:a9:da:
         02:3e:34:27:87:90:42:60:01:ef:6c:fa:e9:02:83:0a:c1:3d:
         09:60:20:00:19:b2:61:a6:b7:73:d1:73:b4:26:28:f4:66:5f:
         9c:18:a1:59:34:b3:fd:b3:ed:d9:1a:d9:b4:27:1e:e5:36:89:
         47:42:8b:ad:aa:77:03:b8:eb:95:43:6c:13:82:ac:46:24:24:
         a4:13:80:02:e1:20:f5:5b:a5:b4:6a:e9:f4:75:38:b9:85:67:
         a5:b7:13:7c:d2:82:46:c1:ab:c1:30:e0:1a:42:9d:d9:0f:97:
         0e:6b:44:1e:6a:e6:c2:f8:22:b4:5e:b2:1e:f7:e1:59:c7:e9:
         2c:aa:3b:db:41:4b:69:20:0e:ae:5c:e5:b2:a6:9c:f1:a1:f7:
         b8:de:2a:80:7c:72:3e:9e:06:23:12:1e:8f:64:eb:2c:4d:10:
         9a:40:53:1d:18:21:7c:b7:e3:8a:da:14:18:b6:d4:97:f5:4e:
         83:d9:0a:e3:ec:ec:a7:96:09:ea:ab:0c:75:6c:8d:90:3a:0d:
         0d:10:c2:bd:8c:b5:da:6c:e1:7e:9e:cd:40:0c:43:99:12:e9:
         0b:08:09:8f:4b:80:8d:2d:c3:b5:14:e6:34:86:3e:4c:6a:52:
         27:0f:9a:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xnYMQcIMBmCNaIG/8ddKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNTUxNmFmNGI3NGExMTQyYmVmMTNjM2ZkNzA3MDU5ZTYx
YTZiOTUwHhcNMjYwMTAxMDQxNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWExZGEzMmE1NWUzMDEwZTEwNWE1ZmEwYjkxYjhjNDk3NWUxOWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKjgA+AwMEvaXTre8Jaog5ENnQKu
wINOqH7GlWNnpB+9hRRBB+uOwEhGDcthWWeMHH91bP3+u7FEGY75ifVhWkBvvjDc
fMiOCTaUws+wLHMDrTMDyf8i4G4r/WAEDUvTIkI33cQVfCQn2hen8McPQ87nfAD5
vVPAt4423WERK3H/7xBiXWtWDXl8RXMnPA5AK/d1LphbSDJG8Ej2hB8NyK6xve9z
tRcjUWYq26lRXZCw55qdfDD/TX4Agxid7CVcyOQwKVumNzw/PcamBIrsG691dhnz
wdWI8jTC+pC1mx2418Q453nbUvnUxTc6dVmRv6RuV3T+KDQvhCP/uDVkeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOWh2jKlXjAQ4QWl+guRuMSXXhmwMB8GA1UdIwQY
MBaAFHtVFq9LdKEUK+8Tw/1wcFnmGmuVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTFVV3IwdDBvUlFyN3hQRF9YQndXZVlhYTVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9kYzhlMTMtNmRkMy00NGY5LTkwZjYt
N2NkMWY2NTJkOTI1LzEvNWFIYU1xVmVNQkRoQmFYNkM1RzR4SmRlR2JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9kYzhlMTMtNmRkMy00NGY5LTkwZjYtN2NkMWY2NTJkOTI1
LzEvZTFVV3IwdDBvUlFyN3hQRF9YQndXZVlhYTVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc2eMA0G
CSqGSIb3DQEBCwUAA4IBAQCycFVRudCB6dvV8Biw1MV+qdoCPjQnh5BCYAHvbPrp
AoMKwT0JYCAAGbJhprdz0XO0Jij0Zl+cGKFZNLP9s+3ZGtm0Jx7lNolHQoutqncD
uOuVQ2wTgqxGJCSkE4AC4SD1W6W0aun0dTi5hWeltxN80oJGwavBMOAaQp3ZD5cO
a0QeaubC+CK0XrIe9+FZx+ksqjvbQUtpIA6uXOWyppzxofe43iqAfHI+ngYjEh6P
ZOssTRCaQFMdGCF8t+OK2hQYttSX9U6D2Qrj7Oynlgnqqwx1bI2QOg0NEMK9jLXa
bOF+ns1ADEOZEukLCAmPS4CNLcO1FOY0hj5MalInD5oc
-----END CERTIFICATE-----