This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/F03cOeX0lKxmDBnvII8QRD-Hu7s.roa
File:                     F03cOeX0lKxmDBnvII8QRD-Hu7s.roa (raw, json)
Hash identifier:          vIDLN9sfXqleYhJzQ9IgaC3HLXJdLv9t/s+hdk041RA=
Subject key identifier:   17:4D:DC:39:E5:F4:94:AC:66:0C:19:EF:20:8F:10:44:3F:87:BB:BB
Certificate issuer:       /CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Certificate serial:       019B78A23376B40985CE1722A0CD7B1E81D0
Authority key identifier: 29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/F03cOeX0lKxmDBnvII8QRD-Hu7s.roa
Signing time:             Thu 01 Jan 2026 08:17:34 +0000
ROA not before:           Thu 01 Jan 2026 08:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400536
IP address blocks:        5.10.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 11:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:33:76:b4:09:85:ce:17:22:a0:cd:7b:1e:81:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
        Validity
            Not Before: Jan  1 08:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=174ddc39e5f494ac660c19ef208f10443f87bbbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:43:76:c9:b5:d1:3c:77:4c:75:bd:03:3f:f3:
                    96:1c:24:85:29:d8:c2:a1:f6:c2:5c:1d:f2:44:1e:
                    4e:68:78:61:20:d6:da:9c:8d:16:ac:1f:3a:83:fd:
                    6b:31:85:00:39:f2:8b:20:24:e3:5e:92:d6:25:3e:
                    07:83:08:11:f9:10:9a:1c:7f:5d:2b:c5:7a:72:34:
                    3c:84:7e:7a:14:7e:43:0b:77:10:6e:64:e8:1a:8f:
                    a1:96:bc:44:ff:f7:6b:ec:9a:01:54:cf:f3:ea:b7:
                    ba:3f:2d:a2:9f:34:d4:bc:2f:76:b8:a7:88:12:2b:
                    49:2c:ab:41:e3:bd:3f:c7:14:ff:95:5f:9e:a1:81:
                    45:5f:ec:4c:9a:08:57:76:fd:44:2e:2e:51:20:14:
                    46:9d:9b:a1:1c:dc:e2:ca:09:9e:a5:37:65:e7:d8:
                    e5:5f:da:4c:90:74:12:9f:1d:4c:03:35:0a:06:a6:
                    9c:72:01:67:98:bd:40:3e:68:dd:8e:07:98:62:af:
                    13:f7:75:f4:36:9d:76:e4:fa:c2:e1:9a:44:bd:80:
                    96:1b:31:b7:4c:18:07:22:0e:93:ae:02:b6:d4:68:
                    26:0f:1d:f7:ad:3f:e5:0f:d8:b3:cb:fe:45:9d:38:
                    29:e0:18:62:c9:72:2c:bd:31:ca:ad:d2:78:21:4d:
                    64:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:4D:DC:39:E5:F4:94:AC:66:0C:19:EF:20:8F:10:44:3F:87:BB:BB
            X509v3 Authority Key Identifier:
                keyid:29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/F03cOeX0lKxmDBnvII8QRD-Hu7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:4e:83:47:b5:75:ac:df:80:8f:96:e8:b2:34:3f:e0:c5:99:
         93:85:ef:51:a5:1c:f0:c1:6b:12:f4:62:89:44:40:33:0e:b3:
         a0:c5:a7:c0:3c:96:fe:ac:1a:03:8a:c2:d8:0b:b7:06:dc:b5:
         c3:3a:a0:1b:88:22:ab:54:fa:b9:f3:31:8f:b6:ad:82:1d:9e:
         f2:1e:10:11:77:5a:14:4e:43:7a:3e:ea:1e:f1:c1:d2:0d:10:
         70:8f:8c:23:5a:f6:e6:a0:30:65:c6:e0:0d:48:68:7c:28:0b:
         ad:54:5d:58:da:9d:f0:e6:bb:b9:08:3a:34:3a:e6:4a:61:ed:
         e2:7b:4a:1e:e5:ea:e7:43:29:1a:8a:1f:39:3d:cb:da:a8:00:
         c1:10:54:ac:7c:6e:d0:29:14:b9:de:2b:32:56:fa:94:60:66:
         d3:0d:0c:60:ce:a5:a1:95:a1:d1:62:67:eb:e1:73:82:6f:0d:
         ba:c1:78:66:70:14:89:8d:40:e3:b3:b9:e5:92:de:12:12:ee:
         38:b5:07:7c:bc:62:c3:7b:50:16:2e:b2:5c:98:f2:c4:98:03:
         6f:e8:92:42:b3:63:57:56:4c:ef:ae:01:b8:a1:4b:cb:76:2a:
         fb:78:3d:ca:5e:a8:fb:7f:ae:6a:e8:60:77:8b:ce:ad:92:a1:
         2f:23:ab:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4ojN2tAmFzhcioM17HoHQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2VmOWJlZmQxYTdlMjRjMGNjOTcyOTk4N2ZjMDY1ZDZi
NzEzMmYwHhcNMjYwMTAxMDgxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzRkZGMzOWU1ZjQ5NGFjNjYwYzE5ZWYyMDhmMTA0NDNmODdiYmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0N2ybXRPHdMdb0DP/OWHCSFKdjC
ofbCXB3yRB5OaHhhINbanI0WrB86g/1rMYUAOfKLICTjXpLWJT4HgwgR+RCaHH9d
K8V6cjQ8hH56FH5DC3cQbmToGo+hlrxE//dr7JoBVM/z6re6Py2inzTUvC92uKeI
EitJLKtB470/xxT/lV+eoYFFX+xMmghXdv1ELi5RIBRGnZuhHNziygmepTdl59jl
X9pMkHQSnx1MAzUKBqaccgFnmL1APmjdjgeYYq8T93X0Np125PrC4ZpEvYCWGzG3
TBgHIg6TrgK21GgmDx33rT/lD9izy/5FnTgp4BhiyXIsvTHKrdJ4IU1kfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBdN3Dnl9JSsZgwZ7yCPEEQ/h7u7MB8GA1UdIwQY
MBaAFCl++b79Gn4kwMyXKZh/wGXWtxMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWIt
ZGVlNzY4NjAwMTNkLzEvRjAzY09lWDBsS3htREJudklJOFFSRC1IdTdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWItZGVlNzY4NjAwMTNk
LzEvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQrYMA0G
CSqGSIb3DQEBCwUAA4IBAQBBToNHtXWs34CPluiyND/gxZmThe9RpRzwwWsS9GKJ
REAzDrOgxafAPJb+rBoDisLYC7cG3LXDOqAbiCKrVPq58zGPtq2CHZ7yHhARd1oU
TkN6Puoe8cHSDRBwj4wjWvbmoDBlxuANSGh8KAutVF1Y2p3w5ru5CDo0OuZKYe3i
e0oe5ernQykaih85PcvaqADBEFSsfG7QKRS53isyVvqUYGbTDQxgzqWhlaHRYmfr
4XOCbw26wXhmcBSJjUDjs7nlkt4SEu44tQd8vGLDe1AWLrJcmPLEmANv6JJCs2NX
VkzvrgG4oUvLdir7eD3KXqj7f65q6GB3i86tkqEvI6vR
-----END CERTIFICATE-----