This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/pBdOHT5tecjZpCjNpcydOSIR1PM.roa
File:                     pBdOHT5tecjZpCjNpcydOSIR1PM.roa (raw, json)
Hash identifier:          FLs6R8klsIETpJmcq3AWUpjGlsfTVyV7nd1ia0rcgok=
Subject key identifier:   A4:17:4E:1D:3E:6D:79:C8:D9:A4:28:CD:A5:CC:9D:39:22:11:D4:F3
Certificate issuer:       /CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Certificate serial:       019B7DDB89DC7B969C243CB65EDD661BF09E
Authority key identifier: 29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/pBdOHT5tecjZpCjNpcydOSIR1PM.roa
Signing time:             Fri 02 Jan 2026 08:38:18 +0000
ROA not before:           Fri 02 Jan 2026 08:38:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209604
IP address blocks:        5.10.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 20:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:db:89:dc:7b:96:9c:24:3c:b6:5e:dd:66:1b:f0:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
        Validity
            Not Before: Jan  2 08:38:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4174e1d3e6d79c8d9a428cda5cc9d392211d4f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3d:62:40:1e:92:43:2a:ae:6a:f3:e6:47:db:
                    2b:81:75:18:c6:71:f1:a8:d7:fa:19:e4:9a:fa:d8:
                    14:9a:04:1d:8d:31:0b:87:21:ca:2e:4a:45:2f:24:
                    76:70:2c:e7:1b:0f:58:db:4b:fe:27:f8:88:a5:c6:
                    f8:78:59:3f:3c:e1:05:88:66:a1:da:15:d6:b7:90:
                    28:bc:c7:be:c5:9b:e9:1b:ad:61:54:63:c8:aa:44:
                    c6:9f:15:8f:b7:49:c5:a2:bb:c8:80:4e:e2:ee:fb:
                    57:84:3e:ba:27:f1:2b:c3:fe:c0:b7:5a:e7:3b:6e:
                    19:6c:84:cb:cb:20:f9:56:ea:8b:62:fa:92:9e:f0:
                    2b:2b:34:c7:a2:82:95:63:49:78:83:17:cb:1e:25:
                    30:47:21:69:83:1d:56:34:69:6e:29:51:3e:46:a8:
                    13:98:b9:f3:46:23:4b:97:24:c3:fe:b3:ab:8d:2d:
                    5e:09:1f:bf:b3:ff:51:52:3d:94:87:07:20:c4:d0:
                    5c:91:d2:59:bb:fa:0f:90:a2:c6:a5:4c:3d:63:64:
                    bc:c3:7b:9f:b5:b4:f8:67:bd:71:4b:0d:2c:23:fd:
                    6d:9b:74:38:14:a1:16:89:b4:c4:e6:6f:34:a5:51:
                    ca:ce:3f:2a:cc:86:be:f7:a5:dd:d7:3f:ba:32:ec:
                    b3:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:17:4E:1D:3E:6D:79:C8:D9:A4:28:CD:A5:CC:9D:39:22:11:D4:F3
            X509v3 Authority Key Identifier:
                keyid:29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/pBdOHT5tecjZpCjNpcydOSIR1PM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:90:7d:10:d5:94:02:06:d8:4c:c5:8d:a9:24:77:25:67:44:
         3b:1d:51:b7:5f:d2:4b:68:c1:e3:22:a9:a5:81:65:87:a1:b0:
         26:48:de:88:e9:09:20:ba:2e:86:cd:61:52:a6:fc:8e:64:36:
         98:47:5d:4d:97:58:0e:53:d4:9b:76:88:bc:74:37:cd:b3:9f:
         a6:29:90:b1:6f:7a:5c:af:ff:96:16:69:09:a2:99:16:45:40:
         78:b7:3a:58:63:64:40:10:ec:da:8f:0a:4d:6b:fc:71:ba:dc:
         f1:51:1d:13:d4:80:8f:41:3e:58:06:a2:3c:ad:fa:e3:06:8e:
         39:b9:e3:62:d5:6e:63:d0:27:a9:d5:8b:47:65:53:ba:7a:0b:
         af:f1:3a:d9:1c:bd:e6:62:cb:f3:ed:49:ad:23:e2:5c:bb:ab:
         17:e3:ba:69:92:bc:d4:3f:3f:97:ab:c6:36:82:fc:c8:e8:69:
         0f:7e:8b:a7:13:1b:b2:97:f4:46:01:5a:2b:15:d0:99:63:2b:
         cc:56:93:31:bd:eb:2e:cf:c8:06:1a:fa:f3:66:6a:a9:8b:ac:
         9a:33:4a:96:4b:ac:b6:b3:94:d0:0b:a6:e9:34:9d:fe:21:48:
         f9:b0:9e:57:45:3a:90:11:86:f1:0d:63:ab:f7:98:b5:c5:f3:
         d8:b4:41:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt924nce5acJDy2Xt1mG/CeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2VmOWJlZmQxYTdlMjRjMGNjOTcyOTk4N2ZjMDY1ZDZi
NzEzMmYwHhcNMjYwMTAyMDgzODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDE3NGUxZDNlNmQ3OWM4ZDlhNDI4Y2RhNWNjOWQzOTIyMTFkNGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvj1iQB6SQyquavPmR9srgXUYxnHx
qNf6GeSa+tgUmgQdjTELhyHKLkpFLyR2cCznGw9Y20v+J/iIpcb4eFk/POEFiGah
2hXWt5AovMe+xZvpG61hVGPIqkTGnxWPt0nForvIgE7i7vtXhD66J/Erw/7At1rn
O24ZbITLyyD5VuqLYvqSnvArKzTHooKVY0l4gxfLHiUwRyFpgx1WNGluKVE+RqgT
mLnzRiNLlyTD/rOrjS1eCR+/s/9RUj2UhwcgxNBckdJZu/oPkKLGpUw9Y2S8w3uf
tbT4Z71xSw0sI/1tm3Q4FKEWibTE5m80pVHKzj8qzIa+96Xd1z+6Muyz8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQXTh0+bXnI2aQozaXMnTkiEdTzMB8GA1UdIwQY
MBaAFCl++b79Gn4kwMyXKZh/wGXWtxMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWIt
ZGVlNzY4NjAwMTNkLzEvcEJkT0hUNXRlY2pacENqTnBjeWRPU0lSMVBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWItZGVlNzY4NjAwMTNk
LzEvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQrfMA0G
CSqGSIb3DQEBCwUAA4IBAQCGkH0Q1ZQCBthMxY2pJHclZ0Q7HVG3X9JLaMHjIqml
gWWHobAmSN6I6Qkgui6GzWFSpvyOZDaYR11Nl1gOU9Sbdoi8dDfNs5+mKZCxb3pc
r/+WFmkJopkWRUB4tzpYY2RAEOzajwpNa/xxutzxUR0T1ICPQT5YBqI8rfrjBo45
ueNi1W5j0Cep1YtHZVO6eguv8TrZHL3mYsvz7UmtI+Jcu6sX47ppkrzUPz+Xq8Y2
gvzI6GkPfounExuyl/RGAVorFdCZYyvMVpMxvesuz8gGGvrzZmqpi6yaM0qWS6y2
s5TQC6bpNJ3+IUj5sJ5XRTqQEYbxDWOr95i1xfPYtEGe
-----END CERTIFICATE-----