This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/t1miWIZwqhFnHm1V8OaiWDQkZvQ.roa
File:                     t1miWIZwqhFnHm1V8OaiWDQkZvQ.roa (raw, json)
Hash identifier:          6fT15sb19FmXqLe9+b0pS8/2omYg2Drcv+bmA7jcy/I=
Subject key identifier:   B7:59:A2:58:86:70:AA:11:67:1E:6D:55:F0:E6:A2:58:34:24:66:F4
Certificate issuer:       /CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Certificate serial:       019B78A2315EB731B49E825C7294A486D1E9
Authority key identifier: 29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/t1miWIZwqhFnHm1V8OaiWDQkZvQ.roa
Signing time:             Thu 01 Jan 2026 08:17:33 +0000
ROA not before:           Thu 01 Jan 2026 08:17:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210734
IP address blocks:        5.10.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 11:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:31:5e:b7:31:b4:9e:82:5c:72:94:a4:86:d1:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
        Validity
            Not Before: Jan  1 08:17:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b759a2588670aa11671e6d55f0e6a258342466f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:bc:32:a4:2e:ef:18:74:41:cc:c2:8c:71:ce:
                    54:26:b6:90:97:25:76:d5:40:1c:7b:2e:89:b8:e7:
                    92:b0:4a:11:96:71:e7:b5:64:57:a5:bf:84:39:c4:
                    21:f8:28:1c:da:fd:48:de:4f:1e:27:00:4a:42:57:
                    a5:70:1f:99:7a:a4:18:1c:86:dc:57:85:a4:6e:80:
                    79:81:c9:ce:7c:eb:89:4d:81:3b:68:6b:67:01:5d:
                    78:52:8f:b4:b2:33:70:4d:3b:53:60:6b:11:b8:e8:
                    1e:7e:0d:3e:b9:94:8c:a7:0b:b4:fe:74:bf:85:61:
                    ce:92:7f:30:a3:2e:0d:09:14:60:11:3d:c8:9a:ac:
                    32:e6:ad:b8:5b:0d:c7:55:4d:4b:20:c8:66:39:50:
                    b9:51:7b:9d:6d:0f:e6:e6:31:fd:29:45:be:95:bb:
                    3c:30:b7:59:d8:34:f5:3e:9c:56:cb:77:ac:8d:c3:
                    bf:cf:03:74:86:ca:cb:d9:df:3c:6c:1d:01:0d:08:
                    8b:26:40:a3:78:41:b2:e4:26:df:10:53:75:db:7e:
                    10:f4:52:18:4b:a6:bb:5f:32:dd:c2:36:d8:5f:8d:
                    c5:fc:3f:29:57:44:08:d2:3a:42:8d:06:71:23:d1:
                    d8:fa:c5:7f:18:9e:f0:3d:50:a1:c5:06:ff:ca:e4:
                    68:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:59:A2:58:86:70:AA:11:67:1E:6D:55:F0:E6:A2:58:34:24:66:F4
            X509v3 Authority Key Identifier:
                keyid:29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/t1miWIZwqhFnHm1V8OaiWDQkZvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:5d:a4:db:13:6b:8c:bb:1a:a5:c5:6f:1d:77:18:90:a1:53:
         eb:30:68:a3:61:ad:cb:fb:fe:fd:47:5a:31:e5:8f:e6:3d:60:
         63:fc:4a:ac:a1:b8:77:aa:19:a2:34:d3:28:0e:65:5d:10:54:
         a0:6f:48:b4:0e:f0:f2:7b:04:4e:38:ff:6c:dc:5a:24:98:53:
         9e:51:ed:65:c2:ba:42:ce:a6:52:ff:43:c7:48:47:da:02:ac:
         c2:4a:be:6b:9e:2e:69:de:9c:f6:8b:cf:ed:3b:bc:c9:8f:a3:
         af:18:22:22:50:f3:a8:23:8a:d4:aa:4b:0a:fe:bd:bc:03:be:
         82:e5:45:8e:4b:a2:18:ac:e0:53:80:b7:6b:99:10:fc:b4:f0:
         ca:38:49:31:7a:a9:41:68:ba:cc:9c:89:72:5c:a8:95:1d:e1:
         a5:29:ef:32:f5:f1:88:36:34:00:91:fd:d2:84:e8:a0:de:a4:
         a1:3a:6b:be:8b:8a:ee:79:7e:88:bf:a5:e0:44:74:c3:d4:19:
         ea:10:0e:29:0f:cc:ce:ca:59:2b:5d:b8:e6:01:34:b1:bf:5d:
         a9:72:ed:4e:e0:9f:6d:17:c8:4a:84:b0:f0:39:f8:ff:01:f6:
         b0:f4:7a:dc:a5:77:7d:1c:f8:9f:23:2b:11:f6:15:90:68:8a:
         8e:c3:08:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4ojFetzG0noJccpSkhtHpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2VmOWJlZmQxYTdlMjRjMGNjOTcyOTk4N2ZjMDY1ZDZi
NzEzMmYwHhcNMjYwMTAxMDgxNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzU5YTI1ODg2NzBhYTExNjcxZTZkNTVmMGU2YTI1ODM0MjQ2NmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1bwypC7vGHRBzMKMcc5UJraQlyV2
1UAcey6JuOeSsEoRlnHntWRXpb+EOcQh+Cgc2v1I3k8eJwBKQlelcB+ZeqQYHIbc
V4WkboB5gcnOfOuJTYE7aGtnAV14Uo+0sjNwTTtTYGsRuOgefg0+uZSMpwu0/nS/
hWHOkn8woy4NCRRgET3Imqwy5q24Ww3HVU1LIMhmOVC5UXudbQ/m5jH9KUW+lbs8
MLdZ2DT1PpxWy3esjcO/zwN0hsrL2d88bB0BDQiLJkCjeEGy5CbfEFN1234Q9FIY
S6a7XzLdwjbYX43F/D8pV0QI0jpCjQZxI9HY+sV/GJ7wPVChxQb/yuRo3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLdZoliGcKoRZx5tVfDmolg0JGb0MB8GA1UdIwQY
MBaAFCl++b79Gn4kwMyXKZh/wGXWtxMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWIt
ZGVlNzY4NjAwMTNkLzEvdDFtaVdJWndxaEZuSG0xVjhPYWlXRFFrWnZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWItZGVlNzY4NjAwMTNk
LzEvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQraMA0G
CSqGSIb3DQEBCwUAA4IBAQBpXaTbE2uMuxqlxW8ddxiQoVPrMGijYa3L+/79R1ox
5Y/mPWBj/Eqsobh3qhmiNNMoDmVdEFSgb0i0DvDyewROOP9s3FokmFOeUe1lwrpC
zqZS/0PHSEfaAqzCSr5rni5p3pz2i8/tO7zJj6OvGCIiUPOoI4rUqksK/r28A76C
5UWOS6IYrOBTgLdrmRD8tPDKOEkxeqlBaLrMnIlyXKiVHeGlKe8y9fGINjQAkf3S
hOig3qShOmu+i4rueX6Iv6XgRHTD1BnqEA4pD8zOylkrXbjmATSxv12pcu1O4J9t
F8hKhLDwOfj/Afaw9HrcpXd9HPifIysR9hWQaIqOwwiO
-----END CERTIFICATE-----