This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/75e36c-db1f-483e-b0ef-229051879b74/1/A1dGDDi1OYigZK5SVk3AfsJoxJ8.roa
File:                     A1dGDDi1OYigZK5SVk3AfsJoxJ8.roa (raw, json)
Hash identifier:          ymU3iCZelIy0c5l6QoCL4pY5leFZomtGyloWJN3ojX4=
Subject key identifier:   03:57:46:0C:38:B5:39:88:A0:64:AE:52:56:4D:C0:7E:C2:68:C4:9F
Certificate issuer:       /CN=ae29751a0ac81a657190546ea4780cd86140dc9f
Certificate serial:       019B797F23925BD0AB9C8DBD1D66AFF60D27
Authority key identifier: AE:29:75:1A:0A:C8:1A:65:71:90:54:6E:A4:78:0C:D8:61:40:DC:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ril1GgrIGmVxkFRupHgM2GFA3J8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/75e36c-db1f-483e-b0ef-229051879b74/1/A1dGDDi1OYigZK5SVk3AfsJoxJ8.roa
Signing time:             Thu 01 Jan 2026 12:18:53 +0000
ROA not before:           Thu 01 Jan 2026 12:18:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206757
IP address blocks:        5.252.0.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/75e36c-db1f-483e-b0ef-229051879b74/1/ril1GgrIGmVxkFRupHgM2GFA3J8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/75e36c-db1f-483e-b0ef-229051879b74/1/ril1GgrIGmVxkFRupHgM2GFA3J8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ril1GgrIGmVxkFRupHgM2GFA3J8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:23:92:5b:d0:ab:9c:8d:bd:1d:66:af:f6:0d:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae29751a0ac81a657190546ea4780cd86140dc9f
        Validity
            Not Before: Jan  1 12:18:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0357460c38b53988a064ae52564dc07ec268c49f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0e:9b:0d:a3:cd:30:34:2a:bf:d4:13:3c:cd:
                    9b:05:4b:c8:74:db:42:ce:cd:6b:e2:e5:85:bc:96:
                    7f:c0:61:ea:37:71:ff:77:db:c6:c1:3c:52:0e:c4:
                    a1:c8:2c:cc:b0:d3:23:14:cc:c3:4f:62:dd:f1:df:
                    06:8c:62:66:c1:71:91:ac:7f:60:c4:28:e9:61:53:
                    ad:3d:4a:5c:db:8a:8c:0b:d7:87:d6:06:0d:c4:a3:
                    e0:5b:52:86:1a:ac:50:e4:a2:98:f0:df:f2:87:0b:
                    6a:ce:07:7c:d9:16:5f:c8:47:79:f1:33:b0:75:79:
                    6e:e3:41:3e:ac:9c:58:da:43:2e:e2:67:f7:f5:89:
                    60:29:64:b8:b8:be:e0:1a:1c:20:45:2f:e5:e5:e7:
                    2b:dc:d3:e4:23:88:ff:2e:89:7b:6f:48:9c:66:6f:
                    8d:e0:17:7e:d4:de:fe:71:c0:b0:54:b1:07:fa:de:
                    70:a0:97:fd:b2:95:ec:51:c7:e3:1e:ae:90:bb:8d:
                    fa:9c:77:b5:8f:0d:9c:85:f1:9c:3b:8e:4c:ad:1f:
                    ba:53:d2:69:b3:18:c1:e1:99:47:5f:d6:29:80:38:
                    ec:c6:5f:ea:54:c2:2e:2d:fd:c1:bc:27:ae:39:e0:
                    ab:8e:eb:08:77:23:c1:e6:93:d3:00:f6:df:27:09:
                    f7:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:57:46:0C:38:B5:39:88:A0:64:AE:52:56:4D:C0:7E:C2:68:C4:9F
            X509v3 Authority Key Identifier:
                keyid:AE:29:75:1A:0A:C8:1A:65:71:90:54:6E:A4:78:0C:D8:61:40:DC:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ril1GgrIGmVxkFRupHgM2GFA3J8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/75e36c-db1f-483e-b0ef-229051879b74/1/A1dGDDi1OYigZK5SVk3AfsJoxJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/75e36c-db1f-483e-b0ef-229051879b74/1/ril1GgrIGmVxkFRupHgM2GFA3J8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:a7:7a:93:78:b5:e5:27:50:1e:c5:a8:3a:f5:10:7c:73:c9:
         0c:3c:69:a1:85:21:bb:c0:00:04:06:6d:b4:bf:2f:d5:14:71:
         1a:6d:01:ac:17:2a:48:24:25:0a:96:cf:fe:88:b2:6e:34:e8:
         a7:5f:76:9c:17:9b:15:39:75:76:d9:de:78:30:a7:ef:a8:66:
         cf:f2:3c:f3:ba:5c:fc:48:5d:e7:fd:29:91:37:3a:1d:34:e1:
         8e:4f:f4:ee:36:95:d5:75:fb:8c:c4:74:cf:0b:9c:c6:87:ce:
         8e:36:24:10:4c:0c:08:98:6b:38:a2:fe:e4:9e:7a:48:ba:cc:
         d2:1b:1c:25:82:0e:bf:a2:bf:ac:88:da:5f:0f:4f:d8:d5:de:
         12:47:83:96:ee:37:da:85:65:ef:3d:8a:0c:1c:90:04:ac:fd:
         fa:c5:70:35:65:69:fc:8b:2f:ec:37:9e:01:71:3d:10:ff:5f:
         df:5b:07:71:bf:4f:d0:77:13:cc:aa:c4:79:cc:13:85:8a:43:
         08:ac:a5:18:43:a4:57:92:15:3d:eb:9f:bb:81:50:85:cd:37:
         92:a7:e5:47:0f:aa:56:c0:a8:0a:66:21:99:54:89:13:56:a3:
         a7:e2:9d:46:7a:d6:49:2b:22:bb:29:bd:21:d6:65:cf:66:12:
         fa:2b:e6:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fyOSW9CrnI29HWav9g0nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlMjk3NTFhMGFjODFhNjU3MTkwNTQ2ZWE0NzgwY2Q4NjE0
MGRjOWYwHhcNMjYwMTAxMTIxODUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzU3NDYwYzM4YjUzOTg4YTA2NGFlNTI1NjRkYzA3ZWMyNjhjNDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsA6bDaPNMDQqv9QTPM2bBUvIdNtC
zs1r4uWFvJZ/wGHqN3H/d9vGwTxSDsShyCzMsNMjFMzDT2Ld8d8GjGJmwXGRrH9g
xCjpYVOtPUpc24qMC9eH1gYNxKPgW1KGGqxQ5KKY8N/yhwtqzgd82RZfyEd58TOw
dXlu40E+rJxY2kMu4mf39YlgKWS4uL7gGhwgRS/l5ecr3NPkI4j/Lol7b0icZm+N
4Bd+1N7+ccCwVLEH+t5woJf9spXsUcfjHq6Qu436nHe1jw2chfGcO45MrR+6U9Jp
sxjB4ZlHX9YpgDjsxl/qVMIuLf3BvCeuOeCrjusIdyPB5pPTAPbfJwn31QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANXRgw4tTmIoGSuUlZNwH7CaMSfMB8GA1UdIwQY
MBaAFK4pdRoKyBplcZBUbqR4DNhhQNyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmlsMUdncklHbVZ4a0ZSdXBIZ00yR0ZBM0o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy83NWUzNmMtZGIxZi00ODNlLWIwZWYt
MjI5MDUxODc5Yjc0LzEvQTFkR0REaTFPWWlnWks1U1ZrM0Fmc0pveEo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy83NWUzNmMtZGIxZi00ODNlLWIwZWYtMjI5MDUxODc5Yjc0
LzEvcmlsMUdncklHbVZ4a0ZSdXBIZ00yR0ZBM0o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBfwAMA0G
CSqGSIb3DQEBCwUAA4IBAQBbp3qTeLXlJ1Aexag69RB8c8kMPGmhhSG7wAAEBm20
vy/VFHEabQGsFypIJCUKls/+iLJuNOinX3acF5sVOXV22d54MKfvqGbP8jzzulz8
SF3n/SmRNzodNOGOT/TuNpXVdfuMxHTPC5zGh86ONiQQTAwImGs4ov7knnpIuszS
Gxwlgg6/or+siNpfD0/Y1d4SR4OW7jfahWXvPYoMHJAErP36xXA1ZWn8iy/sN54B
cT0Q/1/fWwdxv0/QdxPMqsR5zBOFikMIrKUYQ6RXkhU965+7gVCFzTeSp+VHD6pW
wKgKZiGZVIkTVqOn4p1GetZJKyK7Kb0h1mXPZhL6K+Zy
-----END CERTIFICATE-----