This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/31d1f0-94e5-4fd4-87f2-ee96e28ea6e9/1/CR5pF2HbE6D5LcTETffukkx2vck.roa
File:                     CR5pF2HbE6D5LcTETffukkx2vck.roa (raw, json)
Hash identifier:          kN5s4H8iChAANCid30crO48UwA7aOOJPbdOFsCvMt/A=
Subject key identifier:   09:1E:69:17:61:DB:13:A0:F9:2D:C4:C4:4D:F7:EE:92:4C:76:BD:C9
Certificate issuer:       /CN=e5a70a81aa0308a3cbbf68578b180f356b6ed8ac
Certificate serial:       019AB69FB37DB668867CADBF83DE5D455A36
Authority key identifier: E5:A7:0A:81:AA:03:08:A3:CB:BF:68:57:8B:18:0F:35:6B:6E:D8:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5acKgaoDCKPLv2hXixgPNWtu2Kw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/31d1f0-94e5-4fd4-87f2-ee96e28ea6e9/1/CR5pF2HbE6D5LcTETffukkx2vck.roa
Signing time:             Mon 24 Nov 2025 16:08:30 +0000
ROA not before:           Mon 24 Nov 2025 16:08:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41625
IP address blocks:        185.219.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/31d1f0-94e5-4fd4-87f2-ee96e28ea6e9/1/5acKgaoDCKPLv2hXixgPNWtu2Kw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/31d1f0-94e5-4fd4-87f2-ee96e28ea6e9/1/5acKgaoDCKPLv2hXixgPNWtu2Kw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5acKgaoDCKPLv2hXixgPNWtu2Kw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Nov 2025 01:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:b6:9f:b3:7d:b6:68:86:7c:ad:bf:83:de:5d:45:5a:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5a70a81aa0308a3cbbf68578b180f356b6ed8ac
        Validity
            Not Before: Nov 24 16:08:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=091e691761db13a0f92dc4c44df7ee924c76bdc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:d5:58:9e:15:3d:2c:bb:00:a6:ff:0d:04:64:
                    2b:79:fb:41:c2:9b:18:59:cf:0d:6e:36:fb:59:e8:
                    9b:d9:c6:33:d5:76:e2:62:06:3a:ca:28:73:b8:8c:
                    7f:bb:11:78:e0:df:79:10:2a:69:9a:73:2f:90:65:
                    d4:58:c7:78:6a:c5:74:99:cc:e9:48:08:2a:d4:32:
                    68:29:28:73:e1:37:03:26:4e:21:94:36:bb:2f:23:
                    08:78:c7:01:ad:43:29:72:40:22:a3:81:87:40:32:
                    dd:c4:fb:2b:5c:1f:31:36:50:0d:f7:ce:69:04:30:
                    a1:58:1f:18:59:97:e1:a9:2e:54:e7:c5:99:72:57:
                    b4:1f:eb:77:9a:b2:8f:c3:68:92:74:2a:f7:90:9a:
                    70:c1:c5:ac:0d:a2:d0:27:98:c3:36:89:3d:a0:d9:
                    29:f0:55:af:ce:76:cd:91:5d:d4:48:81:c8:bb:f8:
                    c6:3b:f4:8c:b8:b5:3f:ee:86:4f:40:26:7c:54:39:
                    87:93:97:27:d7:4b:27:dd:b0:c4:85:64:aa:44:48:
                    ab:ff:55:9a:f3:e8:ef:11:45:26:59:ef:d0:45:31:
                    8d:3a:53:08:52:f6:99:00:26:cd:38:52:c7:cc:00:
                    95:04:45:e9:f5:32:c6:32:89:62:8d:0f:89:3a:60:
                    83:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:1E:69:17:61:DB:13:A0:F9:2D:C4:C4:4D:F7:EE:92:4C:76:BD:C9
            X509v3 Authority Key Identifier:
                keyid:E5:A7:0A:81:AA:03:08:A3:CB:BF:68:57:8B:18:0F:35:6B:6E:D8:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5acKgaoDCKPLv2hXixgPNWtu2Kw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/31d1f0-94e5-4fd4-87f2-ee96e28ea6e9/1/CR5pF2HbE6D5LcTETffukkx2vck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/31d1f0-94e5-4fd4-87f2-ee96e28ea6e9/1/5acKgaoDCKPLv2hXixgPNWtu2Kw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:42:ff:ec:67:1e:e1:d8:c0:3a:1e:dc:f8:2f:1f:de:b4:31:
         38:21:bc:c5:71:e5:a8:ea:32:55:3e:ff:e2:85:f5:d8:72:85:
         a7:0d:16:dc:48:05:1e:20:ce:d8:e9:2a:0c:48:9a:a0:36:86:
         39:25:0f:27:cc:d7:e1:94:3a:0d:26:8e:e4:00:ae:c0:d3:07:
         b5:03:e1:6d:8f:ca:de:41:59:58:a1:81:b0:65:5b:fc:f7:93:
         1d:a3:da:12:1e:da:a8:6c:a3:e3:d0:ec:b8:1f:01:88:a0:ad:
         78:27:7d:bb:da:e6:86:53:a3:ef:29:6c:6c:50:25:4e:ab:2e:
         ac:a7:cb:11:f0:38:b1:f3:80:80:ff:8f:e2:d5:e3:19:b8:4d:
         58:cb:4d:da:67:12:50:fa:58:17:3a:fa:91:80:a9:da:f1:e9:
         83:78:a6:07:b9:8d:cf:5c:e9:cf:8f:4f:a8:fd:7b:11:35:84:
         00:ae:6e:cd:e2:6e:f9:e2:87:6c:65:42:f7:67:42:e7:b1:02:
         36:d0:e3:cc:c0:b1:8d:dc:03:41:ee:ed:9b:8d:d6:f3:b8:0c:
         59:50:a1:42:bc:ae:f3:a4:63:0e:e7:35:5d:c0:34:2e:9a:6a:
         34:23:f1:43:49:44:d1:c6:b7:6a:24:9e:04:75:e9:35:99:ab:
         ad:d0:79:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZq2n7N9tmiGfK2/g95dRVo2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YTcwYTgxYWEwMzA4YTNjYmJmNjg1NzhiMTgwZjM1NmI2
ZWQ4YWMwHhcNMjUxMTI0MTYwODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTFlNjkxNzYxZGIxM2EwZjkyZGM0YzQ0ZGY3ZWU5MjRjNzZiZGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1dVYnhU9LLsApv8NBGQreftBwpsY
Wc8Nbjb7Weib2cYz1XbiYgY6yihzuIx/uxF44N95ECppmnMvkGXUWMd4asV0mczp
SAgq1DJoKShz4TcDJk4hlDa7LyMIeMcBrUMpckAio4GHQDLdxPsrXB8xNlAN985p
BDChWB8YWZfhqS5U58WZcle0H+t3mrKPw2iSdCr3kJpwwcWsDaLQJ5jDNok9oNkp
8FWvznbNkV3USIHIu/jGO/SMuLU/7oZPQCZ8VDmHk5cn10sn3bDEhWSqREir/1Wa
8+jvEUUmWe/QRTGNOlMIUvaZACbNOFLHzACVBEXp9TLGMolijQ+JOmCDBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAkeaRdh2xOg+S3ExE337pJMdr3JMB8GA1UdIwQY
MBaAFOWnCoGqAwijy79oV4sYDzVrbtisMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWFjS2dhb0RDS1BMdjJoWGl4Z1BOV3R1Mkt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8zMWQxZjAtOTRlNS00ZmQ0LTg3ZjIt
ZWU5NmUyOGVhNmU5LzEvQ1I1cEYySGJFNkQ1TGNURVRmZnVra3gydmNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8zMWQxZjAtOTRlNS00ZmQ0LTg3ZjItZWU5NmUyOGVhNmU5
LzEvNWFjS2dhb0RDS1BMdjJoWGl4Z1BOV3R1Mkt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudtZMA0G
CSqGSIb3DQEBCwUAA4IBAQDSQv/sZx7h2MA6Htz4Lx/etDE4IbzFceWo6jJVPv/i
hfXYcoWnDRbcSAUeIM7Y6SoMSJqgNoY5JQ8nzNfhlDoNJo7kAK7A0we1A+Ftj8re
QVlYoYGwZVv895Mdo9oSHtqobKPj0Oy4HwGIoK14J3272uaGU6PvKWxsUCVOqy6s
p8sR8Dix84CA/4/i1eMZuE1Yy03aZxJQ+lgXOvqRgKna8emDeKYHuY3PXOnPj0+o
/XsRNYQArm7N4m754odsZUL3Z0LnsQI20OPMwLGN3ANB7u2bjdbzuAxZUKFCvK7z
pGMO5zVdwDQummo0I/FDSUTRxrdqJJ4Edek1maut0HlQ
-----END CERTIFICATE-----