This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/5ARegY7HtHePff_E68oYS6pRxDI.roa
File:                     5ARegY7HtHePff_E68oYS6pRxDI.roa (raw, json)
Hash identifier:          Aerid2C0Ma1xVtJf9/vrUYCE3ipLphF7uV/0ZK6+vKI=
Subject key identifier:   E4:04:5E:81:8E:C7:B4:77:8F:7D:FF:C4:EB:CA:18:4B:AA:51:C4:32
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019B7DCB7B242A205ABB665AF9A2039125EA
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/5ARegY7HtHePff_E68oYS6pRxDI.roa
Signing time:             Fri 02 Jan 2026 08:20:45 +0000
ROA not before:           Fri 02 Jan 2026 08:20:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209274
IP address blocks:        151.243.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 18 Jan 2026 21:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:7b:24:2a:20:5a:bb:66:5a:f9:a2:03:91:25:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jan  2 08:20:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e4045e818ec7b4778f7dffc4ebca184baa51c432
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4a:df:ce:0c:89:65:35:0d:db:87:e4:4c:3f:
                    cf:c5:0b:96:71:2c:1e:d5:55:30:7c:80:ff:0d:d2:
                    4e:7b:80:f2:1f:37:d8:81:9e:a2:17:b8:ac:bc:d8:
                    fd:d3:5b:4d:01:0d:d7:02:f1:c6:57:c0:f8:49:af:
                    5f:b7:db:40:24:c0:09:a7:69:af:30:55:b0:4d:89:
                    8a:d7:2b:68:b8:64:63:6d:e8:0f:5a:0d:87:2d:e4:
                    21:10:dc:4c:a4:2b:c4:ad:e5:f9:90:64:64:20:a7:
                    12:cd:6e:eb:06:c9:13:1e:22:5f:db:73:05:bb:3b:
                    12:2d:d0:e1:d4:83:ea:85:19:d4:a8:d7:18:98:6f:
                    c5:b2:4d:e8:ec:a4:7a:dc:a8:9d:c4:69:92:89:80:
                    ea:fd:72:5b:dc:0f:dd:c7:b6:a0:57:93:8f:28:aa:
                    02:52:c8:ec:58:2b:b2:24:0f:34:1a:b4:99:22:6b:
                    bb:02:c5:19:5d:f6:e4:01:c0:23:30:92:df:14:9d:
                    03:9a:f4:f8:b0:de:a2:fc:fc:a4:96:7c:6d:b4:ba:
                    c6:18:27:30:54:e8:a3:f5:1f:e9:36:49:a1:cf:0d:
                    cc:7e:49:0f:c1:49:92:94:28:a7:ec:e1:c1:15:5d:
                    cb:43:b5:0b:70:07:7a:14:c3:85:f3:75:c8:8d:33:
                    eb:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:04:5E:81:8E:C7:B4:77:8F:7D:FF:C4:EB:CA:18:4B:AA:51:C4:32
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/5ARegY7HtHePff_E68oYS6pRxDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:fe:17:d9:f9:0b:21:b8:63:cf:cb:6e:db:4f:57:74:0b:d8:
         76:e5:f5:43:f4:b1:47:8d:0d:f6:f7:c2:36:74:4a:e2:47:2d:
         f5:60:81:9f:6c:f4:63:b2:c7:aa:69:a9:d9:c1:dc:91:87:16:
         2a:ec:6f:fa:64:4b:5e:71:51:54:b2:a1:ee:c7:fc:39:ab:cd:
         e0:ae:57:40:66:c8:8d:5d:82:a4:db:7e:cf:d4:a5:80:38:da:
         64:29:c4:05:a4:09:f6:a4:b4:5e:ab:e0:ca:9a:51:90:f9:76:
         dd:bf:80:3c:bf:8d:99:91:1c:8a:c7:07:a9:09:fd:35:aa:25:
         03:95:c4:35:16:31:c3:26:7d:15:6c:a2:af:67:31:e1:f5:84:
         3d:6d:b8:90:35:1a:57:a8:e9:e2:4e:bb:1b:b6:4f:91:b2:46:
         b2:db:d6:8d:07:3f:29:02:1e:91:98:6f:ab:19:c4:a9:38:b1:
         11:d7:bd:94:9f:37:15:fe:d2:a0:7b:2c:59:e0:aa:e0:11:81:
         9a:1b:52:08:bf:9f:77:05:96:17:73:34:d0:6a:29:5a:39:46:
         93:f0:04:91:79:d5:86:8f:62:c8:56:7d:8d:09:5f:e8:9e:5c:
         59:5d:cf:c3:c3:fd:ba:ef:e5:f5:55:73:46:4a:79:da:0d:48:
         d3:80:13:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9y3skKiBau2Za+aIDkSXqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMTAyMDgyMDQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDA0NWU4MThlYzdiNDc3OGY3ZGZmYzRlYmNhMTg0YmFhNTFjNDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtErfzgyJZTUN24fkTD/PxQuWcSwe
1VUwfID/DdJOe4DyHzfYgZ6iF7isvNj901tNAQ3XAvHGV8D4Sa9ft9tAJMAJp2mv
MFWwTYmK1ytouGRjbegPWg2HLeQhENxMpCvEreX5kGRkIKcSzW7rBskTHiJf23MF
uzsSLdDh1IPqhRnUqNcYmG/Fsk3o7KR63KidxGmSiYDq/XJb3A/dx7agV5OPKKoC
UsjsWCuyJA80GrSZImu7AsUZXfbkAcAjMJLfFJ0DmvT4sN6i/PyklnxttLrGGCcw
VOij9R/pNkmhzw3MfkkPwUmSlCin7OHBFV3LQ7ULcAd6FMOF83XIjTPruQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQEXoGOx7R3j33/xOvKGEuqUcQyMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvNUFSZWdZN0h0SGVQZmZfRTY4b1lTNnBSeERJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/NtMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ/hfZ+QshuGPPy27bT1d0C9h25fVD9LFHjQ3298I2
dEriRy31YIGfbPRjsseqaanZwdyRhxYq7G/6ZEtecVFUsqHux/w5q83grldAZsiN
XYKk237P1KWAONpkKcQFpAn2pLReq+DKmlGQ+Xbdv4A8v42ZkRyKxwepCf01qiUD
lcQ1FjHDJn0VbKKvZzHh9YQ9bbiQNRpXqOniTrsbtk+Rskay29aNBz8pAh6RmG+r
GcSpOLER172UnzcV/tKgeyxZ4KrgEYGaG1IIv593BZYXczTQailaOUaT8ASRedWG
j2LIVn2NCV/onlxZXc/Dw/267+X1VXNGSnnaDUjTgBOA
-----END CERTIFICATE-----