This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/1bncdI1HvWegkfkOeeoa5nOljr8.roa
File:                     1bncdI1HvWegkfkOeeoa5nOljr8.roa (raw, json)
Hash identifier:          NfbtKL/fM/sWFvyUIB3zJxF3TY7oHsHrb3iWZHcFnF8=
Subject key identifier:   D5:B9:DC:74:8D:47:BD:67:A0:91:F9:0E:79:EA:1A:E6:73:A5:8E:BF
Certificate issuer:       /CN=6b233d75508b4e85cccf44349a7cb703198d1d26
Certificate serial:       019B7C807B7EBDBDEF5FDC850E7E7DD2DEEA
Authority key identifier: 6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/1bncdI1HvWegkfkOeeoa5nOljr8.roa
Signing time:             Fri 02 Jan 2026 02:19:13 +0000
ROA not before:           Fri 02 Jan 2026 02:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42831
IP address blocks:        5.157.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 17:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:7b:7e:bd:bd:ef:5f:dc:85:0e:7e:7d:d2:de:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b233d75508b4e85cccf44349a7cb703198d1d26
        Validity
            Not Before: Jan  2 02:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d5b9dc748d47bd67a091f90e79ea1ae673a58ebf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a1:4d:66:4f:4c:35:9b:5f:1a:9c:77:87:9b:
                    58:1c:e8:ab:37:20:87:7a:9a:69:ca:70:5e:b3:a7:
                    95:e1:c7:04:2b:d6:9c:f6:78:bd:1c:85:9e:38:0e:
                    9a:de:19:e3:3d:94:40:d5:c1:78:22:af:0a:bc:74:
                    c7:33:64:ff:60:d6:d1:89:77:93:61:be:34:5b:a2:
                    dc:29:25:0c:19:dc:0e:35:e9:e3:52:83:90:ac:db:
                    00:97:86:b1:58:75:29:71:4e:2f:4c:b0:92:bf:a2:
                    07:cf:f3:24:b5:2d:8a:50:bd:5f:52:2b:b7:8e:68:
                    80:76:3d:bc:12:34:de:38:22:f4:c0:08:dd:00:1c:
                    55:b4:3d:fc:da:0b:a1:77:7d:e7:e1:0b:46:5a:02:
                    41:73:0e:e6:55:d1:3c:de:e1:6b:8a:17:f5:c8:aa:
                    d8:b4:ee:7b:08:38:cf:45:74:5e:b1:18:07:08:3c:
                    0a:ce:a6:83:6a:9a:3d:96:65:c4:f1:c1:8f:25:30:
                    a2:81:5f:ae:55:50:e2:9a:ae:a7:9e:00:bc:3f:9d:
                    84:19:4b:98:27:fb:c7:2c:65:ba:f0:2d:8c:3a:37:
                    74:e3:6e:62:12:ec:32:d4:1f:7c:36:fe:e7:19:25:
                    b1:3f:58:fd:0f:ac:00:10:d9:de:74:2a:ad:55:6b:
                    ff:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:B9:DC:74:8D:47:BD:67:A0:91:F9:0E:79:EA:1A:E6:73:A5:8E:BF
            X509v3 Authority Key Identifier:
                keyid:6B:23:3D:75:50:8B:4E:85:CC:CF:44:34:9A:7C:B7:03:19:8D:1D:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ayM9dVCLToXMz0Q0mny3AxmNHSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/1bncdI1HvWegkfkOeeoa5nOljr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/9d9192-273c-4ca9-b2ba-fa9cb51cd0f1/1/ayM9dVCLToXMz0Q0mny3AxmNHSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.157.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:dd:9c:83:7b:5a:bd:36:9a:41:32:cd:9b:17:1f:09:79:9d:
         46:a8:dd:25:3c:bc:20:37:f8:2f:e6:3c:74:54:5c:33:b3:aa:
         17:40:92:28:6e:c4:bd:0a:a9:1e:b4:15:71:c4:25:27:d1:54:
         86:09:07:29:40:5c:1a:1e:84:f9:ed:b8:55:0a:51:40:72:f2:
         01:0c:be:b8:61:dc:19:f7:0d:af:9c:58:57:91:02:a8:da:ab:
         e0:12:ce:79:de:f8:9d:9f:cd:de:b4:c8:a2:cc:c4:03:78:32:
         ad:44:b8:7c:c8:21:6b:d9:da:25:97:86:29:b9:b0:69:08:1d:
         71:9b:60:0f:39:46:4f:24:16:cc:d6:99:11:a9:8d:a3:7d:65:
         37:52:ed:ed:50:50:0b:89:d1:06:c2:15:ad:92:92:36:af:8e:
         2b:10:84:9a:f8:b0:cc:24:91:ad:84:84:89:c0:30:4a:2f:a1:
         7b:0a:b2:06:ab:7c:f9:8e:50:59:db:71:76:f2:bc:42:6b:b9:
         3e:36:de:8d:73:bb:7c:36:7e:95:ef:bb:95:fa:7c:d8:99:42:
         5c:a8:91:96:9a:63:a2:9d:77:5b:80:13:3c:1d:87:9a:7d:95:
         08:6d:0f:8d:4c:62:cc:8f:c6:a4:f2:a2:17:21:7b:15:4c:48:
         ac:1a:b9:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gHt+vb3vX9yFDn590t7qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMjMzZDc1NTA4YjRlODVjY2NmNDQzNDlhN2NiNzAzMTk4
ZDFkMjYwHhcNMjYwMTAyMDIxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWI5ZGM3NDhkNDdiZDY3YTA5MWY5MGU3OWVhMWFlNjczYTU4ZWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6FNZk9MNZtfGpx3h5tYHOirNyCH
epppynBes6eV4ccEK9ac9ni9HIWeOA6a3hnjPZRA1cF4Iq8KvHTHM2T/YNbRiXeT
Yb40W6LcKSUMGdwONenjUoOQrNsAl4axWHUpcU4vTLCSv6IHz/MktS2KUL1fUiu3
jmiAdj28EjTeOCL0wAjdABxVtD382guhd33n4QtGWgJBcw7mVdE83uFrihf1yKrY
tO57CDjPRXResRgHCDwKzqaDapo9lmXE8cGPJTCigV+uVVDimq6nngC8P52EGUuY
J/vHLGW68C2MOjd0425iEuwy1B98Nv7nGSWxP1j9D6wAENnedCqtVWv/RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNW53HSNR71noJH5DnnqGuZzpY6/MB8GA1UdIwQY
MBaAFGsjPXVQi06FzM9ENJp8twMZjR0mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEt
ZmE5Y2I1MWNkMGYxLzEvMWJuY2RJMUh2V2Vna2ZrT2Vlb2E1bk9sanI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC85ZDkxOTItMjczYy00Y2E5LWIyYmEtZmE5Y2I1MWNkMGYx
LzEvYXlNOWRWQ0xUb1hNejBRMG1ueTNBeG1OSFNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZ2AMA0G
CSqGSIb3DQEBCwUAA4IBAQAn3ZyDe1q9NppBMs2bFx8JeZ1GqN0lPLwgN/gv5jx0
VFwzs6oXQJIobsS9CqketBVxxCUn0VSGCQcpQFwaHoT57bhVClFAcvIBDL64YdwZ
9w2vnFhXkQKo2qvgEs553vidn83etMiizMQDeDKtRLh8yCFr2doll4YpubBpCB1x
m2APOUZPJBbM1pkRqY2jfWU3Uu3tUFALidEGwhWtkpI2r44rEISa+LDMJJGthISJ
wDBKL6F7CrIGq3z5jlBZ23F28rxCa7k+Nt6Nc7t8Nn6V77uV+nzYmUJcqJGWmmOi
nXdbgBM8HYeafZUIbQ+NTGLMj8ak8qIXIXsVTEisGrmD
-----END CERTIFICATE-----