This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/5QndnAXxTMXkddGPqIa4AhopT7U.roa
File:                     5QndnAXxTMXkddGPqIa4AhopT7U.roa (raw, json)
Hash identifier:          WQ5LOCc3w2MzAgRdeMPpx23W0eVQ5o+Ve2XyefK4ALY=
Subject key identifier:   E5:09:DD:9C:05:F1:4C:C5:E4:75:D1:8F:A8:86:B8:02:1A:29:4F:B5
Certificate issuer:       /CN=bfe3971a32c0692c4e342e911790662470cf31b2
Certificate serial:       019B7BA380BF76E8724286C2AB8F7B0B0AAC
Authority key identifier: BF:E3:97:1A:32:C0:69:2C:4E:34:2E:91:17:90:66:24:70:CF:31:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v-OXGjLAaSxONC6RF5BmJHDPMbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/5QndnAXxTMXkddGPqIa4AhopT7U.roa
Signing time:             Thu 01 Jan 2026 22:17:51 +0000
ROA not before:           Thu 01 Jan 2026 22:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205299
IP address blocks:        185.16.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/v-OXGjLAaSxONC6RF5BmJHDPMbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/v-OXGjLAaSxONC6RF5BmJHDPMbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v-OXGjLAaSxONC6RF5BmJHDPMbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:80:bf:76:e8:72:42:86:c2:ab:8f:7b:0b:0a:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfe3971a32c0692c4e342e911790662470cf31b2
        Validity
            Not Before: Jan  1 22:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e509dd9c05f14cc5e475d18fa886b8021a294fb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:57:d4:f8:fa:24:08:ea:a6:eb:8d:cf:6d:d8:
                    87:6e:52:6c:3c:84:9f:b5:d1:87:7a:c1:44:38:60:
                    7d:3d:ca:aa:dd:19:5a:a4:cc:60:df:e4:e9:b6:39:
                    59:f9:a1:2d:7f:65:38:c0:25:fc:3f:c8:20:2f:67:
                    5b:f8:17:e5:63:da:41:c0:87:14:77:2f:72:cf:03:
                    be:62:1c:d8:18:7c:ab:35:24:c3:b6:7f:94:8e:dd:
                    d3:1e:d7:38:91:ab:d5:ad:d7:c4:e7:7b:a9:10:6a:
                    a5:23:54:6b:68:66:2a:e2:a5:03:3b:40:bf:ee:bd:
                    90:c9:1f:6e:64:40:cf:4d:e7:1b:eb:49:d0:77:50:
                    c5:58:a6:2c:e7:ef:7e:51:5d:ca:21:93:e9:62:50:
                    82:04:59:41:e1:da:de:8d:25:f7:2c:d2:0d:3e:07:
                    a0:f1:07:1f:30:aa:83:64:01:89:4c:ed:96:54:fc:
                    3d:2a:d5:9e:29:09:26:af:de:eb:bd:df:fc:78:cf:
                    08:4a:35:28:b2:30:25:81:99:ec:77:11:6c:4e:ce:
                    00:ea:f5:ad:71:95:f4:a1:2a:cd:54:3b:a0:99:f5:
                    a0:16:23:22:45:03:21:9a:c7:46:ac:d6:3d:06:ea:
                    79:f3:4b:90:49:4c:0f:92:f6:3f:c0:e8:2a:80:29:
                    4b:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:09:DD:9C:05:F1:4C:C5:E4:75:D1:8F:A8:86:B8:02:1A:29:4F:B5
            X509v3 Authority Key Identifier:
                keyid:BF:E3:97:1A:32:C0:69:2C:4E:34:2E:91:17:90:66:24:70:CF:31:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v-OXGjLAaSxONC6RF5BmJHDPMbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/5QndnAXxTMXkddGPqIa4AhopT7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d76bf8-541f-4efc-98c5-c4dcc7f6b7df/1/v-OXGjLAaSxONC6RF5BmJHDPMbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.16.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:13:57:26:26:f6:86:15:47:3c:77:9b:7f:f8:6d:7c:45:7e:
         c2:57:22:48:ea:34:65:e5:6f:92:dc:70:7c:b4:66:a4:19:af:
         47:01:6c:ec:a8:fe:be:05:22:08:3f:98:a4:4c:ac:d2:c5:ed:
         3d:c9:51:a2:a5:79:93:04:28:8e:a3:0a:9a:dd:23:9e:bc:14:
         40:4e:1d:70:12:10:82:5b:f9:a7:07:ad:e2:24:81:ef:ad:d2:
         87:e3:f4:f7:f5:b4:d2:c4:5e:85:56:7b:78:21:25:a2:36:6b:
         6d:84:8e:d2:5c:3f:13:8d:f9:59:dc:cd:0b:24:2d:00:8e:65:
         c8:0b:ac:50:b3:70:d7:25:e1:f0:fc:e9:8b:07:c6:e4:4b:7b:
         fd:93:84:20:fb:e9:ff:a7:c9:9d:0b:96:d8:dc:8b:d7:81:85:
         4a:5c:c3:b3:60:37:d4:3f:35:76:45:f9:7b:9e:80:09:e9:80:
         e6:29:4e:54:47:cc:80:e6:0a:5d:15:22:5d:6a:61:3b:74:07:
         f6:8a:26:b9:40:1a:ea:d0:23:9e:84:a2:c7:e6:49:4f:9a:cc:
         94:14:1a:43:43:a0:88:72:d1:6d:07:2b:a8:69:f9:e7:82:12:
         b6:16:69:65:f6:9b:cb:be:8d:96:b5:cd:96:e0:2f:34:b3:45:
         7c:4f:a0:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o4C/duhyQobCq497CwqsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZTM5NzFhMzJjMDY5MmM0ZTM0MmU5MTE3OTA2NjI0NzBj
ZjMxYjIwHhcNMjYwMTAxMjIxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTA5ZGQ5YzA1ZjE0Y2M1ZTQ3NWQxOGZhODg2YjgwMjFhMjk0ZmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVfU+PokCOqm643PbdiHblJsPISf
tdGHesFEOGB9Pcqq3RlapMxg3+TptjlZ+aEtf2U4wCX8P8ggL2db+BflY9pBwIcU
dy9yzwO+YhzYGHyrNSTDtn+Ujt3THtc4kavVrdfE53upEGqlI1RraGYq4qUDO0C/
7r2QyR9uZEDPTecb60nQd1DFWKYs5+9+UV3KIZPpYlCCBFlB4drejSX3LNINPgeg
8QcfMKqDZAGJTO2WVPw9KtWeKQkmr97rvd/8eM8ISjUosjAlgZnsdxFsTs4A6vWt
cZX0oSrNVDugmfWgFiMiRQMhmsdGrNY9Bup580uQSUwPkvY/wOgqgClLfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOUJ3ZwF8UzF5HXRj6iGuAIaKU+1MB8GA1UdIwQY
MBaAFL/jlxoywGksTjQukReQZiRwzzGyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdi1PWEdqTEFhU3hPTkM2UkY1Qm1KSERQTWJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9kNzZiZjgtNTQxZi00ZWZjLTk4YzUt
YzRkY2M3ZjZiN2RmLzEvNVFuZG5BWHhUTVhrZGRHUHFJYTRBaG9wVDdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9kNzZiZjgtNTQxZi00ZWZjLTk4YzUtYzRkY2M3ZjZiN2Rm
LzEvdi1PWEdqTEFhU3hPTkM2UkY1Qm1KSERQTWJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRAlMA0G
CSqGSIb3DQEBCwUAA4IBAQCnE1cmJvaGFUc8d5t/+G18RX7CVyJI6jRl5W+S3HB8
tGakGa9HAWzsqP6+BSIIP5ikTKzSxe09yVGipXmTBCiOowqa3SOevBRATh1wEhCC
W/mnB63iJIHvrdKH4/T39bTSxF6FVnt4ISWiNmtthI7SXD8TjflZ3M0LJC0AjmXI
C6xQs3DXJeHw/OmLB8bkS3v9k4Qg++n/p8mdC5bY3IvXgYVKXMOzYDfUPzV2Rfl7
noAJ6YDmKU5UR8yA5gpdFSJdamE7dAf2iia5QBrq0COehKLH5klPmsyUFBpDQ6CI
ctFtByuoafnnghK2Fmll9pvLvo2Wtc2W4C80s0V8T6BO
-----END CERTIFICATE-----