This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/W06FGdEzFyVp5CnGDdYIbf1E-E4.roa
File:                     W06FGdEzFyVp5CnGDdYIbf1E-E4.roa (raw, json)
Hash identifier:          EMpjseN02dHDvqZ+fevSM2jzqlumUsBDCpozifI3h/Q=
Subject key identifier:   5B:4E:85:19:D1:33:17:25:69:E4:29:C6:0D:D6:08:6D:FD:44:F8:4E
Certificate issuer:       /CN=5a4a47d582bb0e9680f89258ab96d05867d352ef
Certificate serial:       019B7C7FB97E29AC31C0A8C2F569D412B169
Authority key identifier: 5A:4A:47:D5:82:BB:0E:96:80:F8:92:58:AB:96:D0:58:67:D3:52:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WkpH1YK7DpaA-JJYq5bQWGfTUu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/W06FGdEzFyVp5CnGDdYIbf1E-E4.roa
Signing time:             Fri 02 Jan 2026 02:18:23 +0000
ROA not before:           Fri 02 Jan 2026 02:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57702
IP address blocks:        192.58.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/WkpH1YK7DpaA-JJYq5bQWGfTUu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/WkpH1YK7DpaA-JJYq5bQWGfTUu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WkpH1YK7DpaA-JJYq5bQWGfTUu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:b9:7e:29:ac:31:c0:a8:c2:f5:69:d4:12:b1:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a4a47d582bb0e9680f89258ab96d05867d352ef
        Validity
            Not Before: Jan  2 02:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5b4e8519d133172569e429c60dd6086dfd44f84e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:2f:f0:40:ee:5b:28:f3:5f:9e:09:bc:ae:1c:
                    ce:99:9f:a8:a5:8b:13:4c:25:9b:bd:36:8c:f4:b8:
                    bf:e5:73:47:b2:99:bc:f2:7b:d4:37:4d:b6:6a:06:
                    0b:a1:36:2e:d7:e7:53:b2:35:3e:27:f7:1b:b8:37:
                    d3:25:cf:23:6a:b8:47:85:e0:19:b5:84:69:49:89:
                    82:4f:44:7c:2f:7c:aa:f1:12:00:db:e2:92:27:fb:
                    c7:76:00:5c:8d:09:e9:f1:95:76:3f:8d:b3:9e:8b:
                    8c:9e:8a:c7:44:f6:52:fe:ca:07:2e:19:05:f1:4c:
                    7b:df:ce:cd:67:01:f6:6a:fd:cb:11:d6:9c:44:c7:
                    01:a1:2c:35:7b:d1:74:11:17:4f:41:c9:61:7b:86:
                    eb:71:0a:00:5f:b5:b4:08:1b:30:07:82:1a:ff:e4:
                    65:c0:e3:8f:34:39:ac:1e:48:1b:55:12:f8:1f:1c:
                    8a:59:47:be:c4:07:e9:79:91:15:11:d5:cb:e6:f7:
                    54:d5:8a:87:3f:21:4c:bb:28:e9:4a:20:fd:c4:cb:
                    72:37:d9:29:fa:57:02:d8:95:62:ae:7e:cc:86:35:
                    7a:b0:f2:c2:8c:d7:da:41:5a:a1:f2:48:94:56:8f:
                    2c:36:3f:12:e0:32:de:37:b0:7d:99:95:14:fe:c8:
                    22:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:4E:85:19:D1:33:17:25:69:E4:29:C6:0D:D6:08:6D:FD:44:F8:4E
            X509v3 Authority Key Identifier:
                keyid:5A:4A:47:D5:82:BB:0E:96:80:F8:92:58:AB:96:D0:58:67:D3:52:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WkpH1YK7DpaA-JJYq5bQWGfTUu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/W06FGdEzFyVp5CnGDdYIbf1E-E4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/WkpH1YK7DpaA-JJYq5bQWGfTUu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.58.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:55:77:c4:0a:49:c6:80:84:ba:82:09:63:e3:97:02:9b:c5:
         78:98:b5:c3:99:77:0f:da:f3:75:d5:64:cc:56:43:60:2d:93:
         fb:36:f5:a9:9d:4b:ed:fe:24:7c:cb:e3:e0:6b:58:29:35:1c:
         d8:36:13:a1:1f:56:43:5b:6b:29:11:4a:cb:3a:31:ea:37:e4:
         e4:96:d4:0f:a5:6e:64:6a:8a:d7:85:51:b3:18:97:9f:a0:47:
         3c:81:60:31:7d:4c:c4:da:be:b7:8e:f1:c1:48:be:c6:1f:97:
         3a:49:04:14:0a:09:b7:05:69:54:b1:23:64:9c:86:ba:62:64:
         d5:26:af:5a:0f:8c:b8:2a:6c:ae:b3:0b:2d:fb:40:e2:c1:35:
         17:90:d9:ad:cc:7c:87:86:f9:33:75:27:d7:19:d7:a8:53:d2:
         b4:d2:81:ef:4e:49:6a:0e:d8:5a:30:01:9c:c9:41:0f:37:a4:
         20:d5:bd:75:2a:68:01:8a:7b:f7:83:75:94:12:82:3a:52:b5:
         1b:7d:90:a4:64:56:ab:4c:f0:18:cf:3c:3a:e0:4a:20:1a:e2:
         b3:8d:ec:24:66:b0:99:e7:d9:75:95:09:90:78:b1:8a:01:81:
         d7:86:14:02:fe:54:09:7e:a3:2c:c9:f0:07:dc:3d:d7:27:04:
         52:6f:01:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f7l+KawxwKjC9WnUErFpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNGE0N2Q1ODJiYjBlOTY4MGY4OTI1OGFiOTZkMDU4Njdk
MzUyZWYwHhcNMjYwMTAyMDIxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjRlODUxOWQxMzMxNzI1NjllNDI5YzYwZGQ2MDg2ZGZkNDRmODRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoi/wQO5bKPNfngm8rhzOmZ+opYsT
TCWbvTaM9Li/5XNHspm88nvUN022agYLoTYu1+dTsjU+J/cbuDfTJc8jarhHheAZ
tYRpSYmCT0R8L3yq8RIA2+KSJ/vHdgBcjQnp8ZV2P42znouMnorHRPZS/soHLhkF
8Ux7387NZwH2av3LEdacRMcBoSw1e9F0ERdPQclhe4brcQoAX7W0CBswB4Ia/+Rl
wOOPNDmsHkgbVRL4HxyKWUe+xAfpeZEVEdXL5vdU1YqHPyFMuyjpSiD9xMtyN9kp
+lcC2JVirn7MhjV6sPLCjNfaQVqh8kiUVo8sNj8S4DLeN7B9mZUU/sgi2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFtOhRnRMxclaeQpxg3WCG39RPhOMB8GA1UdIwQY
MBaAFFpKR9WCuw6WgPiSWKuW0Fhn01LvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2twSDFZSzdEcGFBLUpKWXE1YlFXR2ZUVXU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS80Yjc1NzYtMmI5Yy00M2FmLTg4MTct
NmIwMDY1NTA4OTk2LzEvVzA2RkdkRXpGeVZwNUNuR0RkWUliZjFFLUU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS80Yjc1NzYtMmI5Yy00M2FmLTg4MTctNmIwMDY1NTA4OTk2
LzEvV2twSDFZSzdEcGFBLUpKWXE1YlFXR2ZUVXU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwDodMA0G
CSqGSIb3DQEBCwUAA4IBAQAUVXfECknGgIS6gglj45cCm8V4mLXDmXcP2vN11WTM
VkNgLZP7NvWpnUvt/iR8y+Pga1gpNRzYNhOhH1ZDW2spEUrLOjHqN+TkltQPpW5k
aorXhVGzGJefoEc8gWAxfUzE2r63jvHBSL7GH5c6SQQUCgm3BWlUsSNknIa6YmTV
Jq9aD4y4Kmyuswst+0DiwTUXkNmtzHyHhvkzdSfXGdeoU9K00oHvTklqDthaMAGc
yUEPN6Qg1b11KmgBinv3g3WUEoI6UrUbfZCkZFarTPAYzzw64EogGuKzjewkZrCZ
59l1lQmQeLGKAYHXhhQC/lQJfqMsyfAH3D3XJwRSbwGr
-----END CERTIFICATE-----