This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/P5MlC7ef7YqWLyZB4P63xXWWczA.roa
File:                     P5MlC7ef7YqWLyZB4P63xXWWczA.roa (raw, json)
Hash identifier:          YwSxUzfIzLnQRQ1NogyLoxfPkli1iH7MjtsmBNTgc98=
Subject key identifier:   3F:93:25:0B:B7:9F:ED:8A:96:2F:26:41:E0:FE:B7:C5:75:96:73:30
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019B7FF2ACA745BA94F84C168402CE04664C
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/P5MlC7ef7YqWLyZB4P63xXWWczA.roa
Signing time:             Fri 02 Jan 2026 18:22:48 +0000
ROA not before:           Fri 02 Jan 2026 18:22:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42881
IP address blocks:        2a13:dfc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 15:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:ac:a7:45:ba:94:f8:4c:16:84:02:ce:04:66:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jan  2 18:22:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f93250bb79fed8a962f2641e0feb7c575967330
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f4:9d:c4:ef:0b:af:43:af:5e:1b:f9:5c:b0:
                    d8:d9:6f:31:57:6e:50:27:f5:44:78:a2:28:5e:d7:
                    74:d0:66:be:d7:01:92:35:e5:52:2d:8e:e8:6a:09:
                    77:8b:78:be:92:bf:4b:9b:9e:14:66:3a:f7:b9:d1:
                    3f:1a:13:46:42:ce:7f:da:38:b7:2e:ef:d0:4a:6d:
                    06:89:e9:2c:04:21:46:05:28:f3:6d:20:1f:8c:f8:
                    19:e6:d8:48:66:0d:c0:7a:ed:07:3e:18:06:b3:a4:
                    6e:69:ce:78:46:a0:60:51:2a:14:53:04:de:0b:7d:
                    1d:2e:8d:55:de:8d:57:3d:17:67:8a:30:56:1c:a3:
                    fa:43:ea:20:c1:3e:ee:34:5a:8c:48:76:c3:03:d3:
                    4a:87:09:05:e7:74:48:4a:23:6e:c6:9b:7e:c7:83:
                    3e:89:88:dc:32:c8:27:45:48:6b:67:3e:8b:f6:b0:
                    97:54:87:12:7e:fb:c7:18:37:b5:5a:9c:c2:45:d3:
                    41:08:cf:15:a1:58:e5:84:02:2a:81:b8:83:cd:14:
                    b3:d9:a9:91:aa:35:0e:f2:2c:20:06:7b:ec:77:37:
                    50:06:c1:0a:32:77:7c:fd:60:34:f1:83:74:03:6c:
                    e5:1d:1f:8a:46:e6:a1:c6:64:7c:05:67:7d:0e:41:
                    f7:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:93:25:0B:B7:9F:ED:8A:96:2F:26:41:E0:FE:B7:C5:75:96:73:30
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/P5MlC7ef7YqWLyZB4P63xXWWczA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:dfc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         c5:5b:79:db:43:01:f9:77:66:7d:69:de:a2:61:10:9b:8b:b6:
         b6:9f:ba:11:df:bb:9c:84:ca:d2:b0:60:dd:4f:19:02:bd:3b:
         60:b9:b3:1a:50:38:a7:75:0e:3e:fe:fa:e2:0f:7b:e2:07:9e:
         74:46:6a:18:b7:ba:40:48:1c:a3:88:00:53:0a:b2:a7:74:a4:
         54:34:b3:92:f5:02:d8:45:66:89:1f:8e:d9:66:d6:45:4a:fe:
         11:60:91:52:69:0d:a4:ec:2f:a5:f1:8c:d0:72:fc:5c:e9:aa:
         58:76:03:40:a4:91:9e:6b:89:b0:b1:53:7a:75:a3:a7:4a:62:
         08:43:ad:d5:64:5b:c0:63:2d:aa:36:25:a3:ac:95:3a:08:5c:
         1c:4b:36:fe:db:7c:9a:36:35:33:a7:10:8d:2a:b9:d8:6d:57:
         de:03:2e:5e:f9:0f:f9:05:5f:16:12:4f:58:95:f4:48:05:9f:
         62:70:4e:00:7c:71:2e:17:32:d0:44:da:d7:af:75:91:40:18:
         a2:63:27:2f:11:20:0a:3f:0a:24:68:83:d5:ee:6b:d1:43:aa:
         1f:ea:7b:ee:b5:aa:84:30:bd:13:bb:f9:fe:1e:b9:ab:67:51:
         91:81:ec:f7:53:d7:4f:a7:82:4d:6b:a3:a8:e8:66:13:0d:65:
         a6:01:f1:90
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt/8qynRbqU+EwWhALOBGZMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjYwMTAyMTgyMjQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjkzMjUwYmI3OWZlZDhhOTYyZjI2NDFlMGZlYjdjNTc1OTY3MzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/SdxO8Lr0OvXhv5XLDY2W8xV25Q
J/VEeKIoXtd00Ga+1wGSNeVSLY7oagl3i3i+kr9Lm54UZjr3udE/GhNGQs5/2ji3
Lu/QSm0GieksBCFGBSjzbSAfjPgZ5thIZg3Aeu0HPhgGs6Ruac54RqBgUSoUUwTe
C30dLo1V3o1XPRdnijBWHKP6Q+ogwT7uNFqMSHbDA9NKhwkF53RISiNuxpt+x4M+
iYjcMsgnRUhrZz6L9rCXVIcSfvvHGDe1WpzCRdNBCM8VoVjlhAIqgbiDzRSz2amR
qjUO8iwgBnvsdzdQBsEKMnd8/WA08YN0A2zlHR+KRuahxmR8BWd9DkH3hwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD+TJQu3n+2Kli8mQeD+t8V1lnMwMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvUDVNbEM3ZWY3WXFXTHlaQjRQNjN4WFdXY3pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPfwDAN
BgkqhkiG9w0BAQsFAAOCAQEAxVt520MB+XdmfWneomEQm4u2tp+6Ed+7nITK0rBg
3U8ZAr07YLmzGlA4p3UOPv764g974geedEZqGLe6QEgco4gAUwqyp3SkVDSzkvUC
2EVmiR+O2WbWRUr+EWCRUmkNpOwvpfGM0HL8XOmqWHYDQKSRnmuJsLFTenWjp0pi
CEOt1WRbwGMtqjYlo6yVOghcHEs2/tt8mjY1M6cQjSq52G1X3gMuXvkP+QVfFhJP
WJX0SAWfYnBOAHxxLhcy0ETa1691kUAYomMnLxEgCj8KJGiD1e5r0UOqH+p77rWq
hDC9E7v5/h65q2dRkYHs91PXT6eCTWujqOhmEw1lpgHxkA==
-----END CERTIFICATE-----