This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c51d58-e349-4231-864f-978234c3bb70/1/8pRpGLC7ufdVgfYDDUF6Zet2ESs.roa
File:                     8pRpGLC7ufdVgfYDDUF6Zet2ESs.roa (raw, json)
Hash identifier:          N6b81cttyVRNjS1aPTuek9kLwNALHCKPqaI95N5VpXM=
Subject key identifier:   F2:94:69:18:B0:BB:B9:F7:55:81:F6:03:0D:41:7A:65:EB:76:11:2B
Certificate issuer:       /CN=274d91cfa0a6db9bfd9154a441858e00e38bdbd6
Certificate serial:       019B7F1559BA8B0D27F3F67A8659B92899C9
Authority key identifier: 27:4D:91:CF:A0:A6:DB:9B:FD:91:54:A4:41:85:8E:00:E3:8B:DB:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J02Rz6Cm25v9kVSkQYWOAOOL29Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c51d58-e349-4231-864f-978234c3bb70/1/8pRpGLC7ufdVgfYDDUF6Zet2ESs.roa
Signing time:             Fri 02 Jan 2026 14:21:04 +0000
ROA not before:           Fri 02 Jan 2026 14:21:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9121
IP address blocks:        5.181.212.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/c51d58-e349-4231-864f-978234c3bb70/1/J02Rz6Cm25v9kVSkQYWOAOOL29Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/c51d58-e349-4231-864f-978234c3bb70/1/J02Rz6Cm25v9kVSkQYWOAOOL29Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J02Rz6Cm25v9kVSkQYWOAOOL29Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 08:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:59:ba:8b:0d:27:f3:f6:7a:86:59:b9:28:99:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=274d91cfa0a6db9bfd9154a441858e00e38bdbd6
        Validity
            Not Before: Jan  2 14:21:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f2946918b0bbb9f75581f6030d417a65eb76112b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:00:49:4d:2c:75:04:e6:79:f9:7c:6d:d2:5e:
                    52:3f:40:60:ba:20:69:32:01:59:2e:aa:96:6d:54:
                    fd:0e:3b:36:a4:b9:cf:49:ac:cf:f8:44:94:8e:df:
                    06:f5:fb:f7:02:b2:fc:4f:87:fd:f4:f1:55:47:ab:
                    2d:53:55:06:01:7e:99:01:95:18:f2:4a:b5:8d:8f:
                    bf:20:2f:95:e4:aa:4d:13:2a:fe:a0:e2:7a:4e:b4:
                    35:c0:5b:c5:46:d0:0f:bb:1a:86:d6:d7:bc:35:56:
                    2e:31:b7:1c:2f:45:e9:75:3b:ec:ac:b8:a9:52:ac:
                    a5:c6:9c:ba:d0:91:d5:b6:9c:5e:b7:50:1c:c2:14:
                    d0:65:4a:14:80:7f:67:f5:9a:88:d5:7c:d1:7e:b6:
                    2f:5b:84:6c:c9:52:9d:3b:65:50:f6:76:03:cc:8c:
                    27:17:14:67:60:65:ac:53:66:f9:5b:a8:db:14:47:
                    62:4a:e0:b3:d9:06:82:87:2a:07:03:a2:46:c7:e2:
                    04:c4:0b:d4:87:58:db:0d:2d:56:2e:38:14:4f:30:
                    7f:0e:b9:14:6e:24:70:25:12:5c:1e:26:45:5a:a9:
                    12:d1:2f:79:5b:9f:f9:11:c1:6f:5a:d7:cb:00:24:
                    85:c9:df:69:4b:db:3e:3d:b8:ea:5b:d4:19:d6:48:
                    28:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:94:69:18:B0:BB:B9:F7:55:81:F6:03:0D:41:7A:65:EB:76:11:2B
            X509v3 Authority Key Identifier:
                keyid:27:4D:91:CF:A0:A6:DB:9B:FD:91:54:A4:41:85:8E:00:E3:8B:DB:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J02Rz6Cm25v9kVSkQYWOAOOL29Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c51d58-e349-4231-864f-978234c3bb70/1/8pRpGLC7ufdVgfYDDUF6Zet2ESs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c51d58-e349-4231-864f-978234c3bb70/1/J02Rz6Cm25v9kVSkQYWOAOOL29Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:c7:44:a3:ee:d0:36:e5:e9:67:57:66:3c:6b:a5:38:12:80:
         02:14:d1:cc:ba:4b:59:cb:66:6d:7a:ba:18:71:88:7c:23:c9:
         7e:cd:db:8b:53:09:c9:32:2b:40:fa:0e:fb:ba:30:88:0c:c3:
         09:1f:34:eb:6c:1f:08:69:c2:f9:7d:a6:76:bf:7a:c2:13:56:
         42:9e:7f:ec:58:32:32:c1:8c:32:31:f7:ca:68:23:75:89:82:
         f2:51:ed:48:47:55:bc:2b:ce:e3:4a:e3:39:7b:9c:08:8d:a0:
         b9:fe:16:a5:6b:90:f2:63:1f:70:04:ef:cb:86:93:cb:a2:1f:
         4a:18:74:5e:f4:7d:f5:3c:04:9a:09:5d:6b:97:15:99:d2:35:
         19:79:da:3c:8b:7d:e3:70:81:1b:b8:2d:5b:59:9a:bf:95:da:
         75:a1:a9:3f:0b:5c:11:a7:08:8a:39:6b:c5:16:23:d7:b2:3b:
         a6:9e:ac:f3:59:9b:04:1c:4e:9a:d6:53:a1:73:5d:59:a8:25:
         46:a0:34:aa:23:c9:2c:d8:62:da:7b:31:8e:25:9d:0a:6e:17:
         4f:65:8d:59:b4:b8:b7:b2:a6:c5:13:c2:c5:00:d0:b0:f5:6d:
         a3:a5:75:13:43:bd:c9:68:c6:6b:69:f2:a8:cd:57:65:f3:c7:
         83:93:ea:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FVm6iw0n8/Z6hlm5KJnJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3NGQ5MWNmYTBhNmRiOWJmZDkxNTRhNDQxODU4ZTAwZTM4
YmRiZDYwHhcNMjYwMTAyMTQyMTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjk0NjkxOGIwYmJiOWY3NTU4MWY2MDMwZDQxN2E2NWViNzYxMTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqABJTSx1BOZ5+Xxt0l5SP0BguiBp
MgFZLqqWbVT9Djs2pLnPSazP+ESUjt8G9fv3ArL8T4f99PFVR6stU1UGAX6ZAZUY
8kq1jY+/IC+V5KpNEyr+oOJ6TrQ1wFvFRtAPuxqG1te8NVYuMbccL0XpdTvsrLip
Uqylxpy60JHVtpxet1AcwhTQZUoUgH9n9ZqI1XzRfrYvW4RsyVKdO2VQ9nYDzIwn
FxRnYGWsU2b5W6jbFEdiSuCz2QaChyoHA6JGx+IExAvUh1jbDS1WLjgUTzB/DrkU
biRwJRJcHiZFWqkS0S95W5/5EcFvWtfLACSFyd9pS9s+PbjqW9QZ1kgojwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKUaRiwu7n3VYH2Aw1BemXrdhErMB8GA1UdIwQY
MBaAFCdNkc+gptub/ZFUpEGFjgDji9vWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjAyUno2Q20yNXY5a1ZTa1FZV09BT09MMjlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jNTFkNTgtZTM0OS00MjMxLTg2NGYt
OTc4MjM0YzNiYjcwLzEvOHBScEdMQzd1ZmRWZ2ZZRERVRjZaZXQyRVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jNTFkNTgtZTM0OS00MjMxLTg2NGYtOTc4MjM0YzNiYjcw
LzEvSjAyUno2Q20yNXY5a1ZTa1FZV09BT09MMjlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbXUMA0G
CSqGSIb3DQEBCwUAA4IBAQBpx0Sj7tA25elnV2Y8a6U4EoACFNHMuktZy2ZteroY
cYh8I8l+zduLUwnJMitA+g77ujCIDMMJHzTrbB8IacL5faZ2v3rCE1ZCnn/sWDIy
wYwyMffKaCN1iYLyUe1IR1W8K87jSuM5e5wIjaC5/hala5DyYx9wBO/LhpPLoh9K
GHRe9H31PASaCV1rlxWZ0jUZedo8i33jcIEbuC1bWZq/ldp1oak/C1wRpwiKOWvF
FiPXsjumnqzzWZsEHE6a1lOhc11ZqCVGoDSqI8ks2GLaezGOJZ0KbhdPZY1ZtLi3
sqbFE8LFANCw9W2jpXUTQ73JaMZrafKozVdl88eDk+ql
-----END CERTIFICATE-----