This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/wh4k9axfhsDf-Do-dUFqE9nApww.roa
File:                     wh4k9axfhsDf-Do-dUFqE9nApww.roa (raw, json)
Hash identifier:          93omHoRTuFsw/T3J6aAGcVsj1NzTknVj2UFj23gAKLY=
Subject key identifier:   C2:1E:24:F5:AC:5F:86:C0:DF:F8:3A:3E:75:41:6A:13:D9:C0:A7:0C
Certificate issuer:       /CN=27f5180f9b93ae7573c08a894bd452bd77ce56cd
Certificate serial:       019B7AC9181A12CDFE6A1F4345CF28AE3E51
Authority key identifier: 27:F5:18:0F:9B:93:AE:75:73:C0:8A:89:4B:D4:52:BD:77:CE:56:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J_UYD5uTrnVzwIqJS9RSvXfOVs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/wh4k9axfhsDf-Do-dUFqE9nApww.roa
Signing time:             Thu 01 Jan 2026 18:19:17 +0000
ROA not before:           Thu 01 Jan 2026 18:19:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        5.252.136.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/J_UYD5uTrnVzwIqJS9RSvXfOVs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/J_UYD5uTrnVzwIqJS9RSvXfOVs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J_UYD5uTrnVzwIqJS9RSvXfOVs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:18:1a:12:cd:fe:6a:1f:43:45:cf:28:ae:3e:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27f5180f9b93ae7573c08a894bd452bd77ce56cd
        Validity
            Not Before: Jan  1 18:19:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c21e24f5ac5f86c0dff83a3e75416a13d9c0a70c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9a:94:34:ea:23:43:ce:ef:23:02:1b:b4:a3:
                    ad:42:fc:fd:98:d5:e5:13:6e:f7:87:53:34:2a:39:
                    43:ab:c9:98:92:ed:93:11:c2:73:c8:22:66:b4:f4:
                    9e:0c:6a:3e:1e:c7:f4:0f:6d:55:5b:b2:2e:6c:0e:
                    cb:06:f6:19:5b:08:f1:b4:48:e6:30:d3:f9:06:76:
                    d1:44:b0:01:2d:0c:bb:d1:2a:99:54:d7:3b:84:0f:
                    ce:e9:6b:2b:22:46:96:00:d9:0d:fa:4a:44:e9:76:
                    ad:e7:38:1c:25:9e:4e:15:55:70:41:d0:1e:8d:d6:
                    f1:6b:a0:a8:d0:d7:3b:19:79:a2:6a:dc:75:31:d4:
                    a6:66:6c:12:6d:df:9b:a4:ed:1a:f4:d3:ea:9a:81:
                    5c:cc:02:3d:00:2e:b5:1c:4a:6e:aa:87:ba:f9:7f:
                    14:22:4f:72:dc:d3:a5:2a:5f:16:27:4a:13:95:eb:
                    bb:c3:ce:c7:ac:5a:b5:75:ae:32:01:59:d4:d5:0b:
                    c8:da:05:18:2f:29:dd:10:7a:73:af:1c:0c:bf:db:
                    a9:8f:dd:a9:56:8f:71:75:59:ba:a5:b1:09:73:04:
                    67:70:0f:2d:42:41:75:2f:7a:7f:be:6a:10:53:c2:
                    e1:18:89:ce:da:88:bb:b1:6f:89:12:fd:08:8f:49:
                    41:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:1E:24:F5:AC:5F:86:C0:DF:F8:3A:3E:75:41:6A:13:D9:C0:A7:0C
            X509v3 Authority Key Identifier:
                keyid:27:F5:18:0F:9B:93:AE:75:73:C0:8A:89:4B:D4:52:BD:77:CE:56:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J_UYD5uTrnVzwIqJS9RSvXfOVs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/wh4k9axfhsDf-Do-dUFqE9nApww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/e1b84b-39a6-4ac8-be63-30fee27e84cb/1/J_UYD5uTrnVzwIqJS9RSvXfOVs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:46:6b:1e:3b:2a:e1:19:53:45:25:4d:2e:24:96:16:3e:66:
         34:8a:3f:0b:92:4d:0e:dc:c8:b0:a1:fe:8b:4f:ce:c3:aa:80:
         c7:bd:3a:70:3a:7b:53:30:a8:0c:8a:7a:79:4c:58:49:85:ee:
         98:29:ce:e2:5a:4d:1e:c1:a4:c1:a3:39:65:ca:35:3b:ed:f3:
         02:0f:b8:5c:54:8f:a1:e5:7c:02:3c:da:6a:1c:2e:5e:9e:5d:
         34:fa:01:44:de:bf:e8:3c:1c:94:27:b3:cf:5a:c3:49:3d:06:
         78:70:f6:6c:d7:b3:d3:85:cf:a2:af:ae:7f:4a:63:28:a8:94:
         5a:6f:c6:86:b0:7f:e6:bc:d9:e9:8c:b9:b1:f2:e9:d3:e9:93:
         80:6a:fb:7b:2a:65:6c:15:e1:0a:14:f8:15:fc:6c:8d:d4:a4:
         7f:0c:72:f6:37:cf:88:e6:b4:63:2a:f1:14:48:f2:50:66:94:
         b5:41:ab:3a:fa:f6:eb:99:c7:3b:09:7e:a3:40:b5:7c:3c:e3:
         ea:28:c9:34:a5:6c:fa:8f:7d:5a:65:b1:b3:cc:9e:6d:25:a1:
         e0:5d:69:d2:c4:e8:38:2c:69:99:f0:61:ed:b0:38:58:35:be:
         54:5a:e9:a0:29:a3:6e:73:45:0a:2a:59:2b:e8:5a:64:59:10:
         2d:39:58:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yRgaEs3+ah9DRc8orj5RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZjUxODBmOWI5M2FlNzU3M2MwOGE4OTRiZDQ1MmJkNzdj
ZTU2Y2QwHhcNMjYwMTAxMTgxOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjFlMjRmNWFjNWY4NmMwZGZmODNhM2U3NTQxNmExM2Q5YzBhNzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJqUNOojQ87vIwIbtKOtQvz9mNXl
E273h1M0KjlDq8mYku2TEcJzyCJmtPSeDGo+Hsf0D21VW7IubA7LBvYZWwjxtEjm
MNP5BnbRRLABLQy70SqZVNc7hA/O6WsrIkaWANkN+kpE6Xat5zgcJZ5OFVVwQdAe
jdbxa6Co0Nc7GXmiatx1MdSmZmwSbd+bpO0a9NPqmoFczAI9AC61HEpuqoe6+X8U
Ik9y3NOlKl8WJ0oTleu7w87HrFq1da4yAVnU1QvI2gUYLyndEHpzrxwMv9upj92p
Vo9xdVm6pbEJcwRncA8tQkF1L3p/vmoQU8LhGInO2oi7sW+JEv0Ij0lBswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMIeJPWsX4bA3/g6PnVBahPZwKcMMB8GA1UdIwQY
MBaAFCf1GA+bk651c8CKiUvUUr13zlbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSl9VWUQ1dVRyblZ6d0lxSlM5UlN2WGZPVnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9lMWI4NGItMzlhNi00YWM4LWJlNjMt
MzBmZWUyN2U4NGNiLzEvd2g0azlheGZoc0RmLURvLWRVRnFFOW5BcHd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9lMWI4NGItMzlhNi00YWM4LWJlNjMtMzBmZWUyN2U4NGNi
LzEvSl9VWUQ1dVRyblZ6d0lxSlM5UlN2WGZPVnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBfyIMA0G
CSqGSIb3DQEBCwUAA4IBAQCURmseOyrhGVNFJU0uJJYWPmY0ij8Lkk0O3Miwof6L
T87DqoDHvTpwOntTMKgMinp5TFhJhe6YKc7iWk0ewaTBozllyjU77fMCD7hcVI+h
5XwCPNpqHC5enl00+gFE3r/oPByUJ7PPWsNJPQZ4cPZs17PThc+ir65/SmMoqJRa
b8aGsH/mvNnpjLmx8unT6ZOAavt7KmVsFeEKFPgV/GyN1KR/DHL2N8+I5rRjKvEU
SPJQZpS1Qas6+vbrmcc7CX6jQLV8POPqKMk0pWz6j31aZbGzzJ5tJaHgXWnSxOg4
LGmZ8GHtsDhYNb5UWumgKaNuc0UKKlkr6FpkWRAtOViU
-----END CERTIFICATE-----