This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/tKQOFu4gDtiR9E_Fs5E_WSdxqYs.roa
File:                     tKQOFu4gDtiR9E_Fs5E_WSdxqYs.roa (raw, json)
Hash identifier:          WdBgiiX6jEX+9nf9y/4sf97cV0r9Y0+TqLFDE6JwVjA=
Subject key identifier:   B4:A4:0E:16:EE:20:0E:D8:91:F4:4F:C5:B3:91:3F:59:27:71:A9:8B
Certificate issuer:       /CN=92bf6464ce6e19a4dcf8a32b27a2f1cbe1551055
Certificate serial:       019B797ECEBA66ECF3B7BB7E90583587F1A4
Authority key identifier: 92:BF:64:64:CE:6E:19:A4:DC:F8:A3:2B:27:A2:F1:CB:E1:55:10:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/tKQOFu4gDtiR9E_Fs5E_WSdxqYs.roa
Signing time:             Thu 01 Jan 2026 12:18:32 +0000
ROA not before:           Thu 01 Jan 2026 12:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50673
IP address blocks:        5.56.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 05:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:ce:ba:66:ec:f3:b7:bb:7e:90:58:35:87:f1:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92bf6464ce6e19a4dcf8a32b27a2f1cbe1551055
        Validity
            Not Before: Jan  1 12:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4a40e16ee200ed891f44fc5b3913f592771a98b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:03:e3:ef:7d:f2:b3:1a:e3:7a:87:5d:e5:89:
                    38:8c:ef:b4:5f:52:71:dc:89:92:44:f3:99:19:79:
                    e5:99:89:af:63:e8:d0:df:56:49:dc:3d:fd:78:eb:
                    23:c3:83:82:8a:37:3e:3e:07:da:b8:e7:4e:51:f4:
                    61:b9:bc:bd:44:c8:d9:82:6b:f6:2f:b7:8b:c1:66:
                    85:8a:bb:23:4e:66:41:47:7c:bf:3b:1d:8f:88:d4:
                    91:0f:78:f5:de:2a:db:6e:49:7e:45:0d:33:b7:08:
                    c6:28:22:2c:c3:98:7f:4f:ae:b8:cd:bd:2d:b1:a3:
                    2f:44:35:07:67:b0:4c:7f:b5:c9:94:30:b2:ca:91:
                    bd:52:af:ee:07:97:e3:5b:a5:fb:21:e4:65:c1:1b:
                    fa:5c:83:74:92:7c:4a:08:ae:ca:0d:13:01:30:82:
                    bb:f2:e7:ce:45:c4:3f:c9:2e:d0:96:af:eb:89:5f:
                    b6:ed:fa:35:4a:cd:35:17:84:bc:a5:e4:75:cd:c2:
                    dd:a4:e4:e2:f7:3f:b3:0b:32:e1:46:a4:65:46:3e:
                    85:49:bb:63:3d:14:ea:bc:c2:11:36:93:47:8f:b7:
                    9e:f5:3b:50:3f:cd:e1:e0:52:c6:41:19:f2:6b:71:
                    64:e5:ce:64:b2:73:1d:62:3a:12:66:6a:a2:d4:12:
                    8f:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:A4:0E:16:EE:20:0E:D8:91:F4:4F:C5:B3:91:3F:59:27:71:A9:8B
            X509v3 Authority Key Identifier:
                keyid:92:BF:64:64:CE:6E:19:A4:DC:F8:A3:2B:27:A2:F1:CB:E1:55:10:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/tKQOFu4gDtiR9E_Fs5E_WSdxqYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:10:86:c5:d5:13:64:5f:22:f6:98:d2:74:06:c8:e6:cb:02:
         ff:cf:ff:52:6f:9d:01:7d:01:fa:d1:a5:55:2f:8a:ed:ae:7c:
         79:70:18:5f:d4:18:b6:26:d9:75:d0:68:56:f9:c6:f7:f4:73:
         97:81:fe:3b:0d:0f:1e:0c:01:72:bc:3f:df:bd:45:06:ed:05:
         a1:c1:a5:54:81:95:df:64:5b:46:08:43:35:94:a2:b6:72:ff:
         da:03:7d:5d:93:60:06:37:f5:3c:c8:3d:ed:e3:3e:b6:3b:ec:
         60:f3:77:76:d0:39:3a:d4:78:8e:b4:32:e9:1f:71:29:c0:a0:
         22:44:f2:eb:dc:de:2b:d1:cf:ab:e5:57:24:6a:0b:b1:8f:45:
         6f:1a:e8:57:60:df:ec:ce:03:53:d6:d9:c5:3f:c7:1b:c5:b0:
         cb:d1:5e:79:d8:83:0b:de:42:e2:67:97:30:d1:59:b9:8e:7b:
         5c:df:29:7a:52:b7:ee:35:ea:e6:3d:ee:18:0b:f8:3a:ea:57:
         4a:be:5e:13:75:c4:be:8f:4b:73:1e:24:e7:d3:0b:e1:e0:1a:
         ac:18:ef:84:2b:71:e1:c2:fd:d3:28:c9:60:92:cc:06:c5:dd:
         8a:af:24:9e:b6:6c:83:09:26:1e:5a:05:3a:f3:3f:7f:0c:85:
         98:74:8a:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fs66Zuzzt7t+kFg1h/GkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyYmY2NDY0Y2U2ZTE5YTRkY2Y4YTMyYjI3YTJmMWNiZTE1
NTEwNTUwHhcNMjYwMTAxMTIxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGE0MGUxNmVlMjAwZWQ4OTFmNDRmYzViMzkxM2Y1OTI3NzFhOThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAPj733ysxrjeodd5Yk4jO+0X1Jx
3ImSRPOZGXnlmYmvY+jQ31ZJ3D39eOsjw4OCijc+PgfauOdOUfRhuby9RMjZgmv2
L7eLwWaFirsjTmZBR3y/Ox2PiNSRD3j13irbbkl+RQ0ztwjGKCIsw5h/T664zb0t
saMvRDUHZ7BMf7XJlDCyypG9Uq/uB5fjW6X7IeRlwRv6XIN0knxKCK7KDRMBMIK7
8ufORcQ/yS7Qlq/riV+27fo1Ss01F4S8peR1zcLdpOTi9z+zCzLhRqRlRj6FSbtj
PRTqvMIRNpNHj7ee9TtQP83h4FLGQRnya3Fk5c5ksnMdYjoSZmqi1BKPbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLSkDhbuIA7YkfRPxbORP1kncamLMB8GA1UdIwQY
MBaAFJK/ZGTObhmk3PijKyei8cvhVRBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3I5a1pNNXVHYVRjLUtNcko2THh5LUZWRUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9mMWQ2OTctYmM4ZS00ZjE0LThiMzct
YjUzZTMwZTE0MTJhLzEvdEtRT0Z1NGdEdGlSOUVfRnM1RV9XU2R4cVlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9mMWQ2OTctYmM4ZS00ZjE0LThiMzctYjUzZTMwZTE0MTJh
LzEva3I5a1pNNXVHYVRjLUtNcko2THh5LUZWRUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABTiFMA0G
CSqGSIb3DQEBCwUAA4IBAQCgEIbF1RNkXyL2mNJ0BsjmywL/z/9Sb50BfQH60aVV
L4rtrnx5cBhf1Bi2Jtl10GhW+cb39HOXgf47DQ8eDAFyvD/fvUUG7QWhwaVUgZXf
ZFtGCEM1lKK2cv/aA31dk2AGN/U8yD3t4z62O+xg83d20Dk61HiOtDLpH3EpwKAi
RPLr3N4r0c+r5Vckaguxj0VvGuhXYN/szgNT1tnFP8cbxbDL0V552IML3kLiZ5cw
0Vm5jntc3yl6UrfuNermPe4YC/g66ldKvl4TdcS+j0tzHiTn0wvh4BqsGO+EK3Hh
wv3TKMlgkswGxd2KrySetmyDCSYeWgU68z9/DIWYdIo1
-----END CERTIFICATE-----