This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/4RoCZ7xFwmFE2MoybN1MliQS528.roa
File:                     4RoCZ7xFwmFE2MoybN1MliQS528.roa (raw, json)
Hash identifier:          ERuwVSaTgKOxPyhdMucsbDqJSwwmPwiV0Nxa28rNWmo=
Subject key identifier:   E1:1A:02:67:BC:45:C2:61:44:D8:CA:32:6C:DD:4C:96:24:12:E7:6F
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019B791082E7A9DB8BF9C5FFD3A71F54BA92
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/4RoCZ7xFwmFE2MoybN1MliQS528.roa
Signing time:             Thu 01 Jan 2026 10:18:03 +0000
ROA not before:           Thu 01 Jan 2026 10:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197450
IP address blocks:        5.180.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 10:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:82:e7:a9:db:8b:f9:c5:ff:d3:a7:1f:54:ba:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Jan  1 10:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e11a0267bc45c26144d8ca326cdd4c962412e76f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:6d:ab:e3:63:27:94:ae:48:e7:6a:00:c6:59:
                    13:82:c4:c7:5b:a8:7c:75:9c:2b:bd:c8:4c:64:9b:
                    dd:db:94:61:36:0a:7d:8f:f8:f3:51:23:13:8b:fd:
                    fa:bb:2e:a8:35:27:4a:82:cf:8f:92:85:66:97:cb:
                    44:2a:32:b8:7a:da:ac:7d:3a:4a:a2:b8:75:c7:16:
                    e1:ce:75:d3:84:af:d6:4c:ea:7b:c9:10:8b:92:e4:
                    64:5a:93:52:07:a9:00:53:a3:8b:e7:86:ac:3b:5b:
                    12:bf:54:5b:93:5c:04:8b:e1:48:61:82:d7:4a:05:
                    4b:8b:67:9f:ad:52:0d:ba:95:1e:96:7d:70:aa:99:
                    3e:5b:c9:46:2a:77:85:85:32:c3:9e:e3:33:4f:a4:
                    46:3b:b7:70:a8:72:ef:59:92:bc:a8:8c:e0:5b:e8:
                    5c:27:0c:5d:01:c6:a6:7d:ef:1a:91:c7:c5:fa:6b:
                    8f:7e:c9:2d:1a:a1:46:d2:58:95:07:ff:c5:7e:e2:
                    40:8f:11:16:ac:a6:95:b4:42:14:72:19:17:72:a7:
                    25:d8:74:ba:0f:48:d8:aa:02:19:1c:29:cb:61:c2:
                    b8:60:39:e8:61:65:bf:b1:43:f7:31:a3:cb:66:05:
                    3d:f7:7c:5b:e7:82:99:7d:92:50:fa:c3:f9:b0:40:
                    d9:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:1A:02:67:BC:45:C2:61:44:D8:CA:32:6C:DD:4C:96:24:12:E7:6F
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/4RoCZ7xFwmFE2MoybN1MliQS528.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:ca:f9:98:31:fc:8a:37:e1:b9:b7:83:e7:a3:41:87:ef:a4:
         b2:28:ae:3b:5f:10:de:d8:25:45:d2:65:95:4a:0a:b8:f9:ec:
         1a:83:16:87:f5:5c:77:a2:b9:3c:d6:74:4a:14:a3:a9:1a:d2:
         a5:bd:9f:97:61:f3:04:50:d1:7c:47:dd:c8:41:7f:4c:6b:8f:
         cb:72:15:18:c8:21:fe:35:d4:f2:78:dc:f9:67:87:97:4a:b0:
         d5:40:c8:99:f7:f6:58:29:6e:31:d8:01:26:c1:9c:e7:0d:d3:
         0f:30:79:c5:ca:14:37:2a:7c:a1:61:b9:ec:99:42:86:99:57:
         bd:68:78:c9:31:36:85:d9:19:f4:1a:84:47:e5:75:90:ab:7c:
         b0:fa:c5:b7:33:ec:21:bb:37:37:24:1b:dc:a1:f9:81:8b:1c:
         c2:12:ef:a4:90:eb:cc:f0:67:0a:e6:be:85:bf:91:9f:82:e6:
         d5:d4:a7:b2:25:22:78:f1:fa:c8:c2:26:fe:43:f7:9c:52:f4:
         84:5c:c3:44:6e:2b:42:76:79:93:54:77:8b:17:1d:fa:5a:72:
         9f:7b:7d:61:bb:37:99:5d:05:b4:90:60:45:a8:d1:42:b7:c8:
         49:ed:dc:3f:7d:57:d9:87:b8:98:3f:fb:79:dd:5d:69:a5:d0:
         c4:b5:d2:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EILnqduL+cX/06cfVLqSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjYwMTAxMTAxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTFhMDI2N2JjNDVjMjYxNDRkOGNhMzI2Y2RkNGM5NjI0MTJlNzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAum2r42MnlK5I52oAxlkTgsTHW6h8
dZwrvchMZJvd25RhNgp9j/jzUSMTi/36uy6oNSdKgs+PkoVml8tEKjK4etqsfTpK
orh1xxbhznXThK/WTOp7yRCLkuRkWpNSB6kAU6OL54asO1sSv1Rbk1wEi+FIYYLX
SgVLi2efrVINupUeln1wqpk+W8lGKneFhTLDnuMzT6RGO7dwqHLvWZK8qIzgW+hc
JwxdAcamfe8akcfF+muPfsktGqFG0liVB//FfuJAjxEWrKaVtEIUchkXcqcl2HS6
D0jYqgIZHCnLYcK4YDnoYWW/sUP3MaPLZgU993xb54KZfZJQ+sP5sEDZ2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOEaAme8RcJhRNjKMmzdTJYkEudvMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvNFJvQ1o3eEZ3bUZFMk1veWJOMU1saVFTNTI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbRoMA0G
CSqGSIb3DQEBCwUAA4IBAQATyvmYMfyKN+G5t4Pno0GH76SyKK47XxDe2CVF0mWV
Sgq4+ewagxaH9Vx3ork81nRKFKOpGtKlvZ+XYfMEUNF8R93IQX9Ma4/LchUYyCH+
NdTyeNz5Z4eXSrDVQMiZ9/ZYKW4x2AEmwZznDdMPMHnFyhQ3KnyhYbnsmUKGmVe9
aHjJMTaF2Rn0GoRH5XWQq3yw+sW3M+whuzc3JBvcofmBixzCEu+kkOvM8GcK5r6F
v5GfgubV1KeyJSJ48frIwib+Q/ecUvSEXMNEbitCdnmTVHeLFx36WnKfe31huzeZ
XQW0kGBFqNFCt8hJ7dw/fVfZh7iYP/t53V1ppdDEtdIr
-----END CERTIFICATE-----