This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/839b34-3529-438b-87d0-ce5019264895/1/cMQiZnAEZAcj3C0lkcgvF6RD5y8.roa
File:                     cMQiZnAEZAcj3C0lkcgvF6RD5y8.roa (raw, json)
Hash identifier:          42uo0Cj9Z9TNuXBZG2n2ywXXuk81qWLkR5LdFIJRmv0=
Subject key identifier:   70:C4:22:66:70:04:64:07:23:DC:2D:25:91:C8:2F:17:A4:43:E7:2F
Certificate issuer:       /CN=b04b1cdf506ce5e9937e77f8263ecf6ddb255b05
Certificate serial:       019B78349750067E6064F5CDD40FD939E27A
Authority key identifier: B0:4B:1C:DF:50:6C:E5:E9:93:7E:77:F8:26:3E:CF:6D:DB:25:5B:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sEsc31Bs5emTfnf4Jj7PbdslWwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/839b34-3529-438b-87d0-ce5019264895/1/cMQiZnAEZAcj3C0lkcgvF6RD5y8.roa
Signing time:             Thu 01 Jan 2026 06:17:51 +0000
ROA not before:           Thu 01 Jan 2026 06:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35258
IP address blocks:        5.183.72.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/839b34-3529-438b-87d0-ce5019264895/1/sEsc31Bs5emTfnf4Jj7PbdslWwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/839b34-3529-438b-87d0-ce5019264895/1/sEsc31Bs5emTfnf4Jj7PbdslWwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sEsc31Bs5emTfnf4Jj7PbdslWwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 06:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:97:50:06:7e:60:64:f5:cd:d4:0f:d9:39:e2:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b04b1cdf506ce5e9937e77f8263ecf6ddb255b05
        Validity
            Not Before: Jan  1 06:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70c422667004640723dc2d2591c82f17a443e72f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:7a:58:d3:e0:ad:2e:c6:01:1c:3e:2b:92:63:
                    bf:fb:24:ff:54:7a:e4:53:fb:09:6a:ca:7a:0e:e0:
                    48:8f:5f:34:74:c8:06:d3:81:a5:0b:df:2a:3b:08:
                    43:dc:01:42:aa:4c:02:94:38:60:da:6b:62:1d:39:
                    dc:f0:17:36:7e:3c:aa:2a:21:dd:47:85:32:35:ad:
                    2f:33:f8:85:d0:19:ca:f9:e2:4c:bd:cf:ae:c0:d8:
                    75:db:4e:b4:c4:f8:cd:ed:10:de:10:30:98:76:1f:
                    06:18:7c:60:f6:4c:97:33:b5:c6:bc:5c:9b:67:17:
                    0b:a2:b5:89:4a:10:f7:0c:df:60:1e:ce:2c:b5:13:
                    89:e3:a2:9b:1e:eb:77:f8:2e:bb:f9:48:40:ea:f3:
                    67:77:b1:fc:bb:af:e4:86:c8:58:3e:0a:8a:5a:50:
                    9b:b2:66:f5:82:6b:f7:38:89:8a:68:ae:52:96:cb:
                    97:07:5c:6a:ad:0e:ae:f1:56:d1:31:29:93:76:b5:
                    a5:48:d3:18:61:aa:ab:47:c9:db:35:3d:39:42:ca:
                    68:08:89:f5:2e:f4:15:25:a2:fb:e7:ab:4e:f8:07:
                    d0:ec:a3:fe:0f:d7:11:4a:e0:d4:e0:28:64:3a:62:
                    76:dc:de:45:a6:3b:c1:74:c2:d7:92:67:ee:ae:65:
                    e2:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:C4:22:66:70:04:64:07:23:DC:2D:25:91:C8:2F:17:A4:43:E7:2F
            X509v3 Authority Key Identifier:
                keyid:B0:4B:1C:DF:50:6C:E5:E9:93:7E:77:F8:26:3E:CF:6D:DB:25:5B:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sEsc31Bs5emTfnf4Jj7PbdslWwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/839b34-3529-438b-87d0-ce5019264895/1/cMQiZnAEZAcj3C0lkcgvF6RD5y8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/839b34-3529-438b-87d0-ce5019264895/1/sEsc31Bs5emTfnf4Jj7PbdslWwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:5f:6b:b6:d7:88:2f:2d:33:05:bd:ec:ea:5e:62:b3:0a:6f:
         22:7e:0f:38:d8:c3:e1:c2:61:79:2d:82:7b:97:66:01:59:c6:
         9e:4f:dc:cd:3e:6c:3a:82:32:bc:89:72:3b:9e:37:44:f1:de:
         0e:b0:b8:d7:ca:e3:3d:11:99:53:25:6f:af:c5:76:20:fd:a7:
         b3:5d:25:95:f0:b4:36:1a:f5:03:ba:c6:92:64:64:fc:8a:b3:
         c9:2a:c5:37:ad:f3:70:fe:ad:ed:cb:e3:ca:69:8c:c7:87:e6:
         bb:a5:e4:43:4d:93:10:6b:eb:ee:3a:c4:44:da:13:b9:f0:bd:
         5d:de:2b:78:58:f9:50:fd:d1:5e:06:89:cc:c1:a0:a6:50:ba:
         51:bb:7d:dc:9c:2a:e9:4d:b1:e0:1b:82:80:98:39:97:b9:e5:
         27:50:bb:97:52:26:98:4b:21:dd:15:80:9d:3c:b2:07:44:64:
         af:49:59:6e:93:45:96:84:80:67:d1:0b:c8:4b:79:ed:a2:a2:
         e5:89:b2:1a:20:4b:10:05:3f:ef:70:b8:46:b4:be:68:6e:d0:
         7a:a2:a8:bf:93:11:ce:d2:5e:38:88:db:8e:55:b3:6b:b5:1e:
         a2:8f:f8:e4:d8:d9:4c:26:f3:b2:60:df:8e:53:c4:b8:17:61:
         19:bc:a9:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NJdQBn5gZPXN1A/ZOeJ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNGIxY2RmNTA2Y2U1ZTk5MzdlNzdmODI2M2VjZjZkZGIy
NTViMDUwHhcNMjYwMTAxMDYxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGM0MjI2NjcwMDQ2NDA3MjNkYzJkMjU5MWM4MmYxN2E0NDNlNzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXpY0+CtLsYBHD4rkmO/+yT/VHrk
U/sJasp6DuBIj180dMgG04GlC98qOwhD3AFCqkwClDhg2mtiHTnc8Bc2fjyqKiHd
R4UyNa0vM/iF0BnK+eJMvc+uwNh12060xPjN7RDeEDCYdh8GGHxg9kyXM7XGvFyb
ZxcLorWJShD3DN9gHs4stROJ46KbHut3+C67+UhA6vNnd7H8u6/khshYPgqKWlCb
smb1gmv3OImKaK5SlsuXB1xqrQ6u8VbRMSmTdrWlSNMYYaqrR8nbNT05QspoCIn1
LvQVJaL756tO+AfQ7KP+D9cRSuDU4ChkOmJ23N5FpjvBdMLXkmfurmXicwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDEImZwBGQHI9wtJZHILxekQ+cvMB8GA1UdIwQY
MBaAFLBLHN9QbOXpk353+CY+z23bJVsFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0VzYzMxQnM1ZW1UZm5mNEpqN1BiZHNsV3dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi84MzliMzQtMzUyOS00MzhiLTg3ZDAt
Y2U1MDE5MjY0ODk1LzEvY01RaVpuQUVaQWNqM0MwbGtjZ3ZGNlJENXk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi84MzliMzQtMzUyOS00MzhiLTg3ZDAtY2U1MDE5MjY0ODk1
LzEvc0VzYzMxQnM1ZW1UZm5mNEpqN1BiZHNsV3dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbdIMA0G
CSqGSIb3DQEBCwUAA4IBAQBXX2u214gvLTMFvezqXmKzCm8ifg842MPhwmF5LYJ7
l2YBWcaeT9zNPmw6gjK8iXI7njdE8d4OsLjXyuM9EZlTJW+vxXYg/aezXSWV8LQ2
GvUDusaSZGT8irPJKsU3rfNw/q3ty+PKaYzHh+a7peRDTZMQa+vuOsRE2hO58L1d
3it4WPlQ/dFeBonMwaCmULpRu33cnCrpTbHgG4KAmDmXueUnULuXUiaYSyHdFYCd
PLIHRGSvSVluk0WWhIBn0QvIS3ntoqLlibIaIEsQBT/vcLhGtL5obtB6oqi/kxHO
0l44iNuOVbNrtR6ij/jk2NlMJvOyYN+OU8S4F2EZvKnS
-----END CERTIFICATE-----