This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/Jtp72CS2jEm3lTCDgWP7039dKYg.roa
File:                     Jtp72CS2jEm3lTCDgWP7039dKYg.roa (raw, json)
Hash identifier:          Q1Hpm3kD459iodRBV3umbkyn+j4+wiimsCk0/+2lO84=
Subject key identifier:   26:DA:7B:D8:24:B6:8C:49:B7:95:30:83:81:63:FB:D3:7F:5D:29:88
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       019B7AC7966D519808DDBC8CE5AB1A62C526
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/Jtp72CS2jEm3lTCDgWP7039dKYg.roa
Signing time:             Thu 01 Jan 2026 18:17:39 +0000
ROA not before:           Thu 01 Jan 2026 18:17:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200376
IP address blocks:        5.202.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:96:6d:51:98:08:dd:bc:8c:e5:ab:1a:62:c5:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 18:17:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=26da7bd824b68c49b79530838163fbd37f5d2988
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:1e:3e:7d:e4:01:77:a8:b0:a5:6c:98:27:b6:
                    a3:01:86:f5:11:fb:82:ca:bf:67:8c:1f:13:83:95:
                    57:1c:b5:3c:1c:e3:48:a3:b4:20:49:97:50:8b:dd:
                    1c:10:0d:7c:d9:6c:fe:b6:07:67:55:02:62:9d:fc:
                    c2:d0:aa:3f:48:43:e6:ea:49:02:f0:7f:4b:d6:ae:
                    f8:63:7e:3d:4e:9e:a6:ea:75:a1:a4:23:29:c9:7d:
                    82:e9:9b:d3:d6:3c:f5:17:ff:5d:19:9a:9a:45:c0:
                    66:78:4c:f1:c7:ed:00:c3:49:31:f3:52:5c:dc:de:
                    ea:a7:e4:75:a5:2b:2d:8a:32:dd:e2:29:0e:db:51:
                    38:dc:4b:4e:2b:9a:9b:7d:9b:d2:20:4a:f4:66:75:
                    5c:7c:3c:a0:8f:5e:7b:99:53:5f:02:45:90:13:20:
                    eb:6f:52:52:35:1d:d7:06:ca:04:1a:4a:6d:e5:f1:
                    6d:87:8c:d2:4a:8c:bd:17:ce:91:a1:78:7d:99:40:
                    32:d7:f8:6e:4e:da:9d:9f:06:ca:d6:4b:c9:6a:32:
                    db:77:52:e5:59:a2:cc:07:1b:33:7b:88:17:4e:44:
                    37:d0:82:d2:10:ae:05:8f:b3:78:c4:a4:6f:c0:a2:
                    81:21:9a:03:d8:8f:65:50:81:79:7c:fc:a7:47:6c:
                    9d:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:DA:7B:D8:24:B6:8C:49:B7:95:30:83:81:63:FB:D3:7F:5D:29:88
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/Jtp72CS2jEm3lTCDgWP7039dKYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.202.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:95:0a:23:29:9a:67:b4:11:fa:01:81:e7:8b:8a:18:e2:df:
         6e:ef:d1:7e:cf:b7:ef:92:73:c7:28:de:04:a0:ef:c2:a8:32:
         19:c5:fd:76:b1:d4:e6:93:e0:91:02:d6:bb:ca:6f:d0:a0:cf:
         ab:bf:8c:18:90:b3:99:94:5f:f4:c7:3d:78:7e:bd:03:8c:e0:
         11:1f:08:40:f7:82:65:a3:c4:07:7c:f0:39:15:b9:13:a8:36:
         d8:88:d1:ea:c4:30:3f:68:03:f0:4f:a3:b7:4a:20:ff:77:55:
         67:b8:63:1b:7f:7f:2f:95:69:5b:be:a4:40:97:07:ed:37:3d:
         d6:97:27:8d:13:cf:7f:ff:03:5d:06:52:33:da:74:22:ec:13:
         ad:16:ba:41:b2:19:94:6f:ba:55:44:a0:63:1b:a8:7c:4b:8a:
         d4:f7:33:c2:1f:bd:19:ed:dc:3c:78:68:4e:f0:b5:7c:58:72:
         6d:91:59:ea:f1:22:45:22:0e:7a:5b:08:b6:4f:eb:98:ea:6b:
         8a:2b:f3:95:e2:08:f9:6b:c5:33:70:3c:6d:86:67:64:64:66:
         ca:67:f2:59:22:1b:27:96:e8:6d:60:b6:c1:6f:17:b0:77:9b:
         f0:cd:b2:91:a5:70:b0:1f:82:f7:da:9b:08:43:7c:fe:9d:43:
         5e:3c:3e:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x5ZtUZgI3byM5asaYsUmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjYwMTAxMTgxNzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmRhN2JkODI0YjY4YzQ5Yjc5NTMwODM4MTYzZmJkMzdmNWQyOTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoR4+feQBd6iwpWyYJ7ajAYb1EfuC
yr9njB8Tg5VXHLU8HONIo7QgSZdQi90cEA182Wz+tgdnVQJinfzC0Ko/SEPm6kkC
8H9L1q74Y349Tp6m6nWhpCMpyX2C6ZvT1jz1F/9dGZqaRcBmeEzxx+0Aw0kx81Jc
3N7qp+R1pSstijLd4ikO21E43EtOK5qbfZvSIEr0ZnVcfDygj157mVNfAkWQEyDr
b1JSNR3XBsoEGkpt5fFth4zSSoy9F86RoXh9mUAy1/huTtqdnwbK1kvJajLbd1Ll
WaLMBxsze4gXTkQ30ILSEK4Fj7N4xKRvwKKBIZoD2I9lUIF5fPynR2ydwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbae9gktoxJt5Uwg4Fj+9N/XSmIMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvSnRwNzJDUzJqRW0zbFRDRGdXUDcwMzlkS1lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABcpWMA0G
CSqGSIb3DQEBCwUAA4IBAQCclQojKZpntBH6AYHni4oY4t9u79F+z7fvknPHKN4E
oO/CqDIZxf12sdTmk+CRAta7ym/QoM+rv4wYkLOZlF/0xz14fr0DjOARHwhA94Jl
o8QHfPA5FbkTqDbYiNHqxDA/aAPwT6O3SiD/d1VnuGMbf38vlWlbvqRAlwftNz3W
lyeNE89//wNdBlIz2nQi7BOtFrpBshmUb7pVRKBjG6h8S4rU9zPCH70Z7dw8eGhO
8LV8WHJtkVnq8SJFIg56Wwi2T+uY6muKK/OV4gj5a8UzcDxthmdkZGbKZ/JZIhsn
luhtYLbBbxewd5vwzbKRpXCwH4L32psIQ3z+nUNePD51
-----END CERTIFICATE-----