This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/MAhbKgRlvoF4_D9KUePJuDoAmS4.roa
File:                     MAhbKgRlvoF4_D9KUePJuDoAmS4.roa (raw, json)
Hash identifier:          ZxoAbFForFx0WnVahVEJoAAhiXTlHQB8gaScqzkZ4UU=
Subject key identifier:   30:08:5B:2A:04:65:BE:81:78:FC:3F:4A:51:E3:C9:B8:3A:00:99:2E
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       019B7AC7946C6FD36DB92E960D2A6067234B
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/MAhbKgRlvoF4_D9KUePJuDoAmS4.roa
Signing time:             Thu 01 Jan 2026 18:17:38 +0000
ROA not before:           Thu 01 Jan 2026 18:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60138
IP address blocks:        5.202.88.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:94:6c:6f:d3:6d:b9:2e:96:0d:2a:60:67:23:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 18:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=30085b2a0465be8178fc3f4a51e3c9b83a00992e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:e2:8e:15:00:15:64:f5:a3:6e:cd:4a:76:96:
                    8d:c8:20:37:f4:02:cb:5f:b8:60:44:05:f7:75:90:
                    64:5a:8e:e3:66:e5:a7:28:79:8e:e0:12:7c:48:6e:
                    77:fe:c5:82:1f:3c:22:98:9d:37:c8:49:6f:ee:44:
                    90:15:a6:0e:63:3b:c4:fa:cc:a4:b1:9b:db:1a:d8:
                    aa:f3:30:fc:0c:ea:ed:c9:b3:0c:4d:cc:9e:cf:fe:
                    34:9f:3e:89:2e:e9:cd:64:5e:fa:55:30:17:11:08:
                    7d:d1:9b:2e:e6:0f:c8:3a:7e:2d:1b:79:80:94:39:
                    16:05:84:5d:8b:c1:ea:49:0f:ad:aa:1e:cb:39:bf:
                    1e:d3:c7:95:a3:c9:de:f0:d0:0b:b8:8d:db:e2:8d:
                    1a:b3:5b:a9:a3:75:30:ef:d4:6b:da:b0:20:23:4d:
                    b5:3b:15:16:86:94:6f:a7:88:bb:a0:3f:40:82:83:
                    73:f1:57:7d:66:0e:c4:ea:0a:59:7b:12:ab:9a:0f:
                    c5:2a:d0:64:ae:a0:b9:67:48:38:e6:a2:e1:98:7f:
                    10:77:a8:5c:c6:b5:51:f6:16:e2:d2:92:d9:4b:6d:
                    d4:42:39:ec:c5:7b:3b:fa:0d:eb:db:d1:c8:c9:ce:
                    79:13:f6:48:e2:8b:85:98:4b:2c:4f:d6:a6:9d:41:
                    8f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:08:5B:2A:04:65:BE:81:78:FC:3F:4A:51:E3:C9:B8:3A:00:99:2E
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/MAhbKgRlvoF4_D9KUePJuDoAmS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.202.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:88:d8:6f:29:81:9c:08:42:4c:c1:1e:89:3d:f6:b4:a6:48:
         45:5e:17:8e:59:c5:38:f2:4c:3e:ad:68:cb:19:f5:0d:f7:bf:
         9b:b9:e3:33:81:0a:b4:87:cf:88:26:c2:95:cf:e6:4d:e7:95:
         b0:52:1b:b6:45:a1:5b:3f:26:63:29:9b:80:d0:6d:13:c5:a3:
         a9:1c:55:b8:c8:22:f1:67:5d:6f:1b:6d:bb:2b:6c:aa:97:18:
         93:6c:ec:bd:dd:f8:40:2b:91:ff:77:24:6c:87:38:f2:a3:c5:
         e4:7f:d2:ac:e9:89:11:d3:47:80:9c:a5:32:25:17:f3:28:34:
         a3:54:a7:9c:b4:64:38:b9:f3:ef:a1:2a:ff:19:45:72:22:2f:
         e4:7d:a8:5f:34:6d:b0:7d:0c:84:21:b7:d2:e1:ef:5e:08:e2:
         e0:62:23:99:30:75:55:66:74:d4:db:44:01:d2:25:bf:b0:20:
         51:68:d0:2a:01:1c:9e:3b:23:8f:ef:b3:af:13:60:11:fc:d0:
         61:86:1a:39:3f:7f:9c:42:1b:47:f3:b5:bd:c5:c5:1e:dc:61:
         ec:a7:40:dd:dc:9f:93:86:23:19:26:5b:bb:ab:8b:77:fd:1d:
         f1:92:07:45:13:0e:7f:2b:5c:6b:06:49:01:4d:3e:2d:24:b1:
         8f:74:46:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x5Rsb9NtuS6WDSpgZyNLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjYwMTAxMTgxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDA4NWIyYTA0NjViZTgxNzhmYzNmNGE1MWUzYzliODNhMDA5OTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0uKOFQAVZPWjbs1KdpaNyCA39ALL
X7hgRAX3dZBkWo7jZuWnKHmO4BJ8SG53/sWCHzwimJ03yElv7kSQFaYOYzvE+syk
sZvbGtiq8zD8DOrtybMMTcyez/40nz6JLunNZF76VTAXEQh90Zsu5g/IOn4tG3mA
lDkWBYRdi8HqSQ+tqh7LOb8e08eVo8ne8NALuI3b4o0as1upo3Uw79Rr2rAgI021
OxUWhpRvp4i7oD9AgoNz8Vd9Zg7E6gpZexKrmg/FKtBkrqC5Z0g45qLhmH8Qd6hc
xrVR9hbi0pLZS23UQjnsxXs7+g3r29HIyc55E/ZI4ouFmEssT9amnUGPjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAIWyoEZb6BePw/SlHjybg6AJkuMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvTUFoYktnUmx2b0Y0X0Q5S1VlUEp1RG9BbVM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBcpYMA0G
CSqGSIb3DQEBCwUAA4IBAQBPiNhvKYGcCEJMwR6JPfa0pkhFXheOWcU48kw+rWjL
GfUN97+bueMzgQq0h8+IJsKVz+ZN55WwUhu2RaFbPyZjKZuA0G0TxaOpHFW4yCLx
Z11vG227K2yqlxiTbOy93fhAK5H/dyRshzjyo8Xkf9Ks6YkR00eAnKUyJRfzKDSj
VKectGQ4ufPvoSr/GUVyIi/kfahfNG2wfQyEIbfS4e9eCOLgYiOZMHVVZnTU20QB
0iW/sCBRaNAqARyeOyOP77OvE2AR/NBhhho5P3+cQhtH87W9xcUe3GHsp0Dd3J+T
hiMZJlu7q4t3/R3xkgdFEw5/K1xrBkkBTT4tJLGPdEbe
-----END CERTIFICATE-----