This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/0BfNXiDldo_liimaTypuMTcMOSA.roa
File:                     0BfNXiDldo_liimaTypuMTcMOSA.roa (raw, json)
Hash identifier:          qvgGIW8CiOWBIcpNa0moqJ+GSYLQ2vJbJF4fgORjC18=
Subject key identifier:   D0:17:CD:5E:20:E5:76:8F:E5:8A:29:9A:4F:2A:6E:31:37:0C:39:20
Certificate issuer:       /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial:       019B7A5B2C9DEDFFB69BCF2EF477DCF9ACE5
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/0BfNXiDldo_liimaTypuMTcMOSA.roa
Signing time:             Thu 01 Jan 2026 16:19:13 +0000
ROA not before:           Thu 01 Jan 2026 16:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     174
IP address blocks:        163.171.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:2c:9d:ed:ff:b6:9b:cf:2e:f4:77:dc:f9:ac:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
        Validity
            Not Before: Jan  1 16:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d017cd5e20e5768fe58a299a4f2a6e31370c3920
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b4:d3:47:e9:1f:9b:d9:62:29:b9:ff:b0:89:
                    15:53:79:f3:fb:3c:a5:61:6e:6b:5e:2b:92:49:87:
                    85:5d:45:3d:dd:f1:a9:41:8d:f8:be:63:0e:cc:da:
                    02:59:04:60:80:8f:da:88:98:d7:5b:ff:34:52:18:
                    31:6b:66:56:8f:43:b3:be:a4:f8:42:50:3b:47:22:
                    8e:cf:0b:ec:45:b3:1d:cd:00:c3:e0:da:3c:ed:51:
                    cc:3f:16:96:81:bd:94:cd:9c:79:df:79:bb:8f:13:
                    db:4a:64:00:15:06:56:93:33:e7:52:04:02:e0:48:
                    a8:2e:39:3e:d3:ab:c2:6e:3c:65:08:96:7b:ce:19:
                    6a:c3:4a:ed:9a:dd:75:b9:47:ec:09:5d:28:06:03:
                    a7:29:85:f8:a0:c9:6f:d5:34:16:85:b4:1f:17:25:
                    5b:e7:78:1b:39:99:82:54:65:3c:88:3d:ea:da:26:
                    b2:8a:04:23:1d:a2:c9:42:4e:f8:4d:5e:04:45:6d:
                    ff:a8:6e:59:e6:d4:c2:08:cf:7b:13:a7:e0:9a:c4:
                    fb:89:d7:ad:03:f4:28:06:1a:2c:0d:96:5c:2b:43:
                    99:c9:16:bf:d8:6a:87:b6:47:4a:e5:a4:c4:94:02:
                    33:e6:50:3f:f2:94:4d:6b:af:58:f1:d7:88:8f:60:
                    88:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:17:CD:5E:20:E5:76:8F:E5:8A:29:9A:4F:2A:6E:31:37:0C:39:20
            X509v3 Authority Key Identifier:
                keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/0BfNXiDldo_liimaTypuMTcMOSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.171.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:41:d5:95:43:5f:09:1e:97:d7:43:6f:1e:df:58:63:1d:10:
         c1:85:83:8f:05:f5:cf:12:5d:e7:20:ed:58:cb:aa:33:e9:ab:
         7f:b6:40:10:b4:e1:0b:37:8c:3d:a2:59:ba:1f:3c:54:39:f6:
         d5:c4:6c:7d:bb:a5:ca:46:57:9d:63:71:c7:25:fd:b9:9e:39:
         e0:a4:a4:09:23:04:5b:5b:92:79:c6:ab:42:88:dd:7a:69:c9:
         33:06:7d:84:ce:c8:9c:72:41:d1:54:df:01:21:98:b6:2e:6e:
         5f:5d:93:b4:85:f9:a4:21:e7:78:ba:e0:f1:a2:e8:81:9f:e5:
         f4:4a:81:22:f9:13:09:1c:f5:49:76:81:27:da:cf:18:12:a4:
         57:6b:85:69:95:a6:7d:b3:9f:85:6a:bf:07:bc:8f:3c:6f:3f:
         9f:d7:4d:66:c2:a4:b8:bd:72:91:f2:d8:e9:61:66:6b:bd:c7:
         99:f7:06:b4:27:6f:9a:2e:6e:7b:80:ae:e4:78:4a:74:b9:3c:
         52:37:51:f2:38:1f:72:a3:e4:f7:40:36:3b:49:f1:20:53:a2:
         97:55:e3:ed:31:c7:ad:dd:c5:e4:e6:a4:2d:fb:ed:34:87:6f:
         2b:62:7c:ac:84:49:e5:9e:b9:1e:1a:5c:a3:70:51:53:56:45:
         9d:89:2f:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Wyyd7f+2m88u9Hfc+azlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjYwMTAxMTYxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDE3Y2Q1ZTIwZTU3NjhmZTU4YTI5OWE0ZjJhNmUzMTM3MGMzOTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLTTR+kfm9liKbn/sIkVU3nz+zyl
YW5rXiuSSYeFXUU93fGpQY34vmMOzNoCWQRggI/aiJjXW/80Uhgxa2ZWj0OzvqT4
QlA7RyKOzwvsRbMdzQDD4No87VHMPxaWgb2UzZx533m7jxPbSmQAFQZWkzPnUgQC
4EioLjk+06vCbjxlCJZ7zhlqw0rtmt11uUfsCV0oBgOnKYX4oMlv1TQWhbQfFyVb
53gbOZmCVGU8iD3q2iayigQjHaLJQk74TV4ERW3/qG5Z5tTCCM97E6fgmsT7idet
A/QoBhosDZZcK0OZyRa/2GqHtkdK5aTElAIz5lA/8pRNa69Y8deIj2CICQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNAXzV4g5XaP5Yopmk8qbjE3DDkgMB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvMEJmTlhpRGxkb19saWltYVR5cHVNVGNNT1NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAo6tZMA0G
CSqGSIb3DQEBCwUAA4IBAQCdQdWVQ18JHpfXQ28e31hjHRDBhYOPBfXPEl3nIO1Y
y6oz6at/tkAQtOELN4w9olm6HzxUOfbVxGx9u6XKRledY3HHJf25njngpKQJIwRb
W5J5xqtCiN16ackzBn2EzsicckHRVN8BIZi2Lm5fXZO0hfmkIed4uuDxouiBn+X0
SoEi+RMJHPVJdoEn2s8YEqRXa4VplaZ9s5+Far8HvI88bz+f101mwqS4vXKR8tjp
YWZrvceZ9wa0J2+aLm57gK7keEp0uTxSN1HyOB9yo+T3QDY7SfEgU6KXVePtMcet
3cXk5qQt++00h28rYnyshEnlnrkeGlyjcFFTVkWdiS/K
-----END CERTIFICATE-----