This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4ZPUPllcwEmGGbZJNvPzyZef6tc.roa
File:                     4ZPUPllcwEmGGbZJNvPzyZef6tc.roa (raw, json)
Hash identifier:          fX0D887A5Zb0eeJylfNwXk7Z2qiYuaGOzYEIGKvDB9o=
Subject key identifier:   E1:93:D4:3E:59:5C:C0:49:86:19:B6:49:36:F3:F3:C9:97:9F:EA:D7
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019B7E3940359B429538E5BDD242EAF9769F
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4ZPUPllcwEmGGbZJNvPzyZef6tc.roa
Signing time:             Fri 02 Jan 2026 10:20:39 +0000
ROA not before:           Fri 02 Jan 2026 10:20:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215304
IP address blocks:        163.5.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:40:35:9b:42:95:38:e5:bd:d2:42:ea:f9:76:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  2 10:20:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e193d43e595cc0498619b64936f3f3c9979fead7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e2:ce:63:b8:db:40:9c:91:01:53:88:6c:6d:
                    e2:bb:c4:c4:d8:fd:fc:13:be:fb:91:ae:52:d0:fd:
                    9f:ee:d7:a6:74:a6:c7:45:b1:d2:94:c0:27:0b:cf:
                    fe:7e:42:2b:9e:0a:84:2f:e6:51:d6:50:0f:70:af:
                    aa:27:b9:4f:b7:e6:96:04:46:ec:65:d5:b4:54:57:
                    db:5f:e2:bf:9f:63:be:90:f3:c9:da:cf:68:fd:1a:
                    60:0b:b1:32:52:f8:7e:d3:55:1a:8f:5f:5c:f1:c5:
                    d3:33:39:83:e2:70:c2:af:9b:8b:98:3f:98:b3:17:
                    4c:c3:16:ff:2d:d4:98:2e:ae:a1:e0:f0:5d:86:5d:
                    78:11:1f:e1:f7:7a:bc:3a:39:2b:82:59:8c:dc:10:
                    32:cd:87:cc:0a:02:f0:dd:6e:90:1f:d5:7d:86:23:
                    21:23:ed:e4:2b:3d:5a:00:77:9b:db:5d:48:14:d4:
                    8d:3e:0b:3d:c4:bb:46:98:c6:62:0a:7e:86:95:f0:
                    0e:7e:15:2e:46:13:5c:3f:6d:83:9c:6e:97:e8:06:
                    dc:b5:eb:92:7b:e9:50:99:5b:d8:34:fd:67:20:9f:
                    cf:08:c5:28:31:08:d1:8e:e7:3d:7c:bd:14:9b:32:
                    fe:11:b4:bd:49:57:c5:5c:26:04:29:fc:1a:05:f2:
                    22:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:93:D4:3E:59:5C:C0:49:86:19:B6:49:36:F3:F3:C9:97:9F:EA:D7
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/4ZPUPllcwEmGGbZJNvPzyZef6tc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:3c:5a:64:52:5c:c7:a5:ba:5d:2d:63:d0:4a:1f:ee:e3:f3:
         b0:ce:65:68:ba:75:9a:25:d8:8b:2a:62:2f:55:1c:92:be:db:
         33:70:ac:75:90:3f:7c:d7:ae:47:d4:f5:df:90:46:cb:7c:9b:
         20:ed:fe:31:e2:59:72:e5:b6:a6:c3:44:0d:d3:46:7f:79:49:
         b2:22:b5:71:e9:3e:74:84:b7:49:06:bb:0d:8a:f1:93:64:0a:
         0e:46:38:78:66:6d:19:78:1d:9f:30:1a:97:33:b5:25:13:1c:
         aa:63:50:57:fa:64:f6:65:30:84:21:c2:6b:ae:49:30:c1:f2:
         bb:cf:bb:a4:71:80:c6:fb:3f:16:ce:b4:49:4b:a6:74:81:c0:
         6f:7e:b2:07:46:36:89:b4:69:26:86:6a:d3:12:bd:71:f4:1d:
         d7:d5:fe:1d:23:91:f8:c6:82:a2:77:50:64:fa:1c:b1:ae:fa:
         62:db:9a:51:9e:65:37:b3:32:8b:02:f6:a5:5b:cb:a9:cb:94:
         97:36:28:e4:4e:1d:32:db:e6:a2:c5:2c:be:32:c2:1f:ce:67:
         a8:65:2a:3a:9f:3c:34:b5:a0:c3:64:6f:fa:27:22:59:28:ef:
         9e:e7:34:99:99:a1:7e:c2:9a:b4:fc:20:9b:12:d2:55:c2:3a:
         48:c2:5d:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OUA1m0KVOOW90kLq+XafMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMTAyMTAyMDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTkzZDQzZTU5NWNjMDQ5ODYxOWI2NDkzNmYzZjNjOTk3OWZlYWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuLOY7jbQJyRAVOIbG3iu8TE2P38
E777ka5S0P2f7temdKbHRbHSlMAnC8/+fkIrngqEL+ZR1lAPcK+qJ7lPt+aWBEbs
ZdW0VFfbX+K/n2O+kPPJ2s9o/RpgC7EyUvh+01Uaj19c8cXTMzmD4nDCr5uLmD+Y
sxdMwxb/LdSYLq6h4PBdhl14ER/h93q8OjkrglmM3BAyzYfMCgLw3W6QH9V9hiMh
I+3kKz1aAHeb211IFNSNPgs9xLtGmMZiCn6GlfAOfhUuRhNcP22DnG6X6AbcteuS
e+lQmVvYNP1nIJ/PCMUoMQjRjuc9fL0UmzL+EbS9SVfFXCYEKfwaBfIiSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOGT1D5ZXMBJhhm2STbz88mXn+rXMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvNFpQVVBsbGN3RW1HR2JaSk52UHp5WmVmNnRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXlMA0G
CSqGSIb3DQEBCwUAA4IBAQCmPFpkUlzHpbpdLWPQSh/u4/OwzmVounWaJdiLKmIv
VRySvtszcKx1kD98165H1PXfkEbLfJsg7f4x4lly5bamw0QN00Z/eUmyIrVx6T50
hLdJBrsNivGTZAoORjh4Zm0ZeB2fMBqXM7UlExyqY1BX+mT2ZTCEIcJrrkkwwfK7
z7ukcYDG+z8WzrRJS6Z0gcBvfrIHRjaJtGkmhmrTEr1x9B3X1f4dI5H4xoKid1Bk
+hyxrvpi25pRnmU3szKLAvalW8upy5SXNijkTh0y2+aixSy+MsIfzmeoZSo6nzw0
taDDZG/6JyJZKO+e5zSZmaF+wpq0/CCbEtJVwjpIwl1d
-----END CERTIFICATE-----