This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/CxslT-2o__ASqzTJQ8lVkIfocro.roa
File:                     CxslT-2o__ASqzTJQ8lVkIfocro.roa (raw, json)
Hash identifier:          /S3c56MEdoYnrJ5Ixq1L5l/DTEXYKSbhJtuQSUjdc/I=
Subject key identifier:   0B:1B:25:4F:ED:A8:FF:F0:12:AB:34:C9:43:C9:55:90:87:E8:72:BA
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019B7E392DDCDDEDEFFBB767112D192488D4
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/CxslT-2o__ASqzTJQ8lVkIfocro.roa
Signing time:             Fri 02 Jan 2026 10:20:35 +0000
ROA not before:           Fri 02 Jan 2026 10:20:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153786
IP address blocks:        163.5.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 00:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:2d:dc:dd:ed:ef:fb:b7:67:11:2d:19:24:88:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  2 10:20:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b1b254feda8fff012ab34c943c9559087e872ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:a6:e8:cb:d4:cf:b0:a7:51:aa:aa:96:be:66:
                    7c:ac:16:00:2f:69:1f:ca:15:67:f1:03:6c:b5:b1:
                    7e:d7:11:e5:64:5c:80:43:12:2a:ba:7f:ed:cd:46:
                    fc:12:75:5d:c9:03:1e:e7:56:38:10:8f:4b:0f:0a:
                    54:aa:03:f7:52:b6:6d:25:81:fb:40:65:10:77:12:
                    87:c7:1a:22:5c:a0:3a:2b:e4:57:5c:18:1f:02:3b:
                    95:7a:b4:62:f8:6f:ca:4e:97:ab:3d:0b:94:45:08:
                    dc:2d:f8:4e:42:88:e1:bd:3f:9f:b0:2d:21:c6:70:
                    33:ea:54:d2:7f:47:b5:3c:bc:d4:23:c9:c5:7c:41:
                    45:ca:eb:f9:48:01:98:8d:e4:bf:42:49:7b:4c:f1:
                    96:88:e5:5a:73:e9:41:61:3b:c5:5a:2d:ea:94:9b:
                    e0:3a:b6:6b:3c:9e:84:d1:f9:ba:de:d7:1b:81:5d:
                    26:0d:4a:7f:f8:a3:3e:8f:23:0f:b0:8a:42:e5:42:
                    fe:6f:56:86:ec:5f:95:4f:a3:29:4f:63:b2:a3:cb:
                    b6:7d:23:8c:e7:13:6c:34:9a:48:74:b3:6d:3e:e3:
                    3f:d2:df:bb:8e:e7:74:5b:4f:5e:37:d0:fc:24:95:
                    0b:50:87:c1:ba:a3:d2:82:53:b8:01:8a:7a:f2:a4:
                    af:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:1B:25:4F:ED:A8:FF:F0:12:AB:34:C9:43:C9:55:90:87:E8:72:BA
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/CxslT-2o__ASqzTJQ8lVkIfocro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:08:5d:78:e9:2e:0b:f9:ab:35:6f:a5:02:34:d9:4a:ed:4b:
         28:22:73:3a:28:c2:87:4a:aa:66:84:4f:2f:fe:eb:10:e2:8d:
         53:46:3c:8c:ae:1f:21:c5:cf:a9:03:7b:bf:70:70:a0:ff:b7:
         47:43:cf:12:82:08:fe:9b:aa:a3:d6:3d:23:61:eb:ce:41:e1:
         22:bc:09:f6:86:6c:c6:91:5f:1c:7f:e2:10:86:ce:77:2a:1d:
         d5:1a:c6:ac:5c:81:14:14:e3:ee:9b:9d:a1:9b:96:53:11:5c:
         ab:01:aa:fe:1a:75:a7:5e:51:2e:0c:fb:ac:0a:7d:4d:da:cd:
         2f:61:8e:2a:a8:32:73:6a:69:51:7e:77:b9:89:ca:c4:37:50:
         b7:45:a1:f9:e4:d3:6e:4c:da:cb:ce:10:98:f8:61:1b:11:8a:
         fc:fd:54:cb:20:6e:c6:05:12:4e:04:77:d0:f8:4b:bd:9c:03:
         e0:6a:3c:37:51:16:5d:5b:81:d1:d7:48:6b:7c:c3:4f:46:c3:
         d1:2f:ff:8e:78:a9:d7:9d:3c:df:09:e1:e7:62:46:74:3f:ef:
         91:28:a3:35:85:65:39:04:a0:72:03:fd:80:45:bd:d3:d1:4e:
         6e:7b:0b:e7:2c:fb:0b:27:94:62:ce:19:c7:ca:24:71:6f:c4:
         c5:0e:07:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OS3c3e3v+7dnES0ZJIjUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMTAyMTAyMDM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjFiMjU0ZmVkYThmZmYwMTJhYjM0Yzk0M2M5NTU5MDg3ZTg3MmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqboy9TPsKdRqqqWvmZ8rBYAL2kf
yhVn8QNstbF+1xHlZFyAQxIqun/tzUb8EnVdyQMe51Y4EI9LDwpUqgP3UrZtJYH7
QGUQdxKHxxoiXKA6K+RXXBgfAjuVerRi+G/KTperPQuURQjcLfhOQojhvT+fsC0h
xnAz6lTSf0e1PLzUI8nFfEFFyuv5SAGYjeS/Qkl7TPGWiOVac+lBYTvFWi3qlJvg
OrZrPJ6E0fm63tcbgV0mDUp/+KM+jyMPsIpC5UL+b1aG7F+VT6MpT2Oyo8u2fSOM
5xNsNJpIdLNtPuM/0t+7jud0W09eN9D8JJULUIfBuqPSglO4AYp68qSvXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAsbJU/tqP/wEqs0yUPJVZCH6HK6MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvQ3hzbFQtMm9fX0FTcXpUSlE4bFZrSWZvY3JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXRMA0G
CSqGSIb3DQEBCwUAA4IBAQBVCF146S4L+as1b6UCNNlK7UsoInM6KMKHSqpmhE8v
/usQ4o1TRjyMrh8hxc+pA3u/cHCg/7dHQ88Sggj+m6qj1j0jYevOQeEivAn2hmzG
kV8cf+IQhs53Kh3VGsasXIEUFOPum52hm5ZTEVyrAar+GnWnXlEuDPusCn1N2s0v
YY4qqDJzamlRfne5icrEN1C3RaH55NNuTNrLzhCY+GEbEYr8/VTLIG7GBRJOBHfQ
+Eu9nAPgajw3URZdW4HR10hrfMNPRsPRL/+OeKnXnTzfCeHnYkZ0P++RKKM1hWU5
BKByA/2ARb3T0U5uewvnLPsLJ5RizhnHyiRxb8TFDgcB
-----END CERTIFICATE-----