This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/GJczxOSMLT1bw-XCmULbiVm73xk.roa
File:                     GJczxOSMLT1bw-XCmULbiVm73xk.roa (raw, json)
Hash identifier:          JXMeBdLqU+fpNrcQIPnzOL67+6kxK/a/3E5lMIF2buc=
Subject key identifier:   18:97:33:C4:E4:8C:2D:3D:5B:C3:E5:C2:99:42:DB:89:59:BB:DF:19
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019B7E394994F73CEBB46EE827CF8EF62CE4
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/GJczxOSMLT1bw-XCmULbiVm73xk.roa
Signing time:             Fri 02 Jan 2026 10:20:42 +0000
ROA not before:           Fri 02 Jan 2026 10:20:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401322
IP address blocks:        163.5.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:49:94:f7:3c:eb:b4:6e:e8:27:cf:8e:f6:2c:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  2 10:20:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=189733c4e48c2d3d5bc3e5c29942db8959bbdf19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:83:8c:90:02:e5:4d:ab:a7:a1:6e:fd:96:e9:
                    32:f3:ee:7d:09:e4:94:aa:44:f1:8f:06:d2:79:99:
                    dd:c8:e0:26:79:ef:e7:46:97:ce:d6:2d:94:2f:cc:
                    6b:ff:09:f4:95:ce:d1:90:63:59:07:9d:40:4e:50:
                    aa:96:a9:67:4a:dc:19:bd:20:97:c7:ec:a7:45:45:
                    08:00:94:04:7a:aa:1c:44:cb:eb:2a:83:59:d0:e7:
                    81:b4:74:7a:e1:7e:f1:f0:37:f8:ce:44:f6:90:96:
                    a8:3f:0c:8a:78:6c:1d:d5:14:1b:18:3b:e7:2b:d9:
                    3f:e2:ec:19:30:6f:b9:19:a0:39:94:94:02:78:f3:
                    53:db:96:c4:aa:0b:8d:e9:ba:52:f2:ac:1e:61:db:
                    8a:f6:c8:5f:ea:cc:11:70:63:0d:0d:10:04:56:ee:
                    7d:2d:f1:db:cb:bf:4e:44:3d:e9:9e:f1:3d:a7:d5:
                    45:e8:8c:55:15:34:43:ee:96:dd:b5:14:ef:13:1c:
                    cf:4f:f6:8b:d3:0b:db:25:ac:95:2a:bc:bb:b1:f7:
                    01:42:77:fa:a2:12:90:38:03:77:54:13:91:23:fe:
                    a0:2f:01:ad:1f:36:43:27:2d:89:20:c3:b3:cd:f2:
                    0b:d4:ca:3c:9d:b0:a6:c1:7f:4d:5d:a1:f8:7d:b8:
                    4b:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:97:33:C4:E4:8C:2D:3D:5B:C3:E5:C2:99:42:DB:89:59:BB:DF:19
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/GJczxOSMLT1bw-XCmULbiVm73xk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:a2:7e:26:8f:33:d5:0e:10:61:c5:e1:7d:f4:7c:69:3b:c1:
         62:9f:e4:ed:d9:33:aa:f8:2f:c3:bd:61:4c:58:77:6c:18:b0:
         0f:cd:70:79:6c:92:0f:fb:16:13:9b:0b:c3:5f:4b:a6:6d:89:
         9e:9c:ba:36:9c:a6:08:5d:bd:65:24:e6:61:71:98:6b:2e:07:
         5b:0a:31:ad:ac:79:f8:ec:42:7f:1a:e4:d1:ee:2c:0d:05:18:
         bc:43:cc:bb:a1:db:a4:a1:8c:62:90:b3:45:39:b9:af:b0:1f:
         a8:0f:79:96:c9:f6:54:15:30:b4:cc:b7:0e:57:56:d5:08:89:
         95:94:ce:98:a2:26:ed:1d:5c:58:b0:0e:87:90:e4:62:3b:99:
         9d:72:1a:bb:52:bb:c7:32:bb:26:cc:24:09:43:c5:b1:db:e3:
         f0:9c:14:fa:cc:88:81:9d:ac:48:33:ea:53:db:47:9e:3d:02:
         78:bf:6b:4a:0d:9e:ff:67:c0:0b:be:86:14:ee:41:7d:fc:7b:
         bf:dc:01:42:64:ea:1d:0b:87:34:30:43:18:03:86:cc:57:d3:
         0b:c8:e3:c3:95:d1:29:5e:4b:0a:a5:54:2b:8b:8d:a3:b4:a7:
         2d:51:47:17:e2:a6:51:a1:b8:ad:13:5c:98:7c:3d:95:0b:b7:
         8b:da:2f:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OUmU9zzrtG7oJ8+O9izkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMTAyMTAyMDQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODk3MzNjNGU0OGMyZDNkNWJjM2U1YzI5OTQyZGI4OTU5YmJkZjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYOMkALlTaunoW79luky8+59CeSU
qkTxjwbSeZndyOAmee/nRpfO1i2UL8xr/wn0lc7RkGNZB51ATlCqlqlnStwZvSCX
x+ynRUUIAJQEeqocRMvrKoNZ0OeBtHR64X7x8Df4zkT2kJaoPwyKeGwd1RQbGDvn
K9k/4uwZMG+5GaA5lJQCePNT25bEqguN6bpS8qweYduK9shf6swRcGMNDRAEVu59
LfHby79ORD3pnvE9p9VF6IxVFTRD7pbdtRTvExzPT/aL0wvbJayVKry7sfcBQnf6
ohKQOAN3VBORI/6gLwGtHzZDJy2JIMOzzfIL1Mo8nbCmwX9NXaH4fbhLYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBiXM8TkjC09W8PlwplC24lZu98ZMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvR0pjenhPU01MVDFidy1YQ21VTGJpVm03M3hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUvMA0G
CSqGSIb3DQEBCwUAA4IBAQBzon4mjzPVDhBhxeF99HxpO8Fin+Tt2TOq+C/DvWFM
WHdsGLAPzXB5bJIP+xYTmwvDX0umbYmenLo2nKYIXb1lJOZhcZhrLgdbCjGtrHn4
7EJ/GuTR7iwNBRi8Q8y7odukoYxikLNFObmvsB+oD3mWyfZUFTC0zLcOV1bVCImV
lM6YoibtHVxYsA6HkORiO5mdchq7UrvHMrsmzCQJQ8Wx2+PwnBT6zIiBnaxIM+pT
20eePQJ4v2tKDZ7/Z8ALvoYU7kF9/Hu/3AFCZOodC4c0MEMYA4bMV9MLyOPDldEp
XksKpVQri42jtKctUUcX4qZRobitE1yYfD2VC7eL2i/w
-----END CERTIFICATE-----