This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/J9i8-0fFMT2YAOPdoDUnKGLlgRc.roa
File:                     J9i8-0fFMT2YAOPdoDUnKGLlgRc.roa (raw, json)
Hash identifier:          0VRUyhOXmg5Jf/rUufju36qC0dQqhsRlS8ou/AfT4LQ=
Subject key identifier:   27:D8:BC:FB:47:C5:31:3D:98:00:E3:DD:A0:35:27:28:62:E5:81:17
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019B7E393D7697C476B82FD5A8CA6B050C6C
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/J9i8-0fFMT2YAOPdoDUnKGLlgRc.roa
Signing time:             Fri 02 Jan 2026 10:20:39 +0000
ROA not before:           Fri 02 Jan 2026 10:20:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214143
IP address blocks:        163.5.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:3d:76:97:c4:76:b8:2f:d5:a8:ca:6b:05:0c:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  2 10:20:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=27d8bcfb47c5313d9800e3dda035272862e58117
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:1c:d5:bb:93:90:7e:d6:ba:61:41:5a:2f:0f:
                    c5:31:00:67:b3:a4:22:9b:b8:ca:74:63:dc:1b:38:
                    2d:34:ab:b6:11:ae:ce:ab:6b:68:38:c4:06:59:b7:
                    12:ee:e0:dc:3c:4c:b6:70:da:c1:9e:df:43:fc:44:
                    a8:5a:23:25:37:25:3d:86:4c:6b:cb:d8:80:66:72:
                    82:d3:83:d9:81:9c:63:8b:8f:13:83:dd:93:03:0c:
                    29:27:0e:c5:c9:2c:e0:05:86:d3:81:1a:c9:48:e9:
                    47:96:d0:1e:12:3d:a6:f5:4e:85:85:67:73:4e:53:
                    77:86:65:76:f6:9c:af:8b:cf:38:f7:ec:59:ef:25:
                    59:08:9c:d1:f1:f0:f7:3f:bc:ee:a8:54:cb:fa:cc:
                    d3:ad:56:cc:fe:f0:c6:cd:a4:8a:bc:21:b3:b4:08:
                    2d:6b:94:e7:3d:d2:8b:7b:81:22:bf:72:49:7f:63:
                    dc:08:17:bf:84:0e:41:1f:f9:2b:8a:ed:36:bf:84:
                    96:80:3f:52:1c:3e:cc:81:be:72:a9:a0:f9:55:9e:
                    73:41:42:09:4b:04:ef:d9:0c:99:e4:2f:b2:1d:8b:
                    0a:71:a5:85:b8:34:9a:84:d6:d0:d9:d4:c2:9a:64:
                    12:fc:60:45:28:7c:50:a2:ce:83:08:29:c2:b9:5b:
                    30:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:D8:BC:FB:47:C5:31:3D:98:00:E3:DD:A0:35:27:28:62:E5:81:17
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/J9i8-0fFMT2YAOPdoDUnKGLlgRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:c7:de:9e:f4:be:fe:65:5e:64:50:fa:3b:3a:57:8c:5c:4a:
         a1:7b:2b:23:de:b9:32:3a:5b:b0:fb:fa:78:e6:0c:8c:cb:27:
         f9:eb:21:ac:bc:1d:fe:9a:82:48:43:88:0d:69:54:ed:97:86:
         96:95:24:78:72:75:ad:34:a7:da:38:ad:83:97:1b:62:28:0c:
         0e:71:22:02:92:0e:43:5f:aa:5c:b4:12:89:8b:84:08:a5:4e:
         3a:c1:58:ac:4d:51:39:fa:2e:e9:4f:65:f4:b5:05:14:b6:5f:
         57:9f:43:02:ea:0f:e1:b6:01:1b:d1:60:82:64:63:16:88:58:
         0b:41:72:22:2d:84:0c:f0:68:7e:b8:f8:08:a2:b2:70:e3:65:
         44:32:4e:cd:33:07:b8:a7:ff:c2:4e:20:9f:9e:77:29:83:9e:
         0b:f0:49:84:df:25:e6:e5:50:82:b1:50:48:97:75:4f:06:93:
         a0:cd:7b:61:05:22:6a:84:bd:2e:d9:d7:19:08:d1:39:63:6a:
         0c:eb:c8:ba:26:19:22:4b:15:4b:4e:e6:0b:9b:03:64:91:14:
         30:7b:5d:a9:88:d4:7f:4c:bf:76:8e:65:62:65:b8:8d:da:94:
         27:bf:bd:8c:65:2b:ba:b3:1c:25:97:78:6f:be:33:47:8d:88:
         f9:94:ca:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OT12l8R2uC/VqMprBQxsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMTAyMTAyMDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2Q4YmNmYjQ3YzUzMTNkOTgwMGUzZGRhMDM1MjcyODYyZTU4MTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRzVu5OQfta6YUFaLw/FMQBns6Qi
m7jKdGPcGzgtNKu2Ea7Oq2toOMQGWbcS7uDcPEy2cNrBnt9D/ESoWiMlNyU9hkxr
y9iAZnKC04PZgZxji48Tg92TAwwpJw7FySzgBYbTgRrJSOlHltAeEj2m9U6FhWdz
TlN3hmV29pyvi8849+xZ7yVZCJzR8fD3P7zuqFTL+szTrVbM/vDGzaSKvCGztAgt
a5TnPdKLe4Eiv3JJf2PcCBe/hA5BH/kriu02v4SWgD9SHD7Mgb5yqaD5VZ5zQUIJ
SwTv2QyZ5C+yHYsKcaWFuDSahNbQ2dTCmmQS/GBFKHxQos6DCCnCuVswqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCfYvPtHxTE9mADj3aA1Jyhi5YEXMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvSjlpOC0wZkZNVDJZQU9QZG9EVW5LR0xsZ1JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUjMA0G
CSqGSIb3DQEBCwUAA4IBAQAQx96e9L7+ZV5kUPo7OleMXEqheysj3rkyOluw+/p4
5gyMyyf56yGsvB3+moJIQ4gNaVTtl4aWlSR4cnWtNKfaOK2DlxtiKAwOcSICkg5D
X6pctBKJi4QIpU46wVisTVE5+i7pT2X0tQUUtl9Xn0MC6g/htgEb0WCCZGMWiFgL
QXIiLYQM8Gh+uPgIorJw42VEMk7NMwe4p//CTiCfnncpg54L8EmE3yXm5VCCsVBI
l3VPBpOgzXthBSJqhL0u2dcZCNE5Y2oM68i6JhkiSxVLTuYLmwNkkRQwe12piNR/
TL92jmViZbiN2pQnv72MZSu6sxwll3hvvjNHjYj5lMpD
-----END CERTIFICATE-----