This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/JqWUXjWZFVH5k-v8dC19kdE1bW4.roa
File:                     JqWUXjWZFVH5k-v8dC19kdE1bW4.roa (raw, json)
Hash identifier:          ZjMQpopjR2Tu8SMMgr85ma/rq63EeZ11/JURkNvbEcs=
Subject key identifier:   26:A5:94:5E:35:99:15:51:F9:93:EB:FC:74:2D:7D:91:D1:35:6D:6E
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019B8DD7F1BD4967B03991990A6423B5EC86
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/JqWUXjWZFVH5k-v8dC19kdE1bW4.roa
Signing time:             Mon 05 Jan 2026 11:08:18 +0000
ROA not before:           Mon 05 Jan 2026 11:08:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401776
IP address blocks:        163.5.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:8d:d7:f1:bd:49:67:b0:39:91:99:0a:64:23:b5:ec:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  5 11:08:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=26a5945e35991551f993ebfc742d7d91d1356d6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:d8:fc:b3:27:d2:3c:f2:0e:fb:7e:a6:28:64:
                    bb:5f:77:17:92:ee:ed:2d:3d:d1:ff:bf:33:d4:9b:
                    f3:8e:8d:2c:30:fa:79:d6:91:51:23:96:cf:3d:32:
                    4c:00:9a:57:0f:90:2b:1c:da:69:cf:5f:77:2d:56:
                    8a:66:ee:03:21:12:71:62:08:3a:1f:1e:40:10:bc:
                    3c:05:c1:ac:3c:0f:5a:32:9a:1c:f1:41:4c:29:87:
                    7e:2a:f7:09:a8:d1:68:a5:0a:1e:4e:c0:a6:22:1e:
                    03:17:c0:81:5d:78:55:55:41:7f:60:48:6f:f5:ec:
                    bc:74:f3:a9:53:9b:98:78:a5:48:83:a4:c1:fd:14:
                    9d:4e:c7:03:4c:96:e9:d4:2c:37:21:fd:d2:03:11:
                    b9:31:5b:0f:de:1d:ba:cc:78:b3:a5:9d:57:d2:7c:
                    0e:49:b2:11:56:ab:3c:41:41:52:e9:4a:86:3a:b9:
                    45:5a:48:08:87:00:9c:2f:d3:e1:42:98:26:07:46:
                    21:dd:49:79:c1:ad:81:c7:b4:d7:e7:66:e3:c7:a6:
                    c5:46:60:f8:29:ff:c6:e2:66:e9:cb:dc:0f:91:54:
                    a8:d7:c5:2c:00:ed:5a:0f:4d:ae:c3:d0:3e:ee:b0:
                    b6:24:fc:e8:2e:f5:9c:16:96:db:62:e0:05:0d:db:
                    1a:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:A5:94:5E:35:99:15:51:F9:93:EB:FC:74:2D:7D:91:D1:35:6D:6E
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/JqWUXjWZFVH5k-v8dC19kdE1bW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:61:95:72:00:17:e5:d5:a1:ee:03:29:51:44:1a:3e:c8:cf:
         4c:29:88:f4:3f:a1:44:bc:6d:5d:b4:92:0b:a7:6e:33:da:b5:
         73:9d:0f:49:ef:47:cf:3e:f3:8b:14:c7:c1:51:f5:a9:a0:4f:
         a7:ad:d2:7c:f6:6f:82:f7:c6:d1:5b:36:16:cd:29:02:b9:9c:
         77:a6:05:47:83:da:21:79:33:43:91:9b:25:bf:fd:d1:57:db:
         76:22:82:8f:13:44:b6:a0:b8:2a:97:76:59:4c:ff:23:b6:90:
         bf:81:7f:8b:e5:2a:da:e4:32:de:b2:3c:00:34:70:91:02:85:
         4f:1f:7b:eb:52:39:ca:08:a5:ed:30:78:08:fd:d1:cc:8a:24:
         33:1e:15:19:c3:a5:42:b6:43:a4:47:8e:a7:72:31:a9:63:02:
         2c:ac:c7:7d:c9:f1:3f:e7:62:8c:21:b6:78:51:6c:26:c9:06:
         e0:b3:8b:e1:df:06:33:93:92:7d:83:b0:f6:49:bb:ce:70:a3:
         2a:6d:95:a3:2b:ef:0d:aa:ba:a7:41:a9:5d:9e:ce:00:a8:14:
         c2:fd:f7:da:c1:86:9d:4c:dd:17:e1:2d:55:08:0f:8c:86:94:
         e3:b3:cd:f1:b7:82:61:39:98:8d:a6:d9:77:10:a3:13:af:0e:
         22:35:dd:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuN1/G9SWewOZGZCmQjteyGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMTA1MTEwODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmE1OTQ1ZTM1OTkxNTUxZjk5M2ViZmM3NDJkN2Q5MWQxMzU2ZDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0tj8syfSPPIO+36mKGS7X3cXku7t
LT3R/78z1Jvzjo0sMPp51pFRI5bPPTJMAJpXD5ArHNppz193LVaKZu4DIRJxYgg6
Hx5AELw8BcGsPA9aMpoc8UFMKYd+KvcJqNFopQoeTsCmIh4DF8CBXXhVVUF/YEhv
9ey8dPOpU5uYeKVIg6TB/RSdTscDTJbp1Cw3If3SAxG5MVsP3h26zHizpZ1X0nwO
SbIRVqs8QUFS6UqGOrlFWkgIhwCcL9PhQpgmB0Yh3Ul5wa2Bx7TX52bjx6bFRmD4
Kf/G4mbpy9wPkVSo18UsAO1aD02uw9A+7rC2JPzoLvWcFpbbYuAFDdsa8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCallF41mRVR+ZPr/HQtfZHRNW1uMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvSnFXVVhqV1pGVkg1ay12OGRDMTlrZEUxYlc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUmMA0G
CSqGSIb3DQEBCwUAA4IBAQCWYZVyABfl1aHuAylRRBo+yM9MKYj0P6FEvG1dtJIL
p24z2rVznQ9J70fPPvOLFMfBUfWpoE+nrdJ89m+C98bRWzYWzSkCuZx3pgVHg9oh
eTNDkZslv/3RV9t2IoKPE0S2oLgql3ZZTP8jtpC/gX+L5Sra5DLesjwANHCRAoVP
H3vrUjnKCKXtMHgI/dHMiiQzHhUZw6VCtkOkR46ncjGpYwIsrMd9yfE/52KMIbZ4
UWwmyQbgs4vh3wYzk5J9g7D2SbvOcKMqbZWjK+8NqrqnQaldns4AqBTC/ffawYad
TN0X4S1VCA+MhpTjs83xt4JhOZiNptl3EKMTrw4iNd2V
-----END CERTIFICATE-----