This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/KiEx-Ys8iQr5aSjr-HfGgKb0JlY.roa
File:                     KiEx-Ys8iQr5aSjr-HfGgKb0JlY.roa (raw, json)
Hash identifier:          2trJF0g4TvKwZANZX2+8w9hdZgsLbZqhO59u9NDmabU=
Subject key identifier:   2A:21:31:F9:8B:3C:89:0A:F9:69:28:EB:F8:77:C6:80:A6:F4:26:56
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019B7E3945814F1E8C15CEA96E7F428DED4B
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/KiEx-Ys8iQr5aSjr-HfGgKb0JlY.roa
Signing time:             Fri 02 Jan 2026 10:20:41 +0000
ROA not before:           Fri 02 Jan 2026 10:20:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395517
IP address blocks:        163.5.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:45:81:4f:1e:8c:15:ce:a9:6e:7f:42:8d:ed:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  2 10:20:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a2131f98b3c890af96928ebf877c680a6f42656
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:48:3d:ec:36:46:85:08:da:3a:ad:be:64:27:
                    01:67:46:49:77:b5:f3:5d:59:b9:41:c7:06:15:91:
                    d1:c5:e5:37:cf:69:a7:5e:a1:be:3c:b6:bb:a6:7a:
                    00:5c:d4:c9:dd:71:ec:5f:1f:80:67:8e:f8:c4:8a:
                    92:47:84:29:36:af:28:08:85:37:4a:de:ca:8a:e1:
                    6a:cc:4f:35:86:6e:cd:54:0d:a2:b2:87:f7:aa:c8:
                    7e:db:7d:7b:c5:f9:32:4c:be:17:ae:21:cd:52:65:
                    ef:27:4c:31:6c:3b:29:93:1f:9b:ce:b2:0b:f0:e7:
                    9a:08:4a:f8:a0:a7:63:62:0a:28:7c:7b:b3:af:9d:
                    9c:eb:4d:72:4e:2f:2c:8a:a2:81:94:15:f9:79:13:
                    13:c6:3d:63:90:2d:e3:0e:5c:69:f5:1e:ae:72:69:
                    15:b3:57:43:d4:f3:9b:48:bf:a1:5e:b9:cf:7b:92:
                    58:80:20:91:75:b5:72:37:e9:8a:67:3d:de:e0:26:
                    d4:f6:6b:15:4c:bd:44:3d:0b:c4:31:e8:60:c2:5f:
                    6a:99:a2:55:16:34:c8:c8:be:29:28:f8:04:1b:11:
                    b1:63:69:20:46:83:a1:2f:98:d9:98:43:e7:2d:7b:
                    b9:ef:51:21:43:c3:7a:2f:98:8f:7b:54:8f:1d:5d:
                    f1:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:21:31:F9:8B:3C:89:0A:F9:69:28:EB:F8:77:C6:80:A6:F4:26:56
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/KiEx-Ys8iQr5aSjr-HfGgKb0JlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:97:4f:e9:70:2d:c8:dd:69:41:cf:4d:9e:41:45:64:e4:e6:
         77:e3:3f:6a:26:14:7b:8b:b1:77:ef:ee:14:e3:b5:45:ac:db:
         d3:2b:19:5a:48:de:ea:d5:89:39:1b:d2:25:ba:0e:35:da:d2:
         4d:08:6f:87:27:92:45:5a:06:e6:f3:ad:44:a7:6a:93:d6:87:
         9d:f7:29:fe:92:51:93:2b:e7:37:47:b6:d4:bd:15:b0:33:f4:
         0e:a7:45:b5:38:7d:e9:60:9b:91:b0:75:06:cf:18:6d:61:38:
         50:e6:ce:99:86:4a:6d:12:05:29:f6:91:94:9a:80:e3:86:6d:
         b1:7e:d4:41:61:89:ab:ff:b4:1b:5b:6f:c3:19:b0:ef:b6:57:
         5a:4d:a4:46:b5:05:a9:75:73:36:f9:7f:34:c0:0a:b2:5a:49:
         11:95:d6:f4:6b:d3:bc:12:3c:fb:d6:e9:50:2f:f2:f6:21:97:
         a7:a7:4a:4e:73:7a:0f:22:87:eb:d0:f2:ad:72:54:8b:ac:65:
         b2:cc:7a:d2:5e:43:ec:be:e5:a8:b2:b6:64:35:ef:cf:77:f9:
         09:45:95:36:83:61:58:82:cc:0a:c4:7e:40:37:01:91:34:9c:
         19:57:f1:1d:d1:9c:50:5a:de:3d:42:a0:c1:0d:3c:6c:cd:30:
         33:e5:c0:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OUWBTx6MFc6pbn9Cje1LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMTAyMTAyMDQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTIxMzFmOThiM2M4OTBhZjk2OTI4ZWJmODc3YzY4MGE2ZjQyNjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0g97DZGhQjaOq2+ZCcBZ0ZJd7Xz
XVm5QccGFZHRxeU3z2mnXqG+PLa7pnoAXNTJ3XHsXx+AZ474xIqSR4QpNq8oCIU3
St7KiuFqzE81hm7NVA2isof3qsh+2317xfkyTL4XriHNUmXvJ0wxbDspkx+bzrIL
8OeaCEr4oKdjYgoofHuzr52c601yTi8siqKBlBX5eRMTxj1jkC3jDlxp9R6ucmkV
s1dD1PObSL+hXrnPe5JYgCCRdbVyN+mKZz3e4CbU9msVTL1EPQvEMehgwl9qmaJV
FjTIyL4pKPgEGxGxY2kgRoOhL5jZmEPnLXu571EhQ8N6L5iPe1SPHV3xfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCohMfmLPIkK+Wko6/h3xoCm9CZWMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvS2lFeC1ZczhpUXI1YVNqci1IZkdnS2IwSmxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXGMA0G
CSqGSIb3DQEBCwUAA4IBAQAsl0/pcC3I3WlBz02eQUVk5OZ34z9qJhR7i7F37+4U
47VFrNvTKxlaSN7q1Yk5G9Ilug412tJNCG+HJ5JFWgbm861Ep2qT1oed9yn+klGT
K+c3R7bUvRWwM/QOp0W1OH3pYJuRsHUGzxhtYThQ5s6ZhkptEgUp9pGUmoDjhm2x
ftRBYYmr/7QbW2/DGbDvtldaTaRGtQWpdXM2+X80wAqyWkkRldb0a9O8Ejz71ulQ
L/L2IZenp0pOc3oPIofr0PKtclSLrGWyzHrSXkPsvuWosrZkNe/Pd/kJRZU2g2FY
gswKxH5ANwGRNJwZV/Ed0ZxQWt49QqDBDTxszTAz5cAA
-----END CERTIFICATE-----