This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/VX2tv8uiAMhVELTfNIddc7MRX3o.roa
File:                     VX2tv8uiAMhVELTfNIddc7MRX3o.roa (raw, json)
Hash identifier:          Js8AHiS1OKHXe4sPFSlGaqF8a3s/6puK6140su0xpHE=
Subject key identifier:   55:7D:AD:BF:CB:A2:00:C8:55:10:B4:DF:34:87:5D:73:B3:11:5F:7A
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019B7E3937CC15852D6899CA47854EAD1750
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/VX2tv8uiAMhVELTfNIddc7MRX3o.roa
Signing time:             Fri 02 Jan 2026 10:20:37 +0000
ROA not before:           Fri 02 Jan 2026 10:20:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209043
IP address blocks:        163.5.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:37:cc:15:85:2d:68:99:ca:47:85:4e:ad:17:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  2 10:20:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=557dadbfcba200c85510b4df34875d73b3115f7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:35:f0:e9:42:ac:20:43:e9:50:47:ab:7e:73:
                    82:b7:47:d6:29:a3:31:e3:0e:f2:ce:fc:82:af:50:
                    32:1d:4d:1d:46:f8:0c:99:7a:60:14:ad:c2:5a:ab:
                    76:20:38:67:e2:98:53:96:66:17:be:34:d0:ff:eb:
                    09:7e:72:a5:81:41:bf:8d:db:2d:a4:4c:e9:7b:78:
                    e3:66:18:d2:9e:aa:fb:21:01:df:e8:cb:5a:5b:1c:
                    90:54:02:e3:40:71:78:bb:cc:ba:19:e9:2e:d0:49:
                    60:f0:05:a4:42:6e:2c:e6:a3:19:de:08:e6:64:e0:
                    48:c1:1e:4c:25:5c:0e:3c:4a:ae:98:09:22:41:ea:
                    6c:6e:2c:c9:84:f8:c2:b2:8f:00:74:e5:6d:8d:8e:
                    9f:25:2f:d3:02:4f:7a:96:f5:2c:0a:19:b4:02:a6:
                    d6:f2:2b:6f:9f:4e:14:87:e3:0a:4b:4f:10:64:22:
                    17:bb:c9:53:f1:de:ef:f8:a4:bb:57:63:15:90:b1:
                    4b:28:79:1a:65:2a:79:74:d3:e6:d0:bb:33:22:e3:
                    7c:82:e5:71:33:7c:fa:1e:b3:be:fd:95:f9:4e:0a:
                    8b:c7:5b:3b:a9:e8:7a:50:de:2d:84:24:76:54:5d:
                    74:e5:50:7c:d0:23:42:63:23:ce:f9:e8:b0:5f:33:
                    f9:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:7D:AD:BF:CB:A2:00:C8:55:10:B4:DF:34:87:5D:73:B3:11:5F:7A
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/VX2tv8uiAMhVELTfNIddc7MRX3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:c7:e9:90:58:5a:8a:9a:f1:56:8e:5d:c9:7f:35:36:f6:8b:
         5b:69:ab:51:e4:79:20:b5:5d:d7:f0:b6:d2:a8:3d:98:63:d3:
         fa:24:26:5d:69:ad:7a:0b:b0:44:ed:0d:ff:44:4a:d3:34:f7:
         ad:65:26:61:4b:3d:2c:9b:59:99:31:1b:e6:30:51:55:2c:2e:
         3d:58:3c:34:12:db:1d:56:28:c8:7e:84:8b:d5:71:7d:95:f9:
         29:58:69:20:f3:de:05:3d:ca:66:e2:3a:e2:44:a6:79:5a:5f:
         47:46:0b:24:69:8e:d6:6d:e8:8d:49:b6:8f:25:71:74:e3:a6:
         1f:54:ef:c0:c0:3d:1b:1f:4b:ae:c5:e3:b4:23:0d:b9:0a:54:
         30:82:05:07:6f:c7:9d:cb:ae:15:44:25:5c:b3:e1:c0:7e:24:
         6d:b1:dd:c2:2d:00:db:d5:8b:95:0a:72:5b:c3:fd:90:25:cc:
         0d:ee:12:c8:52:d8:2f:e9:c2:05:fc:81:66:bb:25:42:bb:82:
         60:61:2c:40:ba:21:e4:84:07:8c:cc:ed:37:af:a3:23:19:b2:
         75:eb:e7:fa:f1:16:b4:e8:ea:d2:2c:cc:35:1c:85:3e:78:ad:
         53:1e:fb:4f:bc:73:21:ac:da:3b:e1:7c:a1:93:06:15:09:bc:
         2c:b0:e6:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OTfMFYUtaJnKR4VOrRdQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMTAyMTAyMDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTdkYWRiZmNiYTIwMGM4NTUxMGI0ZGYzNDg3NWQ3M2IzMTE1ZjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTXw6UKsIEPpUEerfnOCt0fWKaMx
4w7yzvyCr1AyHU0dRvgMmXpgFK3CWqt2IDhn4phTlmYXvjTQ/+sJfnKlgUG/jdst
pEzpe3jjZhjSnqr7IQHf6MtaWxyQVALjQHF4u8y6Geku0Elg8AWkQm4s5qMZ3gjm
ZOBIwR5MJVwOPEqumAkiQepsbizJhPjCso8AdOVtjY6fJS/TAk96lvUsChm0AqbW
8itvn04Uh+MKS08QZCIXu8lT8d7v+KS7V2MVkLFLKHkaZSp5dNPm0LszIuN8guVx
M3z6HrO+/ZX5TgqLx1s7qeh6UN4thCR2VF105VB80CNCYyPO+eiwXzP5ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFV9rb/LogDIVRC03zSHXXOzEV96MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvVlgydHY4dWlBTWhWRUxUZk5JZGRjN01SWDNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUMMA0G
CSqGSIb3DQEBCwUAA4IBAQAIx+mQWFqKmvFWjl3JfzU29otbaatR5HkgtV3X8LbS
qD2YY9P6JCZdaa16C7BE7Q3/RErTNPetZSZhSz0sm1mZMRvmMFFVLC49WDw0Etsd
VijIfoSL1XF9lfkpWGkg894FPcpm4jriRKZ5Wl9HRgskaY7WbeiNSbaPJXF046Yf
VO/AwD0bH0uuxeO0Iw25ClQwggUHb8edy64VRCVcs+HAfiRtsd3CLQDb1YuVCnJb
w/2QJcwN7hLIUtgv6cIF/IFmuyVCu4JgYSxAuiHkhAeMzO03r6MjGbJ16+f68Ra0
6OrSLMw1HIU+eK1THvtPvHMhrNo74XyhkwYVCbwssObD
-----END CERTIFICATE-----