This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/X26HlEkdIwyW6i0UfPALDkg-me8.roa
File:                     X26HlEkdIwyW6i0UfPALDkg-me8.roa (raw, json)
Hash identifier:          YjXn8auWqkipGxPnuIMQSxzY7MnZU3uvmUeu2eibAdY=
Subject key identifier:   5F:6E:87:94:49:1D:23:0C:96:EA:2D:14:7C:F0:0B:0E:48:3E:99:EF
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019B7E392384805BB84AC5754E485541A8BC
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/X26HlEkdIwyW6i0UfPALDkg-me8.roa
Signing time:             Fri 02 Jan 2026 10:20:32 +0000
ROA not before:           Fri 02 Jan 2026 10:20:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     54252
IP address blocks:        163.5.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:23:84:80:5b:b8:4a:c5:75:4e:48:55:41:a8:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  2 10:20:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5f6e8794491d230c96ea2d147cf00b0e483e99ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:4a:64:f4:01:5f:72:87:be:0e:f2:fa:ef:97:
                    12:f0:9c:c3:d9:16:fa:39:5e:58:a3:fb:2d:06:af:
                    f9:ef:1f:7a:f7:03:d7:1c:41:44:4c:b0:05:b3:7b:
                    da:37:2f:9a:69:d5:f0:1b:7a:84:fb:30:ac:aa:32:
                    57:be:9f:f9:20:28:31:cc:06:36:61:b0:30:31:b8:
                    45:0c:b0:77:21:7b:20:6a:a5:82:b0:60:1a:c0:0e:
                    5f:88:b6:8e:00:96:7c:e7:4b:5b:0f:ee:4b:70:d7:
                    10:03:87:3f:4b:63:52:61:6e:ca:30:5f:61:41:cf:
                    15:fd:68:9e:ad:5a:37:6c:4b:ff:33:bc:61:a6:94:
                    69:72:1c:27:a9:b6:ba:e3:82:4d:71:c4:e6:ca:75:
                    52:21:f4:84:6a:f1:47:5b:8a:ce:56:2f:08:6b:e3:
                    3e:48:99:3f:dc:1d:c9:2d:b1:b4:4f:7c:69:17:35:
                    7d:3a:c4:79:f1:f9:8d:75:93:e5:41:12:c0:1b:b5:
                    e0:4f:7c:d6:d4:e9:d4:0a:b2:e2:5e:15:d5:f7:94:
                    f6:c5:25:cc:8f:39:14:cc:8d:bb:fd:a5:b1:31:34:
                    2d:c6:fc:f4:ee:9c:72:e9:95:06:1e:a8:2c:93:bb:
                    de:33:a2:09:15:fc:77:89:ca:37:83:f2:7c:04:f7:
                    de:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:6E:87:94:49:1D:23:0C:96:EA:2D:14:7C:F0:0B:0E:48:3E:99:EF
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/X26HlEkdIwyW6i0UfPALDkg-me8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:e5:c5:9d:4d:81:75:05:d3:43:b2:25:6b:6b:d4:d9:58:55:
         af:90:36:fe:6a:e8:ca:7a:69:b8:e4:58:51:56:70:39:4e:18:
         b8:58:0b:2c:27:7c:12:2b:c6:3a:55:5f:36:2c:b9:45:08:25:
         99:63:88:c5:9a:12:63:28:f2:d0:f5:ee:29:ff:d6:9c:27:d4:
         65:98:19:a5:ad:20:6e:b7:ec:28:6a:4f:c3:83:eb:56:4b:e0:
         b8:5d:72:d4:57:42:09:1c:28:9d:59:6f:66:79:99:f6:1a:48:
         b2:c0:26:02:61:4e:94:f7:8a:e8:ab:45:4f:37:44:b6:81:4f:
         a3:af:a4:d0:e3:e1:05:bb:6f:4c:18:e6:a0:5e:cf:a0:13:6b:
         53:3b:b1:21:7f:85:c1:f6:92:fb:ad:f3:49:40:6c:c8:11:89:
         f9:c1:bf:3e:28:9e:e1:bc:30:2d:72:2f:3d:86:0d:e5:66:16:
         35:74:50:47:5d:0b:ca:6b:79:c8:0c:ea:0e:d0:09:ab:10:30:
         9a:ef:5e:62:5f:90:01:97:6a:18:8d:3a:27:e4:2a:8b:b2:db:
         03:57:58:e3:c1:f1:e9:c8:7d:f3:d6:a9:ea:93:b9:41:8e:82:
         da:92:86:c1:77:a8:72:a4:a7:cb:78:02:ff:c1:c7:9d:86:a2:
         cd:41:3f:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OSOEgFu4SsV1TkhVQai8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMTAyMTAyMDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjZlODc5NDQ5MWQyMzBjOTZlYTJkMTQ3Y2YwMGIwZTQ4M2U5OWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Epk9AFfcoe+DvL675cS8JzD2Rb6
OV5Yo/stBq/57x969wPXHEFETLAFs3vaNy+aadXwG3qE+zCsqjJXvp/5ICgxzAY2
YbAwMbhFDLB3IXsgaqWCsGAawA5fiLaOAJZ850tbD+5LcNcQA4c/S2NSYW7KMF9h
Qc8V/WierVo3bEv/M7xhppRpchwnqba644JNccTmynVSIfSEavFHW4rOVi8Ia+M+
SJk/3B3JLbG0T3xpFzV9OsR58fmNdZPlQRLAG7XgT3zW1OnUCrLiXhXV95T2xSXM
jzkUzI27/aWxMTQtxvz07pxy6ZUGHqgsk7veM6IJFfx3ico3g/J8BPfeOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF9uh5RJHSMMluotFHzwCw5IPpnvMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvWDI2SGxFa2RJd3lXNmkwVWZQQUxEa2ctbWU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUeMA0G
CSqGSIb3DQEBCwUAA4IBAQCX5cWdTYF1BdNDsiVra9TZWFWvkDb+aujKemm45FhR
VnA5Thi4WAssJ3wSK8Y6VV82LLlFCCWZY4jFmhJjKPLQ9e4p/9acJ9RlmBmlrSBu
t+woak/Dg+tWS+C4XXLUV0IJHCidWW9meZn2GkiywCYCYU6U94roq0VPN0S2gU+j
r6TQ4+EFu29MGOagXs+gE2tTO7Ehf4XB9pL7rfNJQGzIEYn5wb8+KJ7hvDAtci89
hg3lZhY1dFBHXQvKa3nIDOoO0AmrEDCa715iX5ABl2oYjTon5CqLstsDV1jjwfHp
yH3z1qnqk7lBjoLakobBd6hypKfLeAL/wcedhqLNQT8q
-----END CERTIFICATE-----