This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/YIloJ-h2aHTHAQneeEqy1rm8xyw.roa
File:                     YIloJ-h2aHTHAQneeEqy1rm8xyw.roa (raw, json)
Hash identifier:          vkwtuPsv94b78Lw1kTUqAyovjPZmLQlrvF4nqwsg/1Q=
Subject key identifier:   60:89:68:27:E8:76:68:74:C7:01:09:DE:78:4A:B2:D6:B9:BC:C7:2C
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019B7E391CA9127CE8B9CC506521C0E5ACE5
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/YIloJ-h2aHTHAQneeEqy1rm8xyw.roa
Signing time:             Fri 02 Jan 2026 10:20:30 +0000
ROA not before:           Fri 02 Jan 2026 10:20:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25160
IP address blocks:        163.5.18.0/24 maxlen: 24
                          163.5.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 03:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:1c:a9:12:7c:e8:b9:cc:50:65:21:c0:e5:ac:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  2 10:20:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60896827e8766874c70109de784ab2d6b9bcc72c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b6:ca:dd:b9:8b:1a:b3:29:c6:3c:5a:41:a8:
                    94:9c:c0:0d:dd:95:8c:bc:a0:99:9e:66:ae:97:c0:
                    b0:c1:95:ba:db:cd:4a:5b:ed:e9:62:aa:8f:fb:24:
                    c6:b6:65:e5:38:a0:83:97:bf:e9:a2:ec:b9:cd:7c:
                    7c:a5:88:73:03:2d:0a:4a:99:62:78:23:7b:95:de:
                    ba:61:ea:6d:18:3d:03:e3:d9:f0:6f:0c:c0:88:24:
                    bb:ea:04:9c:1f:35:f4:60:9d:93:14:d0:ab:c9:28:
                    9f:44:af:a9:5a:03:a2:e9:35:c3:d6:82:29:22:83:
                    1f:a7:d9:8b:f7:7d:4d:cd:d0:b8:f2:8b:d3:9b:44:
                    1f:5f:0a:c8:eb:8b:2f:38:c9:1b:eb:6a:5f:21:ef:
                    b9:4c:75:e8:18:3e:3b:a2:3a:fb:82:d5:39:c6:1a:
                    04:68:80:99:e2:70:69:fe:23:dc:09:6d:aa:20:dc:
                    69:3a:09:d5:5f:84:ec:e5:c2:62:7f:5f:12:4f:1b:
                    de:ba:17:46:ea:4e:e2:d4:83:7c:1d:a1:26:1f:35:
                    da:f2:3e:1d:fe:25:03:67:c2:c6:5e:3f:22:cd:52:
                    a0:a4:9b:ac:4d:2a:3a:80:08:08:de:7a:6c:d9:0f:
                    cb:04:b2:3b:5a:55:6e:0e:73:c6:c2:a3:60:21:51:
                    3c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:89:68:27:E8:76:68:74:C7:01:09:DE:78:4A:B2:D6:B9:BC:C7:2C
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/YIloJ-h2aHTHAQneeEqy1rm8xyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:75:a6:26:76:e5:49:82:65:9d:8a:5b:74:79:83:72:86:a1:
         99:d4:ba:46:a4:76:7b:fe:85:ba:8e:9b:d1:18:2d:65:fb:4e:
         2b:c7:5c:22:13:2d:f7:47:57:cf:81:ee:23:5f:59:81:16:80:
         d6:1b:6a:a0:ea:61:09:24:24:22:73:55:d2:f8:45:1c:df:13:
         9f:73:86:fe:2d:a1:40:0a:47:b7:44:79:04:9a:6f:20:ea:15:
         28:f6:10:35:4b:83:d3:c7:1d:1e:aa:bc:a2:13:6c:bb:74:e4:
         23:76:4b:03:73:7d:7b:c2:f1:f1:66:b7:b0:cb:e9:c1:1c:0a:
         4d:ef:01:de:b7:a8:97:08:23:13:74:44:f9:7d:dd:ac:72:b0:
         94:38:c7:9f:81:b3:65:00:7b:b6:88:12:dc:87:ac:9b:62:e9:
         31:60:8b:ce:99:47:e4:84:8c:28:98:0f:68:58:81:2b:b6:94:
         9c:d9:70:da:a8:fd:da:17:0d:7d:c1:0e:ed:14:8f:e8:02:45:
         d5:70:3f:dc:f3:45:06:15:01:e8:bc:0a:d4:01:07:de:95:24:
         bb:b7:90:3c:7d:06:d0:c1:99:63:62:d6:30:6a:14:fe:ed:c0:
         56:cf:c5:ad:a2:8f:e1:9e:c2:74:ea:d1:70:0a:86:ad:63:60:
         23:6d:0c:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+ORypEnzoucxQZSHA5azlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMTAyMTAyMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDg5NjgyN2U4NzY2ODc0YzcwMTA5ZGU3ODRhYjJkNmI5YmNjNzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrbK3bmLGrMpxjxaQaiUnMAN3ZWM
vKCZnmaul8CwwZW6281KW+3pYqqP+yTGtmXlOKCDl7/pouy5zXx8pYhzAy0KSpli
eCN7ld66YeptGD0D49nwbwzAiCS76gScHzX0YJ2TFNCrySifRK+pWgOi6TXD1oIp
IoMfp9mL931NzdC48ovTm0QfXwrI64svOMkb62pfIe+5THXoGD47ojr7gtU5xhoE
aICZ4nBp/iPcCW2qINxpOgnVX4Ts5cJif18STxveuhdG6k7i1IN8HaEmHzXa8j4d
/iUDZ8LGXj8izVKgpJusTSo6gAgI3nps2Q/LBLI7WlVuDnPGwqNgIVE8fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCJaCfodmh0xwEJ3nhKsta5vMcsMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvWUlsb0otaDJhSFRIQVFuZWVFcXkxcm04eHl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBowUSMA0G
CSqGSIb3DQEBCwUAA4IBAQABdaYmduVJgmWdilt0eYNyhqGZ1LpGpHZ7/oW6jpvR
GC1l+04rx1wiEy33R1fPge4jX1mBFoDWG2qg6mEJJCQic1XS+EUc3xOfc4b+LaFA
Cke3RHkEmm8g6hUo9hA1S4PTxx0eqryiE2y7dOQjdksDc317wvHxZrewy+nBHApN
7wHet6iXCCMTdET5fd2scrCUOMefgbNlAHu2iBLch6ybYukxYIvOmUfkhIwomA9o
WIErtpSc2XDaqP3aFw19wQ7tFI/oAkXVcD/c80UGFQHovArUAQfelSS7t5A8fQbQ
wZljYtYwahT+7cBWz8Wtoo/hnsJ06tFwCoatY2AjbQyt
-----END CERTIFICATE-----