This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/d2xFfifLJbI-hIpO3_YN-JikjY0.roa
File:                     d2xFfifLJbI-hIpO3_YN-JikjY0.roa (raw, json)
Hash identifier:          v1hd3+5/LX2f12on4DWVbj1VtvpNjTwZYer2Kxepyhs=
Subject key identifier:   77:6C:45:7E:27:CB:25:B2:3E:84:8A:4E:DF:F6:0D:F8:98:A4:8D:8D
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019B7E394778D532FC3BFE5E167ED4496811
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/d2xFfifLJbI-hIpO3_YN-JikjY0.roa
Signing time:             Fri 02 Jan 2026 10:20:41 +0000
ROA not before:           Fri 02 Jan 2026 10:20:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399073
IP address blocks:        163.5.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:47:78:d5:32:fc:3b:fe:5e:16:7e:d4:49:68:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  2 10:20:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=776c457e27cb25b23e848a4edff60df898a48d8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:fb:fa:70:18:0d:a2:12:2a:9d:73:0b:ad:d9:
                    e3:46:b0:f7:a3:93:48:d6:20:be:d0:a4:55:df:74:
                    5d:95:61:d1:2a:da:b9:9a:0e:80:85:d2:20:72:14:
                    b4:96:cc:fc:4e:78:bd:84:3a:1c:7c:d0:2e:31:8f:
                    0b:59:02:60:31:0b:e1:08:d0:92:45:04:ca:c5:f2:
                    ee:7b:a8:7a:4c:b6:3e:9b:2c:a7:ae:a8:f7:7c:2f:
                    d5:68:fc:b1:1b:a2:af:87:fb:65:d8:da:84:38:7a:
                    53:75:39:6c:46:f2:67:03:e9:c9:ce:d3:46:04:bb:
                    b0:a7:f0:7e:ef:5e:15:54:48:d2:67:d7:3c:4d:da:
                    75:cb:91:2d:cd:6f:b2:36:3f:e7:b3:50:e8:86:24:
                    4d:12:d5:db:1a:3c:8b:e2:72:44:5e:44:c8:fa:de:
                    9e:b4:46:7f:98:5d:69:04:8e:2f:87:b9:a6:5e:18:
                    4d:bb:fa:1d:cc:06:b5:43:f3:aa:ce:3e:72:e3:11:
                    54:49:f1:56:7f:e0:1f:3a:4d:cb:e5:0f:74:30:b8:
                    c3:f6:f4:a0:0f:5e:37:f2:e8:6b:7a:65:1c:99:cb:
                    a6:b4:b4:00:de:1b:44:10:90:02:16:27:58:90:17:
                    b2:ec:ae:45:bd:ea:b7:fc:a3:52:20:cf:9f:41:1c:
                    8a:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:6C:45:7E:27:CB:25:B2:3E:84:8A:4E:DF:F6:0D:F8:98:A4:8D:8D
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/d2xFfifLJbI-hIpO3_YN-JikjY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:0b:fa:97:96:84:ee:b3:88:66:a6:0b:ea:7a:60:a7:61:8b:
         fa:6e:74:51:71:0d:d2:e2:ed:f5:dc:57:3b:d5:60:3e:f7:ed:
         61:07:67:e6:f3:0d:88:62:3d:5b:83:01:2a:ea:43:60:53:56:
         ac:c7:91:e8:66:c3:4d:5b:bd:14:e1:f2:f3:8e:bc:58:e2:dc:
         05:e5:66:94:7a:c9:cc:c5:29:3d:a1:16:44:a0:fe:bc:21:b5:
         98:1a:46:65:6c:78:a2:29:02:73:e5:8d:da:8c:da:c6:10:fc:
         9d:77:4a:b5:c4:e6:76:9d:ae:c0:7f:62:7e:95:b0:7a:c3:38:
         7e:86:41:09:d9:aa:f1:6c:f4:bb:75:bc:89:fc:88:33:9f:6a:
         1c:cb:bc:b8:b9:c7:ed:d2:fe:62:83:33:22:b9:71:cf:f8:23:
         d9:c6:ac:f2:f9:3e:5e:0e:ca:f2:fb:0e:66:da:85:6a:46:5f:
         45:7d:ab:97:48:61:fc:5d:e7:94:bf:44:50:10:d5:ed:50:e1:
         d5:73:66:f5:b7:3c:34:f6:d6:20:d5:7e:1b:1b:ea:f3:a4:d5:
         bf:1a:ff:f1:c8:9f:8a:27:98:34:37:4f:d9:f0:fa:a5:28:21:
         0e:63:ce:45:ad:e0:3e:4a:83:23:18:5a:f3:ad:a2:c5:2b:3f:
         86:57:74:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OUd41TL8O/5eFn7USWgRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMTAyMTAyMDQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzZjNDU3ZTI3Y2IyNWIyM2U4NDhhNGVkZmY2MGRmODk4YTQ4ZDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/v6cBgNohIqnXMLrdnjRrD3o5NI
1iC+0KRV33RdlWHRKtq5mg6AhdIgchS0lsz8Tni9hDocfNAuMY8LWQJgMQvhCNCS
RQTKxfLue6h6TLY+myynrqj3fC/VaPyxG6Kvh/tl2NqEOHpTdTlsRvJnA+nJztNG
BLuwp/B+714VVEjSZ9c8Tdp1y5EtzW+yNj/ns1DohiRNEtXbGjyL4nJEXkTI+t6e
tEZ/mF1pBI4vh7mmXhhNu/odzAa1Q/Oqzj5y4xFUSfFWf+AfOk3L5Q90MLjD9vSg
D1438uhremUcmcumtLQA3htEEJACFidYkBey7K5Fveq3/KNSIM+fQRyKuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHdsRX4nyyWyPoSKTt/2DfiYpI2NMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvZDJ4RmZpZkxKYkktaElwTzNfWU4tSmlralkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXcMA0G
CSqGSIb3DQEBCwUAA4IBAQCkC/qXloTus4hmpgvqemCnYYv6bnRRcQ3S4u313Fc7
1WA+9+1hB2fm8w2IYj1bgwEq6kNgU1asx5HoZsNNW70U4fLzjrxY4twF5WaUesnM
xSk9oRZEoP68IbWYGkZlbHiiKQJz5Y3ajNrGEPydd0q1xOZ2na7Af2J+lbB6wzh+
hkEJ2arxbPS7dbyJ/Igzn2ocy7y4ucft0v5igzMiuXHP+CPZxqzy+T5eDsry+w5m
2oVqRl9FfauXSGH8XeeUv0RQENXtUOHVc2b1tzw09tYg1X4bG+rzpNW/Gv/xyJ+K
J5g0N0/Z8PqlKCEOY85FreA+SoMjGFrzraLFKz+GV3R8
-----END CERTIFICATE-----