This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/gJve8Ab_2XcC6aNJSl9Zyn42qjo.roa
File:                     gJve8Ab_2XcC6aNJSl9Zyn42qjo.roa (raw, json)
Hash identifier:          i4WyMOt3svGygsnLmrk5aodKS+YCNhG1mCeOAI5LwyM=
Subject key identifier:   80:9B:DE:F0:06:FF:D9:77:02:E9:A3:49:4A:5F:59:CA:7E:36:AA:3A
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019B7E3937697938EFD4E9A568B655DD987E
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/gJve8Ab_2XcC6aNJSl9Zyn42qjo.roa
Signing time:             Fri 02 Jan 2026 10:20:37 +0000
ROA not before:           Fri 02 Jan 2026 10:20:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207994
IP address blocks:        163.5.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:37:69:79:38:ef:d4:e9:a5:68:b6:55:dd:98:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  2 10:20:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=809bdef006ffd97702e9a3494a5f59ca7e36aa3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:4a:f0:e7:f9:44:ca:54:af:8d:7e:ff:12:f7:
                    09:41:d3:fb:1b:45:a7:1d:03:63:bd:d6:c7:a6:c1:
                    28:5e:0f:8c:aa:f1:f6:a2:ff:13:6c:ad:87:92:9d:
                    be:2e:02:90:d0:d5:2e:47:5f:64:04:ed:87:7d:44:
                    96:b4:2d:d6:69:87:e5:a0:b8:92:10:b8:0d:04:30:
                    a6:d1:d1:f2:a8:79:ea:18:21:a0:a2:54:57:09:0f:
                    64:7b:7c:08:4b:86:6d:94:c6:8c:9d:cd:a1:86:51:
                    fe:5e:66:74:e2:e0:b5:9e:be:e4:48:4c:53:74:ab:
                    46:59:9c:ad:47:0a:3f:db:1f:ca:f7:c5:f2:c1:18:
                    3c:9b:b3:5a:76:4c:35:45:c7:da:e1:82:21:a1:a7:
                    8a:1f:e5:8e:75:6d:59:d3:15:aa:ea:13:49:c5:f1:
                    ee:04:22:5f:e1:52:39:4b:b2:a7:b7:4a:8d:7c:32:
                    09:d2:bf:59:a0:a7:b4:82:1b:65:6b:59:28:83:0d:
                    b0:7a:d1:0f:6d:c4:b1:25:d5:62:27:7f:78:9d:e9:
                    cc:ee:46:8c:97:e9:4a:2f:45:40:d3:00:b8:30:4c:
                    9f:06:de:10:47:84:34:40:5c:7e:a7:10:28:e3:ef:
                    37:05:a9:d2:df:89:7a:c1:43:9a:e7:76:16:e1:07:
                    3f:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:9B:DE:F0:06:FF:D9:77:02:E9:A3:49:4A:5F:59:CA:7E:36:AA:3A
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/gJve8Ab_2XcC6aNJSl9Zyn42qjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:87:7c:84:77:82:d0:83:be:6f:c2:e5:32:e9:6d:e9:a6:08:
         37:ca:3a:80:cf:31:d1:fe:6d:36:be:75:f2:a8:d8:44:af:01:
         4c:79:5b:d6:a2:86:e8:7f:d2:23:97:f4:32:31:6a:c5:37:a6:
         b9:4d:3e:fa:0d:bb:af:36:7f:81:87:cd:55:f4:4b:07:88:38:
         14:3e:57:69:e2:31:2f:7e:8a:c2:f1:5c:0c:d4:30:59:05:29:
         df:9a:80:08:60:e4:80:46:8f:b6:46:82:fb:ae:cf:32:97:4c:
         36:51:55:b0:93:70:b0:e1:a1:9a:71:19:b3:96:4c:f3:8d:95:
         c8:fc:d1:bd:21:68:37:5b:15:b5:d2:1f:65:67:da:25:ab:ba:
         21:0f:6c:cf:1f:0e:1a:47:e5:f0:c2:0c:6a:d6:36:2e:05:81:
         fb:90:c9:21:7d:89:80:7f:9f:65:0c:99:ca:01:49:45:ea:3c:
         82:37:8f:bb:5f:7f:50:b8:92:ae:5d:71:b2:db:bf:b6:fa:a8:
         b1:cb:9d:6b:db:b0:cd:36:01:09:e8:d9:4e:ac:d1:69:f4:f4:
         ef:62:90:ab:37:f5:90:f4:49:ff:78:e6:7e:7b:26:33:5a:6a:
         50:61:af:4c:67:c1:dd:e5:cb:b6:bf:9f:da:b4:1b:69:94:36:
         c8:4e:6b:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OTdpeTjv1OmlaLZV3Zh+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMTAyMTAyMDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDliZGVmMDA2ZmZkOTc3MDJlOWEzNDk0YTVmNTljYTdlMzZhYTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2krw5/lEylSvjX7/EvcJQdP7G0Wn
HQNjvdbHpsEoXg+MqvH2ov8TbK2Hkp2+LgKQ0NUuR19kBO2HfUSWtC3WaYfloLiS
ELgNBDCm0dHyqHnqGCGgolRXCQ9ke3wIS4ZtlMaMnc2hhlH+XmZ04uC1nr7kSExT
dKtGWZytRwo/2x/K98XywRg8m7Nadkw1Rcfa4YIhoaeKH+WOdW1Z0xWq6hNJxfHu
BCJf4VI5S7Knt0qNfDIJ0r9ZoKe0ghtla1kogw2wetEPbcSxJdViJ394nenM7kaM
l+lKL0VA0wC4MEyfBt4QR4Q0QFx+pxAo4+83BanS34l6wUOa53YW4Qc/nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFICb3vAG/9l3AumjSUpfWcp+Nqo6MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvZ0p2ZThBYl8yWGNDNmFOSlNsOVp5bjQycWpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowVMMA0G
CSqGSIb3DQEBCwUAA4IBAQBjh3yEd4LQg75vwuUy6W3ppgg3yjqAzzHR/m02vnXy
qNhErwFMeVvWoobof9Ijl/QyMWrFN6a5TT76DbuvNn+Bh81V9EsHiDgUPldp4jEv
forC8VwM1DBZBSnfmoAIYOSARo+2RoL7rs8yl0w2UVWwk3Cw4aGacRmzlkzzjZXI
/NG9IWg3WxW10h9lZ9olq7ohD2zPHw4aR+Xwwgxq1jYuBYH7kMkhfYmAf59lDJnK
AUlF6jyCN4+7X39QuJKuXXGy27+2+qixy51r27DNNgEJ6NlOrNFp9PTvYpCrN/WQ
9En/eOZ+eyYzWmpQYa9MZ8Hd5cu2v5/atBtplDbITmuD
-----END CERTIFICATE-----