This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/jM0JBRqDvnFvhBtEvLa2u7X55jk.roa
File:                     jM0JBRqDvnFvhBtEvLa2u7X55jk.roa (raw, json)
Hash identifier:          g66k/DRlv7vfi/FNUqodWH9eJKnhRUiBwOH3IubKmdo=
Subject key identifier:   8C:CD:09:05:1A:83:BE:71:6F:84:1B:44:BC:B6:B6:BB:B5:F9:E6:39
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019B7E392B63E91087FB0891AE7F02BBBBA4
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/jM0JBRqDvnFvhBtEvLa2u7X55jk.roa
Signing time:             Fri 02 Jan 2026 10:20:34 +0000
ROA not before:           Fri 02 Jan 2026 10:20:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     140627
IP address blocks:        163.5.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:2b:63:e9:10:87:fb:08:91:ae:7f:02:bb:bb:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  2 10:20:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8ccd09051a83be716f841b44bcb6b6bbb5f9e639
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:dd:01:6e:e1:55:a7:e0:07:ad:35:39:af:ea:
                    db:18:b3:26:cc:ef:86:cd:66:8e:fd:2f:83:a3:0a:
                    3c:10:fd:d1:b0:80:15:35:4d:c3:9b:86:ed:01:af:
                    0a:0d:ea:46:60:42:4a:76:a0:14:43:12:32:0e:16:
                    5a:71:d0:3e:13:9d:c4:17:0b:fc:59:5d:67:5a:dc:
                    bd:08:dc:69:f7:ac:64:b1:4f:3e:85:4f:f2:a0:5c:
                    d4:7a:00:f1:31:3b:cd:1b:b9:02:4a:77:31:14:5f:
                    e4:a6:4f:70:45:bc:5c:94:2b:dd:5c:38:dc:6b:d6:
                    cc:79:ff:b0:ad:dd:3f:43:5d:44:50:0b:65:00:b3:
                    90:71:ba:c5:ce:16:09:1e:bc:86:98:fd:27:36:7c:
                    95:8e:ad:7e:0c:ba:e4:6a:e4:2b:96:ed:3b:ce:c4:
                    ec:6e:56:94:1b:d2:63:66:93:9b:61:5b:c7:08:a6:
                    2a:e5:6b:2c:c4:0e:14:ca:51:85:19:ef:90:11:bb:
                    cd:22:7b:be:70:96:0d:55:0f:19:4f:f7:20:29:b8:
                    c0:f2:86:97:1e:18:24:61:d0:61:e5:3a:a3:f1:8b:
                    b6:9f:1b:1c:21:e5:1b:28:27:89:e5:e5:e5:33:cc:
                    1a:78:ad:32:72:0f:b7:45:98:00:98:34:0a:19:02:
                    b4:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:CD:09:05:1A:83:BE:71:6F:84:1B:44:BC:B6:B6:BB:B5:F9:E6:39
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/jM0JBRqDvnFvhBtEvLa2u7X55jk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:75:0e:17:d9:38:08:d8:c4:c4:d0:53:b1:cb:1c:c0:96:84:
         27:cd:36:a3:bc:94:4b:47:86:f7:7c:3e:e0:a0:73:a3:c0:94:
         19:fe:16:40:cf:56:a4:32:30:bd:64:c9:aa:92:b4:95:5f:f0:
         3a:06:90:65:7d:2c:51:7e:5e:83:a5:2c:38:fd:3f:5f:68:da:
         5b:c9:9f:ba:47:40:43:41:25:18:77:07:57:79:37:8c:8c:be:
         f0:4d:36:32:e5:46:1a:21:62:0b:a5:d2:43:ee:13:64:0d:d5:
         1d:b9:ca:7e:9f:20:66:cb:d0:f8:b1:7d:c4:18:5b:de:a1:89:
         0f:3a:73:c3:0d:55:5e:a4:da:d0:76:e9:35:e0:a4:70:f3:82:
         0b:0e:55:a7:ce:9f:a7:4a:26:1f:d8:b4:54:0c:de:77:d9:a2:
         a4:e6:24:80:16:08:a4:8b:b1:ed:41:a5:ce:c9:fa:9c:26:e8:
         1d:99:19:f0:21:99:e6:9a:74:12:48:14:e5:20:f7:71:e6:b3:
         47:34:90:63:56:3a:6a:7d:4f:01:ce:cb:63:7a:03:a1:8e:3b:
         72:bc:00:6b:96:48:04:80:4c:65:10:03:ea:bb:76:0d:83:a4:
         95:60:5f:23:d9:67:c4:d2:cd:fa:8b:96:2c:72:2a:42:03:ad:
         8e:fe:f0:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OStj6RCH+wiRrn8Cu7ukMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMTAyMTAyMDM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2NkMDkwNTFhODNiZTcxNmY4NDFiNDRiY2I2YjZiYmI1ZjllNjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA690BbuFVp+AHrTU5r+rbGLMmzO+G
zWaO/S+Dowo8EP3RsIAVNU3Dm4btAa8KDepGYEJKdqAUQxIyDhZacdA+E53EFwv8
WV1nWty9CNxp96xksU8+hU/yoFzUegDxMTvNG7kCSncxFF/kpk9wRbxclCvdXDjc
a9bMef+wrd0/Q11EUAtlALOQcbrFzhYJHryGmP0nNnyVjq1+DLrkauQrlu07zsTs
blaUG9JjZpObYVvHCKYq5WssxA4UylGFGe+QEbvNInu+cJYNVQ8ZT/cgKbjA8oaX
HhgkYdBh5Tqj8Yu2nxscIeUbKCeJ5eXlM8waeK0ycg+3RZgAmDQKGQK0AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzNCQUag75xb4QbRLy2tru1+eY5MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvak0wSkJScUR2bkZ2aEJ0RXZMYTJ1N1g1NWprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowW4MA0G
CSqGSIb3DQEBCwUAA4IBAQBCdQ4X2TgI2MTE0FOxyxzAloQnzTajvJRLR4b3fD7g
oHOjwJQZ/hZAz1akMjC9ZMmqkrSVX/A6BpBlfSxRfl6DpSw4/T9faNpbyZ+6R0BD
QSUYdwdXeTeMjL7wTTYy5UYaIWILpdJD7hNkDdUducp+nyBmy9D4sX3EGFveoYkP
OnPDDVVepNrQduk14KRw84ILDlWnzp+nSiYf2LRUDN532aKk5iSAFgiki7HtQaXO
yfqcJugdmRnwIZnmmnQSSBTlIPdx5rNHNJBjVjpqfU8BzstjegOhjjtyvABrlkgE
gExlEAPqu3YNg6SVYF8j2WfE0s36i5YscipCA62O/vDR
-----END CERTIFICATE-----