This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/os5uVzn2SsderRBgOu4_HPXuf0M.roa
File:                     os5uVzn2SsderRBgOu4_HPXuf0M.roa (raw, json)
Hash identifier:          91BewVfVRslTPRXitq1EA9ubd7vt/8K2d8H8UrUpDMU=
Subject key identifier:   A2:CE:6E:57:39:F6:4A:C7:5E:AD:10:60:3A:EE:3F:1C:F5:EE:7F:43
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019B7E3938C3E7E4B20FD383BA601B81D795
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/os5uVzn2SsderRBgOu4_HPXuf0M.roa
Signing time:             Fri 02 Jan 2026 10:20:37 +0000
ROA not before:           Fri 02 Jan 2026 10:20:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209671
IP address blocks:        163.5.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 03:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:38:c3:e7:e4:b2:0f:d3:83:ba:60:1b:81:d7:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  2 10:20:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a2ce6e5739f64ac75ead10603aee3f1cf5ee7f43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:8d:7f:1c:49:02:9b:7e:fb:c5:09:9f:2b:3b:
                    85:e1:c4:a1:8c:30:ed:7a:46:e2:2a:e8:7c:e9:9e:
                    8c:73:00:c7:59:1e:32:af:9e:8d:53:bc:5a:0c:c6:
                    ca:64:b1:dd:b9:94:72:b0:17:98:0f:33:1a:aa:17:
                    a1:e3:c6:68:89:a7:ad:17:6a:b1:41:24:54:5d:15:
                    a8:ba:3b:c8:dc:98:d8:8e:6e:18:3e:bc:40:42:02:
                    ce:60:44:f7:2d:83:f1:5b:e6:d7:5b:dd:a8:7c:03:
                    7d:5a:19:1c:13:6c:69:8c:49:c0:3c:f0:20:54:47:
                    80:ae:3f:36:9e:44:cd:52:d7:6c:b6:30:0e:15:41:
                    67:de:df:5b:c2:cf:af:ab:a5:c6:22:fa:6c:22:60:
                    8c:2a:ab:58:40:49:12:98:e9:e5:32:ac:cf:8d:c1:
                    a9:a4:0f:d9:f1:99:f4:f1:62:b8:49:0a:e3:4c:d4:
                    33:04:f0:22:12:a3:62:51:44:93:98:49:56:5b:7c:
                    3f:80:32:76:74:42:2d:2f:86:07:53:c8:dd:c1:b7:
                    88:58:d2:23:bd:e7:b9:b4:26:cd:ed:9a:59:5e:b2:
                    15:38:b7:37:ad:ea:19:bb:65:95:59:f7:32:b7:b7:
                    75:6c:45:3f:dc:da:66:89:0b:38:26:c3:40:9b:8c:
                    ca:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:CE:6E:57:39:F6:4A:C7:5E:AD:10:60:3A:EE:3F:1C:F5:EE:7F:43
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/os5uVzn2SsderRBgOu4_HPXuf0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:a0:63:24:fd:06:7d:71:71:60:5b:89:9a:bb:af:9b:7e:3b:
         fa:18:d7:93:b4:19:c9:1d:05:28:73:9b:49:73:07:27:93:bf:
         4c:8f:e4:d4:2c:45:fc:93:08:50:c9:1a:51:4b:29:5f:56:08:
         77:48:13:b8:2d:81:b4:6f:6e:3f:11:70:a9:74:4a:ae:79:20:
         7b:68:f6:06:80:34:d5:df:99:9e:5c:02:d2:e8:27:fc:4d:45:
         77:04:4a:2b:74:3d:8f:98:27:d3:02:a8:2f:3b:5a:c9:e2:d7:
         b4:39:76:66:f4:46:57:ab:d1:9f:82:9b:c1:fd:70:96:b8:98:
         1d:8d:3f:eb:b0:e5:c5:1c:f0:8a:e2:23:6b:5f:67:d8:fc:b9:
         08:26:f3:8e:4a:87:28:f2:c4:c3:91:8b:e1:99:db:62:e9:a8:
         f7:13:ee:50:aa:6d:06:53:54:62:2d:fc:f2:1b:e7:bb:76:db:
         1d:c9:69:8a:5b:a3:cf:d5:a6:f7:0e:a6:09:23:5f:3f:58:c3:
         6e:08:bc:82:49:ab:6d:cd:bf:18:58:b2:1e:ea:37:00:f0:cb:
         f6:97:0f:2b:7e:d9:cb:6a:7b:3a:36:5c:01:d4:e7:c1:fa:4f:
         25:9c:cf:39:4e:53:4f:45:fa:de:66:0b:ed:0c:cb:d5:93:60:
         c8:44:00:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OTjD5+SyD9ODumAbgdeVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMTAyMTAyMDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmNlNmU1NzM5ZjY0YWM3NWVhZDEwNjAzYWVlM2YxY2Y1ZWU3ZjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAro1/HEkCm377xQmfKzuF4cShjDDt
ekbiKuh86Z6McwDHWR4yr56NU7xaDMbKZLHduZRysBeYDzMaqheh48ZoiaetF2qx
QSRUXRWoujvI3JjYjm4YPrxAQgLOYET3LYPxW+bXW92ofAN9WhkcE2xpjEnAPPAg
VEeArj82nkTNUtdstjAOFUFn3t9bws+vq6XGIvpsImCMKqtYQEkSmOnlMqzPjcGp
pA/Z8Zn08WK4SQrjTNQzBPAiEqNiUUSTmElWW3w/gDJ2dEItL4YHU8jdwbeIWNIj
vee5tCbN7ZpZXrIVOLc3reoZu2WVWfcyt7d1bEU/3NpmiQs4JsNAm4zKDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKLOblc59krHXq0QYDruPxz17n9DMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvb3M1dVZ6bjJTc2RlclJCZ091NF9IUFh1ZjBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWFMA0G
CSqGSIb3DQEBCwUAA4IBAQB9oGMk/QZ9cXFgW4mau6+bfjv6GNeTtBnJHQUoc5tJ
cwcnk79Mj+TULEX8kwhQyRpRSylfVgh3SBO4LYG0b24/EXCpdEqueSB7aPYGgDTV
35meXALS6Cf8TUV3BEordD2PmCfTAqgvO1rJ4te0OXZm9EZXq9GfgpvB/XCWuJgd
jT/rsOXFHPCK4iNrX2fY/LkIJvOOSoco8sTDkYvhmdti6aj3E+5Qqm0GU1RiLfzy
G+e7dtsdyWmKW6PP1ab3DqYJI18/WMNuCLyCSattzb8YWLIe6jcA8Mv2lw8rftnL
ans6NlwB1OfB+k8lnM85TlNPRfreZgvtDMvVk2DIRABJ
-----END CERTIFICATE-----