This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/pzga5lXnTOPJN0s_u_tkE48uk7Q.roa
File:                     pzga5lXnTOPJN0s_u_tkE48uk7Q.roa (raw, json)
Hash identifier:          bEivJ/sCEv6cIsmVdVMTvUvyTe1YCAi4JvoRRcDMdH0=
Subject key identifier:   A7:38:1A:E6:55:E7:4C:E3:C9:37:4B:3F:BB:FB:64:13:8F:2E:93:B4
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019B7E39270877DEC6A6CFBB60E0B24C29BB
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/pzga5lXnTOPJN0s_u_tkE48uk7Q.roa
Signing time:             Fri 02 Jan 2026 10:20:33 +0000
ROA not before:           Fri 02 Jan 2026 10:20:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60558
IP address blocks:        163.5.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:27:08:77:de:c6:a6:cf:bb:60:e0:b2:4c:29:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  2 10:20:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a7381ae655e74ce3c9374b3fbbfb64138f2e93b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:16:4f:16:fd:00:33:1f:f4:6c:2d:db:15:27:
                    c8:1c:c6:b3:f3:10:13:44:26:e2:2e:ab:5a:d3:35:
                    4d:7b:ad:55:05:02:08:a7:7e:bc:60:44:8b:3e:ad:
                    04:18:e5:09:ce:30:3b:dc:e8:44:ad:f5:dd:9e:7c:
                    42:22:85:25:a1:02:ac:1a:52:2c:0a:2d:93:76:b7:
                    9c:7f:0c:53:27:98:77:09:e5:83:e3:48:d0:7c:91:
                    30:27:a3:91:79:b8:0d:da:7c:93:2f:16:e2:6d:4a:
                    cb:95:3a:5c:fc:9b:09:19:ba:1c:b4:23:a1:ce:db:
                    a7:76:cf:4d:da:6f:af:e8:c7:82:8b:46:a8:c7:c5:
                    cb:73:eb:55:62:bf:bf:d3:bf:4c:63:19:c1:90:d7:
                    48:5e:51:97:d3:2d:6e:7c:cf:c1:da:76:c7:31:21:
                    85:59:16:00:9b:fb:be:16:e0:ac:4b:a2:ef:de:51:
                    2d:13:1a:ab:05:1e:3a:e1:d0:bd:c6:00:9c:32:76:
                    e9:09:83:33:7a:9b:15:eb:67:1e:a2:69:93:cb:4a:
                    13:7a:b7:96:a7:ce:8a:de:05:39:90:ff:29:ed:88:
                    c7:96:47:aa:7a:b8:ec:1b:e3:bf:19:43:e1:e1:86:
                    ec:e6:30:14:1b:2e:09:01:10:20:db:ed:d4:02:26:
                    de:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:38:1A:E6:55:E7:4C:E3:C9:37:4B:3F:BB:FB:64:13:8F:2E:93:B4
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/pzga5lXnTOPJN0s_u_tkE48uk7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:a9:d8:6b:a1:16:8e:f6:8b:5c:54:79:3a:be:f6:81:cb:50:
         ae:c0:1d:90:4e:33:18:a1:45:53:f1:78:71:38:d5:24:83:92:
         7a:fa:7e:bb:3a:22:32:7f:a1:ea:47:7b:30:76:cf:aa:75:e8:
         db:2d:f7:ca:f1:a6:27:e3:6b:30:2a:60:ff:1a:44:63:1b:ee:
         a0:1d:b2:32:cb:fe:9c:49:fe:4d:40:9a:ce:7f:d8:32:12:09:
         9b:27:20:de:06:31:bb:d6:07:82:fd:5c:74:b7:f5:e2:cd:ff:
         2f:6a:15:e1:08:76:74:47:4e:46:dd:f2:29:ec:93:e4:29:c1:
         af:ec:71:68:f8:e0:e5:91:58:c9:83:32:77:04:42:4c:ea:17:
         80:16:30:9e:53:17:e5:3c:76:12:d1:91:27:b0:1f:ac:94:46:
         2c:63:d9:89:22:75:08:f8:74:5d:f3:c0:55:16:d3:6b:eb:05:
         a0:a6:b4:e5:90:9c:1f:45:07:43:4e:6e:da:b6:8c:e0:50:70:
         c0:8d:44:ee:66:11:61:3e:c0:22:81:5b:36:6d:83:c4:95:8a:
         2b:fc:37:0d:d8:83:64:05:b2:40:04:5a:7d:08:91:67:72:4e:
         dc:dc:35:41:71:80:1f:72:a8:98:ae:a5:d6:87:b8:5d:55:b9:
         96:2a:d7:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OScId97Gps+7YOCyTCm7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMTAyMTAyMDMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzM4MWFlNjU1ZTc0Y2UzYzkzNzRiM2ZiYmZiNjQxMzhmMmU5M2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBZPFv0AMx/0bC3bFSfIHMaz8xAT
RCbiLqta0zVNe61VBQIIp368YESLPq0EGOUJzjA73OhErfXdnnxCIoUloQKsGlIs
Ci2TdrecfwxTJ5h3CeWD40jQfJEwJ6ORebgN2nyTLxbibUrLlTpc/JsJGboctCOh
ztunds9N2m+v6MeCi0aox8XLc+tVYr+/079MYxnBkNdIXlGX0y1ufM/B2nbHMSGF
WRYAm/u+FuCsS6Lv3lEtExqrBR464dC9xgCcMnbpCYMzepsV62ceommTy0oTereW
p86K3gU5kP8p7YjHlkeqerjsG+O/GUPh4Ybs5jAUGy4JARAg2+3UAibeCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKc4GuZV50zjyTdLP7v7ZBOPLpO0MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvcHpnYTVsWG5UT1BKTjBzX3VfdGtFNDh1azdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowXCMA0G
CSqGSIb3DQEBCwUAA4IBAQCtqdhroRaO9otcVHk6vvaBy1CuwB2QTjMYoUVT8Xhx
ONUkg5J6+n67OiIyf6HqR3swds+qdejbLffK8aYn42swKmD/GkRjG+6gHbIyy/6c
Sf5NQJrOf9gyEgmbJyDeBjG71geC/Vx0t/Xizf8vahXhCHZ0R05G3fIp7JPkKcGv
7HFo+ODlkVjJgzJ3BEJM6heAFjCeUxflPHYS0ZEnsB+slEYsY9mJInUI+HRd88BV
FtNr6wWgprTlkJwfRQdDTm7atozgUHDAjUTuZhFhPsAigVs2bYPElYor/DcN2INk
BbJABFp9CJFnck7c3DVBcYAfcqiYrqXWh7hdVbmWKtc4
-----END CERTIFICATE-----