This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/xuBaEaM-kGZLo0GGVcxXCnPYwj0.roa
File:                     xuBaEaM-kGZLo0GGVcxXCnPYwj0.roa (raw, json)
Hash identifier:          UWLqwQmmXA6VBCPC2stlSVjdYMGJkIVAySy8yOsQSvw=
Subject key identifier:   C6:E0:5A:11:A3:3E:90:66:4B:A3:41:86:55:CC:57:0A:73:D8:C2:3D
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019B7E393B8978B48B5E9CF9B5A506C74620
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/xuBaEaM-kGZLo0GGVcxXCnPYwj0.roa
Signing time:             Fri 02 Jan 2026 10:20:38 +0000
ROA not before:           Fri 02 Jan 2026 10:20:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212489
IP address blocks:        163.5.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:3b:89:78:b4:8b:5e:9c:f9:b5:a5:06:c7:46:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  2 10:20:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c6e05a11a33e90664ba3418655cc570a73d8c23d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:40:72:66:03:43:9a:9c:67:3f:52:77:16:01:
                    b6:14:13:57:c9:2a:b3:bd:f7:03:d5:9c:a6:06:1f:
                    8b:5f:f6:5a:b8:b3:24:7c:57:38:cf:69:a0:b1:df:
                    cb:0b:46:4e:10:c7:a5:f3:40:d4:f1:34:e0:21:34:
                    f7:8b:f9:1d:f6:16:84:3a:85:7b:17:d3:81:9f:0a:
                    25:5b:9b:92:1c:5a:61:e7:e7:5c:b3:14:0d:2d:f6:
                    db:cf:e6:fd:98:56:3f:ad:a5:90:84:72:b2:7e:5f:
                    dd:6f:a7:5c:45:91:7b:72:bb:c7:12:12:c1:16:28:
                    c7:82:40:d3:70:f1:5d:23:c7:de:37:da:93:b9:4b:
                    41:e6:c1:59:b7:0d:0f:55:89:ad:73:59:cc:60:ee:
                    d0:d0:64:d1:77:ee:92:f7:d0:53:72:a6:bc:5a:d0:
                    8d:9f:8f:d6:8c:b1:f6:14:47:c0:c8:2b:fe:c5:74:
                    6a:66:e3:ed:d3:c2:c4:43:f5:11:4e:12:c5:88:ab:
                    bd:e2:f1:88:94:63:7b:8a:25:70:b5:59:f8:dc:75:
                    18:1f:69:c1:9b:d8:af:7d:df:73:9b:fa:22:2c:ec:
                    f6:f8:ce:20:4a:b7:f1:4d:34:f3:56:db:89:64:11:
                    f9:53:ff:18:2b:ec:ec:ea:3d:bd:1e:21:d7:e1:3b:
                    8f:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:E0:5A:11:A3:3E:90:66:4B:A3:41:86:55:CC:57:0A:73:D8:C2:3D
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/xuBaEaM-kGZLo0GGVcxXCnPYwj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:73:cb:3f:a5:ee:8a:f7:a1:64:cb:06:44:87:06:3a:9c:79:
         0d:23:dd:83:63:7d:95:e9:34:62:82:03:dd:2a:f5:56:e2:d9:
         15:67:e8:c3:29:31:1e:fb:b2:9c:46:2a:0f:3c:24:92:05:94:
         e0:db:07:b8:3e:01:9f:92:ca:68:85:7a:3d:81:db:47:2b:de:
         9f:89:f3:4e:3c:9f:d6:84:ff:06:1f:d3:2d:ec:71:66:d7:f2:
         2b:10:c8:3a:45:7d:46:cd:3d:99:68:0f:a4:47:48:5e:cd:0c:
         58:4d:e7:0d:2a:bb:7b:0c:c5:bb:9e:b5:aa:9a:38:49:74:ab:
         a5:5b:fe:dd:21:02:4e:0a:8e:8b:55:23:f1:a3:3b:ac:09:40:
         fa:2a:63:e9:9d:0a:18:f6:fd:9d:08:01:5b:10:73:3d:57:a6:
         c6:b7:85:19:b2:0e:4d:b0:9c:30:d6:b5:50:44:d5:ae:30:a0:
         56:11:ae:c6:8c:68:f0:41:69:99:3c:fd:e7:1a:45:d9:e7:b0:
         6e:85:0d:65:47:eb:aa:4e:61:7c:97:0a:c0:9d:21:fa:8e:39:
         d0:9f:ae:91:c5:74:fa:83:f8:38:a1:06:8a:22:3b:71:c1:ed:
         94:45:8d:2f:94:2f:90:66:36:f4:d8:1d:55:83:21:9f:56:bc:
         56:07:c9:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OTuJeLSLXpz5taUGx0YgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMTAyMTAyMDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmUwNWExMWEzM2U5MDY2NGJhMzQxODY1NWNjNTcwYTczZDhjMjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEByZgNDmpxnP1J3FgG2FBNXySqz
vfcD1ZymBh+LX/ZauLMkfFc4z2mgsd/LC0ZOEMel80DU8TTgITT3i/kd9haEOoV7
F9OBnwolW5uSHFph5+dcsxQNLfbbz+b9mFY/raWQhHKyfl/db6dcRZF7crvHEhLB
FijHgkDTcPFdI8feN9qTuUtB5sFZtw0PVYmtc1nMYO7Q0GTRd+6S99BTcqa8WtCN
n4/WjLH2FEfAyCv+xXRqZuPt08LEQ/URThLFiKu94vGIlGN7iiVwtVn43HUYH2nB
m9ivfd9zm/oiLOz2+M4gSrfxTTTzVtuJZBH5U/8YK+zs6j29HiHX4TuPwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMbgWhGjPpBmS6NBhlXMVwpz2MI9MB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEveHVCYUVhTS1rR1pMbzBHR1ZjeFhDblBZd2owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUFMA0G
CSqGSIb3DQEBCwUAA4IBAQBvc8s/pe6K96FkywZEhwY6nHkNI92DY32V6TRiggPd
KvVW4tkVZ+jDKTEe+7KcRioPPCSSBZTg2we4PgGfkspohXo9gdtHK96fifNOPJ/W
hP8GH9Mt7HFm1/IrEMg6RX1GzT2ZaA+kR0hezQxYTecNKrt7DMW7nrWqmjhJdKul
W/7dIQJOCo6LVSPxozusCUD6KmPpnQoY9v2dCAFbEHM9V6bGt4UZsg5NsJww1rVQ
RNWuMKBWEa7GjGjwQWmZPP3nGkXZ57BuhQ1lR+uqTmF8lwrAnSH6jjnQn66RxXT6
g/g4oQaKIjtxwe2URY0vlC+QZjb02B1VgyGfVrxWB8lH
-----END CERTIFICATE-----