This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/a0fae1-40ee-4191-b2d4-eaa090514b52/1/16Wly6tf9ZCRlJ1eLRRr8Q4xzIw.roa
File:                     16Wly6tf9ZCRlJ1eLRRr8Q4xzIw.roa (raw, json)
Hash identifier:          Kp7oiL6STzpmE+EAdvQJo2k6GaSB6dYQxfvWJmxfMsM=
Subject key identifier:   D7:A5:A5:CB:AB:5F:F5:90:91:94:9D:5E:2D:14:6B:F1:0E:31:CC:8C
Certificate issuer:       /CN=382e533033b3ce95e4972bf2382ddac293c2dc01
Certificate serial:       019B7F84F4D48706C85C20130495676BF571
Authority key identifier: 38:2E:53:30:33:B3:CE:95:E4:97:2B:F2:38:2D:DA:C2:93:C2:DC:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OC5TMDOzzpXklyvyOC3awpPC3AE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/a0fae1-40ee-4191-b2d4-eaa090514b52/1/16Wly6tf9ZCRlJ1eLRRr8Q4xzIw.roa
Signing time:             Fri 02 Jan 2026 16:22:58 +0000
ROA not before:           Fri 02 Jan 2026 16:22:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200019
IP address blocks:        5.63.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/a0fae1-40ee-4191-b2d4-eaa090514b52/1/OC5TMDOzzpXklyvyOC3awpPC3AE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/a0fae1-40ee-4191-b2d4-eaa090514b52/1/OC5TMDOzzpXklyvyOC3awpPC3AE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OC5TMDOzzpXklyvyOC3awpPC3AE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:f4:d4:87:06:c8:5c:20:13:04:95:67:6b:f5:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=382e533033b3ce95e4972bf2382ddac293c2dc01
        Validity
            Not Before: Jan  2 16:22:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d7a5a5cbab5ff59091949d5e2d146bf10e31cc8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d0:c2:fd:f3:6a:bd:f5:1e:89:69:68:ef:f9:
                    3d:a6:d6:5e:43:e1:27:d9:68:e2:25:ec:69:91:11:
                    3e:6d:d5:25:98:0a:dc:93:db:83:7a:cb:82:7b:79:
                    c8:13:db:69:7f:16:4e:de:2e:bc:c8:53:cd:0c:2f:
                    a2:a6:64:e1:f4:58:f8:1c:46:71:ba:e9:9d:be:70:
                    37:ee:11:3c:ec:d6:4d:eb:b1:66:30:8c:48:37:cf:
                    e5:e9:39:11:14:f7:08:a5:26:1c:b7:3c:b5:87:9b:
                    c1:a9:68:ce:e1:69:a0:05:c6:c9:7f:f3:12:28:cc:
                    a9:c2:7e:f8:f5:8b:08:92:d8:5d:e1:5a:14:b2:b3:
                    67:0e:bb:4c:9d:09:c5:7a:5b:33:32:cc:45:1f:5f:
                    de:04:b3:16:e7:30:3b:c9:7a:13:84:25:63:d0:89:
                    e8:6a:33:7b:59:1c:6c:f9:ce:20:e8:32:75:23:99:
                    87:d5:9a:b6:9b:7e:2d:8d:d6:7c:f8:53:8b:13:db:
                    01:2b:a2:e2:5d:db:b3:57:4c:a4:5e:68:bd:d7:37:
                    43:ed:b0:4a:91:03:ef:f9:c4:c5:62:af:01:34:79:
                    60:fe:70:14:a3:63:1d:d8:cf:94:78:73:36:b0:b0:
                    12:37:b1:d4:e3:a3:bd:f5:a3:85:85:e0:ef:28:e9:
                    ac:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:A5:A5:CB:AB:5F:F5:90:91:94:9D:5E:2D:14:6B:F1:0E:31:CC:8C
            X509v3 Authority Key Identifier:
                keyid:38:2E:53:30:33:B3:CE:95:E4:97:2B:F2:38:2D:DA:C2:93:C2:DC:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OC5TMDOzzpXklyvyOC3awpPC3AE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/a0fae1-40ee-4191-b2d4-eaa090514b52/1/16Wly6tf9ZCRlJ1eLRRr8Q4xzIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/a0fae1-40ee-4191-b2d4-eaa090514b52/1/OC5TMDOzzpXklyvyOC3awpPC3AE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:c2:56:ce:2a:99:ed:50:a2:0c:8f:65:3e:57:36:b8:a3:a4:
         55:cb:74:62:56:08:00:40:71:74:9f:72:ac:ba:4b:11:4d:19:
         df:71:80:ea:a3:21:21:47:48:45:b7:33:4b:0a:d7:91:78:d4:
         dc:2b:26:78:30:08:c8:07:4c:76:73:b4:2e:7a:79:e2:36:6f:
         7c:57:97:15:82:d1:62:a5:e9:b6:07:fe:ad:f5:98:bc:24:c7:
         bc:93:f9:5d:2e:84:69:c8:a6:92:a6:b8:14:b4:b1:4a:d1:a1:
         48:e2:52:cb:87:5e:57:8e:4b:79:8f:da:c3:96:de:8c:3c:fc:
         9c:8d:62:4b:a1:1d:89:af:94:38:bb:37:ac:4d:60:47:5f:b0:
         a7:42:ab:7d:77:db:76:d1:ab:12:90:eb:44:ce:77:70:57:7b:
         1a:0a:53:63:53:3a:1a:79:19:87:77:46:4f:00:15:03:33:6d:
         7c:05:04:b7:bc:eb:01:79:65:cd:1d:77:06:c3:b1:f9:c5:2c:
         99:9c:b9:85:8b:f8:bf:b2:0d:c2:13:1a:59:a0:01:bc:67:1c:
         0e:f3:cd:ae:45:0b:53:35:eb:c9:b6:36:c1:13:5c:1f:63:fe:
         2b:92:fc:a4:41:bc:0b:0e:50:ab:f6:58:5a:bb:d5:77:9d:83:
         93:eb:c3:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hPTUhwbIXCATBJVna/VxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MmU1MzMwMzNiM2NlOTVlNDk3MmJmMjM4MmRkYWMyOTNj
MmRjMDEwHhcNMjYwMTAyMTYyMjU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2E1YTVjYmFiNWZmNTkwOTE5NDlkNWUyZDE0NmJmMTBlMzFjYzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdDC/fNqvfUeiWlo7/k9ptZeQ+En
2WjiJexpkRE+bdUlmArck9uDesuCe3nIE9tpfxZO3i68yFPNDC+ipmTh9Fj4HEZx
uumdvnA37hE87NZN67FmMIxIN8/l6TkRFPcIpSYctzy1h5vBqWjO4WmgBcbJf/MS
KMypwn749YsIkthd4VoUsrNnDrtMnQnFelszMsxFH1/eBLMW5zA7yXoThCVj0Ino
ajN7WRxs+c4g6DJ1I5mH1Zq2m34tjdZ8+FOLE9sBK6LiXduzV0ykXmi91zdD7bBK
kQPv+cTFYq8BNHlg/nAUo2Md2M+UeHM2sLASN7HU46O99aOFheDvKOmsqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNelpcurX/WQkZSdXi0Ua/EOMcyMMB8GA1UdIwQY
MBaAFDguUzAzs86V5Jcr8jgt2sKTwtwBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0M1VE1ET3p6cFhrbHl2eU9DM2F3cFBDM0FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9hMGZhZTEtNDBlZS00MTkxLWIyZDQt
ZWFhMDkwNTE0YjUyLzEvMTZXbHk2dGY5WkNSbEoxZUxSUnI4UTR4ekl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9hMGZhZTEtNDBlZS00MTkxLWIyZDQtZWFhMDkwNTE0YjUy
LzEvT0M1VE1ET3p6cFhrbHl2eU9DM2F3cFBDM0FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABT8TMA0G
CSqGSIb3DQEBCwUAA4IBAQA0wlbOKpntUKIMj2U+Vza4o6RVy3RiVggAQHF0n3Ks
uksRTRnfcYDqoyEhR0hFtzNLCteReNTcKyZ4MAjIB0x2c7QuenniNm98V5cVgtFi
pem2B/6t9Zi8JMe8k/ldLoRpyKaSprgUtLFK0aFI4lLLh15Xjkt5j9rDlt6MPPyc
jWJLoR2Jr5Q4uzesTWBHX7CnQqt9d9t20asSkOtEzndwV3saClNjUzoaeRmHd0ZP
ABUDM218BQS3vOsBeWXNHXcGw7H5xSyZnLmFi/i/sg3CExpZoAG8ZxwO882uRQtT
NevJtjbBE1wfY/4rkvykQbwLDlCr9lhau9V3nYOT68Pf
-----END CERTIFICATE-----