This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/XKlT2jqfx7mUYQGQILaSz-pvr70.roa
File:                     XKlT2jqfx7mUYQGQILaSz-pvr70.roa (raw, json)
Hash identifier:          djPN7IeVrJFgIcui84THNQwdVbzribIolkuZJaf/8h0=
Subject key identifier:   5C:A9:53:DA:3A:9F:C7:B9:94:61:01:90:20:B6:92:CF:EA:6F:AF:BD
Certificate issuer:       /CN=ffb2627672877d0f6de9bc4e7e186eedd1356110
Certificate serial:       019BB74B74ACA1A24FFBF28CDA3F6D604687
Authority key identifier: FF:B2:62:76:72:87:7D:0F:6D:E9:BC:4E:7E:18:6E:ED:D1:35:61:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/XKlT2jqfx7mUYQGQILaSz-pvr70.roa
Signing time:             Tue 13 Jan 2026 12:18:54 +0000
ROA not before:           Tue 13 Jan 2026 12:18:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59253
IP address blocks:        103.160.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:b7:4b:74:ac:a1:a2:4f:fb:f2:8c:da:3f:6d:60:46:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffb2627672877d0f6de9bc4e7e186eedd1356110
        Validity
            Not Before: Jan 13 12:18:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ca953da3a9fc7b99461019020b692cfea6fafbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:e6:e5:3e:4c:cd:56:42:df:e1:3a:3b:2c:62:
                    cd:ba:5d:d7:5a:80:75:17:eb:11:a3:1d:23:9e:89:
                    f6:45:cb:48:8b:71:f9:89:fe:e5:34:22:12:d6:49:
                    ad:10:57:ec:aa:d1:2d:02:16:eb:d4:96:4b:65:ce:
                    9e:ed:88:be:67:d6:ce:c9:71:7b:07:80:da:59:54:
                    63:16:1a:96:36:bf:08:99:1a:78:48:b8:2a:c1:e9:
                    34:d0:85:c9:6f:98:e5:4f:90:ed:b1:f4:ad:eb:66:
                    6c:19:cb:b7:ae:dd:36:04:5d:be:68:45:8d:d0:2a:
                    b2:a1:74:32:a9:42:6e:92:01:cc:14:35:e8:ae:b4:
                    7c:49:75:67:e4:e7:17:c7:8d:4e:9c:06:75:f0:59:
                    f6:bf:b5:ce:4a:90:5a:61:19:3e:c9:65:18:78:a8:
                    35:e0:d2:0b:9f:e9:c7:98:36:a1:b6:ef:e4:35:e2:
                    2d:e8:81:a6:11:a4:75:5f:14:a2:b4:9d:3a:44:4a:
                    18:95:ca:b4:de:c3:3b:85:91:39:7e:39:1e:5f:d9:
                    ca:8b:31:c3:db:7d:1a:9b:0a:0e:7c:1a:b9:cd:09:
                    39:29:1a:e5:7c:3c:04:67:18:e4:d3:7b:da:dd:3c:
                    c5:4f:e2:e6:50:ad:c9:81:30:72:b3:97:f7:00:03:
                    ed:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:A9:53:DA:3A:9F:C7:B9:94:61:01:90:20:B6:92:CF:EA:6F:AF:BD
            X509v3 Authority Key Identifier:
                keyid:FF:B2:62:76:72:87:7D:0F:6D:E9:BC:4E:7E:18:6E:ED:D1:35:61:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_7JidnKHfQ9t6bxOfhhu7dE1YRA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/XKlT2jqfx7mUYQGQILaSz-pvr70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/22c510-3480-4ce1-8dd8-19746947558d/1/_7JidnKHfQ9t6bxOfhhu7dE1YRA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.160.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:39:6a:21:56:63:d6:86:74:8e:3b:40:a8:a5:8b:ac:2a:46:
         22:91:54:c8:03:d2:51:af:68:aa:1c:df:0f:2b:67:8d:f1:5b:
         70:92:62:97:d6:b4:63:fd:79:23:98:d4:bc:44:d5:11:98:0d:
         20:08:34:50:cc:6e:fb:2e:37:27:1b:b6:d2:e1:56:4c:85:97:
         bd:08:ec:7e:1c:09:e6:90:85:49:74:ea:26:97:cd:9b:c0:d3:
         d2:a1:a1:f3:c5:2e:8d:ce:91:0e:66:2d:0d:d9:da:aa:53:f9:
         60:e5:11:f5:ba:ad:6f:c8:b7:00:06:35:f0:a9:cd:57:09:a3:
         f5:34:26:45:1a:51:c5:d7:c6:87:dd:8c:00:f7:d3:23:15:75:
         d4:ba:11:bd:0c:7d:a2:b8:10:67:ae:c4:73:c9:f6:86:7c:79:
         f8:76:71:b3:cb:05:4f:87:4e:e3:ee:ea:74:a2:6a:9c:20:ea:
         12:53:7f:a7:41:fb:21:60:25:bb:65:5a:d0:96:c9:d4:9f:ae:
         9f:8c:ea:09:7d:21:e0:45:ec:a3:a3:19:8e:00:e2:0a:72:a7:
         79:69:02:7c:df:65:f5:4a:56:bc:58:3b:1a:0c:5f:05:77:d9:
         9f:90:a5:97:3d:63:50:8f:da:c6:71:5a:b5:40:4c:9b:db:27:
         17:8f:1c:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZu3S3SsoaJP+/KM2j9tYEaHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYjI2Mjc2NzI4NzdkMGY2ZGU5YmM0ZTdlMTg2ZWVkZDEz
NTYxMTAwHhcNMjYwMTEzMTIxODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2E5NTNkYTNhOWZjN2I5OTQ2MTAxOTAyMGI2OTJjZmVhNmZhZmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0OblPkzNVkLf4To7LGLNul3XWoB1
F+sRox0jnon2RctIi3H5if7lNCIS1kmtEFfsqtEtAhbr1JZLZc6e7Yi+Z9bOyXF7
B4DaWVRjFhqWNr8ImRp4SLgqwek00IXJb5jlT5DtsfSt62ZsGcu3rt02BF2+aEWN
0CqyoXQyqUJukgHMFDXorrR8SXVn5OcXx41OnAZ18Fn2v7XOSpBaYRk+yWUYeKg1
4NILn+nHmDahtu/kNeIt6IGmEaR1XxSitJ06REoYlcq03sM7hZE5fjkeX9nKizHD
230amwoOfBq5zQk5KRrlfDwEZxjk03va3TzFT+LmUK3JgTBys5f3AAPtnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFypU9o6n8e5lGEBkCC2ks/qb6+9MB8GA1UdIwQY
MBaAFP+yYnZyh30Pbem8Tn4Ybu3RNWEQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzdKaWRuS0hmUTl0NmJ4T2ZoaHU3ZEUxWVJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8yMmM1MTAtMzQ4MC00Y2UxLThkZDgt
MTk3NDY5NDc1NThkLzEvWEtsVDJqcWZ4N21VWVFHUUlMYVN6LXB2cjcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8yMmM1MTAtMzQ4MC00Y2UxLThkZDgtMTk3NDY5NDc1NThk
LzEvXzdKaWRuS0hmUTl0NmJ4T2ZoaHU3ZEUxWVJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ6A6MA0G
CSqGSIb3DQEBCwUAA4IBAQBrOWohVmPWhnSOO0CopYusKkYikVTIA9JRr2iqHN8P
K2eN8VtwkmKX1rRj/XkjmNS8RNURmA0gCDRQzG77LjcnG7bS4VZMhZe9COx+HAnm
kIVJdOoml82bwNPSoaHzxS6NzpEOZi0N2dqqU/lg5RH1uq1vyLcABjXwqc1XCaP1
NCZFGlHF18aH3YwA99MjFXXUuhG9DH2iuBBnrsRzyfaGfHn4dnGzywVPh07j7up0
omqcIOoSU3+nQfshYCW7ZVrQlsnUn66fjOoJfSHgReyjoxmOAOIKcqd5aQJ832X1
Sla8WDsaDF8Fd9mfkKWXPWNQj9rGcVq1QEyb2ycXjxwR
-----END CERTIFICATE-----