This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pxJLf_SnyYQPkS6jULkJowf-YNs.roa
File:                     pxJLf_SnyYQPkS6jULkJowf-YNs.roa (raw, json)
Hash identifier:          ObTk5ybJvZUQ/IiOdX3wubDRQ4h3MSzCcvSxdGLH+xA=
Subject key identifier:   A7:12:4B:7F:F4:A7:C9:84:0F:91:2E:A3:50:B9:09:A3:07:FE:60:DB
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       019B78344C82241019D33BB97EF19E453402
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pxJLf_SnyYQPkS6jULkJowf-YNs.roa
Signing time:             Thu 01 Jan 2026 06:17:31 +0000
ROA not before:           Thu 01 Jan 2026 06:17:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40065
IP address blocks:        5.253.16.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 20:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:4c:82:24:10:19:d3:3b:b9:7e:f1:9e:45:34:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  1 06:17:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a7124b7ff4a7c9840f912ea350b909a307fe60db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a0:77:89:19:1b:60:37:a5:99:ec:8a:42:d3:
                    68:6c:2a:ba:6c:1b:50:a7:31:89:f4:e5:bf:9d:d0:
                    da:38:49:f0:8f:c5:a2:26:ba:5f:32:3e:d8:00:4a:
                    89:ad:16:84:32:51:55:69:4f:13:61:3f:69:2c:6f:
                    6d:c4:4b:65:0d:3a:a0:86:61:0a:54:b4:36:74:25:
                    77:0b:5e:5a:d1:25:d1:cf:db:cb:dd:f9:b9:7b:da:
                    06:32:92:6d:d7:7c:d7:ff:03:6d:5d:72:a6:39:84:
                    77:32:c1:af:cc:12:71:b7:48:4e:d9:78:de:87:97:
                    56:a7:e8:c4:96:b1:b9:f8:8f:fb:2d:71:cb:d1:e8:
                    e4:28:e6:d2:85:3a:de:f5:bc:d4:92:68:9b:83:14:
                    79:86:b5:96:cf:b7:a6:2f:51:6e:79:66:d7:5b:49:
                    3c:b9:ed:df:ae:b4:32:d1:00:a7:43:1c:0a:f0:a4:
                    80:12:35:20:d2:b2:23:99:97:62:b5:a1:7a:56:5f:
                    96:ca:0c:11:9d:a1:c4:9a:aa:c4:3f:e9:68:0f:9f:
                    eb:99:a7:db:f6:a8:b6:07:fc:ef:24:51:e2:d6:38:
                    01:6f:22:94:26:23:44:e0:49:e5:16:03:4d:6c:74:
                    49:c3:49:41:92:d6:b1:60:98:c1:3a:de:86:0c:0f:
                    6c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:12:4B:7F:F4:A7:C9:84:0F:91:2E:A3:50:B9:09:A3:07:FE:60:DB
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pxJLf_SnyYQPkS6jULkJowf-YNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:5b:d5:a9:e0:79:cf:13:40:9a:6e:3f:9d:f1:ca:a7:28:b2:
         dc:fb:e3:29:6d:9b:82:ac:a0:98:7a:05:ba:55:58:d0:cf:14:
         bb:24:26:53:70:43:b0:2e:af:e5:ba:4b:9f:f1:14:8a:c1:13:
         5c:ba:6d:c2:6c:58:c7:47:d3:3f:c8:7a:92:a3:01:d4:8a:8e:
         5a:c1:15:ec:3d:79:10:f9:65:c3:4f:51:25:ba:da:4c:72:3d:
         bb:5a:ee:fe:33:d1:b2:be:9c:8f:05:b2:ad:5b:91:9f:cf:55:
         2c:a9:96:59:21:4f:8e:be:0a:64:7f:9c:7d:a8:96:0f:b1:cc:
         1c:d7:a4:62:ab:bd:f6:9a:68:9a:81:83:9f:cf:93:b5:cb:71:
         18:17:4e:3a:b9:f6:df:b4:b0:e0:34:d4:d3:19:78:67:70:11:
         9f:74:72:cf:96:40:4b:1f:cb:13:b1:44:c0:b1:6d:35:31:d5:
         95:fb:28:dc:f3:55:e4:65:3c:38:0a:45:b9:66:aa:3a:90:25:
         d0:b0:e4:a5:6c:30:42:f0:ac:f0:17:99:12:f0:e5:b9:55:7a:
         d4:d6:2c:b5:d2:de:b3:98:97:5a:d0:21:ce:02:17:37:3d:c6:
         e8:5d:62:3f:3d:01:c3:98:74:e8:24:4a:26:a3:21:34:69:bf:
         73:89:97:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NEyCJBAZ0zu5fvGeRTQCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjYwMTAxMDYxNzMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzEyNGI3ZmY0YTdjOTg0MGY5MTJlYTM1MGI5MDlhMzA3ZmU2MGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqB3iRkbYDelmeyKQtNobCq6bBtQ
pzGJ9OW/ndDaOEnwj8WiJrpfMj7YAEqJrRaEMlFVaU8TYT9pLG9txEtlDTqghmEK
VLQ2dCV3C15a0SXRz9vL3fm5e9oGMpJt13zX/wNtXXKmOYR3MsGvzBJxt0hO2Xje
h5dWp+jElrG5+I/7LXHL0ejkKObShTre9bzUkmibgxR5hrWWz7emL1FueWbXW0k8
ue3frrQy0QCnQxwK8KSAEjUg0rIjmZditaF6Vl+WygwRnaHEmqrEP+loD5/rmafb
9qi2B/zvJFHi1jgBbyKUJiNE4EnlFgNNbHRJw0lBktaxYJjBOt6GDA9sKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKcSS3/0p8mED5Euo1C5CaMH/mDbMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvcHhKTGZfU255WVFQa1M2alVMa0pvd2YtWU5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBf0QMA0G
CSqGSIb3DQEBCwUAA4IBAQAzW9Wp4HnPE0Cabj+d8cqnKLLc++MpbZuCrKCYegW6
VVjQzxS7JCZTcEOwLq/lukuf8RSKwRNcum3CbFjHR9M/yHqSowHUio5awRXsPXkQ
+WXDT1ElutpMcj27Wu7+M9GyvpyPBbKtW5Gfz1UsqZZZIU+Ovgpkf5x9qJYPscwc
16Riq732mmiagYOfz5O1y3EYF046ufbftLDgNNTTGXhncBGfdHLPlkBLH8sTsUTA
sW01MdWV+yjc81XkZTw4CkW5Zqo6kCXQsOSlbDBC8KzwF5kS8OW5VXrU1iy10t6z
mJda0CHOAhc3PcboXWI/PQHDmHToJEomoyE0ab9ziZed
-----END CERTIFICATE-----