This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/pVvMXgDr2GkTCSK_5f1ePFciEQg.roa
File:                     pVvMXgDr2GkTCSK_5f1ePFciEQg.roa (raw, json)
Hash identifier:          mh5BsWHtCJfZ4gQ+iPPY97N+I0ndF/4yXsY9SvO6gqo=
Subject key identifier:   A5:5B:CC:5E:00:EB:D8:69:13:09:22:BF:E5:FD:5E:3C:57:22:11:08
Certificate issuer:       /CN=d894365b28a082834a751a97771b791124524dec
Certificate serial:       019B7BA434363604045C42618AF5194B0736
Authority key identifier: D8:94:36:5B:28:A0:82:83:4A:75:1A:97:77:1B:79:11:24:52:4D:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/pVvMXgDr2GkTCSK_5f1ePFciEQg.roa
Signing time:             Thu 01 Jan 2026 22:18:37 +0000
ROA not before:           Thu 01 Jan 2026 22:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        159.253.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:34:36:36:04:04:5c:42:61:8a:f5:19:4b:07:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d894365b28a082834a751a97771b791124524dec
        Validity
            Not Before: Jan  1 22:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a55bcc5e00ebd869130922bfe5fd5e3c57221108
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:81:53:43:3e:60:87:66:a2:0e:14:16:af:66:
                    64:f6:78:56:cc:02:6f:80:95:24:45:42:12:45:d9:
                    59:cf:65:8f:50:08:dd:ee:21:ad:c4:f4:1d:eb:0c:
                    e6:f3:e9:7e:78:cb:81:e0:2e:ec:8e:6f:b0:53:84:
                    9f:40:c3:a9:0e:ee:86:95:53:b4:70:ff:d0:92:4d:
                    54:ce:20:56:8b:f2:2f:ea:09:f4:2b:79:a9:46:d7:
                    c0:fd:23:09:df:6d:e8:e4:8e:ee:61:f8:8b:1f:78:
                    57:bd:86:8c:38:a9:75:b6:03:23:bf:3c:53:b8:41:
                    6c:a4:6c:d1:4c:0f:8b:8b:7c:f7:55:60:88:5e:a7:
                    e7:4e:01:c4:54:fa:b1:b1:18:03:91:84:fd:68:97:
                    1a:0d:59:08:41:84:e9:89:da:5c:00:f9:53:d8:2e:
                    37:06:43:31:72:e6:a1:cd:08:4e:74:1d:51:e4:7a:
                    a2:e2:44:99:00:d9:c3:ac:ce:ee:bd:68:e1:60:66:
                    7a:02:97:63:d6:47:32:16:37:f7:6d:37:5b:93:50:
                    51:be:fb:4d:e5:c6:30:c9:9b:8b:87:71:c3:77:db:
                    3a:87:00:e7:56:9a:60:19:71:36:f7:88:17:98:31:
                    49:18:78:83:34:ac:69:18:a3:55:71:ba:09:85:71:
                    8c:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:5B:CC:5E:00:EB:D8:69:13:09:22:BF:E5:FD:5E:3C:57:22:11:08
            X509v3 Authority Key Identifier:
                keyid:D8:94:36:5B:28:A0:82:83:4A:75:1A:97:77:1B:79:11:24:52:4D:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/pVvMXgDr2GkTCSK_5f1ePFciEQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.253.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:c2:7e:ae:8e:82:7b:7e:f4:a3:87:69:8a:0d:36:ff:8a:66:
         e3:b1:ba:51:c4:04:0a:1b:af:2c:d8:d7:1d:95:4b:b4:b5:2c:
         0d:b6:a4:ed:4c:81:07:01:04:25:0a:69:a6:94:26:c4:67:ac:
         7f:29:74:93:fd:cf:50:fe:c8:75:11:9e:38:32:d0:d0:f6:63:
         99:a6:94:55:39:f9:49:b9:db:0f:1b:aa:99:eb:ef:4e:80:3d:
         d8:94:0e:ac:83:e6:fc:7a:f7:e4:5d:4b:39:2f:0b:54:e4:b5:
         19:3d:4a:40:59:d9:d6:bf:64:94:2f:b0:7c:51:4d:94:62:6a:
         1f:56:6b:5e:a4:ff:e7:70:70:e6:25:cd:13:54:e6:20:70:c6:
         54:84:36:86:a8:9d:55:6e:84:64:d7:41:da:6a:ad:a3:a1:90:
         56:1c:4c:ad:26:e3:9b:5d:29:c0:26:5d:52:b1:fa:49:8b:09:
         a0:ab:01:54:54:12:92:e3:29:46:fd:56:6f:55:cd:53:77:a2:
         98:6d:80:46:c3:41:c6:7f:0e:d3:ba:c5:60:d6:27:ec:dc:8d:
         04:2a:17:b0:3b:e7:57:4d:11:dc:f3:b3:7e:41:9c:8c:d1:78:
         ba:54:a8:d9:3a:5b:91:0d:e6:a6:fd:47:ed:b4:66:9c:dc:33:
         d4:d4:79:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pDQ2NgQEXEJhivUZSwc2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4OTQzNjViMjhhMDgyODM0YTc1MWE5Nzc3MWI3OTExMjQ1
MjRkZWMwHhcNMjYwMTAxMjIxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTViY2M1ZTAwZWJkODY5MTMwOTIyYmZlNWZkNWUzYzU3MjIxMTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYFTQz5gh2aiDhQWr2Zk9nhWzAJv
gJUkRUISRdlZz2WPUAjd7iGtxPQd6wzm8+l+eMuB4C7sjm+wU4SfQMOpDu6GlVO0
cP/Qkk1UziBWi/Iv6gn0K3mpRtfA/SMJ323o5I7uYfiLH3hXvYaMOKl1tgMjvzxT
uEFspGzRTA+Li3z3VWCIXqfnTgHEVPqxsRgDkYT9aJcaDVkIQYTpidpcAPlT2C43
BkMxcuahzQhOdB1R5Hqi4kSZANnDrM7uvWjhYGZ6Apdj1kcyFjf3bTdbk1BRvvtN
5cYwyZuLh3HDd9s6hwDnVppgGXE294gXmDFJGHiDNKxpGKNVcboJhXGMwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVbzF4A69hpEwkiv+X9XjxXIhEIMB8GA1UdIwQY
MBaAFNiUNlsooIKDSnUal3cbeREkUk3sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkpRMld5aWdnb05LZFJxWGR4dDVFU1JTVGV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9hNjA3ZjQtMTVkYy00ZGI1LTk2MDEt
MjE0NjE3OWQ4ZTJiLzEvcFZ2TVhnRHIyR2tUQ1NLXzVmMWVQRmNpRVFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9hNjA3ZjQtMTVkYy00ZGI1LTk2MDEtMjE0NjE3OWQ4ZTJi
LzEvMkpRMld5aWdnb05LZFJxWGR4dDVFU1JTVGV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn/2kMA0G
CSqGSIb3DQEBCwUAA4IBAQC9wn6ujoJ7fvSjh2mKDTb/imbjsbpRxAQKG68s2Ncd
lUu0tSwNtqTtTIEHAQQlCmmmlCbEZ6x/KXST/c9Q/sh1EZ44MtDQ9mOZppRVOflJ
udsPG6qZ6+9OgD3YlA6sg+b8evfkXUs5LwtU5LUZPUpAWdnWv2SUL7B8UU2UYmof
VmtepP/ncHDmJc0TVOYgcMZUhDaGqJ1VboRk10Haaq2joZBWHEytJuObXSnAJl1S
sfpJiwmgqwFUVBKS4ylG/VZvVc1Td6KYbYBGw0HGfw7TusVg1ifs3I0EKhewO+dX
TRHc87N+QZyM0Xi6VKjZOluRDeam/UfttGac3DPU1Hk6
-----END CERTIFICATE-----