This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/gi_jKcnD5ZlNfuiX-SEBuxAWKMA.roa
File:                     gi_jKcnD5ZlNfuiX-SEBuxAWKMA.roa (raw, json)
Hash identifier:          2nBNW1G5KCf5sN8iQo1+1/1/GwjE3xliBafaPFa781A=
Subject key identifier:   82:2F:E3:29:C9:C3:E5:99:4D:7E:E8:97:F9:21:01:BB:10:16:28:C0
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019BE0FF10EC60F503B0B492190D0F9F59CE
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/gi_jKcnD5ZlNfuiX-SEBuxAWKMA.roa
Signing time:             Wed 21 Jan 2026 14:39:30 +0000
ROA not before:           Wed 21 Jan 2026 14:39:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198584
IP address blocks:        163.5.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:e0:ff:10:ec:60:f5:03:b0:b4:92:19:0d:0f:9f:59:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan 21 14:39:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=822fe329c9c3e5994d7ee897f92101bb101628c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b3:72:5c:b7:6d:a1:b3:67:11:bb:65:a4:45:
                    42:e9:f9:84:28:d6:f7:24:58:2e:9c:19:0b:ac:ae:
                    18:dc:2c:ef:4c:ba:5c:92:99:62:5b:1b:32:b0:73:
                    dc:27:e2:59:36:f0:29:77:95:7d:b1:f2:81:17:03:
                    4c:d1:61:90:f4:12:39:90:5f:e3:2b:36:e7:6a:35:
                    42:38:d5:87:08:28:0b:74:90:79:6c:64:f7:0f:8d:
                    a3:46:57:97:c3:2f:32:88:3d:cd:83:06:f1:f8:a6:
                    0d:18:d2:f6:16:56:7b:02:c4:16:fb:69:36:3e:00:
                    d6:03:c6:d6:66:73:73:3b:78:49:14:7e:14:fa:4e:
                    46:93:56:ca:e9:e4:9f:8e:03:e0:07:91:3b:79:28:
                    73:af:30:88:95:a7:96:9d:38:b1:40:9d:61:8c:b6:
                    df:2e:8b:0d:9e:8a:5e:b3:a2:2e:a8:4d:2e:14:b4:
                    7e:8f:38:4a:5b:9b:49:31:1a:bf:36:32:89:4e:1e:
                    8e:40:25:4c:40:26:28:93:90:aa:74:04:78:2f:8b:
                    ef:9f:42:1e:12:20:c9:dc:3a:0c:2c:fd:48:b2:f7:
                    29:6b:78:b8:96:82:ee:1f:96:11:7b:e3:58:20:82:
                    5f:3c:5e:2e:9f:64:ec:5c:2f:40:0f:54:8f:59:b4:
                    e0:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:2F:E3:29:C9:C3:E5:99:4D:7E:E8:97:F9:21:01:BB:10:16:28:C0
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/gi_jKcnD5ZlNfuiX-SEBuxAWKMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:46:b6:fb:27:74:b0:62:df:4f:9a:19:a5:03:8d:2e:3a:89:
         55:c6:83:f1:6c:a1:4c:87:80:10:c2:3b:b7:a2:0e:82:a9:e3:
         ec:15:d1:4d:93:8b:27:dc:f6:63:74:0e:1e:69:5d:aa:a6:b2:
         53:28:95:2d:ac:1e:5f:e3:ff:97:74:86:e6:00:ac:90:b0:79:
         76:1d:75:3d:60:35:a1:00:a6:2c:40:7e:c0:d9:3b:6a:ec:4b:
         5f:93:04:2b:46:f7:90:7d:bd:70:b0:17:70:48:64:1b:eb:d9:
         92:28:36:c2:47:e4:01:fd:21:58:96:d4:f9:af:85:00:22:89:
         b7:72:4b:b4:d0:bb:09:5c:ec:ff:64:29:d3:cb:56:88:8c:7e:
         40:c3:a6:ff:ba:39:66:1d:d3:00:88:83:8e:e9:f6:81:40:3e:
         22:70:d1:7c:0f:89:97:1d:6d:bf:81:68:9b:e1:52:23:ec:a3:
         c7:b1:ab:7a:60:ac:74:c2:9d:34:54:3b:3c:54:f8:8c:71:de:
         34:de:cb:77:a6:57:ab:57:0d:b6:11:8f:dd:37:16:9f:a3:ae:
         b4:31:b3:54:96:12:09:00:0e:90:e2:6e:04:99:8d:8c:a9:c5:
         3d:7a:bd:f3:28:1a:74:62:e5:95:08:0f:a1:01:34:c3:5e:76:
         9a:1d:a3:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvg/xDsYPUDsLSSGQ0Pn1nOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMTIxMTQzOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjJmZTMyOWM5YzNlNTk5NGQ3ZWU4OTdmOTIxMDFiYjEwMTYyOGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrNyXLdtobNnEbtlpEVC6fmEKNb3
JFgunBkLrK4Y3CzvTLpckpliWxsysHPcJ+JZNvApd5V9sfKBFwNM0WGQ9BI5kF/j
KzbnajVCONWHCCgLdJB5bGT3D42jRleXwy8yiD3Ngwbx+KYNGNL2FlZ7AsQW+2k2
PgDWA8bWZnNzO3hJFH4U+k5Gk1bK6eSfjgPgB5E7eShzrzCIlaeWnTixQJ1hjLbf
LosNnopes6IuqE0uFLR+jzhKW5tJMRq/NjKJTh6OQCVMQCYok5CqdAR4L4vvn0Ie
EiDJ3DoMLP1Isvcpa3i4loLuH5YRe+NYIIJfPF4un2TsXC9AD1SPWbTgVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIIv4ynJw+WZTX7ol/khAbsQFijAMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvZ2lfaktjbkQ1WmxOZnVpWC1TRUJ1eEFXS01BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowUfMA0G
CSqGSIb3DQEBCwUAA4IBAQB8Rrb7J3SwYt9PmhmlA40uOolVxoPxbKFMh4AQwju3
og6CqePsFdFNk4sn3PZjdA4eaV2qprJTKJUtrB5f4/+XdIbmAKyQsHl2HXU9YDWh
AKYsQH7A2Ttq7EtfkwQrRveQfb1wsBdwSGQb69mSKDbCR+QB/SFYltT5r4UAIom3
cku00LsJXOz/ZCnTy1aIjH5Aw6b/ujlmHdMAiIOO6faBQD4icNF8D4mXHW2/gWib
4VIj7KPHsat6YKx0wp00VDs8VPiMcd403st3plerVw22EY/dNxafo660MbNUlhIJ
AA6Q4m4EmY2MqcU9er3zKBp0YuWVCA+hATTDXnaaHaPB
-----END CERTIFICATE-----