This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/K_1XBl6DwHcnvXcxbtZ8QWLE_0U.roa
File:                     K_1XBl6DwHcnvXcxbtZ8QWLE_0U.roa (raw, json)
Hash identifier:          CEC+lYaN4eilnQY1rGWtOAE0ICHvjSNw5oaJdHwpRPo=
Subject key identifier:   2B:FD:57:06:5E:83:C0:77:27:BD:77:31:6E:D6:7C:41:62:C4:FF:45
Certificate issuer:       /CN=22373571c90249bf2aa948e78bed13e08528b87e
Certificate serial:       019B7A5B7D455D17280C32F0453B982301B0
Authority key identifier: 22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/K_1XBl6DwHcnvXcxbtZ8QWLE_0U.roa
Signing time:             Thu 01 Jan 2026 16:19:34 +0000
ROA not before:           Thu 01 Jan 2026 16:19:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59961
IP address blocks:        5.160.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:7d:45:5d:17:28:0c:32:f0:45:3b:98:23:01:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22373571c90249bf2aa948e78bed13e08528b87e
        Validity
            Not Before: Jan  1 16:19:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2bfd57065e83c07727bd77316ed67c4162c4ff45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:00:b6:11:9e:3e:5d:73:06:3f:b7:7b:33:87:
                    2e:7a:7f:39:fd:8f:ae:32:2a:f5:7e:16:42:cb:90:
                    ab:68:21:d0:db:81:85:78:67:74:26:f0:c0:0d:71:
                    0d:bf:6b:0f:8c:cb:97:20:47:ae:f5:df:e1:2e:ba:
                    62:d0:37:47:11:5b:55:0a:a7:b3:44:f4:e2:2a:4c:
                    15:dd:61:f6:62:a7:6d:10:b2:14:c9:57:87:35:2c:
                    87:16:67:dc:0f:00:76:77:9c:0a:22:af:e4:89:1c:
                    db:fc:98:bb:9f:0e:ee:8f:d3:65:5f:ed:73:be:61:
                    82:49:9c:39:1e:66:56:c2:9f:1a:ca:43:ae:de:6d:
                    5b:35:a1:1c:01:68:59:d4:0f:38:16:2b:eb:67:1a:
                    ee:a5:1d:a6:b3:4f:a3:eb:a5:be:d1:d2:96:99:8c:
                    36:ef:67:de:dd:da:cf:58:fa:38:61:95:ed:ce:f1:
                    de:f7:2c:fc:14:02:0c:55:27:6e:24:79:35:ee:c7:
                    3d:04:17:da:34:54:14:40:c8:1f:94:7e:57:bb:83:
                    34:20:3f:a6:32:e7:98:a6:9c:ca:67:0a:5f:ec:33:
                    e6:42:4b:3f:4f:62:3a:f2:d1:57:38:b2:27:35:13:
                    6a:11:75:00:8d:d4:ea:a6:38:ba:0f:3e:e0:da:6b:
                    e0:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:FD:57:06:5E:83:C0:77:27:BD:77:31:6E:D6:7C:41:62:C4:FF:45
            X509v3 Authority Key Identifier:
                keyid:22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/K_1XBl6DwHcnvXcxbtZ8QWLE_0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:74:a5:6d:ba:6d:c5:30:9e:13:15:28:c1:a3:7c:9d:75:74:
         b4:05:74:85:4f:e7:ec:1a:23:57:7b:18:b6:cb:ac:87:bf:f5:
         27:71:2b:d3:51:1f:9b:92:d8:e0:7f:2f:22:64:0e:50:b2:4d:
         2a:05:84:fd:f5:df:22:df:b9:5c:ae:e9:22:df:37:c0:2d:24:
         56:1b:d9:b4:85:46:04:44:04:8d:36:67:b3:97:3f:91:4b:e2:
         2f:aa:aa:8e:4f:c6:19:ff:5f:3d:3d:0f:3d:32:ba:9c:1d:c3:
         55:e4:d7:76:2e:23:08:4e:2d:08:79:33:89:ef:e1:aa:3c:36:
         a5:ce:1e:f3:12:dd:a9:69:6a:3f:46:4e:28:3c:0f:63:74:eb:
         5d:b8:92:37:9b:95:9c:98:f3:66:1e:e8:45:30:30:8d:82:59:
         96:92:1d:0f:2c:e4:59:6e:ab:2b:0c:35:cf:84:9f:90:f8:44:
         a7:d3:88:22:f3:e6:95:b7:de:09:45:88:b4:b7:84:55:3f:6f:
         c9:bc:5c:d4:e5:35:cf:f3:fb:dd:27:8e:90:98:b9:a4:dc:6e:
         57:0f:4a:bc:ec:91:bc:e5:10:6c:02:24:1f:79:d4:f4:50:60:
         d1:a5:aa:d5:f5:7a:b8:1b:a7:38:44:b7:05:ae:72:f5:2e:23:
         21:63:74:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6W31FXRcoDDLwRTuYIwGwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMzczNTcxYzkwMjQ5YmYyYWE5NDhlNzhiZWQxM2UwODUy
OGI4N2UwHhcNMjYwMTAxMTYxOTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmZkNTcwNjVlODNjMDc3MjdiZDc3MzE2ZWQ2N2M0MTYyYzRmZjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlAC2EZ4+XXMGP7d7M4cuen85/Y+u
Mir1fhZCy5CraCHQ24GFeGd0JvDADXENv2sPjMuXIEeu9d/hLrpi0DdHEVtVCqez
RPTiKkwV3WH2YqdtELIUyVeHNSyHFmfcDwB2d5wKIq/kiRzb/Ji7nw7uj9NlX+1z
vmGCSZw5HmZWwp8aykOu3m1bNaEcAWhZ1A84FivrZxrupR2ms0+j66W+0dKWmYw2
72fe3drPWPo4YZXtzvHe9yz8FAIMVSduJHk17sc9BBfaNFQUQMgflH5Xu4M0ID+m
MueYppzKZwpf7DPmQks/T2I68tFXOLInNRNqEXUAjdTqpji6Dz7g2mvg0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCv9VwZeg8B3J713MW7WfEFixP9FMB8GA1UdIwQY
MBaAFCI3NXHJAkm/KqlI54vtE+CFKLh+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEt
YjQ1NDBjNzRjOTRiLzEvS18xWEJsNkR3SGNudlhjeGJ0WjhRV0xFXzBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEtYjQ1NDBjNzRjOTRi
LzEvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABaDDMA0G
CSqGSIb3DQEBCwUAA4IBAQBrdKVtum3FMJ4TFSjBo3yddXS0BXSFT+fsGiNXexi2
y6yHv/UncSvTUR+bktjgfy8iZA5Qsk0qBYT99d8i37lcruki3zfALSRWG9m0hUYE
RASNNmezlz+RS+IvqqqOT8YZ/189PQ89MrqcHcNV5Nd2LiMITi0IeTOJ7+GqPDal
zh7zEt2paWo/Rk4oPA9jdOtduJI3m5WcmPNmHuhFMDCNglmWkh0PLORZbqsrDDXP
hJ+Q+ESn04gi8+aVt94JRYi0t4RVP2/JvFzU5TXP8/vdJ46QmLmk3G5XD0q87JG8
5RBsAiQfedT0UGDRparV9Xq4G6c4RLcFrnL1LiMhY3RK
-----END CERTIFICATE-----