This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/ikgXwMpWPgQZc8FsPHVC_slVM18.roa
File:                     ikgXwMpWPgQZc8FsPHVC_slVM18.roa (raw, json)
Hash identifier:          SUfSLegrVe2t+HnXqp8P0ZG10H96D9fqhOh+KXCzXy0=
Subject key identifier:   8A:48:17:C0:CA:56:3E:04:19:73:C1:6C:3C:75:42:FE:C9:55:33:5F
Certificate issuer:       /CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
Certificate serial:       019B7911193BE4C2FD3159976DB2CDC39F52
Authority key identifier: 21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/ikgXwMpWPgQZc8FsPHVC_slVM18.roa
Signing time:             Thu 01 Jan 2026 10:18:42 +0000
ROA not before:           Thu 01 Jan 2026 10:18:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60251
IP address blocks:        5.23.50.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:19:3b:e4:c2:fd:31:59:97:6d:b2:cd:c3:9f:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
        Validity
            Not Before: Jan  1 10:18:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a4817c0ca563e041973c16c3c7542fec955335f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b7:83:12:62:fd:97:76:b8:c9:62:6f:7f:66:
                    f4:39:18:59:6f:bb:38:c7:50:b9:39:a1:66:19:18:
                    c2:73:dd:a6:9e:64:13:91:87:2f:99:2a:49:c4:f1:
                    c4:b0:49:cb:18:f1:f9:04:a8:43:4b:1f:f3:95:19:
                    98:91:c3:75:7e:1c:45:bf:34:c7:a2:5f:4a:05:40:
                    0b:dd:da:b1:6f:d5:2d:00:ca:65:5b:18:97:45:75:
                    ce:10:75:01:71:32:84:6c:7d:9b:fb:f5:45:7e:46:
                    bb:1f:0a:91:4d:f2:83:13:73:fa:59:f5:92:d8:1f:
                    d8:27:4c:6d:6a:cd:2f:69:e5:27:60:24:a5:fd:20:
                    55:1d:fb:33:2e:69:b3:50:29:50:e2:39:20:2a:76:
                    b8:6e:39:2c:66:48:b6:c0:a7:6a:ac:a4:be:27:bd:
                    54:c3:0f:8e:86:cb:f0:0f:e1:b7:43:68:cc:15:5d:
                    8b:93:85:d1:71:01:e1:c6:ce:1c:a1:e5:0a:ac:f3:
                    11:14:f8:ee:38:0b:fd:8b:f8:b4:fa:21:c4:3c:7f:
                    f6:8f:88:18:a7:74:df:ce:8a:7c:86:84:e2:69:13:
                    9e:2c:19:44:0c:f4:c1:db:96:0c:29:ba:22:46:36:
                    ad:f1:63:3d:16:2e:b4:0b:12:36:b6:26:72:cd:09:
                    6a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:48:17:C0:CA:56:3E:04:19:73:C1:6C:3C:75:42:FE:C9:55:33:5F
            X509v3 Authority Key Identifier:
                keyid:21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/ikgXwMpWPgQZc8FsPHVC_slVM18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.23.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:92:d5:1c:02:ad:31:42:50:b1:9a:b2:d6:f4:f0:ad:2b:5f:
         5e:6b:61:d9:a0:6e:00:de:53:8e:9b:b9:ed:0e:e1:ba:6e:d2:
         cc:d1:ee:fb:94:d4:b8:c0:10:00:c0:a3:0f:e8:11:95:78:60:
         69:2e:38:2f:0e:6c:3a:58:cf:e3:f9:55:07:26:7a:26:42:c4:
         9c:b7:42:a3:51:3b:cb:6e:02:35:f3:cd:64:fa:c0:2a:ff:83:
         26:75:03:0a:cf:2a:62:b1:d6:9a:f1:d4:89:c3:19:7d:e9:7e:
         eb:98:9e:3d:db:fe:da:b5:39:68:04:fb:d2:20:79:f6:d5:b3:
         c8:94:8f:65:b6:55:0f:37:79:9e:9e:9f:7e:33:77:60:6a:dd:
         b1:5a:1e:88:ca:5f:25:81:e6:e2:55:2e:8e:5b:fb:0b:e9:c4:
         5f:f4:86:22:94:ad:71:a6:1c:75:90:e9:64:71:48:ae:62:7c:
         cd:60:14:4b:41:30:fb:e3:c9:f7:ff:9f:65:6b:c6:68:7c:61:
         fd:55:e7:e4:c2:cd:43:61:c1:f7:b3:03:1f:69:ed:5c:61:1f:
         c2:41:df:d8:20:fb:45:7f:9c:86:e1:cc:a1:f6:c6:48:0e:e9:
         96:fb:b1:75:bb:d4:e0:15:bf:52:4c:98:99:c9:91:2a:36:d6:
         e8:e8:a2:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ERk75ML9MVmXbbLNw59SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNjBiMmIxYzgyOWQ4ODkzNmIxYWRhZWVjOTdmZGQxYjQw
ZDQxZTUwHhcNMjYwMTAxMTAxODQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTQ4MTdjMGNhNTYzZTA0MTk3M2MxNmMzYzc1NDJmZWM5NTUzMzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbeDEmL9l3a4yWJvf2b0ORhZb7s4
x1C5OaFmGRjCc92mnmQTkYcvmSpJxPHEsEnLGPH5BKhDSx/zlRmYkcN1fhxFvzTH
ol9KBUAL3dqxb9UtAMplWxiXRXXOEHUBcTKEbH2b+/VFfka7HwqRTfKDE3P6WfWS
2B/YJ0xtas0vaeUnYCSl/SBVHfszLmmzUClQ4jkgKna4bjksZki2wKdqrKS+J71U
ww+OhsvwD+G3Q2jMFV2Lk4XRcQHhxs4coeUKrPMRFPjuOAv9i/i0+iHEPH/2j4gY
p3Tfzop8hoTiaROeLBlEDPTB25YMKboiRjat8WM9Fi60CxI2tiZyzQlqrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIpIF8DKVj4EGXPBbDx1Qv7JVTNfMB8GA1UdIwQY
MBaAFCFgsrHIKdiJNrGtruyX/dG0DUHlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEt
M2RmN2ZhZjM1MzVkLzEvaWtnWHdNcFdQZ1FaYzhGc1BIVkNfc2xWTTE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEtM2RmN2ZhZjM1MzVk
LzEvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBRcyMA0G
CSqGSIb3DQEBCwUAA4IBAQABktUcAq0xQlCxmrLW9PCtK19ea2HZoG4A3lOOm7nt
DuG6btLM0e77lNS4wBAAwKMP6BGVeGBpLjgvDmw6WM/j+VUHJnomQsSct0KjUTvL
bgI1881k+sAq/4MmdQMKzypisdaa8dSJwxl96X7rmJ492/7atTloBPvSIHn21bPI
lI9ltlUPN3menp9+M3dgat2xWh6Iyl8lgebiVS6OW/sL6cRf9IYilK1xphx1kOlk
cUiuYnzNYBRLQTD748n3/59la8ZofGH9Vefkws1DYcH3swMfae1cYR/CQd/YIPtF
f5yG4cyh9sZIDumW+7F1u9TgFb9STJiZyZEqNtbo6KLP
-----END CERTIFICATE-----