This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/0c4650-7964-48af-985a-34018d5c9df5/1/XgyKNy_QkeGN2JnafdQ8PeeTldg.roa
File:                     XgyKNy_QkeGN2JnafdQ8PeeTldg.roa (raw, json)
Hash identifier:          HZbm4RFDVkgTail+qXqwt5mF8aqFs6PO299Z4nl7Xwo=
Subject key identifier:   5E:0C:8A:37:2F:D0:91:E1:8D:D8:99:DA:7D:D4:3C:3D:E7:93:95:D8
Certificate issuer:       /CN=03ceb09d5eea6a18e58dfdefebf29b4105e0267c
Certificate serial:       019B47B6A08E29144054A4916F378AEFE259
Authority key identifier: 03:CE:B0:9D:5E:EA:6A:18:E5:8D:FD:EF:EB:F2:9B:41:05:E0:26:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A86wnV7qahjljf3v6_KbQQXgJnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/0c4650-7964-48af-985a-34018d5c9df5/1/XgyKNy_QkeGN2JnafdQ8PeeTldg.roa
Signing time:             Mon 22 Dec 2025 20:18:29 +0000
ROA not before:           Mon 22 Dec 2025 20:18:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39637
IP address blocks:        95.215.72.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/0c4650-7964-48af-985a-34018d5c9df5/1/A86wnV7qahjljf3v6_KbQQXgJnw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/0c4650-7964-48af-985a-34018d5c9df5/1/A86wnV7qahjljf3v6_KbQQXgJnw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A86wnV7qahjljf3v6_KbQQXgJnw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Dec 2025 17:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:47:b6:a0:8e:29:14:40:54:a4:91:6f:37:8a:ef:e2:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03ceb09d5eea6a18e58dfdefebf29b4105e0267c
        Validity
            Not Before: Dec 22 20:18:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e0c8a372fd091e18dd899da7dd43c3de79395d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:78:f8:dc:c4:bd:86:24:cb:4f:01:e2:63:0f:
                    5c:c0:34:cc:15:08:92:ae:a4:51:e0:70:3a:e1:e1:
                    15:6c:91:66:54:0a:d0:1b:77:2d:de:9b:86:11:0f:
                    20:0a:bf:fb:2e:3f:dc:81:b2:61:a5:fd:c3:56:a9:
                    ac:b3:7b:f3:cb:e8:03:e4:f0:61:ea:0e:90:e4:4a:
                    6e:b5:ba:74:65:1b:08:13:c3:c3:f1:32:56:4a:ab:
                    34:79:3b:9c:1f:38:5f:7c:1b:20:93:8e:b5:5e:a1:
                    87:68:45:87:72:9e:64:36:78:41:87:be:09:6c:6e:
                    3d:b0:b9:92:a2:ce:00:87:86:04:a2:f9:8c:00:ba:
                    2b:44:8f:c3:a7:47:d1:b1:c8:a8:03:89:78:88:c9:
                    f5:eb:79:05:87:14:37:00:07:6c:e1:e5:10:e0:6a:
                    88:d9:c9:2e:c6:87:31:5f:d7:b4:e1:4f:92:5b:be:
                    c7:1e:6b:73:fe:8b:db:1c:48:76:6a:4c:dd:97:0f:
                    a7:45:37:7c:f7:71:ee:43:c0:12:80:ca:7c:3a:14:
                    1d:a2:a2:74:73:a4:2e:4a:fd:68:3c:c0:1b:42:10:
                    ab:af:7a:ad:cc:dc:db:86:38:65:5f:cf:13:f9:f4:
                    f2:04:cb:d5:78:53:1e:e9:da:c1:0e:cb:3d:d9:13:
                    19:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:0C:8A:37:2F:D0:91:E1:8D:D8:99:DA:7D:D4:3C:3D:E7:93:95:D8
            X509v3 Authority Key Identifier:
                keyid:03:CE:B0:9D:5E:EA:6A:18:E5:8D:FD:EF:EB:F2:9B:41:05:E0:26:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A86wnV7qahjljf3v6_KbQQXgJnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/0c4650-7964-48af-985a-34018d5c9df5/1/XgyKNy_QkeGN2JnafdQ8PeeTldg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/0c4650-7964-48af-985a-34018d5c9df5/1/A86wnV7qahjljf3v6_KbQQXgJnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:4a:c0:51:20:22:bc:88:91:08:c3:ba:70:1e:64:04:35:48:
         73:bf:b3:df:3b:c0:aa:33:d4:7d:ff:79:d2:64:87:e9:08:79:
         3e:12:90:60:10:7b:2b:a5:eb:1c:87:52:eb:48:7d:1d:7b:e0:
         bd:b1:f0:f7:3a:d8:13:28:f6:69:de:aa:fa:42:2f:11:c3:24:
         98:e9:7c:da:4f:80:cd:09:62:ce:96:f5:55:01:98:a4:da:20:
         b0:98:a7:6c:2b:87:8e:5e:b7:64:cc:1a:43:25:40:5c:ce:17:
         e4:b4:ce:cd:16:17:25:2b:ce:f3:36:90:54:19:82:00:53:da:
         b2:20:dd:ed:79:05:bb:66:7d:b4:16:6e:33:39:5b:3d:0e:e5:
         63:57:93:0e:d8:a0:54:1e:72:be:2b:4e:60:25:5e:c0:65:81:
         84:10:01:c6:1e:cb:8b:f7:d7:4f:e9:72:43:22:d1:4a:b1:d0:
         96:ec:2b:cc:6a:1e:f2:18:0a:15:a4:59:aa:b1:75:95:08:ba:
         de:61:d0:50:ca:09:0f:ba:b5:ff:7d:1b:bd:10:28:6e:74:03:
         6d:05:b6:6b:d6:56:24:9d:49:14:ff:c9:0c:23:69:a2:63:bb:
         53:81:6d:ec:de:58:7e:2e:cb:5a:f6:12:a5:ab:6f:03:3e:19:
         74:1c:6c:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZtHtqCOKRRAVKSRbzeK7+JZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzY2ViMDlkNWVlYTZhMThlNThkZmRlZmViZjI5YjQxMDVl
MDI2N2MwHhcNMjUxMjIyMjAxODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTBjOGEzNzJmZDA5MWUxOGRkODk5ZGE3ZGQ0M2MzZGU3OTM5NWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3j43MS9hiTLTwHiYw9cwDTMFQiS
rqRR4HA64eEVbJFmVArQG3ct3puGEQ8gCr/7Lj/cgbJhpf3DVqmss3vzy+gD5PBh
6g6Q5Eputbp0ZRsIE8PD8TJWSqs0eTucHzhffBsgk461XqGHaEWHcp5kNnhBh74J
bG49sLmSos4Ah4YEovmMALorRI/Dp0fRscioA4l4iMn163kFhxQ3AAds4eUQ4GqI
2ckuxocxX9e04U+SW77HHmtz/ovbHEh2akzdlw+nRTd893HuQ8ASgMp8OhQdoqJ0
c6QuSv1oPMAbQhCrr3qtzNzbhjhlX88T+fTyBMvVeFMe6drBDss92RMZ1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF4Mijcv0JHhjdiZ2n3UPD3nk5XYMB8GA1UdIwQY
MBaAFAPOsJ1e6moY5Y397+vym0EF4CZ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTg2d25WN3FhaGpsamYzdjZfS2JRUVhnSm53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8wYzQ2NTAtNzk2NC00OGFmLTk4NWEt
MzQwMThkNWM5ZGY1LzEvWGd5S055X1FrZUdOMkpuYWZkUThQZWVUbGRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8wYzQ2NTAtNzk2NC00OGFmLTk4NWEtMzQwMThkNWM5ZGY1
LzEvQTg2d25WN3FhaGpsamYzdjZfS2JRUVhnSm53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX9dIMA0G
CSqGSIb3DQEBCwUAA4IBAQBiSsBRICK8iJEIw7pwHmQENUhzv7PfO8CqM9R9/3nS
ZIfpCHk+EpBgEHsrpesch1LrSH0de+C9sfD3OtgTKPZp3qr6Qi8RwySY6XzaT4DN
CWLOlvVVAZik2iCwmKdsK4eOXrdkzBpDJUBczhfktM7NFhclK87zNpBUGYIAU9qy
IN3teQW7Zn20Fm4zOVs9DuVjV5MO2KBUHnK+K05gJV7AZYGEEAHGHsuL99dP6XJD
ItFKsdCW7CvMah7yGAoVpFmqsXWVCLreYdBQygkPurX/fRu9EChudANtBbZr1lYk
nUkU/8kMI2miY7tTgW3s3lh+Lsta9hKlq28DPhl0HGyi
-----END CERTIFICATE-----