This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/XDXa_To3UzMtMUuA72kIMvXs10s.roa
File:                     XDXa_To3UzMtMUuA72kIMvXs10s.roa (raw, json)
Hash identifier:          1K/khnCCkwiTCq8XBvpUwTVeM5dWu+CdRVf5uArDusQ=
Subject key identifier:   5C:35:DA:FD:3A:37:53:33:2D:31:4B:80:EF:69:08:32:F5:EC:D7:4B
Certificate issuer:       /CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Certificate serial:       019B131EE3BF7DBB08E0720952E8E85837F0
Authority key identifier: 29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/XDXa_To3UzMtMUuA72kIMvXs10s.roa
Signing time:             Fri 12 Dec 2025 15:12:30 +0000
ROA not before:           Fri 12 Dec 2025 15:12:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208976
IP address blocks:        5.10.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Dec 2025 09:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:13:1e:e3:bf:7d:bb:08:e0:72:09:52:e8:e8:58:37:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
        Validity
            Not Before: Dec 12 15:12:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c35dafd3a3753332d314b80ef690832f5ecd74b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:93:b1:09:f5:e2:8e:2f:27:97:9d:d1:b5:a8:
                    d5:f2:41:25:eb:7e:e8:30:e9:51:0d:8d:26:98:ee:
                    6e:17:1d:84:94:4f:de:48:97:bf:20:f3:63:1e:e5:
                    ec:fb:88:75:48:38:98:c7:ff:b2:96:ab:fb:a4:55:
                    88:d8:56:bc:2c:f1:43:93:0b:66:ea:5f:0d:d2:6e:
                    7f:96:d7:1d:87:81:14:db:bd:0a:9f:3a:da:d3:95:
                    c8:32:8d:3c:0d:e6:c1:49:f7:87:85:d8:95:d4:3f:
                    1f:0a:34:62:c7:b6:3c:7d:a9:fa:d6:28:7f:fd:19:
                    e5:e0:7a:cd:19:a1:f4:2b:01:22:07:06:38:ef:67:
                    ae:23:71:7d:20:e6:47:18:96:7f:8e:97:57:61:b5:
                    12:03:51:07:73:bf:60:c1:6f:1e:b3:b5:70:8c:f4:
                    e1:c4:09:c1:8a:7f:5e:54:74:94:aa:e3:e2:b6:a6:
                    35:90:a0:8d:bd:73:a8:c6:ee:19:3b:37:72:21:f1:
                    f8:54:1b:ad:08:46:7e:43:2d:3e:99:c5:ac:0f:81:
                    06:09:1a:f0:38:68:19:2a:d6:59:b3:ed:9f:f2:46:
                    30:da:6c:53:8b:9a:6d:64:ef:62:83:06:c7:fb:b0:
                    54:78:55:49:c1:8a:89:a3:b1:c1:32:80:de:c5:d1:
                    32:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:35:DA:FD:3A:37:53:33:2D:31:4B:80:EF:69:08:32:F5:EC:D7:4B
            X509v3 Authority Key Identifier:
                keyid:29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/XDXa_To3UzMtMUuA72kIMvXs10s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:c8:dd:be:82:90:fb:03:0a:70:d1:57:5e:02:73:44:f5:40:
         66:96:52:b5:77:9a:ae:83:0e:c8:35:f3:ae:47:0b:d1:3a:81:
         b5:83:c0:3e:94:7c:e9:87:de:d9:92:df:b6:5b:0d:c2:73:15:
         bb:95:f7:63:35:f6:3e:aa:7d:74:d3:45:7b:f3:c6:81:02:15:
         61:44:29:b0:bf:a0:07:2c:e3:c7:1f:84:c5:cf:c1:14:ec:5f:
         3b:45:0b:cc:01:56:b9:e9:fc:af:d6:85:fa:8c:ba:f9:a2:b9:
         ea:e2:18:5e:0b:d6:ee:9e:17:49:d4:d0:c5:ee:8d:d0:18:15:
         65:7f:f9:c6:1b:96:a2:6f:03:af:5b:c1:41:f6:e9:88:33:78:
         80:fc:5a:d3:6e:43:f6:80:0d:e7:5c:d2:22:78:14:8b:d7:2e:
         57:81:a4:bf:b8:04:5a:5f:50:8b:3e:05:f8:6c:e6:7f:56:07:
         68:65:22:23:70:21:7e:ea:b6:da:31:29:40:05:cf:85:c2:12:
         d3:a1:e6:80:e8:2e:44:6b:eb:a1:cb:63:63:60:e1:67:c6:d0:
         6b:98:be:22:8b:f4:c8:6a:2d:75:d8:1d:50:23:34:2b:3a:97:
         cc:87:5c:9b:e6:5f:65:8b:13:2a:6f:e8:31:d1:c9:99:89:41:
         65:86:dd:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsTHuO/fbsI4HIJUujoWDfwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2VmOWJlZmQxYTdlMjRjMGNjOTcyOTk4N2ZjMDY1ZDZi
NzEzMmYwHhcNMjUxMjEyMTUxMjMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzM1ZGFmZDNhMzc1MzMzMmQzMTRiODBlZjY5MDgzMmY1ZWNkNzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJOxCfXiji8nl53RtajV8kEl637o
MOlRDY0mmO5uFx2ElE/eSJe/IPNjHuXs+4h1SDiYx/+ylqv7pFWI2Fa8LPFDkwtm
6l8N0m5/ltcdh4EU270Knzra05XIMo08DebBSfeHhdiV1D8fCjRix7Y8fan61ih/
/Rnl4HrNGaH0KwEiBwY472euI3F9IOZHGJZ/jpdXYbUSA1EHc79gwW8es7VwjPTh
xAnBin9eVHSUquPitqY1kKCNvXOoxu4ZOzdyIfH4VButCEZ+Qy0+mcWsD4EGCRrw
OGgZKtZZs+2f8kYw2mxTi5ptZO9igwbH+7BUeFVJwYqJo7HBMoDexdEyQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFw12v06N1MzLTFLgO9pCDL17NdLMB8GA1UdIwQY
MBaAFCl++b79Gn4kwMyXKZh/wGXWtxMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWIt
ZGVlNzY4NjAwMTNkLzEvWERYYV9UbzNVek10TVV1QTcya0lNdlhzMTBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWItZGVlNzY4NjAwMTNk
LzEvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQrUMA0G
CSqGSIb3DQEBCwUAA4IBAQAZyN2+gpD7Awpw0VdeAnNE9UBmllK1d5qugw7INfOu
RwvROoG1g8A+lHzph97Zkt+2Ww3CcxW7lfdjNfY+qn1000V788aBAhVhRCmwv6AH
LOPHH4TFz8EU7F87RQvMAVa56fyv1oX6jLr5ornq4hheC9bunhdJ1NDF7o3QGBVl
f/nGG5aibwOvW8FB9umIM3iA/FrTbkP2gA3nXNIieBSL1y5XgaS/uARaX1CLPgX4
bOZ/VgdoZSIjcCF+6rbaMSlABc+FwhLToeaA6C5Ea+uhy2NjYOFnxtBrmL4ii/TI
ai112B1QIzQrOpfMh1yb5l9lixMqb+gx0cmZiUFlht2h
-----END CERTIFICATE-----