This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/XtW69XYWfcYs9FhfW77svXCHmQk.roa
File:                     XtW69XYWfcYs9FhfW77svXCHmQk.roa (raw, json)
Hash identifier:          +2PiuVV/xd9FID0vQ4PS/1nWqfCBv4fOx6GV++A7pIo=
Subject key identifier:   5E:D5:BA:F5:76:16:7D:C6:2C:F4:58:5F:5B:BE:EC:BD:70:87:99:09
Certificate issuer:       /CN=18886007da1730b0770d8604db73d12fd264f3f9
Certificate serial:       019B7E38F64B120697C94BE3E90273B970D6
Authority key identifier: 18:88:60:07:DA:17:30:B0:77:0D:86:04:DB:73:D1:2F:D2:64:F3:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GIhgB9oXMLB3DYYE23PRL9Jk8_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/XtW69XYWfcYs9FhfW77svXCHmQk.roa
Signing time:             Fri 02 Jan 2026 10:20:20 +0000
ROA not before:           Fri 02 Jan 2026 10:20:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56621
IP address blocks:        213.171.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/GIhgB9oXMLB3DYYE23PRL9Jk8_k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/GIhgB9oXMLB3DYYE23PRL9Jk8_k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GIhgB9oXMLB3DYYE23PRL9Jk8_k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 Jan 2026 13:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:f6:4b:12:06:97:c9:4b:e3:e9:02:73:b9:70:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18886007da1730b0770d8604db73d12fd264f3f9
        Validity
            Not Before: Jan  2 10:20:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ed5baf576167dc62cf4585f5bbeecbd70879909
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:f3:69:4e:73:04:e7:19:1c:b9:c9:6a:42:36:
                    69:1b:ac:8a:8a:09:ad:34:ca:8b:0d:78:76:c2:07:
                    7f:19:01:22:e4:40:bb:d6:9c:f3:6c:60:4a:ff:3e:
                    86:5c:40:f0:81:6b:eb:df:7f:fd:dd:05:3e:2b:4a:
                    c3:2e:51:e4:85:45:94:ce:b8:5f:e7:35:0a:ac:ce:
                    64:8f:7a:b5:ad:a6:7f:5e:64:cb:5f:ea:83:3e:61:
                    11:39:80:71:9c:4e:27:a8:b9:06:e7:a7:0a:f4:29:
                    dc:90:d3:fa:fd:43:fd:a7:ae:0f:7f:dc:10:11:ed:
                    85:76:7a:ab:a0:14:52:1c:8b:63:ea:38:11:bf:39:
                    06:59:d8:50:42:f0:da:74:0d:6a:6d:4e:ec:48:3d:
                    d3:0a:16:03:37:8b:2f:3b:8b:22:9f:f3:70:1b:81:
                    a8:be:83:8e:eb:91:75:c8:34:a3:18:12:28:e2:46:
                    08:ef:73:60:0f:68:12:7a:9a:b4:72:a2:05:0d:2e:
                    84:e4:3b:79:12:dd:da:9c:13:52:37:07:23:39:7f:
                    41:93:01:86:cf:35:51:dd:09:64:a3:23:85:c5:ee:
                    24:2a:b1:11:57:1c:e6:59:9c:fd:9f:a3:2a:aa:a9:
                    22:0e:1f:21:e8:5b:47:b5:69:9c:60:8b:a1:07:09:
                    22:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:D5:BA:F5:76:16:7D:C6:2C:F4:58:5F:5B:BE:EC:BD:70:87:99:09
            X509v3 Authority Key Identifier:
                keyid:18:88:60:07:DA:17:30:B0:77:0D:86:04:DB:73:D1:2F:D2:64:F3:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GIhgB9oXMLB3DYYE23PRL9Jk8_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/XtW69XYWfcYs9FhfW77svXCHmQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/293328-9245-403b-8a4a-169c836bd6b0/1/GIhgB9oXMLB3DYYE23PRL9Jk8_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.171.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:a0:8e:44:dd:cb:d5:1e:9a:2c:ad:f6:45:bb:88:d0:9c:b6:
         1f:32:9c:d4:6d:62:0f:cd:6f:ac:50:6b:2d:97:f6:f4:75:31:
         2d:2f:98:e5:29:fd:42:43:3c:39:81:73:ad:9c:54:e8:cc:c3:
         31:a6:0b:ae:1f:81:fa:52:a5:c7:55:79:13:30:2a:aa:8b:dc:
         d4:ad:69:27:9f:1a:ee:71:8b:d1:20:3f:bd:88:5e:61:54:34:
         fa:ef:f8:9a:22:1a:51:ba:b1:56:3a:1d:8b:01:4f:ee:87:57:
         39:14:75:cd:91:65:4a:e6:c3:0c:d7:fc:61:90:3c:1c:f9:bc:
         d6:ad:fa:71:4f:e5:39:bd:ac:fd:ba:c1:99:a7:98:37:dc:fa:
         15:24:c7:5e:a8:fc:42:bb:ee:7d:8c:fc:c0:50:2e:a6:c8:85:
         f1:ed:5d:91:2b:6a:65:df:7a:d1:41:cc:ef:2d:2d:6f:da:6e:
         38:eb:d0:a8:f5:bb:6b:83:9a:b0:c9:f2:0a:37:8d:78:d7:7c:
         df:7d:61:f8:0b:e2:e8:ec:9b:f2:3d:e4:9d:e1:0c:81:44:7b:
         82:2b:8e:25:c3:f0:bf:bb:de:24:bf:27:74:11:41:22:3b:68:
         b9:19:67:90:75:e9:04:40:3c:58:84:da:09:4f:8f:8f:0d:1b:
         b2:ce:fc:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OPZLEgaXyUvj6QJzuXDWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4ODg2MDA3ZGExNzMwYjA3NzBkODYwNGRiNzNkMTJmZDI2
NGYzZjkwHhcNMjYwMTAyMTAyMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWQ1YmFmNTc2MTY3ZGM2MmNmNDU4NWY1YmJlZWNiZDcwODc5OTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vNpTnME5xkcuclqQjZpG6yKigmt
NMqLDXh2wgd/GQEi5EC71pzzbGBK/z6GXEDwgWvr33/93QU+K0rDLlHkhUWUzrhf
5zUKrM5kj3q1raZ/XmTLX+qDPmEROYBxnE4nqLkG56cK9CnckNP6/UP9p64Pf9wQ
Ee2FdnqroBRSHItj6jgRvzkGWdhQQvDadA1qbU7sSD3TChYDN4svO4sin/NwG4Go
voOO65F1yDSjGBIo4kYI73NgD2gSepq0cqIFDS6E5Dt5Et3anBNSNwcjOX9BkwGG
zzVR3QlkoyOFxe4kKrERVxzmWZz9n6MqqqkiDh8h6FtHtWmcYIuhBwkiDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF7VuvV2Fn3GLPRYX1u+7L1wh5kJMB8GA1UdIwQY
MBaAFBiIYAfaFzCwdw2GBNtz0S/SZPP5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0loZ0I5b1hNTEIzRFlZRTIzUFJMOUprOF9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8yOTMzMjgtOTI0NS00MDNiLThhNGEt
MTY5YzgzNmJkNmIwLzEvWHRXNjlYWVdmY1lzOUZoZlc3N3N2WENIbVFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8yOTMzMjgtOTI0NS00MDNiLThhNGEtMTY5YzgzNmJkNmIw
LzEvR0loZ0I5b1hNTEIzRFlZRTIzUFJMOUprOF9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1asAMA0G
CSqGSIb3DQEBCwUAA4IBAQAroI5E3cvVHposrfZFu4jQnLYfMpzUbWIPzW+sUGst
l/b0dTEtL5jlKf1CQzw5gXOtnFTozMMxpguuH4H6UqXHVXkTMCqqi9zUrWknnxru
cYvRID+9iF5hVDT67/iaIhpRurFWOh2LAU/uh1c5FHXNkWVK5sMM1/xhkDwc+bzW
rfpxT+U5vaz9usGZp5g33PoVJMdeqPxCu+59jPzAUC6myIXx7V2RK2pl33rRQczv
LS1v2m4469Co9btrg5qwyfIKN41413zffWH4C+Lo7JvyPeSd4QyBRHuCK44lw/C/
u94kvyd0EUEiO2i5GWeQdekEQDxYhNoJT4+PDRuyzvzF
-----END CERTIFICATE-----