This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/c96349-0a22-4247-9943-a3fc196aabb3/1/Xvepx433VAtdgPI_baO5XGR3A8U.roa
File:                     Xvepx433VAtdgPI_baO5XGR3A8U.roa (raw, json)
Hash identifier:          Hb64A6S05X/K5EFwUyHoMmk1FNOpGqOBloL7O8dOS+s=
Subject key identifier:   5E:F7:A9:C7:8D:F7:54:0B:5D:80:F2:3F:6D:A3:B9:5C:64:77:03:C5
Certificate issuer:       /CN=ac9092bbc2cacae247774f62b0fdbdc44a974cf2
Certificate serial:       019B7E38FDE238DBE9D2A796BD8A20E6166C
Authority key identifier: AC:90:92:BB:C2:CA:CA:E2:47:77:4F:62:B0:FD:BD:C4:4A:97:4C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rJCSu8LKyuJHd09isP29xEqXTPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/c96349-0a22-4247-9943-a3fc196aabb3/1/Xvepx433VAtdgPI_baO5XGR3A8U.roa
Signing time:             Fri 02 Jan 2026 10:20:22 +0000
ROA not before:           Fri 02 Jan 2026 10:20:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204798
IP address blocks:        185.206.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/c96349-0a22-4247-9943-a3fc196aabb3/1/rJCSu8LKyuJHd09isP29xEqXTPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/c96349-0a22-4247-9943-a3fc196aabb3/1/rJCSu8LKyuJHd09isP29xEqXTPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rJCSu8LKyuJHd09isP29xEqXTPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:fd:e2:38:db:e9:d2:a7:96:bd:8a:20:e6:16:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac9092bbc2cacae247774f62b0fdbdc44a974cf2
        Validity
            Not Before: Jan  2 10:20:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ef7a9c78df7540b5d80f23f6da3b95c647703c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:e3:80:a3:c7:11:da:87:01:34:da:16:85:e8:
                    dd:00:61:ff:45:ca:94:5f:16:92:27:a0:8b:3c:e5:
                    ae:f2:09:20:26:33:fa:0d:f7:bd:6e:10:7f:0b:23:
                    22:c9:59:3a:5d:97:88:4b:b8:da:b1:cb:03:19:fc:
                    57:f4:bf:b1:ad:32:f0:e4:78:cb:00:b7:df:79:93:
                    bc:68:87:fd:14:3e:93:27:74:0d:f5:72:63:01:13:
                    87:0f:1d:00:62:72:da:f2:0a:d9:df:45:c8:83:41:
                    8c:36:aa:96:e0:5a:35:57:fb:44:45:c2:60:1a:e4:
                    ab:57:3a:f2:20:9f:1d:b6:7e:91:e9:82:dc:a0:fa:
                    7f:70:81:3e:f4:ff:2e:68:30:55:1a:39:a1:c7:0a:
                    d8:8e:ed:69:d8:84:3a:ae:3d:69:00:a1:1c:1e:13:
                    d6:10:97:52:e2:06:f0:dc:cf:9b:cf:fc:6b:90:61:
                    6e:9c:e4:28:86:e0:11:55:e0:03:51:05:f8:ec:3a:
                    e5:a2:b5:29:61:48:8b:4e:9a:de:e1:4e:ac:b5:98:
                    b9:41:7d:58:35:eb:1e:4b:56:96:a6:32:13:1d:43:
                    e0:8d:6e:d1:39:f9:ed:5c:43:80:c0:13:f8:b5:d2:
                    ef:fa:1a:3b:a1:21:ee:21:c9:43:21:59:90:f0:93:
                    cd:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:F7:A9:C7:8D:F7:54:0B:5D:80:F2:3F:6D:A3:B9:5C:64:77:03:C5
            X509v3 Authority Key Identifier:
                keyid:AC:90:92:BB:C2:CA:CA:E2:47:77:4F:62:B0:FD:BD:C4:4A:97:4C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rJCSu8LKyuJHd09isP29xEqXTPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/c96349-0a22-4247-9943-a3fc196aabb3/1/Xvepx433VAtdgPI_baO5XGR3A8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/c96349-0a22-4247-9943-a3fc196aabb3/1/rJCSu8LKyuJHd09isP29xEqXTPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:10:e5:49:ff:9d:1b:eb:0a:eb:11:c4:37:8f:d0:48:52:2c:
         5d:56:6d:d4:31:db:8b:bd:ab:17:6a:32:d2:47:8b:27:5f:dc:
         92:6c:78:54:e2:e0:fb:98:5f:01:38:ad:5a:cd:aa:c7:67:28:
         0b:98:4d:33:be:98:84:d9:f3:1b:10:b8:8e:74:31:15:8b:5c:
         4e:2f:4d:9c:55:41:29:d4:01:5e:83:8d:b2:2a:d0:ba:d6:5e:
         ff:f1:da:c2:53:4f:68:8a:21:25:2f:cc:53:16:94:de:1a:bb:
         a2:03:5c:e2:1f:9d:01:33:62:ad:be:15:0b:97:dd:12:d7:78:
         f9:36:57:dc:e3:a7:85:3f:cb:43:26:19:81:96:c0:7c:79:f6:
         24:11:64:9c:9f:28:74:40:04:23:00:ca:59:26:fb:6a:44:05:
         35:7f:53:0e:b7:8b:81:54:ee:0a:60:81:08:79:5c:af:3b:e1:
         60:59:91:e3:2b:92:17:24:26:79:ba:a0:ca:c0:b0:9d:46:12:
         13:c1:a3:95:ea:15:2a:66:27:29:4d:62:d3:62:72:7a:91:04:
         e3:f4:a8:29:16:e3:3e:9c:9b:71:f3:4a:02:d4:13:24:a2:c5:
         ee:c0:4e:c0:22:d6:4a:c5:63:8a:6b:fe:43:cc:be:47:9f:dc:
         4c:99:46:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OP3iONvp0qeWvYog5hZsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOTA5MmJiYzJjYWNhZTI0Nzc3NGY2MmIwZmRiZGM0NGE5
NzRjZjIwHhcNMjYwMTAyMTAyMDIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWY3YTljNzhkZjc1NDBiNWQ4MGYyM2Y2ZGEzYjk1YzY0NzcwM2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7uOAo8cR2ocBNNoWhejdAGH/RcqU
XxaSJ6CLPOWu8gkgJjP6Dfe9bhB/CyMiyVk6XZeIS7jascsDGfxX9L+xrTLw5HjL
ALffeZO8aIf9FD6TJ3QN9XJjAROHDx0AYnLa8grZ30XIg0GMNqqW4Fo1V/tERcJg
GuSrVzryIJ8dtn6R6YLcoPp/cIE+9P8uaDBVGjmhxwrYju1p2IQ6rj1pAKEcHhPW
EJdS4gbw3M+bz/xrkGFunOQohuARVeADUQX47DrlorUpYUiLTpre4U6stZi5QX1Y
NeseS1aWpjITHUPgjW7ROfntXEOAwBP4tdLv+ho7oSHuIclDIVmQ8JPNEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF73qceN91QLXYDyP22juVxkdwPFMB8GA1UdIwQY
MBaAFKyQkrvCysriR3dPYrD9vcRKl0zyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckpDU3U4TEt5dUpIZDA5aXNQMjl4RXFYVFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9jOTYzNDktMGEyMi00MjQ3LTk5NDMt
YTNmYzE5NmFhYmIzLzEvWHZlcHg0MzNWQXRkZ1BJX2JhTzVYR1IzQThVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9jOTYzNDktMGEyMi00MjQ3LTk5NDMtYTNmYzE5NmFhYmIz
LzEvckpDU3U4TEt5dUpIZDA5aXNQMjl4RXFYVFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc59MA0G
CSqGSIb3DQEBCwUAA4IBAQCkEOVJ/50b6wrrEcQ3j9BIUixdVm3UMduLvasXajLS
R4snX9ySbHhU4uD7mF8BOK1azarHZygLmE0zvpiE2fMbELiOdDEVi1xOL02cVUEp
1AFeg42yKtC61l7/8drCU09oiiElL8xTFpTeGruiA1ziH50BM2KtvhULl90S13j5
Nlfc46eFP8tDJhmBlsB8efYkEWScnyh0QAQjAMpZJvtqRAU1f1MOt4uBVO4KYIEI
eVyvO+FgWZHjK5IXJCZ5uqDKwLCdRhITwaOV6hUqZicpTWLTYnJ6kQTj9KgpFuM+
nJtx80oC1BMkosXuwE7AItZKxWOKa/5DzL5Hn9xMmUb0
-----END CERTIFICATE-----