This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/xOCpqHIGWYpMZiK0D_GduGL-xNY.roa
File:                     xOCpqHIGWYpMZiK0D_GduGL-xNY.roa (raw, json)
Hash identifier:          EH/6F7DAxWGzLP0f7IyWGiPlk48ND1XykF58xtVXDcQ=
Subject key identifier:   C4:E0:A9:A8:72:06:59:8A:4C:66:22:B4:0F:F1:9D:B8:62:FE:C4:D6
Certificate issuer:       /CN=c5a7c3f4b14693512202595a8a4f95b0d6b7a101
Certificate serial:       019B7A5A80A63B871E8ADFCB8D00591EC5A9
Authority key identifier: C5:A7:C3:F4:B1:46:93:51:22:02:59:5A:8A:4F:95:B0:D6:B7:A1:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xafD9LFGk1EiAllaik-VsNa3oQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/xOCpqHIGWYpMZiK0D_GduGL-xNY.roa
Signing time:             Thu 01 Jan 2026 16:18:30 +0000
ROA not before:           Thu 01 Jan 2026 16:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2259
IP address blocks:        134.158.144.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/xafD9LFGk1EiAllaik-VsNa3oQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/xafD9LFGk1EiAllaik-VsNa3oQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xafD9LFGk1EiAllaik-VsNa3oQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:80:a6:3b:87:1e:8a:df:cb:8d:00:59:1e:c5:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5a7c3f4b14693512202595a8a4f95b0d6b7a101
        Validity
            Not Before: Jan  1 16:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c4e0a9a87206598a4c6622b40ff19db862fec4d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:fb:d5:b1:c8:3d:a0:81:67:39:40:1f:ec:cd:
                    e9:3b:1f:1d:fb:bc:f7:f8:32:45:c8:f2:bb:a2:8d:
                    a2:a1:ab:5f:91:6d:38:ea:a2:e0:e2:5d:6d:a2:77:
                    71:e5:8a:ff:f2:d5:39:38:82:15:6c:92:4c:0f:ab:
                    4c:51:94:de:ac:0b:3f:4c:10:c5:e1:16:9c:cd:9e:
                    74:7c:6a:b1:fc:bd:ab:e5:5d:e0:c8:81:1e:de:8f:
                    be:c2:d9:52:f8:6c:f2:ac:a6:74:9b:4e:3e:88:4b:
                    16:d8:7a:98:a2:86:0d:ae:44:87:e0:2b:36:a7:37:
                    0e:aa:14:f0:f7:63:3c:d8:4e:51:f7:f9:b8:79:c0:
                    f5:7b:2b:9b:e3:13:ee:b2:3f:96:5c:ad:50:ed:3a:
                    8b:36:bd:42:fa:b2:30:01:c1:00:d4:26:7f:80:20:
                    f1:84:12:9b:6c:25:19:b8:3c:ff:0a:d7:da:74:0f:
                    bd:d8:ac:65:8d:e9:02:d3:53:bf:62:20:6c:5e:9c:
                    7e:e0:78:cf:a0:14:7d:12:2d:6e:10:19:86:46:17:
                    de:14:79:fe:fa:ef:b5:1d:d3:09:9a:4a:7c:c7:9f:
                    a5:7a:67:78:9d:13:b5:01:63:79:ac:5f:23:f1:cf:
                    58:98:30:c1:00:3a:36:5c:17:be:15:7b:21:39:c5:
                    62:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:E0:A9:A8:72:06:59:8A:4C:66:22:B4:0F:F1:9D:B8:62:FE:C4:D6
            X509v3 Authority Key Identifier:
                keyid:C5:A7:C3:F4:B1:46:93:51:22:02:59:5A:8A:4F:95:B0:D6:B7:A1:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xafD9LFGk1EiAllaik-VsNa3oQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/xOCpqHIGWYpMZiK0D_GduGL-xNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/3a3b2c-76b9-49b4-8218-d12f1e2456ba/1/xafD9LFGk1EiAllaik-VsNa3oQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.158.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         c9:04:47:62:ee:9d:ad:f0:14:20:5e:c2:04:93:9b:0f:22:8f:
         98:67:10:d7:41:38:b3:0b:ba:ab:75:fe:7c:a2:7e:c3:c7:c5:
         a7:b6:6b:9b:1b:2f:cc:c5:3e:81:5c:43:bd:7e:52:50:97:e7:
         d2:50:4f:ff:77:7c:7c:73:a7:92:c0:ec:d6:97:6a:1d:19:60:
         fb:fb:51:9f:69:0e:49:92:87:8d:2c:27:45:67:55:97:73:7e:
         45:c8:96:eb:71:f3:d1:9c:9b:85:7a:0e:70:c6:86:01:d1:4c:
         13:97:7b:3a:b7:ab:e6:b7:e8:e0:ef:f3:3f:4f:c2:dc:02:9f:
         b0:7c:be:f5:a0:6c:07:79:ef:a9:b5:d6:4b:1d:47:e2:4d:aa:
         69:34:7d:9f:74:51:7b:9d:44:f2:c4:54:f4:5a:5a:f9:f1:2b:
         4b:7a:e6:1c:b3:a3:4c:ed:2b:4c:55:7b:f8:ae:7e:87:88:e9:
         55:5f:95:50:dc:5c:8c:7d:5f:6f:c1:01:0c:d7:dd:b8:f4:79:
         3d:30:a3:58:9e:0e:e7:64:22:57:7a:5a:be:19:1b:9d:89:54:
         b6:b9:d6:93:4c:83:ea:11:38:17:06:57:df:82:15:2c:6a:97:
         7a:7f:88:53:7e:7f:17:bb:db:eb:32:89:98:a0:1e:f1:0f:e9:
         18:64:93:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WoCmO4ceit/LjQBZHsWpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1YTdjM2Y0YjE0NjkzNTEyMjAyNTk1YThhNGY5NWIwZDZi
N2ExMDEwHhcNMjYwMTAxMTYxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGUwYTlhODcyMDY1OThhNGM2NjIyYjQwZmYxOWRiODYyZmVjNGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPvVscg9oIFnOUAf7M3pOx8d+7z3
+DJFyPK7oo2ioatfkW046qLg4l1tondx5Yr/8tU5OIIVbJJMD6tMUZTerAs/TBDF
4RaczZ50fGqx/L2r5V3gyIEe3o++wtlS+GzyrKZ0m04+iEsW2HqYooYNrkSH4Cs2
pzcOqhTw92M82E5R9/m4ecD1eyub4xPusj+WXK1Q7TqLNr1C+rIwAcEA1CZ/gCDx
hBKbbCUZuDz/CtfadA+92KxljekC01O/YiBsXpx+4HjPoBR9Ei1uEBmGRhfeFHn+
+u+1HdMJmkp8x5+lemd4nRO1AWN5rF8j8c9YmDDBADo2XBe+FXshOcViSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTgqahyBlmKTGYitA/xnbhi/sTWMB8GA1UdIwQY
MBaAFMWnw/SxRpNRIgJZWopPlbDWt6EBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGFmRDlMRkdrMUVpQWxsYWlrLVZzTmEzb1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8zYTNiMmMtNzZiOS00OWI0LTgyMTgt
ZDEyZjFlMjQ1NmJhLzEveE9DcHFISUdXWXBNWmlLMERfR2R1R0wteE5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8zYTNiMmMtNzZiOS00OWI0LTgyMTgtZDEyZjFlMjQ1NmJh
LzEveGFmRDlMRkdrMUVpQWxsYWlrLVZzTmEzb1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDhp6QMA0G
CSqGSIb3DQEBCwUAA4IBAQDJBEdi7p2t8BQgXsIEk5sPIo+YZxDXQTizC7qrdf58
on7Dx8WntmubGy/MxT6BXEO9flJQl+fSUE//d3x8c6eSwOzWl2odGWD7+1GfaQ5J
koeNLCdFZ1WXc35FyJbrcfPRnJuFeg5wxoYB0UwTl3s6t6vmt+jg7/M/T8LcAp+w
fL71oGwHee+ptdZLHUfiTappNH2fdFF7nUTyxFT0Wlr58StLeuYcs6NM7StMVXv4
rn6HiOlVX5VQ3FyMfV9vwQEM19249Hk9MKNYng7nZCJXelq+GRudiVS2udaTTIPq
ETgXBlffghUsapd6f4hTfn8Xu9vrMomYoB7xD+kYZJOH
-----END CERTIFICATE-----