This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/X9Dk1AunWGE1Dosy-zP1Hnz0r7o.roa
File:                     X9Dk1AunWGE1Dosy-zP1Hnz0r7o.roa (raw, json)
Hash identifier:          /pQF82MMJDZaxsI41JYaoLCQk3D/NV9NF4tHkKVR/m4=
Subject key identifier:   5F:D0:E4:D4:0B:A7:58:61:35:0E:8B:32:FB:33:F5:1E:7C:F4:AF:BA
Certificate issuer:       /CN=d50697943676399ac5cac6a3e476545af0df49dd
Certificate serial:       019B79EC3B1E165D427CC72575019C97478C
Authority key identifier: D5:06:97:94:36:76:39:9A:C5:CA:C6:A3:E4:76:54:5A:F0:DF:49:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1QaXlDZ2OZrFysaj5HZUWvDfSd0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/X9Dk1AunWGE1Dosy-zP1Hnz0r7o.roa
Signing time:             Thu 01 Jan 2026 14:18:03 +0000
ROA not before:           Thu 01 Jan 2026 14:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49422
IP address blocks:        192.49.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/1QaXlDZ2OZrFysaj5HZUWvDfSd0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/1QaXlDZ2OZrFysaj5HZUWvDfSd0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1QaXlDZ2OZrFysaj5HZUWvDfSd0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:3b:1e:16:5d:42:7c:c7:25:75:01:9c:97:47:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d50697943676399ac5cac6a3e476545af0df49dd
        Validity
            Not Before: Jan  1 14:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5fd0e4d40ba75861350e8b32fb33f51e7cf4afba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:58:47:5b:37:0f:9c:93:21:53:19:4e:f8:52:
                    c8:cd:21:14:1d:aa:dd:77:1d:96:a0:8f:60:f4:8f:
                    ef:09:10:8a:6b:73:86:77:48:cb:cf:b7:ba:6e:c1:
                    46:bd:81:ad:26:06:73:0a:74:f7:19:ea:a8:fe:d4:
                    c3:3f:0d:7a:35:1b:12:73:cf:e0:ee:bd:e4:4a:42:
                    26:89:22:40:a4:e9:6f:44:09:c6:c1:d9:27:41:4e:
                    dc:f8:cd:e3:36:57:4e:98:ed:7d:9a:49:1d:0b:56:
                    93:da:d4:c5:d9:66:71:f7:e9:5e:f1:6f:4b:96:d8:
                    98:ee:06:da:7a:83:0e:e4:af:52:47:e6:c5:d1:28:
                    f3:a5:24:10:74:53:16:93:d3:37:d2:5e:f5:14:6e:
                    d2:d9:68:38:da:af:75:02:57:98:df:3a:e8:13:d8:
                    f9:df:fd:18:25:1c:64:23:50:ba:0e:e8:36:9d:45:
                    44:98:8c:28:cd:bb:1a:e7:00:db:0b:78:a9:df:de:
                    4e:91:f8:8a:9a:66:ba:8e:c3:8c:43:28:c3:5c:e4:
                    ec:b4:3d:9c:f2:6d:c5:e4:8a:4f:be:59:08:7d:2b:
                    d6:e3:01:b7:f3:fb:a2:0a:9b:60:a3:56:76:c6:b1:
                    9e:57:a7:22:12:1a:8b:0f:4e:f2:98:d2:22:9f:97:
                    7c:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:D0:E4:D4:0B:A7:58:61:35:0E:8B:32:FB:33:F5:1E:7C:F4:AF:BA
            X509v3 Authority Key Identifier:
                keyid:D5:06:97:94:36:76:39:9A:C5:CA:C6:A3:E4:76:54:5A:F0:DF:49:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1QaXlDZ2OZrFysaj5HZUWvDfSd0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/X9Dk1AunWGE1Dosy-zP1Hnz0r7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/1QaXlDZ2OZrFysaj5HZUWvDfSd0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.49.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:f1:df:07:8a:86:be:5d:f5:a2:3c:cb:56:1d:24:c3:0c:26:
         25:e1:33:54:cb:70:a0:30:eb:53:6b:30:17:35:a4:7e:6b:bd:
         65:dd:d3:17:25:bc:b6:bd:3a:4b:45:e6:16:a7:bc:67:c7:92:
         cf:13:ae:19:1d:de:7d:94:1f:65:e0:f7:3f:7f:48:27:89:db:
         c5:9d:fa:8b:2b:a2:93:5f:d4:ae:1d:29:c8:68:60:c3:ba:c8:
         bf:44:db:d1:bb:aa:21:f1:b4:54:15:89:2d:b4:da:d3:61:c6:
         2e:14:12:74:f6:ed:ef:b2:2d:0c:73:90:3b:56:37:bb:a5:20:
         06:f5:1f:a3:b7:59:c4:59:be:75:07:a8:4c:09:37:bf:ad:f8:
         3c:6d:89:fe:a9:fe:c7:48:e4:1d:57:9c:04:5e:02:64:cc:b8:
         14:3e:ae:ac:06:c5:66:a5:e6:e5:7b:58:1c:b2:3a:db:64:98:
         2b:ff:96:10:7b:ea:37:3e:ee:d9:0f:b2:74:65:3a:f7:39:6a:
         7f:9d:d2:e2:49:2c:53:d9:6a:56:63:52:51:65:f7:b2:1b:a1:
         01:47:a3:89:44:c5:98:c9:dd:6c:39:22:59:9f:b4:c9:d8:e1:
         90:2e:d0:59:b9:24:60:62:9a:d4:77:79:ce:55:86:f3:2e:04:
         6c:3c:10:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57DseFl1CfMcldQGcl0eMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MDY5Nzk0MzY3NjM5OWFjNWNhYzZhM2U0NzY1NDVhZjBk
ZjQ5ZGQwHhcNMjYwMTAxMTQxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmQwZTRkNDBiYTc1ODYxMzUwZThiMzJmYjMzZjUxZTdjZjRhZmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlhHWzcPnJMhUxlO+FLIzSEUHard
dx2WoI9g9I/vCRCKa3OGd0jLz7e6bsFGvYGtJgZzCnT3Geqo/tTDPw16NRsSc8/g
7r3kSkImiSJApOlvRAnGwdknQU7c+M3jNldOmO19mkkdC1aT2tTF2WZx9+le8W9L
ltiY7gbaeoMO5K9SR+bF0SjzpSQQdFMWk9M30l71FG7S2Wg42q91AleY3zroE9j5
3/0YJRxkI1C6Dug2nUVEmIwozbsa5wDbC3ip395OkfiKmma6jsOMQyjDXOTstD2c
8m3F5IpPvlkIfSvW4wG38/uiCptgo1Z2xrGeV6ciEhqLD07ymNIin5d8RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF/Q5NQLp1hhNQ6LMvsz9R589K+6MB8GA1UdIwQY
MBaAFNUGl5Q2djmaxcrGo+R2VFrw30ndMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVFhWGxEWjJPWnJGeXNhajVIWlVXdkRmU2QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS81ZjZhZmYtMTNiYi00ZGI4LTk1N2Yt
OGQyM2FjNWNiNTAyLzEvWDlEazFBdW5XR0UxRG9zeS16UDFIbnowcjdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS81ZjZhZmYtMTNiYi00ZGI4LTk1N2YtOGQyM2FjNWNiNTAy
LzEvMVFhWGxEWjJPWnJGeXNhajVIWlVXdkRmU2QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwDFaMA0G
CSqGSIb3DQEBCwUAA4IBAQAW8d8Hioa+XfWiPMtWHSTDDCYl4TNUy3CgMOtTazAX
NaR+a71l3dMXJby2vTpLReYWp7xnx5LPE64ZHd59lB9l4Pc/f0gnidvFnfqLK6KT
X9SuHSnIaGDDusi/RNvRu6oh8bRUFYkttNrTYcYuFBJ09u3vsi0Mc5A7Vje7pSAG
9R+jt1nEWb51B6hMCTe/rfg8bYn+qf7HSOQdV5wEXgJkzLgUPq6sBsVmpeble1gc
sjrbZJgr/5YQe+o3Pu7ZD7J0ZTr3OWp/ndLiSSxT2WpWY1JRZfeyG6EBR6OJRMWY
yd1sOSJZn7TJ2OGQLtBZuSRgYprUd3nOVYbzLgRsPBD5
-----END CERTIFICATE-----