This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/044179-80dd-451a-bfd8-3e1d731dd630/1/XM22lUkUyDJ8Y3AGGlOkUpDIClc.roa
File:                     XM22lUkUyDJ8Y3AGGlOkUpDIClc.roa (raw, json)
Hash identifier:          j+lZ3JP7tJ/OyRDzGpaBVcn4tscvRA8KWejUZg/xsIM=
Subject key identifier:   5C:CD:B6:95:49:14:C8:32:7C:63:70:06:1A:53:A4:52:90:C8:0A:57
Certificate issuer:       /CN=62e5e4fed5ccaf603b46684a21553ce8626ef9c1
Certificate serial:       019B79ECFA5E1EF1098D2FE4006F4742EE7D
Authority key identifier: 62:E5:E4:FE:D5:CC:AF:60:3B:46:68:4A:21:55:3C:E8:62:6E:F9:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YuXk_tXMr2A7RmhKIVU86GJu-cE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/044179-80dd-451a-bfd8-3e1d731dd630/1/XM22lUkUyDJ8Y3AGGlOkUpDIClc.roa
Signing time:             Thu 01 Jan 2026 14:18:52 +0000
ROA not before:           Thu 01 Jan 2026 14:18:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215343
IP address blocks:        2001:678:1188::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/044179-80dd-451a-bfd8-3e1d731dd630/1/YuXk_tXMr2A7RmhKIVU86GJu-cE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/044179-80dd-451a-bfd8-3e1d731dd630/1/YuXk_tXMr2A7RmhKIVU86GJu-cE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YuXk_tXMr2A7RmhKIVU86GJu-cE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 14:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:fa:5e:1e:f1:09:8d:2f:e4:00:6f:47:42:ee:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62e5e4fed5ccaf603b46684a21553ce8626ef9c1
        Validity
            Not Before: Jan  1 14:18:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ccdb6954914c8327c6370061a53a45290c80a57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:e6:a2:ce:82:0e:0f:a6:e5:1d:0d:18:a7:90:
                    71:28:38:0d:0c:86:82:60:04:d4:7d:94:6a:87:0a:
                    bc:82:00:be:ad:6e:91:85:01:2b:a1:01:41:3d:07:
                    61:3a:44:ad:14:bb:15:fb:56:0c:9a:fa:59:13:ab:
                    21:b1:99:fc:4c:29:e0:ae:5d:07:bb:56:7c:0f:04:
                    94:27:29:14:5e:bf:b9:ef:3e:bf:6c:58:84:55:dd:
                    3b:8b:8c:ed:64:69:72:6b:ac:b7:02:6d:18:dc:5f:
                    32:b7:fc:b3:6e:98:ff:9d:1d:9f:18:8b:98:48:df:
                    bc:f8:62:54:e0:51:1d:0b:de:4e:65:a2:f8:66:1c:
                    6b:d4:1b:c3:0f:4f:42:d9:b6:9a:ea:64:78:e1:19:
                    11:43:f4:bd:44:b4:f0:8a:7d:35:e1:ef:fc:80:e0:
                    2a:a0:d9:49:5e:91:f3:95:2e:d0:a9:42:a5:d1:ba:
                    6c:6b:ad:09:8c:86:8f:62:8f:ac:c7:c9:0b:ff:5b:
                    57:c1:d3:e6:fb:29:bc:c0:ec:81:7f:a0:a9:68:cb:
                    12:e2:93:cf:a0:47:15:85:0b:eb:30:13:fa:ac:c2:
                    85:16:42:7f:45:38:f0:d4:ea:08:66:28:f3:ef:ca:
                    1a:89:47:4c:cf:ae:32:4e:16:4e:ef:f3:e5:84:8b:
                    97:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:CD:B6:95:49:14:C8:32:7C:63:70:06:1A:53:A4:52:90:C8:0A:57
            X509v3 Authority Key Identifier:
                keyid:62:E5:E4:FE:D5:CC:AF:60:3B:46:68:4A:21:55:3C:E8:62:6E:F9:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YuXk_tXMr2A7RmhKIVU86GJu-cE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/044179-80dd-451a-bfd8-3e1d731dd630/1/XM22lUkUyDJ8Y3AGGlOkUpDIClc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/044179-80dd-451a-bfd8-3e1d731dd630/1/YuXk_tXMr2A7RmhKIVU86GJu-cE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1188::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:ba:31:6a:f1:93:ae:8b:d8:4f:32:79:7e:5c:01:ba:17:81:
         2e:5d:5a:46:39:4c:76:54:84:7a:0c:4e:18:36:68:9c:95:c0:
         67:7d:1a:52:8a:9c:df:e5:d9:cd:b8:77:42:1e:19:72:b8:c5:
         d9:1d:81:66:47:de:b5:63:01:b7:05:e6:f3:09:3b:3e:e3:c0:
         2c:a6:cf:0a:db:fd:4b:f6:9b:76:8c:20:31:9c:80:f2:d4:08:
         1a:59:28:45:1f:d4:f4:bf:75:54:b4:54:eb:8f:dd:29:a1:5d:
         f8:c9:5a:64:e2:1c:40:b0:1b:36:d8:ba:92:a0:e9:fe:ac:e7:
         71:a2:99:d5:ea:6f:26:31:58:58:a2:7d:50:42:08:90:1b:f0:
         69:aa:72:c2:20:de:97:dc:d8:14:50:76:17:fb:5a:00:5e:3e:
         4c:0b:fd:11:9a:fa:49:1e:c1:fe:fd:50:da:6d:2d:e1:82:23:
         2a:57:df:81:57:1d:0c:4d:b5:50:01:c8:d5:40:db:e0:a8:10:
         f2:db:35:07:fc:72:97:b8:42:5f:e9:a1:b3:55:1f:4e:3b:c1:
         e2:7f:87:b7:20:d9:06:ea:f3:0f:8c:64:64:82:1c:bb:01:6d:
         f2:9a:58:a9:c8:09:ca:81:da:00:41:ff:48:01:1c:ec:9c:6c:
         c3:f7:8c:e2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt57PpeHvEJjS/kAG9HQu59MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZTVlNGZlZDVjY2FmNjAzYjQ2Njg0YTIxNTUzY2U4NjI2
ZWY5YzEwHhcNMjYwMTAxMTQxODUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2NkYjY5NTQ5MTRjODMyN2M2MzcwMDYxYTUzYTQ1MjkwYzgwYTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+aizoIOD6blHQ0Yp5BxKDgNDIaC
YATUfZRqhwq8ggC+rW6RhQEroQFBPQdhOkStFLsV+1YMmvpZE6shsZn8TCngrl0H
u1Z8DwSUJykUXr+57z6/bFiEVd07i4ztZGlya6y3Am0Y3F8yt/yzbpj/nR2fGIuY
SN+8+GJU4FEdC95OZaL4Zhxr1BvDD09C2baa6mR44RkRQ/S9RLTwin014e/8gOAq
oNlJXpHzlS7QqUKl0bpsa60JjIaPYo+sx8kL/1tXwdPm+ym8wOyBf6CpaMsS4pPP
oEcVhQvrMBP6rMKFFkJ/RTjw1OoIZijz78oaiUdMz64yThZO7/PlhIuXBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFzNtpVJFMgyfGNwBhpTpFKQyApXMB8GA1UdIwQY
MBaAFGLl5P7VzK9gO0ZoSiFVPOhibvnBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXVYa190WE1yMkE3Um1oS0lWVTg2R0p1LWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8wNDQxNzktODBkZC00NTFhLWJmZDgt
M2UxZDczMWRkNjMwLzEvWE0yMmxVa1V5REo4WTNBR0dsT2tVcERJQ2xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8wNDQxNzktODBkZC00NTFhLWJmZDgtM2UxZDczMWRkNjMw
LzEvWXVYa190WE1yMkE3Um1oS0lWVTg2R0p1LWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBGI
MA0GCSqGSIb3DQEBCwUAA4IBAQBqujFq8ZOui9hPMnl+XAG6F4EuXVpGOUx2VIR6
DE4YNmiclcBnfRpSipzf5dnNuHdCHhlyuMXZHYFmR961YwG3BebzCTs+48Asps8K
2/1L9pt2jCAxnIDy1AgaWShFH9T0v3VUtFTrj90poV34yVpk4hxAsBs22LqSoOn+
rOdxopnV6m8mMVhYon1QQgiQG/BpqnLCIN6X3NgUUHYX+1oAXj5MC/0RmvpJHsH+
/VDabS3hgiMqV9+BVx0MTbVQAcjVQNvgqBDy2zUH/HKXuEJf6aGzVR9OO8Hif4e3
INkG6vMPjGRkghy7AW3ymlipyAnKgdoAQf9IARzsnGzD94zi
-----END CERTIFICATE-----