This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/xCGczuPkOcOWIT1JIe1RYVcQGjI.roa
File:                     xCGczuPkOcOWIT1JIe1RYVcQGjI.roa (raw, json)
Hash identifier:          7YvkyIU5UcVg1yEPICNWA5XUte8Vhs4MketRLoQiuYM=
Subject key identifier:   C4:21:9C:CE:E3:E4:39:C3:96:21:3D:49:21:ED:51:61:57:10:1A:32
Certificate issuer:       /CN=d0b61d1f1d9ccdab6b6d8e1450c2c936d397e670
Certificate serial:       019BE98C14FAFACDFDDD3ECB53416A0DBC80
Authority key identifier: D0:B6:1D:1F:1D:9C:CD:AB:6B:6D:8E:14:50:C2:C9:36:D3:97:E6:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/xCGczuPkOcOWIT1JIe1RYVcQGjI.roa
Signing time:             Fri 23 Jan 2026 06:30:30 +0000
ROA not before:           Fri 23 Jan 2026 06:30:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198584
IP address blocks:        195.24.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:e9:8c:14:fa:fa:cd:fd:dd:3e:cb:53:41:6a:0d:bc:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0b61d1f1d9ccdab6b6d8e1450c2c936d397e670
        Validity
            Not Before: Jan 23 06:30:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c4219ccee3e439c396213d4921ed516157101a32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:d4:e9:9e:e9:df:aa:59:58:d0:70:5b:08:5a:
                    ae:95:e3:f6:f4:0b:42:c0:d9:35:3d:de:4b:4f:f7:
                    e9:5e:43:76:98:ee:1c:43:d5:c2:6e:9f:cd:7c:eb:
                    94:aa:81:53:46:dc:1c:35:30:82:8f:5f:3d:39:bb:
                    dd:5f:c5:3b:1d:7d:f3:46:66:85:14:88:7f:86:27:
                    3c:1f:ed:9e:9b:21:72:33:d6:bc:2e:7a:30:37:5c:
                    d5:ac:2c:4b:a9:45:9b:1b:a3:e3:c2:22:c7:22:20:
                    06:de:79:35:3d:e5:17:2c:87:1b:9a:8d:eb:cd:fc:
                    b8:51:78:2d:db:15:be:54:ba:e4:58:64:a9:37:e5:
                    90:45:6e:99:41:50:36:a7:34:08:f5:c7:c1:f8:38:
                    a8:51:8b:a8:ec:67:e6:d1:94:46:f8:3d:3b:8e:40:
                    6a:5a:27:79:30:c6:e6:41:87:0c:e6:f8:81:63:b5:
                    d0:91:fb:f4:4d:21:e8:6c:56:23:ae:38:ef:c9:bd:
                    36:e4:6c:ce:7d:2f:be:1d:3e:8f:94:63:09:8e:50:
                    9e:7e:1f:9f:34:3b:37:fc:f9:86:81:d1:f9:5d:31:
                    c4:67:02:a7:5c:7c:5d:a8:87:cc:a7:44:59:f3:53:
                    2f:70:5e:83:a6:54:07:b2:14:02:68:b8:ee:ed:a5:
                    e9:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:21:9C:CE:E3:E4:39:C3:96:21:3D:49:21:ED:51:61:57:10:1A:32
            X509v3 Authority Key Identifier:
                keyid:D0:B6:1D:1F:1D:9C:CD:AB:6B:6D:8E:14:50:C2:C9:36:D3:97:E6:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/xCGczuPkOcOWIT1JIe1RYVcQGjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.24.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:fc:04:95:92:e3:aa:37:30:da:8f:51:06:af:bd:95:4f:ae:
         e1:46:d4:0c:f4:e9:fb:72:14:2a:33:a3:c3:f4:28:68:2a:78:
         3c:84:7e:d1:d6:34:9e:f4:b7:da:39:77:52:49:5c:13:3f:5d:
         d7:7f:8a:07:79:9a:96:87:16:04:71:97:bb:7f:26:7b:7b:92:
         a0:0c:b1:72:aa:c9:c3:17:08:4e:f7:5d:92:21:36:0a:ce:5c:
         23:0b:a3:2a:17:b2:ee:03:d1:f1:1b:5e:16:9b:8d:a9:47:ff:
         9a:2b:82:c8:93:7a:dc:34:3b:64:63:6e:00:d3:3f:0d:e2:66:
         d3:51:a4:e3:73:15:1f:2a:d5:68:ab:64:c5:93:42:93:c2:52:
         41:20:d3:ae:65:6e:f2:59:dc:80:82:e2:20:13:19:90:43:9b:
         f6:97:a9:47:a5:9d:b5:a1:64:82:64:cd:04:7a:52:bd:f3:1c:
         ba:8f:5a:93:fd:7c:fd:90:1e:ae:f1:9f:7a:c6:50:3b:e4:f5:
         ad:c3:24:7c:0e:b4:a7:98:f0:35:fa:7b:a1:04:0d:3f:62:9f:
         6d:31:6c:a7:73:7d:ba:7a:e6:89:93:9f:51:c4:05:76:78:02:
         07:b5:c6:97:52:0e:9b:fe:81:64:5f:4b:b5:a1:e9:55:df:f3:
         a8:f4:b7:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvpjBT6+s393T7LU0FqDbyAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYjYxZDFmMWQ5Y2NkYWI2YjZkOGUxNDUwYzJjOTM2ZDM5
N2U2NzAwHhcNMjYwMTIzMDYzMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDIxOWNjZWUzZTQzOWMzOTYyMTNkNDkyMWVkNTE2MTU3MTAxYTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2NTpnunfqllY0HBbCFquleP29AtC
wNk1Pd5LT/fpXkN2mO4cQ9XCbp/NfOuUqoFTRtwcNTCCj189ObvdX8U7HX3zRmaF
FIh/hic8H+2emyFyM9a8LnowN1zVrCxLqUWbG6PjwiLHIiAG3nk1PeUXLIcbmo3r
zfy4UXgt2xW+VLrkWGSpN+WQRW6ZQVA2pzQI9cfB+DioUYuo7Gfm0ZRG+D07jkBq
Wid5MMbmQYcM5viBY7XQkfv0TSHobFYjrjjvyb025GzOfS++HT6PlGMJjlCefh+f
NDs3/PmGgdH5XTHEZwKnXHxdqIfMp0RZ81MvcF6DplQHshQCaLju7aXp1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQhnM7j5DnDliE9SSHtUWFXEBoyMB8GA1UdIwQY
MBaAFNC2HR8dnM2ra22OFFDCyTbTl+ZwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMExZZEh4MmN6YXRyYlk0VVVNTEpOdE9YNW5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8zMTc2MzUtYTkwYS00NzA0LTk2NzIt
MTVmNjJjODkwYWY4LzEveENHY3p1UGtPY09XSVQxSkllMVJZVmNRR2pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8zMTc2MzUtYTkwYS00NzA0LTk2NzItMTVmNjJjODkwYWY4
LzEvMExZZEh4MmN6YXRyYlk0VVVNTEpOdE9YNW5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxjtMA0G
CSqGSIb3DQEBCwUAA4IBAQCK/ASVkuOqNzDaj1EGr72VT67hRtQM9On7chQqM6PD
9ChoKng8hH7R1jSe9LfaOXdSSVwTP13Xf4oHeZqWhxYEcZe7fyZ7e5KgDLFyqsnD
FwhO912SITYKzlwjC6MqF7LuA9HxG14Wm42pR/+aK4LIk3rcNDtkY24A0z8N4mbT
UaTjcxUfKtVoq2TFk0KTwlJBINOuZW7yWdyAguIgExmQQ5v2l6lHpZ21oWSCZM0E
elK98xy6j1qT/Xz9kB6u8Z96xlA75PWtwyR8DrSnmPA1+nuhBA0/Yp9tMWync326
euaJk59RxAV2eAIHtcaXUg6b/oFkX0u1oelV3/Oo9Lfj
-----END CERTIFICATE-----