This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/xhg1hLCOAYKLIFD8ExcQxRMYmLQ.roa
File:                     xhg1hLCOAYKLIFD8ExcQxRMYmLQ.roa (raw, json)
Hash identifier:          nZkHa5j9KYSQID/n0NLtQXujAF5QWuhOMde01IO/tQ8=
Subject key identifier:   C6:18:35:84:B0:8E:01:82:8B:20:50:FC:13:17:10:C5:13:18:98:B4
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       019B775900606E3B9F3624F24AADCC4D12A3
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/xhg1hLCOAYKLIFD8ExcQxRMYmLQ.roa
Signing time:             Thu 01 Jan 2026 02:18:00 +0000
ROA not before:           Thu 01 Jan 2026 02:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200504
IP address blocks:        193.192.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:00:60:6e:3b:9f:36:24:f2:4a:ad:cc:4d:12:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 02:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c6183584b08e01828b2050fc131710c5131898b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:1a:48:9f:ac:8f:13:3d:8c:41:9c:02:2a:c7:
                    20:f9:a2:13:6a:4f:13:09:b3:e0:d8:d8:b9:94:6a:
                    96:63:d6:dc:ce:76:de:ec:49:dd:1d:dd:2c:05:a4:
                    88:5b:f8:eb:93:ca:f8:9d:3b:cd:1c:58:46:8f:62:
                    0b:ac:65:97:03:68:80:c3:45:b7:76:00:d7:de:c5:
                    28:5a:94:54:e5:65:ae:fa:72:56:34:cd:3a:53:39:
                    68:c2:da:8f:c4:8f:c0:a7:73:21:9d:8e:e0:26:16:
                    cb:1d:6f:e1:40:08:3c:a4:e7:e1:7f:3d:83:db:a2:
                    ff:5f:b9:b3:0b:71:5a:e4:90:5e:b7:a6:29:d4:05:
                    a1:94:46:ca:66:10:ee:35:55:ec:c4:89:90:dc:08:
                    1b:95:fd:a1:05:9c:33:ba:53:90:03:47:fd:d6:d5:
                    e2:14:1a:4c:d7:39:1c:61:56:74:c2:4e:ec:b7:77:
                    79:58:bc:2f:64:3a:aa:3e:54:d1:7b:cd:a6:91:54:
                    cd:b3:30:72:6d:94:40:ad:a2:2a:21:17:c8:36:1f:
                    45:85:52:25:da:5f:83:53:2a:c9:59:8a:75:d3:c2:
                    0c:23:cc:18:1c:7e:8f:0e:90:7d:70:d0:51:9b:2e:
                    d9:08:96:33:6f:ff:20:fe:00:4d:0d:2a:03:45:c5:
                    3e:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:18:35:84:B0:8E:01:82:8B:20:50:FC:13:17:10:C5:13:18:98:B4
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/xhg1hLCOAYKLIFD8ExcQxRMYmLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.192.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:bc:31:6f:70:33:cf:a1:82:e6:57:e8:2c:96:bb:a0:84:8f:
         cb:26:12:ed:c4:0a:6b:a7:bb:98:36:d8:92:89:b1:17:cd:7a:
         a3:a8:7b:c8:4e:97:35:69:18:13:75:60:ba:22:65:53:78:1c:
         36:08:20:fb:b5:22:5a:f2:39:5c:cc:ca:22:ae:98:5c:de:f7:
         dc:55:33:94:aa:df:4e:f2:e5:59:eb:77:af:69:5f:ae:1d:a1:
         97:c5:27:c1:2f:ee:8d:1e:c9:3e:29:2d:6b:da:69:3f:f7:28:
         ac:e3:ed:a3:75:66:28:6b:3d:8b:91:04:b2:9e:0f:65:de:8e:
         ad:61:71:20:7b:a9:7b:4b:ed:b4:ff:3b:5f:88:74:f9:4a:89:
         45:d3:33:d8:49:1b:4d:64:9b:59:c9:8d:72:c0:80:33:85:b3:
         6e:2b:d9:5b:2f:51:ef:cd:7b:ba:57:96:9b:ff:c6:7c:e1:e9:
         5a:fd:17:76:ba:9b:7f:5e:70:28:bf:d5:71:16:a8:93:bf:31:
         6b:93:87:d1:1f:b8:97:48:df:ab:69:01:cb:6c:b6:fb:41:3a:
         a6:8e:61:f6:46:2b:36:51:50:4c:f6:a1:03:67:ed:05:8d:d8:
         06:dd:29:be:78:a5:1e:f9:c8:ec:f4:55:10:28:29:0c:49:93:
         cd:db:f4:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WQBgbjufNiTySq3MTRKjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjYwMTAxMDIxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjE4MzU4NGIwOGUwMTgyOGIyMDUwZmMxMzE3MTBjNTEzMTg5OGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBpIn6yPEz2MQZwCKscg+aITak8T
CbPg2Ni5lGqWY9bcznbe7EndHd0sBaSIW/jrk8r4nTvNHFhGj2ILrGWXA2iAw0W3
dgDX3sUoWpRU5WWu+nJWNM06UzlowtqPxI/Ap3MhnY7gJhbLHW/hQAg8pOfhfz2D
26L/X7mzC3Fa5JBet6Yp1AWhlEbKZhDuNVXsxImQ3Agblf2hBZwzulOQA0f91tXi
FBpM1zkcYVZ0wk7st3d5WLwvZDqqPlTRe82mkVTNszBybZRAraIqIRfINh9FhVIl
2l+DUyrJWYp108IMI8wYHH6PDpB9cNBRmy7ZCJYzb/8g/gBNDSoDRcU+gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMYYNYSwjgGCiyBQ/BMXEMUTGJi0MB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEveGhnMWhMQ09BWUtMSUZEOEV4Y1F4Uk1ZbUxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcCpMA0G
CSqGSIb3DQEBCwUAA4IBAQAxvDFvcDPPoYLmV+gslrughI/LJhLtxAprp7uYNtiS
ibEXzXqjqHvITpc1aRgTdWC6ImVTeBw2CCD7tSJa8jlczMoirphc3vfcVTOUqt9O
8uVZ63evaV+uHaGXxSfBL+6NHsk+KS1r2mk/9yis4+2jdWYoaz2LkQSyng9l3o6t
YXEge6l7S+20/ztfiHT5SolF0zPYSRtNZJtZyY1ywIAzhbNuK9lbL1HvzXu6V5ab
/8Z84ela/Rd2upt/XnAov9VxFqiTvzFrk4fRH7iXSN+raQHLbLb7QTqmjmH2Ris2
UVBM9qEDZ+0FjdgG3Sm+eKUe+cjs9FUQKCkMSZPN2/T2
-----END CERTIFICATE-----