This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/xkjIJXUIE6VGTcwTX14i2CcAh2o.roa
File:                     xkjIJXUIE6VGTcwTX14i2CcAh2o.roa (raw, json)
Hash identifier:          VbIF2ZXp+PzBC6VW5KMkkrust5TfWu5t0wCm2XIKfFM=
Subject key identifier:   C6:48:C8:25:75:08:13:A5:46:4D:CC:13:5F:5E:22:D8:27:00:87:6A
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       019B7758F80709B9CECE4D0F5110A1C316BB
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/xkjIJXUIE6VGTcwTX14i2CcAh2o.roa
Signing time:             Thu 01 Jan 2026 02:17:57 +0000
ROA not before:           Thu 01 Jan 2026 02:17:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56872
IP address blocks:        178.16.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:f8:07:09:b9:ce:ce:4d:0f:51:10:a1:c3:16:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 02:17:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c648c825750813a5464dcc135f5e22d82700876a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:12:c0:c6:d9:d9:c0:59:da:d0:ff:3f:7a:b0:
                    e0:d0:a5:45:41:82:43:59:27:56:8e:d7:20:fc:6c:
                    85:6c:09:13:7a:95:6b:bb:b4:9e:a9:48:f5:70:6f:
                    a5:2f:69:82:44:80:dc:82:15:66:6d:62:aa:41:fe:
                    7b:ea:59:2f:e1:17:02:5d:47:3d:87:72:72:a3:3c:
                    05:a2:7c:4a:5b:0b:27:b6:89:68:4f:b3:41:8c:12:
                    47:91:b0:d1:d4:a8:83:9a:ba:37:d5:26:d0:0c:12:
                    5c:b4:03:e8:0e:24:92:3b:f9:16:9d:38:19:2d:cf:
                    b5:e0:cd:13:03:46:75:b2:c8:b8:00:5f:a1:b9:93:
                    75:62:e1:4c:de:e4:2f:32:c0:50:b4:91:dc:e8:1c:
                    2a:d3:f6:eb:fd:90:5a:8f:04:66:dd:83:fa:3f:92:
                    11:bb:a8:50:37:99:24:61:37:49:58:06:cc:7b:a5:
                    84:fa:d1:c1:e7:7b:26:47:e1:f8:78:d1:d2:dc:6b:
                    e5:f6:d1:1c:3f:c6:fd:6c:13:fd:e0:89:06:0f:b3:
                    68:0d:3b:c8:5f:32:e7:87:f3:02:f7:fe:85:a1:13:
                    15:60:25:2c:26:db:c2:7f:46:39:16:c5:f9:52:86:
                    c3:4d:8d:7a:b9:ee:ee:25:96:ef:cf:19:77:d5:5f:
                    ff:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:48:C8:25:75:08:13:A5:46:4D:CC:13:5F:5E:22:D8:27:00:87:6A
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/xkjIJXUIE6VGTcwTX14i2CcAh2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.16.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:18:8e:f7:51:5a:76:3b:22:54:80:61:f3:8b:f9:47:a6:47:
         d8:09:64:28:21:63:21:2b:9e:0d:d6:33:5e:97:bf:54:9e:2a:
         79:1a:32:e6:4a:9f:34:83:98:85:2c:d6:c5:61:41:df:a3:65:
         bf:00:ea:56:b3:cc:fb:7c:ac:9c:46:19:5e:9a:e2:7b:95:d9:
         cc:d4:76:97:9a:50:c7:f3:15:13:0f:4a:06:dc:f4:1d:c3:06:
         21:64:85:0e:db:b4:46:01:e5:28:47:2d:31:08:32:60:d1:82:
         cc:3d:6d:58:1f:d8:99:e9:4e:9e:a1:e9:47:1c:05:5c:81:d3:
         6a:8a:43:59:15:d0:f9:ff:86:26:11:99:54:a1:57:7a:2a:24:
         76:fa:41:61:99:75:91:50:1a:d4:2f:51:06:86:ef:7b:0d:2a:
         a9:7b:2b:00:70:16:8b:cc:b6:c3:8e:48:66:39:bc:59:e1:34:
         3f:65:cc:be:dd:89:14:69:cc:6c:ba:37:aa:07:a0:93:90:22:
         9d:15:69:4f:90:39:1a:59:ec:61:14:bc:ba:1e:76:8b:cd:23:
         d4:b7:3d:46:7d:16:6f:a2:1d:97:d1:33:f1:de:05:e6:45:03:
         a2:d5:da:46:00:cc:18:59:db:5b:ac:66:58:be:32:d8:7e:75:
         c1:26:77:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WPgHCbnOzk0PURChwxa7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjYwMTAxMDIxNzU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjQ4YzgyNTc1MDgxM2E1NDY0ZGNjMTM1ZjVlMjJkODI3MDA4NzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BLAxtnZwFna0P8/erDg0KVFQYJD
WSdWjtcg/GyFbAkTepVru7SeqUj1cG+lL2mCRIDcghVmbWKqQf576lkv4RcCXUc9
h3JyozwFonxKWwsntoloT7NBjBJHkbDR1KiDmro31SbQDBJctAPoDiSSO/kWnTgZ
Lc+14M0TA0Z1ssi4AF+huZN1YuFM3uQvMsBQtJHc6Bwq0/br/ZBajwRm3YP6P5IR
u6hQN5kkYTdJWAbMe6WE+tHB53smR+H4eNHS3Gvl9tEcP8b9bBP94IkGD7NoDTvI
XzLnh/MC9/6FoRMVYCUsJtvCf0Y5FsX5UobDTY16ue7uJZbvzxl31V//mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZIyCV1CBOlRk3ME19eItgnAIdqMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEveGtqSUpYVUlFNlZHVGN3VFgxNGkyQ2NBaDJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshB9MA0G
CSqGSIb3DQEBCwUAA4IBAQBCGI73UVp2OyJUgGHzi/lHpkfYCWQoIWMhK54N1jNe
l79Unip5GjLmSp80g5iFLNbFYUHfo2W/AOpWs8z7fKycRhlemuJ7ldnM1HaXmlDH
8xUTD0oG3PQdwwYhZIUO27RGAeUoRy0xCDJg0YLMPW1YH9iZ6U6eoelHHAVcgdNq
ikNZFdD5/4YmEZlUoVd6KiR2+kFhmXWRUBrUL1EGhu97DSqpeysAcBaLzLbDjkhm
ObxZ4TQ/Zcy+3YkUacxsujeqB6CTkCKdFWlPkDkaWexhFLy6HnaLzSPUtz1GfRZv
oh2X0TPx3gXmRQOi1dpGAMwYWdtbrGZYvjLYfnXBJndr
-----END CERTIFICATE-----
Generated at Sun Jan 25 20:29:48 2026 by rpki-client