This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/XGNpEJyZ5ofWurDz4XnNulUh5Qc.roa
File:                     XGNpEJyZ5ofWurDz4XnNulUh5Qc.roa (raw, json)
Hash identifier:          ApJMkAtwvgFPQPDi80cwWPLVrZBQ049k8CTijiz27yI=
Subject key identifier:   5C:63:69:10:9C:99:E6:87:D6:BA:B0:F3:E1:79:CD:BA:55:21:E5:07
Certificate issuer:       /CN=6a8edda2f21c885fbe67286218b8318d6ad23896
Certificate serial:       019B7CED71B03BFC1630CA07042506F9DFD5
Authority key identifier: 6A:8E:DD:A2:F2:1C:88:5F:BE:67:28:62:18:B8:31:8D:6A:D2:38:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ao7dovIciF--ZyhiGLgxjWrSOJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/XGNpEJyZ5ofWurDz4XnNulUh5Qc.roa
Signing time:             Fri 02 Jan 2026 04:18:14 +0000
ROA not before:           Fri 02 Jan 2026 04:18:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34471
IP address blocks:        193.151.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/ao7dovIciF--ZyhiGLgxjWrSOJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/ao7dovIciF--ZyhiGLgxjWrSOJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ao7dovIciF--ZyhiGLgxjWrSOJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:71:b0:3b:fc:16:30:ca:07:04:25:06:f9:df:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a8edda2f21c885fbe67286218b8318d6ad23896
        Validity
            Not Before: Jan  2 04:18:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c6369109c99e687d6bab0f3e179cdba5521e507
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:11:a5:91:8b:f2:d4:d7:a2:4a:01:89:e3:cc:
                    6f:6f:41:95:8b:73:0a:32:d3:25:3d:8f:2f:37:e4:
                    68:05:f7:54:58:4c:b2:8c:9b:62:4a:76:3c:f0:56:
                    81:02:a5:c2:ce:6e:5c:cb:81:75:4f:82:53:26:8d:
                    92:54:41:78:d7:86:bb:6f:40:c0:e9:ce:ef:1e:3a:
                    fc:84:31:77:d2:dc:13:57:c5:f8:ba:27:f0:fe:11:
                    37:a1:c0:57:a0:cf:dd:92:4a:b7:7b:ab:7a:6b:44:
                    48:12:4e:6b:d1:94:e8:04:d5:49:c9:81:dc:c9:2b:
                    b3:82:c5:05:ea:10:58:98:d5:06:28:24:3d:c1:20:
                    06:db:81:c3:b7:87:27:15:96:c6:cb:d1:79:fe:1e:
                    ec:2a:62:2e:6e:ed:bb:26:38:20:23:74:f4:59:e5:
                    f1:b1:41:62:8c:b3:77:ef:48:01:90:67:a5:d6:86:
                    7d:20:ec:03:ed:bd:e8:7e:7c:97:d4:53:b0:bf:d4:
                    10:83:d0:e3:7b:17:33:ca:d5:f0:4a:f3:32:53:76:
                    66:83:65:86:cd:9f:48:8e:7f:50:3b:54:ce:85:0a:
                    d1:03:cf:c2:a7:16:02:be:80:c1:40:f4:9c:d3:3a:
                    32:65:aa:f5:cf:93:cc:a3:62:9d:54:37:b6:c2:82:
                    b6:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:63:69:10:9C:99:E6:87:D6:BA:B0:F3:E1:79:CD:BA:55:21:E5:07
            X509v3 Authority Key Identifier:
                keyid:6A:8E:DD:A2:F2:1C:88:5F:BE:67:28:62:18:B8:31:8D:6A:D2:38:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ao7dovIciF--ZyhiGLgxjWrSOJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/XGNpEJyZ5ofWurDz4XnNulUh5Qc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/ao7dovIciF--ZyhiGLgxjWrSOJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:2e:b9:2a:bc:91:ff:fa:0e:22:4b:f4:12:dc:cb:68:ba:b7:
         ec:df:c1:24:b4:c3:02:22:c9:14:fa:c5:e8:1d:5a:88:b5:69:
         5a:9c:74:17:31:5c:63:b2:d0:04:c2:ea:8d:e8:31:98:ce:00:
         d6:8a:e4:50:41:b0:d4:c5:b8:e5:9f:36:01:18:e7:69:31:27:
         48:b0:0a:d9:a9:50:72:5a:89:34:c3:4c:83:a0:51:79:8b:95:
         74:1a:5d:c4:1b:f5:eb:73:b4:3b:ea:0c:a7:e9:5c:40:86:9c:
         88:29:f2:90:a3:84:ca:b2:68:74:88:02:e9:f0:ff:a1:61:73:
         7b:58:be:c9:64:94:bd:9e:99:9a:e4:fc:a6:a1:53:3f:dd:51:
         8d:ec:9d:06:cf:6f:c8:a6:d2:d6:ed:c7:54:f2:c7:ed:a2:55:
         4b:81:8e:58:b0:73:9b:f1:cf:cc:bd:92:8d:0e:0c:57:b4:ec:
         69:0c:f8:ae:c2:dd:e5:dc:8e:f9:2e:cf:bc:9f:78:81:8c:10:
         89:20:d0:cc:c3:c8:01:1a:2f:4c:9f:87:4e:6c:91:3f:16:45:
         12:7c:6d:63:13:b1:5c:2a:9e:ea:c9:92:ee:bb:52:6e:0c:96:
         60:05:0a:62:6f:51:9d:f1:8e:64:f1:1d:44:da:62:eb:da:d7:
         a1:ae:16:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87XGwO/wWMMoHBCUG+d/VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhOGVkZGEyZjIxYzg4NWZiZTY3Mjg2MjE4YjgzMThkNmFk
MjM4OTYwHhcNMjYwMTAyMDQxODE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzYzNjkxMDljOTllNjg3ZDZiYWIwZjNlMTc5Y2RiYTU1MjFlNTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRGlkYvy1NeiSgGJ48xvb0GVi3MK
MtMlPY8vN+RoBfdUWEyyjJtiSnY88FaBAqXCzm5cy4F1T4JTJo2SVEF414a7b0DA
6c7vHjr8hDF30twTV8X4uifw/hE3ocBXoM/dkkq3e6t6a0RIEk5r0ZToBNVJyYHc
ySuzgsUF6hBYmNUGKCQ9wSAG24HDt4cnFZbGy9F5/h7sKmIubu27JjggI3T0WeXx
sUFijLN370gBkGel1oZ9IOwD7b3ofnyX1FOwv9QQg9DjexczytXwSvMyU3Zmg2WG
zZ9Ijn9QO1TOhQrRA8/CpxYCvoDBQPSc0zoyZar1z5PMo2KdVDe2woK2CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxjaRCcmeaH1rqw8+F5zbpVIeUHMB8GA1UdIwQY
MBaAFGqO3aLyHIhfvmcoYhi4MY1q0jiWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYW83ZG92SWNpRi0tWnloaUdMZ3hqV3JTT0pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82ZGI3OTctYTNkMy00MjQxLTkwM2Et
MGM2Njg0MDE5OGQwLzEvWEdOcEVKeVo1b2ZXdXJEejRYbk51bFVoNVFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82ZGI3OTctYTNkMy00MjQxLTkwM2EtMGM2Njg0MDE5OGQw
LzEvYW83ZG92SWNpRi0tWnloaUdMZ3hqV3JTT0pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZf2MA0G
CSqGSIb3DQEBCwUAA4IBAQBjLrkqvJH/+g4iS/QS3Mtourfs38EktMMCIskU+sXo
HVqItWlanHQXMVxjstAEwuqN6DGYzgDWiuRQQbDUxbjlnzYBGOdpMSdIsArZqVBy
Wok0w0yDoFF5i5V0Gl3EG/Xrc7Q76gyn6VxAhpyIKfKQo4TKsmh0iALp8P+hYXN7
WL7JZJS9npma5PymoVM/3VGN7J0Gz2/IptLW7cdU8sftolVLgY5YsHOb8c/MvZKN
DgxXtOxpDPiuwt3l3I75Ls+8n3iBjBCJINDMw8gBGi9Mn4dObJE/FkUSfG1jE7Fc
Kp7qyZLuu1JuDJZgBQpib1Gd8Y5k8R1E2mLr2tehrhYc
-----END CERTIFICATE-----