This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/XYMRMU_3O-JK-JIGAvAXg1QrnRM.roa
File:                     XYMRMU_3O-JK-JIGAvAXg1QrnRM.roa (raw, json)
Hash identifier:          llYUO5jnzTZpvaJuLkhYws9O4QD9RoKbEnpetMF/cpY=
Subject key identifier:   5D:83:11:31:4F:F7:3B:E2:4A:F8:92:06:02:F0:17:83:54:2B:9D:13
Certificate issuer:       /CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
Certificate serial:       019B7758F0B65DD4D080F9653FDBA14192BB
Authority key identifier: 93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/XYMRMU_3O-JK-JIGAvAXg1QrnRM.roa
Signing time:             Thu 01 Jan 2026 02:17:56 +0000
ROA not before:           Thu 01 Jan 2026 02:17:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201235
IP address blocks:        217.113.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:f0:b6:5d:d4:d0:80:f9:65:3f:db:a1:41:92:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
        Validity
            Not Before: Jan  1 02:17:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d8311314ff73be24af8920602f01783542b9d13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:33:2d:4e:a1:d5:cb:70:f2:7f:b2:44:d1:8b:
                    7a:60:5a:07:0b:36:2b:ca:1e:44:44:84:0f:dc:26:
                    a2:78:15:d2:29:0a:a0:18:5d:a2:d1:2b:cc:b3:f4:
                    5a:c9:3b:25:24:b7:fd:b7:d2:6b:6e:7f:c8:4d:ff:
                    06:68:68:76:55:09:a1:d3:d0:a6:ff:55:70:a1:76:
                    60:07:0f:aa:0f:c4:a1:f8:f4:2c:44:d9:5c:0d:52:
                    36:39:cc:86:ae:e8:ed:6e:a6:69:01:16:59:9d:11:
                    1e:da:71:a1:0c:56:a9:d5:5f:0e:d8:e5:d0:51:a3:
                    88:78:9e:48:98:99:bd:b6:9c:c7:33:c1:ca:ab:1d:
                    64:43:0e:aa:f7:85:f8:9b:d2:3d:d7:6b:32:0a:74:
                    7f:53:5c:60:e3:98:ea:4b:0f:61:4d:0c:50:c6:41:
                    02:75:1a:a4:62:5d:18:a6:cd:f6:5e:9c:89:c6:c6:
                    91:a4:93:84:62:55:e5:ca:3e:a6:f5:2c:ff:f2:44:
                    83:10:00:43:8d:9c:16:10:83:bd:75:78:df:a1:a8:
                    f1:7d:16:35:85:18:ce:ab:4c:f5:e1:23:33:a9:f1:
                    f3:87:44:0d:eb:5f:73:e4:52:c9:5f:7e:8a:c9:91:
                    ca:ce:11:f5:b9:36:81:c8:d6:44:8a:5c:6e:00:e0:
                    a8:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:83:11:31:4F:F7:3B:E2:4A:F8:92:06:02:F0:17:83:54:2B:9D:13
            X509v3 Authority Key Identifier:
                keyid:93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/XYMRMU_3O-JK-JIGAvAXg1QrnRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.113.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:a8:d0:4b:1c:68:52:7d:c9:36:c5:04:a4:18:e6:37:63:59:
         2e:b9:19:17:05:30:05:e2:ed:a8:26:e1:42:18:37:ac:0c:f6:
         24:b7:6d:3c:85:fa:fd:8f:28:ef:2a:65:72:b3:2e:61:ea:dd:
         80:ab:16:89:99:c4:f5:35:a6:ba:e3:b6:7b:fd:55:0a:77:fd:
         fb:89:b2:b0:c6:90:10:ad:0b:b0:1a:3d:48:2d:10:76:50:e6:
         07:c4:49:e7:15:67:0f:7b:c4:63:04:41:41:f7:55:ce:6c:3b:
         ec:ee:c5:9b:3d:51:d5:59:6e:ab:c4:b3:fc:00:a4:0a:ff:5e:
         ad:b3:05:d8:3e:91:3d:86:ee:5c:c1:1c:27:74:50:e7:ad:f9:
         71:b4:f0:65:9f:20:59:df:3b:02:08:cd:c4:47:8b:46:63:a5:
         7c:bf:00:1a:04:25:a8:1d:ae:4c:85:bd:5e:6d:85:d1:a0:60:
         4a:51:e1:4c:69:9a:05:8a:e4:f8:ee:8a:6d:2a:75:b7:5b:33:
         26:56:4f:8f:83:cb:f5:22:dc:2d:66:71:c1:aa:ce:3c:c6:02:
         bd:a1:e3:1a:14:dc:80:30:e0:a6:5a:07:7e:09:bb:db:70:26:
         2b:de:af:ba:18:53:d1:57:7d:55:7a:4b:1d:80:6c:cf:f9:c8:
         f7:9d:7e:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WPC2XdTQgPllP9uhQZK7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZThmNGVkNWRkMDYzMDFjNDIzOTg4ZTc4NmRhYmY1MWM1
ZjU2NzQwHhcNMjYwMTAxMDIxNzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDgzMTEzMTRmZjczYmUyNGFmODkyMDYwMmYwMTc4MzU0MmI5ZDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzMtTqHVy3Dyf7JE0Yt6YFoHCzYr
yh5ERIQP3CaieBXSKQqgGF2i0SvMs/RayTslJLf9t9Jrbn/ITf8GaGh2VQmh09Cm
/1VwoXZgBw+qD8Sh+PQsRNlcDVI2OcyGrujtbqZpARZZnREe2nGhDFap1V8O2OXQ
UaOIeJ5ImJm9tpzHM8HKqx1kQw6q94X4m9I912syCnR/U1xg45jqSw9hTQxQxkEC
dRqkYl0Yps32XpyJxsaRpJOEYlXlyj6m9Sz/8kSDEABDjZwWEIO9dXjfoajxfRY1
hRjOq0z14SMzqfHzh0QN619z5FLJX36KyZHKzhH1uTaByNZEilxuAOCoNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF2DETFP9zviSviSBgLwF4NUK50TMB8GA1UdIwQY
MBaAFJPo9O1d0GMBxCOYjnhtq/UcX1Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQt
MWZjMTllYTczYTJhLzEvWFlNUk1VXzNPLUpLLUpJR0F2QVhnMVFyblJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQtMWZjMTllYTczYTJh
LzEvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2XEQMA0G
CSqGSIb3DQEBCwUAA4IBAQAGqNBLHGhSfck2xQSkGOY3Y1kuuRkXBTAF4u2oJuFC
GDesDPYkt208hfr9jyjvKmVysy5h6t2AqxaJmcT1Naa647Z7/VUKd/37ibKwxpAQ
rQuwGj1ILRB2UOYHxEnnFWcPe8RjBEFB91XObDvs7sWbPVHVWW6rxLP8AKQK/16t
swXYPpE9hu5cwRwndFDnrflxtPBlnyBZ3zsCCM3ER4tGY6V8vwAaBCWoHa5Mhb1e
bYXRoGBKUeFMaZoFiuT47optKnW3WzMmVk+Pg8v1ItwtZnHBqs48xgK9oeMaFNyA
MOCmWgd+CbvbcCYr3q+6GFPRV31VeksdgGzP+cj3nX6u
-----END CERTIFICATE-----