This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/Xw3h_CC6qPSVdDpkSzq3-66zIq0.roa
File:                     Xw3h_CC6qPSVdDpkSzq3-66zIq0.roa (raw, json)
Hash identifier:          +TGIjxSIi4Fi3T6MjZ15T8KPBa+jLU+k2fuwCJ1szn4=
Subject key identifier:   5F:0D:E1:FC:20:BA:A8:F4:95:74:3A:64:4B:3A:B7:FB:AE:B3:22:AD
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019B7CEE7206A5E86377682A62D034D00701
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/Xw3h_CC6qPSVdDpkSzq3-66zIq0.roa
Signing time:             Fri 02 Jan 2026 04:19:20 +0000
ROA not before:           Fri 02 Jan 2026 04:19:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395374
IP address blocks:        79.172.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:72:06:a5:e8:63:77:68:2a:62:d0:34:d0:07:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jan  2 04:19:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5f0de1fc20baa8f495743a644b3ab7fbaeb322ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4a:5a:71:cc:40:94:eb:0a:00:05:68:ba:74:
                    24:73:44:69:0d:85:7a:42:19:69:22:91:79:16:fe:
                    af:4d:37:a9:60:a6:da:f6:a6:c9:49:ae:d8:22:a0:
                    4a:70:b0:ef:2b:60:b5:f2:c7:93:0b:d6:26:88:e6:
                    50:cd:1f:7e:d2:8b:8e:6b:13:7a:70:95:99:0e:5a:
                    4b:b1:08:0a:db:0e:a1:cc:9a:4d:d4:f4:61:ca:46:
                    3f:4c:37:a2:bf:08:8c:ad:8c:80:29:cb:57:e9:71:
                    59:ca:14:b4:d8:59:92:3a:dd:cf:a2:3b:e7:ef:78:
                    f7:b9:32:71:9e:92:55:46:29:46:62:16:1e:5d:5a:
                    b6:fe:63:c6:e9:d0:0f:6e:d2:b1:99:40:88:3b:41:
                    5c:d5:4d:04:83:88:01:30:6f:94:df:d9:e0:98:92:
                    18:ae:1e:9f:3a:6f:bb:aa:49:43:cc:66:86:a7:47:
                    68:5b:e4:47:e9:f7:24:60:22:90:b8:d6:13:dc:0a:
                    e0:a1:4c:60:f3:29:cf:fc:83:0b:ae:6d:33:b2:97:
                    05:a2:42:15:2a:76:36:63:b3:d5:bf:99:2d:71:a9:
                    ec:d9:1c:74:ac:43:57:21:c6:4f:5b:22:02:78:6c:
                    1b:1f:60:95:cc:46:51:3c:56:e9:15:db:b6:b2:db:
                    ea:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:0D:E1:FC:20:BA:A8:F4:95:74:3A:64:4B:3A:B7:FB:AE:B3:22:AD
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/Xw3h_CC6qPSVdDpkSzq3-66zIq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:82:92:78:ae:ad:a3:3f:6b:b1:38:0e:18:ef:b7:90:21:e7:
         d6:72:a7:99:1e:62:82:e7:37:65:ea:19:fa:49:4a:5a:11:a0:
         f4:1a:10:6b:d3:56:9e:9f:c2:4b:bd:a0:13:95:6c:64:0d:55:
         65:78:c1:7c:0e:9b:6f:03:d1:1b:7c:21:02:f8:53:b4:3a:4c:
         45:c0:2b:f0:e3:8d:75:9c:43:69:41:20:ca:ea:b0:c5:87:a7:
         3f:6d:bb:b1:6f:18:75:89:c9:8d:72:c3:ce:d7:14:ec:62:5b:
         9e:2c:4a:77:96:bc:13:a3:8e:e2:40:16:c7:bb:13:d3:5e:5b:
         20:14:07:e6:5d:07:c0:cd:74:0b:0d:ef:97:0e:b7:38:94:6e:
         01:a5:da:67:b8:e5:62:70:d5:a6:77:3d:73:55:ea:55:00:43:
         d5:11:ea:77:84:2f:c7:03:e9:c1:6f:6d:7d:36:ec:0c:b4:62:
         30:b4:0b:fc:bf:bf:9e:e5:4c:89:96:05:cf:ef:2f:cd:bc:1c:
         6a:f8:d0:0b:46:df:95:1c:1a:d8:a0:c7:ce:f2:da:c4:69:f6:
         7b:94:cb:df:64:ec:f6:32:18:f2:ed:72:a7:0e:0b:8c:5a:d3:
         ba:d0:d9:fb:e6:ee:ce:ea:d7:14:88:07:76:4b:e5:a7:f0:ae:
         de:91:16:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87nIGpehjd2gqYtA00AcBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjYwMTAyMDQxOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjBkZTFmYzIwYmFhOGY0OTU3NDNhNjQ0YjNhYjdmYmFlYjMyMmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEpaccxAlOsKAAVounQkc0RpDYV6
QhlpIpF5Fv6vTTepYKba9qbJSa7YIqBKcLDvK2C18seTC9YmiOZQzR9+0ouOaxN6
cJWZDlpLsQgK2w6hzJpN1PRhykY/TDeivwiMrYyAKctX6XFZyhS02FmSOt3Pojvn
73j3uTJxnpJVRilGYhYeXVq2/mPG6dAPbtKxmUCIO0Fc1U0Eg4gBMG+U39ngmJIY
rh6fOm+7qklDzGaGp0doW+RH6fckYCKQuNYT3ArgoUxg8ynP/IMLrm0zspcFokIV
KnY2Y7PVv5ktcans2Rx0rENXIcZPWyICeGwbH2CVzEZRPFbpFdu2stvqYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8N4fwguqj0lXQ6ZEs6t/uusyKtMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvWHczaF9DQzZxUFNWZERwa1N6cTMtNjZ6SXEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT6zQMA0G
CSqGSIb3DQEBCwUAA4IBAQCUgpJ4rq2jP2uxOA4Y77eQIefWcqeZHmKC5zdl6hn6
SUpaEaD0GhBr01aen8JLvaATlWxkDVVleMF8DptvA9EbfCEC+FO0OkxFwCvw4411
nENpQSDK6rDFh6c/bbuxbxh1icmNcsPO1xTsYlueLEp3lrwTo47iQBbHuxPTXlsg
FAfmXQfAzXQLDe+XDrc4lG4BpdpnuOVicNWmdz1zVepVAEPVEep3hC/HA+nBb219
NuwMtGIwtAv8v7+e5UyJlgXP7y/NvBxq+NALRt+VHBrYoMfO8trEafZ7lMvfZOz2
Mhjy7XKnDguMWtO60Nn75u7O6tcUiAd2S+Wn8K7ekRa/
-----END CERTIFICATE-----