This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/XlOHCkwe-ya7qvoF5YhWSM2tlGE.roa
File:                     XlOHCkwe-ya7qvoF5YhWSM2tlGE.roa (raw, json)
Hash identifier:          qcRgWsFFY80dkmLspNDT2+HRPcv6KvVf/78VwxhXJCQ=
Subject key identifier:   5E:53:87:0A:4C:1E:FB:26:BB:AA:FA:05:E5:88:56:48:CD:AD:94:61
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       019B7F84BF1C5241F999D3E20C160EEAAC46
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/XlOHCkwe-ya7qvoF5YhWSM2tlGE.roa
Signing time:             Fri 02 Jan 2026 16:22:44 +0000
ROA not before:           Fri 02 Jan 2026 16:22:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50833
IP address blocks:        2a02:128:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:bf:1c:52:41:f9:99:d3:e2:0c:16:0e:ea:ac:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 16:22:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e53870a4c1efb26bbaafa05e5885648cdad9461
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:59:09:c6:cf:a0:af:38:48:64:26:09:68:2f:
                    3a:b0:e5:e9:10:4d:a7:0d:4d:f1:94:d4:8c:d0:7c:
                    27:8d:9f:d8:7e:4a:3a:33:cf:b3:fb:fe:d6:f5:9f:
                    42:42:9a:a1:ef:e8:87:eb:72:3e:57:8d:ac:b6:c3:
                    a2:38:9a:64:e1:1d:ca:08:70:a9:6e:1d:84:7d:c7:
                    e0:10:a1:9d:9e:10:33:ae:34:38:47:45:f7:de:f6:
                    0d:7c:28:80:ab:be:89:e0:90:9d:30:43:de:05:09:
                    12:85:cc:09:e0:05:16:da:3a:6d:51:fa:cc:91:87:
                    d8:19:2e:cb:20:ed:c4:68:b8:b3:09:6a:c2:75:fb:
                    46:39:19:70:38:f4:42:6f:9f:3b:95:23:6c:2a:79:
                    72:5f:58:ea:56:e2:50:4c:78:8e:2e:f2:a7:c1:6d:
                    66:c7:4f:22:5f:12:21:bc:c3:e6:fa:c8:d6:58:f0:
                    68:42:77:29:6e:c0:02:1f:8f:d5:1f:fd:9d:d9:bc:
                    b5:a9:a2:00:f6:a6:85:8c:47:92:14:c2:26:8e:7a:
                    c6:b2:c3:a4:42:1b:4d:24:2b:45:73:22:28:a1:4a:
                    72:46:3a:0e:f4:4b:f3:ee:55:9e:0b:11:75:83:b6:
                    60:0c:36:e5:a5:38:71:96:33:88:03:d4:34:51:72:
                    f4:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:53:87:0A:4C:1E:FB:26:BB:AA:FA:05:E5:88:56:48:CD:AD:94:61
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/XlOHCkwe-ya7qvoF5YhWSM2tlGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:128:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:dd:11:98:59:a7:aa:6a:4a:8a:33:54:63:43:ed:dc:36:e4:
         c2:24:0c:5b:21:f2:01:bb:68:0c:9e:c7:17:b6:4a:20:1f:54:
         31:bb:79:0d:2f:68:d0:52:ba:25:91:7a:03:4e:3d:30:aa:82:
         27:bf:1f:97:06:d0:7c:d6:42:61:a0:56:81:61:12:6b:2a:6c:
         87:29:3c:a0:ff:e5:7d:57:fd:a9:f0:8f:0a:29:43:3c:a7:10:
         2a:27:b1:58:04:94:62:d5:13:0b:d0:de:c8:1e:c8:35:93:90:
         12:d3:84:98:14:43:8f:eb:df:f4:f3:57:53:6f:aa:7b:2f:8b:
         d5:98:a0:d5:58:5b:a1:b9:44:cb:c6:cf:61:29:4e:2f:74:cf:
         9e:ff:b4:8a:fa:96:32:95:75:6a:b8:d3:ec:b5:3c:9d:e4:28:
         32:8f:14:54:6c:fb:30:7d:03:26:f7:b4:cc:fd:e6:26:2b:25:
         68:c8:1a:43:ed:f2:33:06:38:9a:7a:f2:51:fc:35:68:22:fb:
         c1:a2:74:6f:5a:60:fd:3d:0c:76:c2:56:d9:83:e4:67:00:66:
         03:14:17:f7:b9:b8:5f:b0:8b:9a:88:f8:ee:b3:d5:0d:d5:a5:
         fa:96:87:36:84:e5:a1:74:f4:17:06:0f:3a:0c:cb:32:ff:e4:
         83:c4:b4:85
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/hL8cUkH5mdPiDBYO6qxGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjYwMTAyMTYyMjQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTUzODcwYTRjMWVmYjI2YmJhYWZhMDVlNTg4NTY0OGNkYWQ5NDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0lkJxs+grzhIZCYJaC86sOXpEE2n
DU3xlNSM0HwnjZ/Yfko6M8+z+/7W9Z9CQpqh7+iH63I+V42stsOiOJpk4R3KCHCp
bh2EfcfgEKGdnhAzrjQ4R0X33vYNfCiAq76J4JCdMEPeBQkShcwJ4AUW2jptUfrM
kYfYGS7LIO3EaLizCWrCdftGORlwOPRCb587lSNsKnlyX1jqVuJQTHiOLvKnwW1m
x08iXxIhvMPm+sjWWPBoQncpbsACH4/VH/2d2by1qaIA9qaFjEeSFMImjnrGssOk
QhtNJCtFcyIooUpyRjoO9Evz7lWeCxF1g7ZgDDblpThxljOIA9Q0UXL09QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF5ThwpMHvsmu6r6BeWIVkjNrZRhMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvWGxPSENrd2UteWE3cXZvRjVZaFdTTTJ0bEdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIBKAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQAY3RGYWaeqakqKM1RjQ+3cNuTCJAxbIfIBu2gM
nscXtkogH1Qxu3kNL2jQUrolkXoDTj0wqoInvx+XBtB81kJhoFaBYRJrKmyHKTyg
/+V9V/2p8I8KKUM8pxAqJ7FYBJRi1RML0N7IHsg1k5AS04SYFEOP69/081dTb6p7
L4vVmKDVWFuhuUTLxs9hKU4vdM+e/7SK+pYylXVquNPstTyd5CgyjxRUbPswfQMm
97TM/eYmKyVoyBpD7fIzBjiaevJR/DVoIvvBonRvWmD9PQx2wlbZg+RnAGYDFBf3
ubhfsIuaiPjus9UN1aX6loc2hOWhdPQXBg86DMsy/+SDxLSF
-----END CERTIFICATE-----