This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/6e4b78-ab94-449c-a4d5-abdb63ace7e7/1/XpDHF6qNAfRig2NmPZIIBwNiNAU.roa
File:                     XpDHF6qNAfRig2NmPZIIBwNiNAU.roa (raw, json)
Hash identifier:          9bFU4KF8zp5CMrxC2WFBFW2SFIScv756NVWyJZFeI1E=
Subject key identifier:   5E:90:C7:17:AA:8D:01:F4:62:83:63:66:3D:92:08:07:03:62:34:05
Certificate issuer:       /CN=0d889fadae7bf21072fadb32e1ea763b0c29948e
Certificate serial:       019B7D5B355AB9FB4A73F92F38BB769DAD62
Authority key identifier: 0D:88:9F:AD:AE:7B:F2:10:72:FA:DB:32:E1:EA:76:3B:0C:29:94:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DYifra578hBy-tsy4ep2OwwplI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/6e4b78-ab94-449c-a4d5-abdb63ace7e7/1/XpDHF6qNAfRig2NmPZIIBwNiNAU.roa
Signing time:             Fri 02 Jan 2026 06:18:08 +0000
ROA not before:           Fri 02 Jan 2026 06:18:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50939
IP address blocks:        195.88.80.0/24 maxlen: 24
                          195.88.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/6e4b78-ab94-449c-a4d5-abdb63ace7e7/1/DYifra578hBy-tsy4ep2OwwplI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/6e4b78-ab94-449c-a4d5-abdb63ace7e7/1/DYifra578hBy-tsy4ep2OwwplI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DYifra578hBy-tsy4ep2OwwplI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:35:5a:b9:fb:4a:73:f9:2f:38:bb:76:9d:ad:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d889fadae7bf21072fadb32e1ea763b0c29948e
        Validity
            Not Before: Jan  2 06:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e90c717aa8d01f4628363663d92080703623405
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b1:9a:94:56:a1:5f:5d:b7:4b:82:df:a5:0c:
                    4e:ad:67:ef:23:26:0c:11:91:a4:34:b7:8e:e7:6c:
                    92:07:19:fe:75:66:0f:69:47:f8:5e:fe:58:db:ec:
                    bd:97:a6:26:f1:4e:67:7a:fc:aa:54:e0:d4:27:38:
                    6a:34:05:e9:29:96:43:f6:71:63:47:7a:8a:58:cc:
                    f8:3c:11:98:67:c3:d2:a0:28:67:a1:dc:b9:a9:c7:
                    85:fb:a4:01:fe:67:56:09:6b:21:1f:92:4e:89:80:
                    e5:65:95:f0:f0:79:e7:c4:f8:21:02:c6:26:06:f9:
                    bc:3b:d2:7b:58:ba:ca:92:16:2b:7b:08:b6:9b:d0:
                    6e:55:01:ba:73:f3:17:7f:42:0d:ad:ea:71:ec:08:
                    05:e4:9c:aa:43:26:84:b3:09:5d:1b:39:3b:ac:5d:
                    75:76:83:e9:1a:f6:b6:d0:83:df:eb:75:c6:e0:d1:
                    dc:a8:4b:81:90:c5:77:7c:bd:11:70:e3:b4:e3:4c:
                    b0:89:50:4c:e4:a3:db:10:e0:12:99:15:96:f9:7d:
                    30:35:8c:97:43:71:fc:8c:09:7c:11:07:01:1a:22:
                    15:d3:d9:c0:5d:c8:b9:47:93:13:5b:57:52:bd:84:
                    8d:85:89:96:9b:9c:8f:08:f7:dd:34:a9:72:14:c4:
                    a5:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:90:C7:17:AA:8D:01:F4:62:83:63:66:3D:92:08:07:03:62:34:05
            X509v3 Authority Key Identifier:
                keyid:0D:88:9F:AD:AE:7B:F2:10:72:FA:DB:32:E1:EA:76:3B:0C:29:94:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DYifra578hBy-tsy4ep2OwwplI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/6e4b78-ab94-449c-a4d5-abdb63ace7e7/1/XpDHF6qNAfRig2NmPZIIBwNiNAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/6e4b78-ab94-449c-a4d5-abdb63ace7e7/1/DYifra578hBy-tsy4ep2OwwplI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:ee:42:8f:df:b3:8e:ca:ae:de:66:db:76:de:29:1c:11:ec:
         2e:13:67:93:67:12:9f:26:be:b8:73:d8:05:6e:b0:f3:91:2a:
         4f:7f:2b:34:0c:5a:5c:3c:de:3d:28:d0:41:cb:80:5e:e5:4e:
         a4:ad:f1:5e:c9:ea:b5:fd:0b:da:bd:e9:10:ad:76:a9:a5:68:
         4b:56:68:c8:18:b8:cb:4b:fb:a2:ed:c4:5c:85:51:8c:42:57:
         da:1e:64:d6:fe:f9:d7:d8:6b:bb:4a:38:0f:23:a7:19:26:eb:
         5a:14:b9:f7:d4:35:a6:41:79:d0:86:0a:48:e7:e6:6a:4f:fc:
         ae:a5:8a:47:e0:3d:68:f6:fa:c6:e7:c2:f1:ef:57:31:96:a5:
         69:c8:b8:60:6e:fd:70:a5:13:b4:5e:49:f7:33:e2:95:99:3c:
         d1:fb:75:2a:d2:ca:88:58:69:bd:d9:a1:c7:a1:93:d8:0f:e1:
         09:38:05:23:a2:01:ed:26:8b:1d:d1:8f:27:59:79:c8:71:18:
         69:ab:bd:a1:3a:92:b7:e5:13:71:1f:7a:98:04:84:b3:2b:65:
         9c:48:f6:b7:aa:26:8e:32:53:36:b6:c8:a7:84:9c:aa:5b:80:
         e9:ea:59:f8:fe:34:e9:ad:de:d8:1e:0a:1a:17:87:db:9f:64:
         18:8a:d7:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WzVauftKc/kvOLt2na1iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkODg5ZmFkYWU3YmYyMTA3MmZhZGIzMmUxZWE3NjNiMGMy
OTk0OGUwHhcNMjYwMTAyMDYxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTkwYzcxN2FhOGQwMWY0NjI4MzYzNjYzZDkyMDgwNzAzNjIzNDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7GalFahX123S4LfpQxOrWfvIyYM
EZGkNLeO52ySBxn+dWYPaUf4Xv5Y2+y9l6Ym8U5nevyqVODUJzhqNAXpKZZD9nFj
R3qKWMz4PBGYZ8PSoChnody5qceF+6QB/mdWCWshH5JOiYDlZZXw8HnnxPghAsYm
Bvm8O9J7WLrKkhYrewi2m9BuVQG6c/MXf0INrepx7AgF5JyqQyaEswldGzk7rF11
doPpGva20IPf63XG4NHcqEuBkMV3fL0RcOO040ywiVBM5KPbEOASmRWW+X0wNYyX
Q3H8jAl8EQcBGiIV09nAXci5R5MTW1dSvYSNhYmWm5yPCPfdNKlyFMSlfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6QxxeqjQH0YoNjZj2SCAcDYjQFMB8GA1UdIwQY
MBaAFA2In62ue/IQcvrbMuHqdjsMKZSOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFlpZnJhNTc4aEJ5LXRzeTRlcDJPd3dwbEk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC82ZTRiNzgtYWI5NC00NDljLWE0ZDUt
YWJkYjYzYWNlN2U3LzEvWHBESEY2cU5BZlJpZzJObVBaSUlCd05pTkFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC82ZTRiNzgtYWI5NC00NDljLWE0ZDUtYWJkYjYzYWNlN2U3
LzEvRFlpZnJhNTc4aEJ5LXRzeTRlcDJPd3dwbEk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1hQMA0G
CSqGSIb3DQEBCwUAA4IBAQBN7kKP37OOyq7eZtt23ikcEewuE2eTZxKfJr64c9gF
brDzkSpPfys0DFpcPN49KNBBy4Be5U6krfFeyeq1/QvavekQrXappWhLVmjIGLjL
S/ui7cRchVGMQlfaHmTW/vnX2Gu7SjgPI6cZJutaFLn31DWmQXnQhgpI5+ZqT/yu
pYpH4D1o9vrG58Lx71cxlqVpyLhgbv1wpRO0Xkn3M+KVmTzR+3Uq0sqIWGm92aHH
oZPYD+EJOAUjogHtJosd0Y8nWXnIcRhpq72hOpK35RNxH3qYBISzK2WcSPa3qiaO
MlM2tsinhJyqW4Dp6ln4/jTprd7YHgoaF4fbn2QYitdg
-----END CERTIFICATE-----