This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/a978ab-43d5-4335-afa2-82eb6fd11dd5/1/XSKluvUTTgVd2egTpJ08l-exvKw.roa
File:                     XSKluvUTTgVd2egTpJ08l-exvKw.roa (raw, json)
Hash identifier:          k4WvTC/++ULE/2LzyeolM06KPsDEfc4ZDC8+guSUNtQ=
Subject key identifier:   5D:22:A5:BA:F5:13:4E:05:5D:D9:E8:13:A4:9D:3C:97:E7:B1:BC:AC
Certificate issuer:       /CN=c7db56cda2e7ddb023168c5d77ec97d9a006baed
Certificate serial:       019B7C809369F260589DD2945633718918FE
Authority key identifier: C7:DB:56:CD:A2:E7:DD:B0:23:16:8C:5D:77:EC:97:D9:A0:06:BA:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x9tWzaLn3bAjFoxdd-yX2aAGuu0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/a978ab-43d5-4335-afa2-82eb6fd11dd5/1/XSKluvUTTgVd2egTpJ08l-exvKw.roa
Signing time:             Fri 02 Jan 2026 02:19:19 +0000
ROA not before:           Fri 02 Jan 2026 02:19:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197595
IP address blocks:        193.178.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/a978ab-43d5-4335-afa2-82eb6fd11dd5/1/x9tWzaLn3bAjFoxdd-yX2aAGuu0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/a978ab-43d5-4335-afa2-82eb6fd11dd5/1/x9tWzaLn3bAjFoxdd-yX2aAGuu0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x9tWzaLn3bAjFoxdd-yX2aAGuu0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:93:69:f2:60:58:9d:d2:94:56:33:71:89:18:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7db56cda2e7ddb023168c5d77ec97d9a006baed
        Validity
            Not Before: Jan  2 02:19:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d22a5baf5134e055dd9e813a49d3c97e7b1bcac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e2:ca:df:77:b0:70:11:14:c4:b1:44:75:02:
                    ad:74:4c:03:f3:4d:03:a5:b0:49:77:9e:1c:a9:88:
                    34:5e:93:78:c8:8d:ad:2e:86:89:e3:f3:e4:72:ce:
                    1d:dc:73:ad:cb:04:2a:66:f3:e0:5f:19:a8:e1:1b:
                    49:80:e2:48:e9:44:29:68:00:70:9b:8d:7a:5a:f9:
                    c7:3b:96:de:05:7b:1d:38:df:95:bb:de:7a:0a:dc:
                    6e:45:44:f9:34:00:f3:3a:69:8d:8b:ad:d7:ae:de:
                    3a:b5:fb:b1:b6:85:13:e2:95:6d:7e:fc:c4:2b:d5:
                    52:77:af:d8:d6:8d:9f:8e:9f:9a:c8:1c:bd:69:6e:
                    06:18:c6:03:0f:77:56:bc:e2:1d:ba:e2:01:86:92:
                    31:f4:9f:a1:0f:cd:d3:3a:4b:8f:6a:bb:a6:36:bb:
                    02:46:1d:8b:4f:29:3b:d3:f3:cc:be:4e:4a:09:38:
                    2d:16:92:42:58:23:c8:f5:6a:5d:d2:11:c9:a1:84:
                    8f:2e:8d:e2:87:83:51:da:e0:1c:b3:c3:96:4d:ab:
                    50:69:fe:50:3d:7a:0f:09:11:0d:9e:ee:84:ef:7a:
                    19:1d:da:89:3f:9b:c4:4c:fc:81:25:59:90:c7:fc:
                    b7:62:c2:ef:01:ed:21:c3:ad:c1:6c:ab:a9:68:c0:
                    85:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:22:A5:BA:F5:13:4E:05:5D:D9:E8:13:A4:9D:3C:97:E7:B1:BC:AC
            X509v3 Authority Key Identifier:
                keyid:C7:DB:56:CD:A2:E7:DD:B0:23:16:8C:5D:77:EC:97:D9:A0:06:BA:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x9tWzaLn3bAjFoxdd-yX2aAGuu0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/a978ab-43d5-4335-afa2-82eb6fd11dd5/1/XSKluvUTTgVd2egTpJ08l-exvKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/a978ab-43d5-4335-afa2-82eb6fd11dd5/1/x9tWzaLn3bAjFoxdd-yX2aAGuu0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:f2:16:08:92:c0:ba:4f:b6:96:7e:f9:ec:9e:06:14:91:08:
         ee:11:12:18:37:ed:eb:40:b9:65:69:e4:2d:77:c6:ed:9a:bf:
         48:89:a6:9d:72:3a:0a:49:18:63:48:a3:df:4a:36:72:45:90:
         23:07:ec:06:da:c7:4b:7d:e9:93:3c:7a:1b:18:1a:42:97:93:
         53:5b:53:70:b4:af:7d:14:d5:54:25:ba:52:6c:dd:2c:22:7d:
         a8:04:63:36:e5:4f:42:5e:d6:4e:17:04:af:eb:8c:a5:fb:80:
         8b:19:27:b3:c0:7a:9b:67:8c:be:1b:23:41:08:cf:66:b8:c3:
         ae:c7:e3:2b:80:1b:c7:20:0c:e1:6f:cc:c2:cf:cd:40:46:ec:
         11:ee:bc:1f:e6:61:66:79:a1:44:3d:53:68:5c:e6:8c:f2:5c:
         77:70:67:bd:18:d9:09:4f:f2:1e:ae:67:22:45:e6:70:1a:8c:
         3e:30:06:6d:0f:78:cb:bb:fa:18:30:06:db:91:27:e6:e2:b9:
         3b:14:2d:4e:13:cb:f6:37:c6:5a:ea:41:9c:64:ad:2d:2d:6f:
         c3:af:4a:87:69:f0:fd:75:98:44:de:2c:63:35:d4:c5:a9:04:
         5d:45:4f:79:82:ea:b6:04:7e:80:76:db:48:49:92:cf:4e:4a:
         dc:29:cf:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gJNp8mBYndKUVjNxiRj+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ZGI1NmNkYTJlN2RkYjAyMzE2OGM1ZDc3ZWM5N2Q5YTAw
NmJhZWQwHhcNMjYwMTAyMDIxOTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDIyYTViYWY1MTM0ZTA1NWRkOWU4MTNhNDlkM2M5N2U3YjFiY2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOLK33ewcBEUxLFEdQKtdEwD800D
pbBJd54cqYg0XpN4yI2tLoaJ4/Pkcs4d3HOtywQqZvPgXxmo4RtJgOJI6UQpaABw
m416WvnHO5beBXsdON+Vu956CtxuRUT5NADzOmmNi63Xrt46tfuxtoUT4pVtfvzE
K9VSd6/Y1o2fjp+ayBy9aW4GGMYDD3dWvOIduuIBhpIx9J+hD83TOkuParumNrsC
Rh2LTyk70/PMvk5KCTgtFpJCWCPI9Wpd0hHJoYSPLo3ih4NR2uAcs8OWTatQaf5Q
PXoPCRENnu6E73oZHdqJP5vETPyBJVmQx/y3YsLvAe0hw63BbKupaMCFMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF0ipbr1E04FXdnoE6SdPJfnsbysMB8GA1UdIwQY
MBaAFMfbVs2i592wIxaMXXfsl9mgBrrtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDl0V3phTG4zYkFqRm94ZGQteVgyYUFHdXUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9hOTc4YWItNDNkNS00MzM1LWFmYTIt
ODJlYjZmZDExZGQ1LzEvWFNLbHV2VVRUZ1ZkMmVnVHBKMDhsLWV4dkt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9hOTc4YWItNDNkNS00MzM1LWFmYTItODJlYjZmZDExZGQ1
LzEveDl0V3phTG4zYkFqRm94ZGQteVgyYUFHdXUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbKBMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ8hYIksC6T7aWfvnsngYUkQjuERIYN+3rQLllaeQt
d8btmr9IiaadcjoKSRhjSKPfSjZyRZAjB+wG2sdLfemTPHobGBpCl5NTW1NwtK99
FNVUJbpSbN0sIn2oBGM25U9CXtZOFwSv64yl+4CLGSezwHqbZ4y+GyNBCM9muMOu
x+MrgBvHIAzhb8zCz81ARuwR7rwf5mFmeaFEPVNoXOaM8lx3cGe9GNkJT/Iermci
ReZwGow+MAZtD3jLu/oYMAbbkSfm4rk7FC1OE8v2N8Za6kGcZK0tLW/Dr0qHafD9
dZhE3ixjNdTFqQRdRU95guq2BH6AdttISZLPTkrcKc95
-----END CERTIFICATE-----