This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/4daee0-84e2-41e9-9643-d54955643cd9/1/XI8CVY8sYwhzkz3YLD7pkxjD3Zk.roa
File:                     XI8CVY8sYwhzkz3YLD7pkxjD3Zk.roa (raw, json)
Hash identifier:          25+wg4lixvrKpaIcYJueXb9oNmVKiR9L4SbDtXfdAjQ=
Subject key identifier:   5C:8F:02:55:8F:2C:63:08:73:93:3D:D8:2C:3E:E9:93:18:C3:DD:99
Certificate issuer:       /CN=1e7b2e243f8aa954597932bcdcd9af6560dce516
Certificate serial:       019B7DC9CB9A47BD93218708C4472975D003
Authority key identifier: 1E:7B:2E:24:3F:8A:A9:54:59:79:32:BC:DC:D9:AF:65:60:DC:E5:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HnsuJD-KqVRZeTK83NmvZWDc5RY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/4daee0-84e2-41e9-9643-d54955643cd9/1/XI8CVY8sYwhzkz3YLD7pkxjD3Zk.roa
Signing time:             Fri 02 Jan 2026 08:18:55 +0000
ROA not before:           Fri 02 Jan 2026 08:18:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47817
IP address blocks:        91.208.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/4daee0-84e2-41e9-9643-d54955643cd9/1/HnsuJD-KqVRZeTK83NmvZWDc5RY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/4daee0-84e2-41e9-9643-d54955643cd9/1/HnsuJD-KqVRZeTK83NmvZWDc5RY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HnsuJD-KqVRZeTK83NmvZWDc5RY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 23:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:cb:9a:47:bd:93:21:87:08:c4:47:29:75:d0:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e7b2e243f8aa954597932bcdcd9af6560dce516
        Validity
            Not Before: Jan  2 08:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c8f02558f2c630873933dd82c3ee99318c3dd99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:77:fb:95:66:73:10:eb:d8:e3:e5:d4:f7:95:
                    ff:f2:d2:97:99:04:1b:7e:bd:47:58:86:16:df:80:
                    f7:dc:4c:ed:ef:13:27:96:34:dd:9d:3d:9f:62:7b:
                    2e:18:36:b4:e0:dd:59:50:9f:53:93:5f:40:36:5a:
                    cc:51:ae:85:98:f7:c2:75:7e:e6:75:ba:7b:13:79:
                    ff:cb:c6:ab:fe:57:41:d8:02:de:9e:b9:27:32:d3:
                    0e:4a:fe:c8:80:cb:a8:03:9b:c0:64:20:21:7e:25:
                    8d:ae:cf:b5:35:fa:c0:a5:cd:2b:a8:5f:2b:8b:d2:
                    0f:77:72:3d:39:60:0a:2f:08:84:99:78:24:9c:c2:
                    11:04:d5:f2:e5:c7:fb:35:bd:17:b3:da:86:72:8b:
                    ae:0e:4c:5a:dc:6d:ae:95:53:4f:48:08:19:05:92:
                    95:57:89:13:09:6d:65:20:b1:c6:a7:20:d0:ab:00:
                    b7:d3:ca:20:3a:e1:f7:e9:51:2c:ab:c4:36:47:b9:
                    43:5a:82:1a:d6:90:36:f1:12:da:1b:7e:55:e1:ea:
                    23:c9:56:5a:80:d2:2a:43:41:ae:37:45:d3:04:99:
                    46:c9:24:91:34:67:41:15:9d:21:d1:f7:f6:7b:5c:
                    8d:a7:44:09:84:8d:9a:97:24:fe:61:4e:f1:3d:7a:
                    25:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:8F:02:55:8F:2C:63:08:73:93:3D:D8:2C:3E:E9:93:18:C3:DD:99
            X509v3 Authority Key Identifier:
                keyid:1E:7B:2E:24:3F:8A:A9:54:59:79:32:BC:DC:D9:AF:65:60:DC:E5:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HnsuJD-KqVRZeTK83NmvZWDc5RY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/4daee0-84e2-41e9-9643-d54955643cd9/1/XI8CVY8sYwhzkz3YLD7pkxjD3Zk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/4daee0-84e2-41e9-9643-d54955643cd9/1/HnsuJD-KqVRZeTK83NmvZWDc5RY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:dc:ca:8d:ee:8d:36:0f:bb:d9:26:45:32:dd:c8:e8:65:fd:
         28:19:fb:32:c8:dd:f9:a4:dc:14:21:e8:ce:aa:2b:10:39:ab:
         b2:64:7c:9c:c7:cf:94:e3:04:a4:3d:11:f6:18:8f:c0:f4:09:
         a4:34:aa:21:cc:2a:3b:06:86:72:00:24:89:2f:04:3f:8f:e2:
         4f:ad:8b:4e:d3:a9:a7:55:75:23:0a:47:a2:1d:99:57:7c:d1:
         95:3f:b0:fe:ae:84:f8:42:3f:a3:15:86:d8:dc:6f:85:e0:84:
         36:19:73:73:ed:9e:8f:98:97:bf:24:a0:a8:13:01:7c:39:7d:
         6c:21:7b:90:f2:bf:ac:e9:55:fe:e3:1c:d3:05:64:bd:4c:2f:
         77:9e:c5:98:f5:45:ed:68:ab:15:18:0e:0c:b0:9b:43:be:6a:
         ce:ad:02:39:3e:9f:55:2e:28:9a:64:50:82:77:45:33:75:b5:
         ea:ad:9b:77:7a:85:f5:5f:6d:b9:38:94:fc:a2:38:31:04:24:
         22:69:2c:b6:64:7e:ec:47:2f:4c:fb:2b:be:c4:14:c2:d3:58:
         1d:4e:a3:6f:c0:44:9a:9e:71:bd:61:ee:20:7b:78:d5:72:d1:
         cb:44:30:5d:a5:63:a3:90:6c:8d:27:ae:af:14:c3:83:13:a2:
         9b:4f:4d:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ycuaR72TIYcIxEcpddADMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlN2IyZTI0M2Y4YWE5NTQ1OTc5MzJiY2RjZDlhZjY1NjBk
Y2U1MTYwHhcNMjYwMTAyMDgxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzhmMDI1NThmMmM2MzA4NzM5MzNkZDgyYzNlZTk5MzE4YzNkZDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Xf7lWZzEOvY4+XU95X/8tKXmQQb
fr1HWIYW34D33Ezt7xMnljTdnT2fYnsuGDa04N1ZUJ9Tk19ANlrMUa6FmPfCdX7m
dbp7E3n/y8ar/ldB2ALenrknMtMOSv7IgMuoA5vAZCAhfiWNrs+1NfrApc0rqF8r
i9IPd3I9OWAKLwiEmXgknMIRBNXy5cf7Nb0Xs9qGcouuDkxa3G2ulVNPSAgZBZKV
V4kTCW1lILHGpyDQqwC308ogOuH36VEsq8Q2R7lDWoIa1pA28RLaG35V4eojyVZa
gNIqQ0GuN0XTBJlGySSRNGdBFZ0h0ff2e1yNp0QJhI2alyT+YU7xPXolbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyPAlWPLGMIc5M92Cw+6ZMYw92ZMB8GA1UdIwQY
MBaAFB57LiQ/iqlUWXkyvNzZr2Vg3OUWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG5zdUpELUtxVlJaZVRLODNObXZaV0RjNVJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC80ZGFlZTAtODRlMi00MWU5LTk2NDMt
ZDU0OTU1NjQzY2Q5LzEvWEk4Q1ZZOHNZd2h6a3ozWUxEN3BreGpEM1prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC80ZGFlZTAtODRlMi00MWU5LTk2NDMtZDU0OTU1NjQzY2Q5
LzEvSG5zdUpELUtxVlJaZVRLODNObXZaV0RjNVJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9ClMA0G
CSqGSIb3DQEBCwUAA4IBAQBw3MqN7o02D7vZJkUy3cjoZf0oGfsyyN35pNwUIejO
qisQOauyZHycx8+U4wSkPRH2GI/A9AmkNKohzCo7BoZyACSJLwQ/j+JPrYtO06mn
VXUjCkeiHZlXfNGVP7D+roT4Qj+jFYbY3G+F4IQ2GXNz7Z6PmJe/JKCoEwF8OX1s
IXuQ8r+s6VX+4xzTBWS9TC93nsWY9UXtaKsVGA4MsJtDvmrOrQI5Pp9VLiiaZFCC
d0UzdbXqrZt3eoX1X225OJT8ojgxBCQiaSy2ZH7sRy9M+yu+xBTC01gdTqNvwESa
nnG9Ye4ge3jVctHLRDBdpWOjkGyNJ66vFMODE6KbT016
-----END CERTIFICATE-----