This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/KxcOAZ6fk1DlppvvcryJ_e3c9N8.roa
File:                     KxcOAZ6fk1DlppvvcryJ_e3c9N8.roa (raw, json)
Hash identifier:          XjxpGHslIa20B9oCrwxpuCfgyZ0jx33GUPVkcWThrnw=
Subject key identifier:   2B:17:0E:01:9E:9F:93:50:E5:A6:9B:EF:72:BC:89:FD:ED:DC:F4:DF
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019B77C777EF2DFD6763410322DDA9B78635
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/KxcOAZ6fk1DlppvvcryJ_e3c9N8.roa
Signing time:             Thu 01 Jan 2026 04:18:39 +0000
ROA not before:           Thu 01 Jan 2026 04:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50116
IP address blocks:        195.136.34.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:77:ef:2d:fd:67:63:41:03:22:dd:a9:b7:86:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 04:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b170e019e9f9350e5a69bef72bc89fdeddcf4df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c0:32:0c:4c:10:5a:e4:7f:e7:e7:1d:9e:26:
                    16:0c:42:63:21:8b:17:a6:e0:4e:fe:b3:05:7e:78:
                    43:a4:32:9f:97:d3:32:02:69:54:0c:c5:db:8c:f0:
                    62:a4:05:e2:75:0e:5b:04:20:d6:96:ba:ac:af:d6:
                    33:73:f2:0f:d4:7e:f5:58:7b:4b:a3:1b:b5:31:a7:
                    ec:78:2b:39:ae:35:0f:9c:7b:fc:a3:b9:41:e6:06:
                    5b:e1:e1:89:ec:f9:76:b6:dc:6e:04:bd:75:19:6e:
                    b2:65:eb:e7:5a:2d:53:f0:52:e5:aa:10:8b:13:20:
                    0a:72:3e:32:8a:83:44:20:8a:4c:8b:0a:ed:b5:4d:
                    0b:2f:24:60:55:86:69:65:04:93:9b:82:3a:c3:5e:
                    0a:d3:66:11:97:fd:59:5b:da:8f:06:1d:30:69:4a:
                    20:3b:05:df:dc:ca:fc:ec:33:99:b3:81:cb:51:35:
                    4d:d5:35:23:0f:b6:e6:8a:96:e3:33:69:c3:a7:52:
                    a6:f5:9d:2d:f0:14:77:36:4d:dd:63:52:c1:51:83:
                    cb:6f:46:a2:61:7a:f9:7f:5c:a7:88:7f:ec:25:49:
                    02:88:db:b4:dd:c3:a7:b3:e8:48:1a:be:fd:ac:cd:
                    5d:03:f5:b2:0a:21:a3:3b:c2:96:4a:da:b0:83:d6:
                    b0:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:17:0E:01:9E:9F:93:50:E5:A6:9B:EF:72:BC:89:FD:ED:DC:F4:DF
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/KxcOAZ6fk1DlppvvcryJ_e3c9N8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.136.34.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:d7:5f:67:5a:dd:1d:e5:ec:88:27:4c:f6:34:f0:1b:85:ed:
         74:5b:da:7a:c8:83:a3:f0:51:a7:a6:17:66:f8:da:18:00:27:
         1d:bf:a6:be:11:60:22:2a:9d:6f:80:0a:ee:34:b9:1b:09:d8:
         4f:3c:ea:4e:11:ce:dd:d5:0e:d0:57:4c:79:e4:23:e4:e4:94:
         c4:33:89:da:c6:f0:ef:e0:a7:87:a2:c5:80:3f:a9:86:72:86:
         35:7e:41:33:84:5d:1b:eb:68:e8:a3:03:8c:d5:1f:cb:f5:37:
         a1:1d:54:22:cb:8c:e8:19:05:6c:db:24:91:8f:ab:45:20:0f:
         2f:b3:da:61:72:5e:82:85:1d:30:4d:a8:e4:51:42:82:f1:4a:
         8c:50:8b:e4:1f:67:9c:43:0d:a7:c9:ed:11:d0:95:38:62:6c:
         53:90:ad:f9:a0:a7:71:58:98:6a:24:99:16:c9:97:2c:10:0b:
         b8:79:d4:02:71:0d:2b:09:65:31:12:a1:b4:93:b5:7d:ff:c7:
         76:b9:86:50:c0:8a:c2:77:94:af:9a:81:31:15:51:5c:e2:ed:
         26:d4:17:d8:ec:88:85:50:c5:c9:bf:db:e1:57:52:2d:77:c9:
         d9:37:5b:14:a8:67:22:0d:6a:c1:e0:9f:7f:39:75:41:b5:28:
         03:84:67:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x3fvLf1nY0EDIt2pt4Y1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjYwMTAxMDQxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjE3MGUwMTllOWY5MzUwZTVhNjliZWY3MmJjODlmZGVkZGNmNGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcAyDEwQWuR/5+cdniYWDEJjIYsX
puBO/rMFfnhDpDKfl9MyAmlUDMXbjPBipAXidQ5bBCDWlrqsr9Yzc/IP1H71WHtL
oxu1MafseCs5rjUPnHv8o7lB5gZb4eGJ7Pl2ttxuBL11GW6yZevnWi1T8FLlqhCL
EyAKcj4yioNEIIpMiwrttU0LLyRgVYZpZQSTm4I6w14K02YRl/1ZW9qPBh0waUog
OwXf3Mr87DOZs4HLUTVN1TUjD7bmipbjM2nDp1Km9Z0t8BR3Nk3dY1LBUYPLb0ai
YXr5f1yniH/sJUkCiNu03cOns+hIGr79rM1dA/WyCiGjO8KWStqwg9awWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCsXDgGen5NQ5aab73K8if3t3PTfMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvS3hjT0FaNmZrMURscHB2dmNyeUpfZTNjOU44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw4giMA0G
CSqGSIb3DQEBCwUAA4IBAQAN119nWt0d5eyIJ0z2NPAbhe10W9p6yIOj8FGnphdm
+NoYACcdv6a+EWAiKp1vgAruNLkbCdhPPOpOEc7d1Q7QV0x55CPk5JTEM4naxvDv
4KeHosWAP6mGcoY1fkEzhF0b62joowOM1R/L9TehHVQiy4zoGQVs2ySRj6tFIA8v
s9phcl6ChR0wTajkUUKC8UqMUIvkH2ecQw2nye0R0JU4YmxTkK35oKdxWJhqJJkW
yZcsEAu4edQCcQ0rCWUxEqG0k7V9/8d2uYZQwIrCd5SvmoExFVFc4u0m1BfY7IiF
UMXJv9vhV1Itd8nZN1sUqGciDWrB4J9/OXVBtSgDhGfV
-----END CERTIFICATE-----