This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/XUASNYXbi-huANrVaIURORtUIpA.roa
File:                     XUASNYXbi-huANrVaIURORtUIpA.roa (raw, json)
Hash identifier:          +AF+AoWlKgYDtvtJSR2fVM4jb67bbJihIgbo4mO4YrU=
Subject key identifier:   5D:40:12:35:85:DB:8B:E8:6E:00:DA:D5:68:85:11:39:1B:54:22:90
Certificate issuer:       /CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
Certificate serial:       019B7C807BD6F407D6EB47473750D1B3CCCF
Authority key identifier: B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/XUASNYXbi-huANrVaIURORtUIpA.roa
Signing time:             Fri 02 Jan 2026 02:19:13 +0000
ROA not before:           Fri 02 Jan 2026 02:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29119
IP address blocks:        213.192.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:7b:d6:f4:07:d6:eb:47:47:37:50:d1:b3:cc:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
        Validity
            Not Before: Jan  2 02:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d40123585db8be86e00dad5688511391b542290
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:15:63:49:63:81:23:63:8d:ae:d6:15:41:f9:
                    c7:53:20:89:af:58:bf:e4:2b:d6:b6:e7:90:bd:3a:
                    02:98:4a:2c:48:d7:f1:2b:c3:7b:bf:33:ab:43:ee:
                    1f:ba:aa:ab:f3:b6:db:98:a4:6b:63:1e:ad:8e:0c:
                    fb:d7:21:eb:b9:a1:6b:bb:51:db:39:69:3e:d8:da:
                    f4:a7:42:93:a8:1b:4a:fa:60:4b:7a:d8:d3:5a:89:
                    d2:cb:2e:80:58:62:30:a7:ff:dc:db:2c:7f:47:f4:
                    b7:51:5e:af:51:ab:3d:06:79:1b:76:94:68:ea:de:
                    f4:eb:2a:b7:25:71:e1:29:de:d1:52:58:f7:80:8f:
                    ca:de:84:15:95:cc:0f:8a:7b:d3:3a:4b:e5:31:90:
                    5c:e2:9b:15:b2:f8:38:25:17:80:41:41:b2:19:ae:
                    17:5d:e2:1d:da:77:72:f4:b4:a5:c0:15:d5:d6:21:
                    ff:fd:a1:dc:e2:fb:87:42:75:0a:ea:af:49:69:84:
                    d4:e7:2f:70:92:cc:35:54:c1:3c:56:58:35:b1:d6:
                    9c:cc:23:4c:ac:7e:70:50:c0:f1:b0:2b:2a:27:b8:
                    ad:fc:e7:13:0f:66:46:46:65:af:c5:70:61:b4:8e:
                    05:1a:a9:3a:a5:14:72:7d:a9:ef:f5:93:24:9c:35:
                    5d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:40:12:35:85:DB:8B:E8:6E:00:DA:D5:68:85:11:39:1B:54:22:90
            X509v3 Authority Key Identifier:
                keyid:B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/XUASNYXbi-huANrVaIURORtUIpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.192.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e0:dc:8a:34:d3:f2:32:cb:53:ad:a4:51:98:fb:9d:b2:61:68:
         b5:6e:ea:ae:06:1d:39:a5:93:da:3f:ff:bc:27:66:28:cc:9c:
         e5:f0:ca:ff:20:fb:27:44:37:16:00:75:e0:54:ff:7c:1e:bf:
         09:49:e0:b4:db:d3:13:c8:43:f1:75:6c:d4:96:01:a9:60:1b:
         9e:99:7b:64:64:49:24:d6:fe:f1:48:cc:b0:bd:63:e3:56:db:
         83:b3:39:8f:04:65:70:b1:99:00:01:ec:60:09:28:3d:49:fd:
         84:63:f2:5c:69:8e:6c:ce:66:31:46:35:41:8e:ce:72:27:db:
         39:cb:e1:fb:07:77:71:93:98:08:82:fd:af:98:28:3f:5e:36:
         90:84:09:e8:49:c3:13:dc:3b:8d:fd:8b:85:e8:03:a3:74:83:
         20:54:c9:90:31:1d:33:1b:5d:e8:95:76:40:31:0e:c5:9d:9c:
         21:b8:a7:0e:9d:d8:92:ca:f4:a7:83:7b:94:d0:f2:8f:03:74:
         12:4f:94:ef:d4:52:eb:6b:21:12:64:08:29:e4:eb:1b:c8:f2:
         52:68:e6:16:c8:3e:92:22:30:ca:d3:ca:6e:48:41:f0:a0:6e:
         a2:5d:ed:8d:d9:93:f0:51:42:03:a8:e6:70:e2:fd:a4:3b:1b:
         98:75:c4:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gHvW9AfW60dHN1DRs8zPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MTQ5NjFmNjdmMjJjNjFlODRhNjZjOGFkOWMxYThjZTUx
ZDA5OWIwHhcNMjYwMTAyMDIxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDQwMTIzNTg1ZGI4YmU4NmUwMGRhZDU2ODg1MTEzOTFiNTQyMjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRVjSWOBI2ONrtYVQfnHUyCJr1i/
5CvWtueQvToCmEosSNfxK8N7vzOrQ+4fuqqr87bbmKRrYx6tjgz71yHruaFru1Hb
OWk+2Nr0p0KTqBtK+mBLetjTWonSyy6AWGIwp//c2yx/R/S3UV6vUas9BnkbdpRo
6t706yq3JXHhKd7RUlj3gI/K3oQVlcwPinvTOkvlMZBc4psVsvg4JReAQUGyGa4X
XeId2ndy9LSlwBXV1iH//aHc4vuHQnUK6q9JaYTU5y9wksw1VME8Vlg1sdaczCNM
rH5wUMDxsCsqJ7it/OcTD2ZGRmWvxXBhtI4FGqk6pRRyfanv9ZMknDVdnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF1AEjWF24vobgDa1WiFETkbVCKQMB8GA1UdIwQY
MBaAFLkUlh9n8ixh6EpmyK2cGozlHQmbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTIt
Mjc0NzNjYTYxMmRlLzEvWFVBU05ZWGJpLWh1QU5yVmFJVVJPUnRVSXBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTItMjc0NzNjYTYxMmRl
LzEvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cDLMA0G
CSqGSIb3DQEBCwUAA4IBAQDg3Io00/Iyy1OtpFGY+52yYWi1buquBh05pZPaP/+8
J2YozJzl8Mr/IPsnRDcWAHXgVP98Hr8JSeC029MTyEPxdWzUlgGpYBuemXtkZEkk
1v7xSMywvWPjVtuDszmPBGVwsZkAAexgCSg9Sf2EY/JcaY5szmYxRjVBjs5yJ9s5
y+H7B3dxk5gIgv2vmCg/XjaQhAnoScMT3DuN/YuF6AOjdIMgVMmQMR0zG13olXZA
MQ7FnZwhuKcOndiSyvSng3uU0PKPA3QST5Tv1FLrayESZAgp5OsbyPJSaOYWyD6S
IjDK08puSEHwoG6iXe2N2ZPwUUIDqOZw4v2kOxuYdcTT
-----END CERTIFICATE-----