This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Xm9Qnl4hNlf1LZGl_BDbkep0v74.roa
File:                     Xm9Qnl4hNlf1LZGl_BDbkep0v74.roa (raw, json)
Hash identifier:          qThYuqQBk6pY+5aLrjO4PoMfUzB0CHv1An4WatChp7A=
Subject key identifier:   5E:6F:50:9E:5E:21:36:57:F5:2D:91:A5:FC:10:DB:91:EA:74:BF:BE
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019B76EAF63BD6D0E803475B61653C96AFA5
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Xm9Qnl4hNlf1LZGl_BDbkep0v74.roa
Signing time:             Thu 01 Jan 2026 00:17:48 +0000
ROA not before:           Thu 01 Jan 2026 00:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     141167
IP address blocks:        82.115.22.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:f6:3b:d6:d0:e8:03:47:5b:61:65:3c:96:af:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  1 00:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e6f509e5e213657f52d91a5fc10db91ea74bfbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:32:00:8f:31:0e:a0:0d:7f:e2:36:ef:00:e3:
                    7d:02:55:67:65:95:fa:d7:94:a9:02:b3:2e:31:5f:
                    4e:4c:7e:53:c7:3c:8c:61:c6:38:f4:91:96:21:3b:
                    24:cb:2c:1c:15:0a:70:0e:4f:b4:d9:69:d9:7c:f6:
                    c8:dc:00:b1:4c:28:8a:d9:93:cf:29:05:05:a7:36:
                    0e:44:49:f9:26:00:27:65:36:fa:7e:90:0b:39:99:
                    83:50:3d:70:68:22:77:27:e5:4c:2f:d4:6e:6a:05:
                    99:1f:3f:ce:11:70:82:4c:2a:02:83:81:e6:a9:49:
                    7b:75:81:37:47:0f:c5:ee:5b:ab:8e:a9:aa:4b:d4:
                    a6:2f:a4:6e:d0:b7:b1:7f:2c:07:5c:cf:cf:76:83:
                    ce:94:b7:c0:ec:39:cd:1b:b2:24:8f:9b:42:37:96:
                    0b:81:6d:a8:fb:ac:d1:35:99:32:ac:00:92:36:f9:
                    a8:4e:bd:29:2b:30:43:77:05:0a:f5:3b:e0:1b:3f:
                    29:87:a0:d4:c8:c6:d2:ff:a7:ae:b1:1e:d8:a2:e5:
                    ea:6e:1f:80:67:c0:39:10:88:3f:b5:ff:1e:ae:c0:
                    fe:bd:5c:7d:9a:7a:ba:86:d4:ee:aa:dc:d8:12:e5:
                    86:83:49:46:29:30:03:40:a7:15:5f:30:48:54:bc:
                    c7:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:6F:50:9E:5E:21:36:57:F5:2D:91:A5:FC:10:DB:91:EA:74:BF:BE
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Xm9Qnl4hNlf1LZGl_BDbkep0v74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b3:75:b1:96:16:5c:43:6d:78:14:5c:e2:80:b0:10:f1:18:95:
         c9:49:7b:19:64:fe:3d:c0:3d:65:b3:20:6f:5d:66:26:c3:06:
         73:c8:96:5e:7d:27:93:10:02:63:f3:38:17:dd:3e:c9:97:6d:
         6b:79:98:10:89:a2:8f:1c:f3:bc:81:f6:29:04:d0:ff:74:e9:
         0a:f5:5f:ad:59:71:f5:3c:c9:78:4b:09:75:f3:56:b7:11:69:
         46:72:d5:48:91:6e:43:9b:ff:ff:54:40:ef:71:d1:b5:d1:e6:
         7f:f8:dc:b8:f7:9f:d1:e1:88:f2:27:1d:05:7c:ce:14:b3:19:
         cb:92:f3:93:83:21:f4:40:5a:73:5c:45:ee:66:33:8c:53:e3:
         ab:73:eb:5f:de:20:f0:2d:07:25:88:56:27:a2:3a:5c:16:19:
         be:13:08:1a:46:2d:e1:06:81:07:e4:1f:9a:9c:02:25:c0:8e:
         31:a2:19:6d:5f:b4:7c:3a:38:fa:f4:fe:ed:5d:cb:8a:f0:a3:
         50:ed:11:de:5c:6c:0d:c5:6c:a2:dd:7a:b7:81:8b:6d:ee:96:
         ad:4b:34:96:b3:5e:9e:ee:b1:47:28:a8:38:ee:78:29:e2:c7:
         38:c2:55:5e:00:2e:3e:67:46:6a:35:23:02:44:95:e3:93:0a:
         d0:28:e8:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26vY71tDoA0dbYWU8lq+lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjYwMTAxMDAxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTZmNTA5ZTVlMjEzNjU3ZjUyZDkxYTVmYzEwZGI5MWVhNzRiZmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjIAjzEOoA1/4jbvAON9AlVnZZX6
15SpArMuMV9OTH5TxzyMYcY49JGWITskyywcFQpwDk+02WnZfPbI3ACxTCiK2ZPP
KQUFpzYOREn5JgAnZTb6fpALOZmDUD1waCJ3J+VML9RuagWZHz/OEXCCTCoCg4Hm
qUl7dYE3Rw/F7lurjqmqS9SmL6Ru0LexfywHXM/PdoPOlLfA7DnNG7Ikj5tCN5YL
gW2o+6zRNZkyrACSNvmoTr0pKzBDdwUK9TvgGz8ph6DUyMbS/6eusR7YouXqbh+A
Z8A5EIg/tf8ersD+vVx9mnq6htTuqtzYEuWGg0lGKTADQKcVXzBIVLzHkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5vUJ5eITZX9S2RpfwQ25HqdL++MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvWG05UW5sNGhObGYxTFpHbF9CRGJrZXAwdjc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUnMWMA0G
CSqGSIb3DQEBCwUAA4IBAQCzdbGWFlxDbXgUXOKAsBDxGJXJSXsZZP49wD1lsyBv
XWYmwwZzyJZefSeTEAJj8zgX3T7Jl21reZgQiaKPHPO8gfYpBND/dOkK9V+tWXH1
PMl4Swl181a3EWlGctVIkW5Dm///VEDvcdG10eZ/+Ny495/R4YjyJx0FfM4UsxnL
kvOTgyH0QFpzXEXuZjOMU+Orc+tf3iDwLQcliFYnojpcFhm+EwgaRi3hBoEH5B+a
nAIlwI4xohltX7R8Ojj69P7tXcuK8KNQ7RHeXGwNxWyi3Xq3gYtt7patSzSWs16e
7rFHKKg47ngp4sc4wlVeAC4+Z0ZqNSMCRJXjkwrQKOjB
-----END CERTIFICATE-----