This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/XcFf7Up-3gxNLfYQhK3orqJHx2g.roa
File:                     XcFf7Up-3gxNLfYQhK3orqJHx2g.roa (raw, json)
Hash identifier:          QLiEavcgMLadSiCowCkkaoXoMEv3eEuB33IWa6r1pTA=
Subject key identifier:   5D:C1:5F:ED:4A:7E:DE:0C:4D:2D:F6:10:84:AD:E8:AE:A2:47:C7:68
Certificate issuer:       /CN=f0a9005423147453909366c6b4d09c31958acc1c
Certificate serial:       019B7C12D15B2FD7199F851C263A9AD95D0A
Authority key identifier: F0:A9:00:54:23:14:74:53:90:93:66:C6:B4:D0:9C:31:95:8A:CC:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8KkAVCMUdFOQk2bGtNCcMZWKzBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/XcFf7Up-3gxNLfYQhK3orqJHx2g.roa
Signing time:             Fri 02 Jan 2026 00:19:26 +0000
ROA not before:           Fri 02 Jan 2026 00:19:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57353
IP address blocks:        89.58.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/8KkAVCMUdFOQk2bGtNCcMZWKzBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/8KkAVCMUdFOQk2bGtNCcMZWKzBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8KkAVCMUdFOQk2bGtNCcMZWKzBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:d1:5b:2f:d7:19:9f:85:1c:26:3a:9a:d9:5d:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0a9005423147453909366c6b4d09c31958acc1c
        Validity
            Not Before: Jan  2 00:19:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5dc15fed4a7ede0c4d2df61084ade8aea247c768
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:37:df:39:e5:4e:79:9f:5f:70:08:bf:b8:ec:
                    32:7e:d5:1d:df:a8:84:6b:4a:27:98:48:4a:3f:cc:
                    cb:d6:80:89:51:d7:5a:8b:d0:00:b8:3c:7f:ab:3b:
                    3a:b2:2a:76:aa:b3:c3:1b:47:0f:be:10:ee:4a:9c:
                    ff:69:21:47:f9:74:e3:36:63:c6:41:ca:f6:90:58:
                    8d:1b:70:bc:b7:ef:ca:c9:13:eb:cc:1b:15:a5:4a:
                    fc:53:4c:b0:7c:22:f7:92:15:88:c3:37:79:b9:a9:
                    fe:9a:ed:a5:72:90:8f:59:9c:9d:a5:20:1a:46:11:
                    fb:78:d4:3d:6e:4b:8c:79:51:96:73:f0:89:76:b4:
                    b6:4c:be:6d:c8:63:3a:53:fe:cf:ec:f5:1b:55:06:
                    b0:36:6d:1a:e7:2a:5e:0b:dc:33:1a:b3:b0:79:b0:
                    20:11:64:67:a9:0e:4c:1f:cd:3f:28:34:68:e7:29:
                    e1:50:de:de:8f:e9:a8:e0:79:f2:17:15:fe:32:a9:
                    28:fc:3b:74:91:47:c3:ac:90:b6:8b:e9:6c:14:ad:
                    c3:a8:a8:4e:8b:1c:d4:58:d0:ef:23:6c:1a:d9:af:
                    7e:59:9b:92:0c:5c:29:ff:b7:23:12:ab:a5:c3:7d:
                    1f:80:d3:89:58:e2:97:97:cc:1a:ce:27:38:0d:93:
                    c1:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:C1:5F:ED:4A:7E:DE:0C:4D:2D:F6:10:84:AD:E8:AE:A2:47:C7:68
            X509v3 Authority Key Identifier:
                keyid:F0:A9:00:54:23:14:74:53:90:93:66:C6:B4:D0:9C:31:95:8A:CC:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8KkAVCMUdFOQk2bGtNCcMZWKzBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/XcFf7Up-3gxNLfYQhK3orqJHx2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/157af6-cce2-4e6d-bc23-30d79f9aa877/1/8KkAVCMUdFOQk2bGtNCcMZWKzBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.58.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         64:48:db:46:c1:2d:e6:ad:30:3e:1f:03:89:53:76:e4:81:7c:
         df:b7:3e:3a:1b:e2:f7:c0:17:3d:13:39:2d:21:56:fa:02:c4:
         18:a8:80:dc:18:50:ef:55:6c:d9:fb:3b:fe:5f:cd:ac:c6:04:
         80:10:3c:22:f5:02:9b:e6:53:3d:8a:1a:77:c7:12:fb:d0:bb:
         8a:a4:50:b6:a3:ad:db:d2:91:d6:21:f6:54:8c:a4:3d:8e:07:
         b0:9c:ca:f7:27:b7:57:c6:a4:57:79:54:0e:f6:72:0f:69:52:
         ec:34:68:6e:6b:3f:47:57:80:63:3d:1c:4b:40:0c:89:f3:db:
         bd:c8:63:73:a9:ee:b6:18:05:69:e3:83:ec:fd:9e:24:f4:d7:
         a0:bd:e8:f0:83:92:24:f3:f1:3e:10:cb:06:b9:27:31:51:d3:
         e6:f8:00:4e:4a:de:c4:1f:ab:70:7e:08:26:67:97:59:5c:2f:
         50:1c:36:2d:25:dc:33:4e:f9:9f:00:7d:ee:c6:42:66:ec:73:
         9a:95:9a:7f:b6:99:7d:6f:8d:11:03:84:f8:40:55:bb:f6:ed:
         d4:5b:dd:88:11:61:80:10:45:78:10:10:8e:0a:60:1e:d5:8e:
         1e:74:2f:21:2a:ba:8d:9c:ff:5e:cc:38:92:f0:08:5a:eb:c6:
         71:2a:2c:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EtFbL9cZn4UcJjqa2V0KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYTkwMDU0MjMxNDc0NTM5MDkzNjZjNmI0ZDA5YzMxOTU4
YWNjMWMwHhcNMjYwMTAyMDAxOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGMxNWZlZDRhN2VkZTBjNGQyZGY2MTA4NGFkZThhZWEyNDdjNzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDffOeVOeZ9fcAi/uOwyftUd36iE
a0onmEhKP8zL1oCJUddai9AAuDx/qzs6sip2qrPDG0cPvhDuSpz/aSFH+XTjNmPG
Qcr2kFiNG3C8t+/KyRPrzBsVpUr8U0ywfCL3khWIwzd5uan+mu2lcpCPWZydpSAa
RhH7eNQ9bkuMeVGWc/CJdrS2TL5tyGM6U/7P7PUbVQawNm0a5ypeC9wzGrOwebAg
EWRnqQ5MH80/KDRo5ynhUN7ej+mo4HnyFxX+Mqko/Dt0kUfDrJC2i+lsFK3DqKhO
ixzUWNDvI2wa2a9+WZuSDFwp/7cjEqulw30fgNOJWOKXl8wazic4DZPBKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF3BX+1Kft4MTS32EISt6K6iR8doMB8GA1UdIwQY
MBaAFPCpAFQjFHRTkJNmxrTQnDGViswcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEtrQVZDTVVkRk9RazJiR3ROQ2NNWldLekJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8xNTdhZjYtY2NlMi00ZTZkLWJjMjMt
MzBkNzlmOWFhODc3LzEvWGNGZjdVcC0zZ3hOTGZZUWhLM29ycUpIeDJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8xNTdhZjYtY2NlMi00ZTZkLWJjMjMtMzBkNzlmOWFhODc3
LzEvOEtrQVZDTVVkRk9RazJiR3ROQ2NNWldLekJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGWTrAMA0G
CSqGSIb3DQEBCwUAA4IBAQBkSNtGwS3mrTA+HwOJU3bkgXzftz46G+L3wBc9Ezkt
IVb6AsQYqIDcGFDvVWzZ+zv+X82sxgSAEDwi9QKb5lM9ihp3xxL70LuKpFC2o63b
0pHWIfZUjKQ9jgewnMr3J7dXxqRXeVQO9nIPaVLsNGhuaz9HV4BjPRxLQAyJ89u9
yGNzqe62GAVp44Ps/Z4k9Negvejwg5Ik8/E+EMsGuScxUdPm+ABOSt7EH6twfggm
Z5dZXC9QHDYtJdwzTvmfAH3uxkJm7HOalZp/tpl9b40RA4T4QFW79u3UW92IEWGA
EEV4EBCOCmAe1Y4edC8hKrqNnP9ezDiS8Aha68ZxKiyd
-----END CERTIFICATE-----