This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/XkgtF5TJXyTSJIWtLmqXy1umma0.roa
File:                     XkgtF5TJXyTSJIWtLmqXy1umma0.roa (raw, json)
Hash identifier:          6DX8XaBTIwdbkM7giwExjG/pLuL/Ylj36OiOnK70kBc=
Subject key identifier:   5E:48:2D:17:94:C9:5F:24:D2:24:85:AD:2E:6A:97:CB:5B:A6:99:AD
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       019B7CEDE7F93A6182EFF2D21A7C8E7AF6FC
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/XkgtF5TJXyTSJIWtLmqXy1umma0.roa
Signing time:             Fri 02 Jan 2026 04:18:44 +0000
ROA not before:           Fri 02 Jan 2026 04:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24239
IP address blocks:        2a05:1085::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:e7:f9:3a:61:82:ef:f2:d2:1a:7c:8e:7a:f6:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  2 04:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e482d1794c95f24d22485ad2e6a97cb5ba699ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:5a:5a:84:e1:fe:cc:f1:23:d2:a2:53:7f:35:
                    60:fb:3d:31:b6:f8:01:b2:23:ca:42:ce:48:b4:ad:
                    20:7d:15:e1:77:d0:13:f3:b6:ba:21:b5:b1:85:37:
                    d6:33:69:03:50:4d:a2:b5:1c:c0:50:19:81:f8:52:
                    17:0e:56:6a:c2:7e:4d:24:ac:53:0e:18:51:7b:17:
                    19:8d:a0:02:be:e9:4d:ad:4f:8c:a9:09:74:68:e6:
                    1f:25:7c:80:17:b4:24:aa:06:b0:ad:e8:a4:1a:55:
                    64:2a:f0:bd:d0:41:21:88:c0:56:f8:7a:4d:6b:21:
                    69:61:be:b0:ff:44:e0:20:54:53:32:08:9a:8f:c2:
                    9a:e8:01:83:b2:db:86:a5:81:c2:5a:fe:ac:16:23:
                    74:ff:6f:5f:a3:f8:b8:36:88:9c:3b:a2:88:a9:2f:
                    83:17:3f:1c:fc:21:49:c9:d2:f3:f7:1e:47:fe:d7:
                    19:d8:e5:f9:44:74:3d:8d:e2:09:b5:63:88:8b:75:
                    44:78:b7:85:52:9d:5c:62:8c:62:d4:86:4d:a4:5d:
                    b7:9d:91:24:f1:e9:49:49:87:28:22:aa:9e:07:b2:
                    6d:75:95:26:98:5e:be:e4:d7:c8:68:93:e5:3a:8a:
                    9c:a3:81:14:a6:a0:a6:f6:a9:64:6b:71:ff:75:6e:
                    68:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:48:2D:17:94:C9:5F:24:D2:24:85:AD:2E:6A:97:CB:5B:A6:99:AD
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/XkgtF5TJXyTSJIWtLmqXy1umma0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:1085::/32

    Signature Algorithm: sha256WithRSAEncryption
         54:a6:4c:7d:49:2d:7a:56:63:18:e0:60:49:e7:bb:55:4c:6d:
         76:1f:56:c2:84:9d:c4:30:8f:7a:35:e5:81:2d:04:0d:e3:93:
         49:ab:e3:c6:94:73:4f:9d:60:b5:9c:b1:1e:04:5c:f7:29:34:
         bd:e5:a6:50:f8:d9:ff:e8:ec:53:19:b3:b8:fa:f6:43:3e:fd:
         5b:d1:f0:b5:dd:e7:35:4b:2f:68:60:e2:f8:6e:c8:9e:48:db:
         a6:c1:97:38:bc:ff:ba:eb:d0:45:7e:0b:22:ae:7f:dc:22:4d:
         05:02:59:b1:03:90:bb:9e:37:d8:f7:17:27:95:77:3f:fb:0e:
         9f:f0:94:f7:33:23:18:6e:a5:97:47:a2:30:ee:51:35:68:56:
         c1:15:57:c7:e2:65:ca:68:58:d7:22:63:9e:c7:98:f9:e2:3c:
         9b:1f:09:78:95:4d:72:bc:c0:56:2d:03:09:4e:56:b0:8a:cc:
         8f:4a:09:2d:af:a9:96:b6:2f:4c:95:64:0f:f3:98:55:f9:06:
         d0:bd:62:be:24:3f:99:4b:33:db:fa:94:cc:ee:1f:d2:a5:e5:
         1b:c3:26:5c:7e:8b:d5:c5:77:cd:d3:a8:04:7b:c4:3c:f4:c0:
         e7:dd:4c:70:bc:ff:24:34:22:ad:aa:c2:a4:86:c2:75:93:2a:
         56:a2:30:b2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt87ef5OmGC7/LSGnyOevb8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjYwMTAyMDQxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTQ4MmQxNzk0Yzk1ZjI0ZDIyNDg1YWQyZTZhOTdjYjViYTY5OWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3VpahOH+zPEj0qJTfzVg+z0xtvgB
siPKQs5ItK0gfRXhd9AT87a6IbWxhTfWM2kDUE2itRzAUBmB+FIXDlZqwn5NJKxT
DhhRexcZjaACvulNrU+MqQl0aOYfJXyAF7QkqgawreikGlVkKvC90EEhiMBW+HpN
ayFpYb6w/0TgIFRTMgiaj8Ka6AGDstuGpYHCWv6sFiN0/29fo/i4NoicO6KIqS+D
Fz8c/CFJydLz9x5H/tcZ2OX5RHQ9jeIJtWOIi3VEeLeFUp1cYoxi1IZNpF23nZEk
8elJSYcoIqqeB7JtdZUmmF6+5NfIaJPlOoqco4EUpqCm9qlka3H/dW5otQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFF5ILReUyV8k0iSFrS5ql8tbppmtMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvWGtndEY1VEpYeVRTSklXdExtcVh5MXVtbWEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgUQhTAN
BgkqhkiG9w0BAQsFAAOCAQEAVKZMfUktelZjGOBgSee7VUxtdh9WwoSdxDCPejXl
gS0EDeOTSavjxpRzT51gtZyxHgRc9yk0veWmUPjZ/+jsUxmzuPr2Qz79W9Hwtd3n
NUsvaGDi+G7InkjbpsGXOLz/uuvQRX4LIq5/3CJNBQJZsQOQu5432PcXJ5V3P/sO
n/CU9zMjGG6ll0eiMO5RNWhWwRVXx+JlymhY1yJjnseY+eI8mx8JeJVNcrzAVi0D
CU5WsIrMj0oJLa+plrYvTJVkD/OYVfkG0L1iviQ/mUsz2/qUzO4f0qXlG8MmXH6L
1cV3zdOoBHvEPPTA591McLz/JDQirarCpIbCdZMqVqIwsg==
-----END CERTIFICATE-----