This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/XLMwVSFYPkFxkFa1OftvrTKGWbI.roa
File:                     XLMwVSFYPkFxkFa1OftvrTKGWbI.roa (raw, json)
Hash identifier:          x890sGxnsEUAECe/okwWyHGhOTma64LIgKfdoKrMBgI=
Subject key identifier:   5C:B3:30:55:21:58:3E:41:71:90:56:B5:39:FB:6F:AD:32:86:59:B2
Certificate issuer:       /CN=d38579e4c7da01df0465186236e9af27eb7312ed
Certificate serial:       019B7BA4FACF0ED5DC510AA1C6F36EAA7621
Authority key identifier: D3:85:79:E4:C7:DA:01:DF:04:65:18:62:36:E9:AF:27:EB:73:12:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/04V55MfaAd8EZRhiNumvJ-tzEu0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/XLMwVSFYPkFxkFa1OftvrTKGWbI.roa
Signing time:             Thu 01 Jan 2026 22:19:28 +0000
ROA not before:           Thu 01 Jan 2026 22:19:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207475
IP address blocks:        194.9.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/04V55MfaAd8EZRhiNumvJ-tzEu0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/04V55MfaAd8EZRhiNumvJ-tzEu0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/04V55MfaAd8EZRhiNumvJ-tzEu0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:fa:cf:0e:d5:dc:51:0a:a1:c6:f3:6e:aa:76:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d38579e4c7da01df0465186236e9af27eb7312ed
        Validity
            Not Before: Jan  1 22:19:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5cb3305521583e41719056b539fb6fad328659b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d6:44:e2:f0:2f:06:03:be:d6:cd:fc:2c:db:
                    68:35:1b:b4:ec:cb:1c:b5:86:3e:28:7d:2d:2b:52:
                    2e:d5:75:f3:7c:18:ba:fd:be:c3:fd:f9:8d:ab:2c:
                    1a:49:74:59:26:ac:4c:f6:b1:18:8b:47:01:ca:41:
                    66:82:6e:f9:7a:90:2b:b6:ae:f8:93:8f:3b:b7:7b:
                    4e:4a:0f:61:50:22:f6:6f:5a:9f:df:ac:25:95:97:
                    8c:d5:df:cb:c5:07:1f:97:5a:d2:7a:15:0c:80:b7:
                    30:02:ac:de:61:17:1b:33:5c:64:60:4c:61:51:c7:
                    9d:cd:90:52:65:d7:f2:a4:48:7c:70:eb:0a:e7:06:
                    75:66:83:34:e4:34:60:97:04:f0:2e:55:54:a4:a9:
                    4b:29:9a:69:3c:7b:f0:b8:65:bf:2e:07:55:70:5e:
                    df:c5:fc:2e:a1:0c:16:5c:fb:1e:76:5c:35:1b:81:
                    c8:b2:7b:83:61:43:82:3e:45:29:cf:57:80:88:9f:
                    d6:e7:d1:6c:64:0c:25:cf:54:35:44:48:bc:b1:54:
                    77:77:26:68:4d:77:b9:8c:ae:23:4e:21:ea:28:85:
                    c1:44:27:50:98:d9:82:19:17:af:a6:42:1a:5e:05:
                    b8:78:c3:76:b3:33:46:bb:f4:c0:25:f9:cb:52:40:
                    f9:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:B3:30:55:21:58:3E:41:71:90:56:B5:39:FB:6F:AD:32:86:59:B2
            X509v3 Authority Key Identifier:
                keyid:D3:85:79:E4:C7:DA:01:DF:04:65:18:62:36:E9:AF:27:EB:73:12:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/04V55MfaAd8EZRhiNumvJ-tzEu0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/XLMwVSFYPkFxkFa1OftvrTKGWbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/04V55MfaAd8EZRhiNumvJ-tzEu0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:e5:a5:28:1d:3f:7f:34:c1:b8:72:9e:77:df:b4:43:b5:10:
         be:84:bc:31:97:47:04:fc:66:64:b0:f3:89:07:38:0c:19:69:
         5e:3d:c8:1e:62:ee:8c:10:f0:a7:dd:38:02:d9:65:a1:f8:32:
         d4:28:11:de:5a:80:96:4d:6c:28:66:73:72:06:f0:cd:1a:2e:
         2e:95:d9:ca:58:60:52:15:ad:19:04:fc:0a:00:f5:43:27:9d:
         2b:5b:72:55:d6:70:fa:e8:dc:ad:19:96:e0:35:d5:59:3d:59:
         36:ef:04:32:3d:4a:96:93:7f:b0:5c:3e:f7:a5:61:ee:7e:7e:
         2a:25:2b:93:3e:23:76:65:3d:28:66:02:24:3f:8b:30:08:ed:
         9e:98:eb:a7:77:70:d5:7f:d2:e5:c6:25:7c:a5:e7:14:ee:d9:
         3c:95:d2:e5:f0:f5:09:c9:7e:bd:3e:81:ba:0a:8c:95:8e:8a:
         cd:d1:de:6a:af:46:ae:1f:49:f7:5f:2e:ac:cc:56:da:10:c2:
         21:ce:85:98:a2:df:e6:e9:80:44:cb:91:66:d4:54:21:38:e1:
         91:19:8d:a3:d5:de:ff:fd:25:58:09:4e:bf:5a:72:6a:f6:fe:
         fe:0e:e7:1e:ed:85:6b:98:e2:6f:ea:fa:f6:bd:5c:ff:5c:dd:
         9d:96:8f:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pPrPDtXcUQqhxvNuqnYhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzODU3OWU0YzdkYTAxZGYwNDY1MTg2MjM2ZTlhZjI3ZWI3
MzEyZWQwHhcNMjYwMTAxMjIxOTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2IzMzA1NTIxNTgzZTQxNzE5MDU2YjUzOWZiNmZhZDMyODY1OWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtZE4vAvBgO+1s38LNtoNRu07Msc
tYY+KH0tK1Iu1XXzfBi6/b7D/fmNqywaSXRZJqxM9rEYi0cBykFmgm75epArtq74
k487t3tOSg9hUCL2b1qf36wllZeM1d/LxQcfl1rSehUMgLcwAqzeYRcbM1xkYExh
UcedzZBSZdfypEh8cOsK5wZ1ZoM05DRglwTwLlVUpKlLKZppPHvwuGW/LgdVcF7f
xfwuoQwWXPsedlw1G4HIsnuDYUOCPkUpz1eAiJ/W59FsZAwlz1Q1REi8sVR3dyZo
TXe5jK4jTiHqKIXBRCdQmNmCGRevpkIaXgW4eMN2szNGu/TAJfnLUkD5oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyzMFUhWD5BcZBWtTn7b60yhlmyMB8GA1UdIwQY
MBaAFNOFeeTH2gHfBGUYYjbpryfrcxLtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDRWNTVNZmFBZDhFWlJoaU51bXZKLXR6RXUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC85NDYyMmQtYzI2ZC00Mzc2LWIwNTkt
YmQ0MDU0MTliMDBkLzEvWExNd1ZTRllQa0Z4a0ZhMU9mdHZyVEtHV2JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC85NDYyMmQtYzI2ZC00Mzc2LWIwNTktYmQ0MDU0MTliMDBk
LzEvMDRWNTVNZmFBZDhFWlJoaU51bXZKLXR6RXUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwglGMA0G
CSqGSIb3DQEBCwUAA4IBAQBs5aUoHT9/NMG4cp5337RDtRC+hLwxl0cE/GZksPOJ
BzgMGWlePcgeYu6MEPCn3TgC2WWh+DLUKBHeWoCWTWwoZnNyBvDNGi4uldnKWGBS
Fa0ZBPwKAPVDJ50rW3JV1nD66NytGZbgNdVZPVk27wQyPUqWk3+wXD73pWHufn4q
JSuTPiN2ZT0oZgIkP4swCO2emOund3DVf9LlxiV8pecU7tk8ldLl8PUJyX69PoG6
CoyVjorN0d5qr0auH0n3Xy6szFbaEMIhzoWYot/m6YBEy5Fm1FQhOOGRGY2j1d7/
/SVYCU6/WnJq9v7+Duce7YVrmOJv6vr2vVz/XN2dlo9h
-----END CERTIFICATE-----