This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/xhYmgGiF89Fz7bZhNjTbr52OYzc.roa
File:                     xhYmgGiF89Fz7bZhNjTbr52OYzc.roa (raw, json)
Hash identifier:          Y8zNHkd72sloXAusIAjhHWfHMe8tp3rm6YXqz7dcQSg=
Subject key identifier:   C6:16:26:80:68:85:F3:D1:73:ED:B6:61:36:34:DB:AF:9D:8E:63:37
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       019B7F15011F0FF1076AD29494344368C47F
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/xhYmgGiF89Fz7bZhNjTbr52OYzc.roa
Signing time:             Fri 02 Jan 2026 14:20:41 +0000
ROA not before:           Fri 02 Jan 2026 14:20:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1239
IP address blocks:        148.222.244.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:01:1f:0f:f1:07:6a:d2:94:94:34:43:68:c4:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Jan  2 14:20:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c61626806885f3d173edb6613634dbaf9d8e6337
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:bc:7d:5b:86:03:06:28:77:6a:a9:f1:17:cd:
                    07:d7:67:76:4c:d6:f9:c0:a9:02:be:21:09:23:b5:
                    8f:89:ff:8c:dc:f9:95:6d:83:e2:d0:54:da:c1:38:
                    bb:e5:ef:84:44:3b:17:0f:24:94:95:c0:24:e5:ea:
                    97:a5:96:be:b6:c4:87:ee:1a:86:1e:5c:e7:4a:f7:
                    2a:97:aa:8a:33:4f:8d:b8:7a:b7:43:fb:6a:3b:4d:
                    6e:2a:ca:39:f4:83:ee:a2:47:67:b6:0f:d8:55:97:
                    91:88:cb:db:60:77:fd:f5:ab:6c:d9:60:bf:06:8f:
                    bb:f9:63:54:d5:f8:85:f3:83:68:b3:c5:5a:00:5a:
                    3f:50:03:e0:41:96:31:a7:9f:39:5f:cc:e2:b3:00:
                    48:6c:64:fd:26:64:c3:bf:af:d4:8d:4a:b5:1f:70:
                    9c:ab:02:57:85:4f:cd:8c:0d:ee:e1:b5:a0:11:c5:
                    01:5a:d1:8b:8e:71:eb:dc:51:b3:b1:b4:87:cc:01:
                    ce:a6:c4:fb:a8:af:59:a8:a7:95:d1:de:69:cb:04:
                    55:8f:ed:ca:2f:ba:90:a1:7a:b6:dc:f8:c8:fb:ac:
                    e2:74:b2:80:4c:51:8b:73:88:fb:30:86:c8:a8:79:
                    46:99:1c:60:ed:bd:96:56:88:c1:6f:28:27:51:a1:
                    7d:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:16:26:80:68:85:F3:D1:73:ED:B6:61:36:34:DB:AF:9D:8E:63:37
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/xhYmgGiF89Fz7bZhNjTbr52OYzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.222.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:26:2e:c8:b9:87:4c:ce:3c:07:43:c7:cc:8a:f8:c3:bd:86:
         c7:02:04:71:99:62:69:d1:88:72:fd:3f:6d:05:e5:06:6c:2f:
         a7:3a:a2:c1:c7:f3:16:7f:6a:58:47:a7:e6:45:f4:87:d2:81:
         f2:94:77:88:2d:f1:cf:cc:02:73:15:fd:e4:fc:0c:74:f1:01:
         4c:ab:df:48:3e:bf:ce:65:3a:33:cb:9d:30:a8:e3:e1:e9:bb:
         33:43:d9:35:ef:af:6e:95:99:00:05:05:cf:45:a1:23:c1:5c:
         36:56:98:c9:83:6e:9e:8e:e4:2e:af:c6:05:26:48:a8:3a:19:
         e5:88:e3:d8:02:fb:6d:53:27:f0:0e:a2:e7:27:51:b5:50:81:
         24:0d:25:7d:e5:33:69:8b:6e:ed:6f:eb:01:3e:58:23:74:ef:
         f4:87:59:ef:9d:dc:f9:76:e0:ce:db:86:6b:80:6a:7d:54:8b:
         42:ca:6e:1d:7b:cc:cc:30:af:7d:50:a1:a9:6c:62:48:61:f2:
         05:22:fd:03:44:a8:27:ae:7e:49:66:5f:4f:09:2c:69:2c:9b:
         45:ec:b2:d6:72:55:31:5c:82:df:b6:c1:31:e0:96:7b:3a:2f:
         45:a8:f0:a0:e4:f8:26:43:4c:37:8e:09:1c:be:a9:7c:92:b4:
         af:f4:73:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FQEfD/EHatKUlDRDaMR/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjYwMTAyMTQyMDQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjE2MjY4MDY4ODVmM2QxNzNlZGI2NjEzNjM0ZGJhZjlkOGU2MzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA57x9W4YDBih3aqnxF80H12d2TNb5
wKkCviEJI7WPif+M3PmVbYPi0FTawTi75e+ERDsXDySUlcAk5eqXpZa+tsSH7hqG
HlznSvcql6qKM0+NuHq3Q/tqO01uKso59IPuokdntg/YVZeRiMvbYHf99ats2WC/
Bo+7+WNU1fiF84Nos8VaAFo/UAPgQZYxp585X8ziswBIbGT9JmTDv6/UjUq1H3Cc
qwJXhU/NjA3u4bWgEcUBWtGLjnHr3FGzsbSHzAHOpsT7qK9ZqKeV0d5pywRVj+3K
L7qQoXq23PjI+6zidLKATFGLc4j7MIbIqHlGmRxg7b2WVojBbygnUaF97wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMYWJoBohfPRc+22YTY026+djmM3MB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEveGhZbWdHaUY4OUZ6N2JaaE5qVGJyNTJPWXpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQClN70MA0G
CSqGSIb3DQEBCwUAA4IBAQAKJi7IuYdMzjwHQ8fMivjDvYbHAgRxmWJp0Yhy/T9t
BeUGbC+nOqLBx/MWf2pYR6fmRfSH0oHylHeILfHPzAJzFf3k/Ax08QFMq99IPr/O
ZTozy50wqOPh6bszQ9k1769ulZkABQXPRaEjwVw2VpjJg26ejuQur8YFJkioOhnl
iOPYAvttUyfwDqLnJ1G1UIEkDSV95TNpi27tb+sBPlgjdO/0h1nvndz5duDO24Zr
gGp9VItCym4de8zMMK99UKGpbGJIYfIFIv0DRKgnrn5JZl9PCSxpLJtF7LLWclUx
XILftsEx4JZ7Oi9FqPCg5PgmQ0w3jgkcvql8krSv9HPe
-----END CERTIFICATE-----