This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/xmMlfa7iRWWb2wsgVQjfEUP18xg.roa
File:                     xmMlfa7iRWWb2wsgVQjfEUP18xg.roa (raw, json)
Hash identifier:          MZHFj2EgqlivJGFIR4zUNFYVY5Bn/cspVbef0X3zPHs=
Subject key identifier:   C6:63:25:7D:AE:E2:45:65:9B:DB:0B:20:55:08:DF:11:43:F5:F3:18
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       019B79103E30A1260B41506A4C9E3FED439E
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/xmMlfa7iRWWb2wsgVQjfEUP18xg.roa
Signing time:             Thu 01 Jan 2026 10:17:46 +0000
ROA not before:           Thu 01 Jan 2026 10:17:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213607
IP address blocks:        195.216.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:3e:30:a1:26:0b:41:50:6a:4c:9e:3f:ed:43:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Jan  1 10:17:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c663257daee245659bdb0b205508df1143f5f318
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:64:40:c1:ca:e9:b6:6b:fb:89:2a:25:44:78:
                    c2:8e:c0:c9:bd:b6:71:92:be:e6:b1:4e:d9:24:5b:
                    d7:a9:21:df:fa:3d:9a:0e:c0:f9:f9:60:30:be:23:
                    b1:f0:a4:70:8c:44:a9:ac:d6:f7:c3:88:5e:9d:71:
                    fe:4f:d4:20:81:e0:00:2e:5d:0f:93:1c:c0:d2:c1:
                    31:2f:27:3a:06:48:c7:a1:4a:24:fe:41:6f:8e:c3:
                    dd:55:c5:14:16:b2:2a:4e:ee:c4:d1:a6:73:0a:eb:
                    79:51:65:41:cd:4d:fb:6f:f0:a5:1a:7a:e7:01:ce:
                    e7:fa:0e:c4:43:b2:26:4a:cd:9f:14:f4:21:b4:5e:
                    06:0e:16:8a:69:aa:e8:d7:e6:f2:fb:0b:e3:cf:8e:
                    6e:c8:dc:fe:77:5f:85:a2:8f:59:ee:25:55:f5:83:
                    f8:34:43:95:7e:da:86:5e:64:98:31:1a:37:ad:d2:
                    43:15:c7:a1:f5:5b:14:ab:e2:83:c9:02:12:03:b9:
                    9a:7c:cd:16:52:7b:09:2c:a2:49:8c:1b:fe:e0:ea:
                    9a:d0:2d:60:51:05:d6:5d:8d:6e:ac:67:3d:78:2f:
                    a5:e6:a0:74:4d:9c:85:ce:0d:ae:c7:7b:ef:60:c2:
                    0d:d4:bc:2e:9d:9b:dc:bd:d6:55:ba:6d:79:2d:10:
                    64:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:63:25:7D:AE:E2:45:65:9B:DB:0B:20:55:08:DF:11:43:F5:F3:18
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/xmMlfa7iRWWb2wsgVQjfEUP18xg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:65:d7:5b:d4:6f:d2:4d:76:31:cc:e7:8e:88:f1:ef:d2:02:
         49:69:ee:02:5c:6a:b7:59:a8:01:6a:a2:ad:38:06:5f:35:95:
         ad:a2:62:ff:59:cd:a5:2d:a4:9e:0a:9c:37:24:58:13:22:6b:
         84:51:93:15:d2:20:a1:ed:f2:da:90:f5:4d:5f:9f:5e:82:39:
         87:84:89:5f:01:fe:61:c3:81:6c:03:6a:a5:08:da:20:9b:69:
         03:cd:e7:c8:c9:bb:25:61:3a:c7:fa:20:fd:01:8a:92:82:b1:
         a4:ae:13:4d:2e:d0:b4:a1:cc:c5:92:a0:76:76:66:78:a3:02:
         8f:67:7c:b8:17:e0:31:99:6b:74:bb:db:e6:22:9c:ff:cd:e0:
         3a:d6:5b:88:e2:ff:86:e5:83:5a:43:e5:e6:19:35:98:a2:b2:
         25:65:ed:ea:37:1b:1b:c2:33:4e:dc:ce:94:7e:fe:40:cf:91:
         fc:45:41:21:6c:9f:f5:25:e4:a5:17:14:5a:84:ff:e9:39:e4:
         63:84:67:c0:19:91:2e:53:9c:cb:dd:34:38:b0:47:d0:ce:b7:
         fc:cf:f6:63:44:2a:93:60:dd:7e:ce:2a:9e:1e:5f:19:e2:75:
         a4:b2:46:80:e5:01:f3:12:01:47:48:99:ab:30:84:0c:85:72:
         b2:43:70:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ED4woSYLQVBqTJ4/7UOeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjYwMTAxMTAxNzQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjYzMjU3ZGFlZTI0NTY1OWJkYjBiMjA1NTA4ZGYxMTQzZjVmMzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmRAwcrptmv7iSolRHjCjsDJvbZx
kr7msU7ZJFvXqSHf+j2aDsD5+WAwviOx8KRwjESprNb3w4henXH+T9QggeAALl0P
kxzA0sExLyc6BkjHoUok/kFvjsPdVcUUFrIqTu7E0aZzCut5UWVBzU37b/ClGnrn
Ac7n+g7EQ7ImSs2fFPQhtF4GDhaKaaro1+by+wvjz45uyNz+d1+Foo9Z7iVV9YP4
NEOVftqGXmSYMRo3rdJDFceh9VsUq+KDyQISA7mafM0WUnsJLKJJjBv+4Oqa0C1g
UQXWXY1urGc9eC+l5qB0TZyFzg2ux3vvYMIN1LwunZvcvdZVum15LRBk3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZjJX2u4kVlm9sLIFUI3xFD9fMYMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEveG1NbGZhN2lSV1diMndzZ1ZRamZFVVAxOHhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9i0MA0G
CSqGSIb3DQEBCwUAA4IBAQBDZddb1G/STXYxzOeOiPHv0gJJae4CXGq3WagBaqKt
OAZfNZWtomL/Wc2lLaSeCpw3JFgTImuEUZMV0iCh7fLakPVNX59egjmHhIlfAf5h
w4FsA2qlCNogm2kDzefIybslYTrH+iD9AYqSgrGkrhNNLtC0oczFkqB2dmZ4owKP
Z3y4F+AxmWt0u9vmIpz/zeA61luI4v+G5YNaQ+XmGTWYorIlZe3qNxsbwjNO3M6U
fv5Az5H8RUEhbJ/1JeSlFxRahP/pOeRjhGfAGZEuU5zL3TQ4sEfQzrf8z/ZjRCqT
YN1+ziqeHl8Z4nWkskaA5QHzEgFHSJmrMIQMhXKyQ3BT
-----END CERTIFICATE-----