This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/9157a9-04b0-41be-9c24-d82d06a87bfe/1/x90dPkWW8REhzconoQULUI7Rl80.roa
File:                     x90dPkWW8REhzconoQULUI7Rl80.roa (raw, json)
Hash identifier:          IZPztQukbhq4U8uDrkKMf9ofAgLjzhebtlSwoKIMZXM=
Subject key identifier:   C7:DD:1D:3E:45:96:F1:11:21:CD:CA:27:A1:05:0B:50:8E:D1:97:CD
Certificate issuer:       /CN=5dd6c1384b4a4ca501dd33c5f0d8580d4416eb3a
Certificate serial:       019B7D5CB419216AD6436C2F2BE05D3602F8
Authority key identifier: 5D:D6:C1:38:4B:4A:4C:A5:01:DD:33:C5:F0:D8:58:0D:44:16:EB:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XdbBOEtKTKUB3TPF8NhYDUQW6zo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/9157a9-04b0-41be-9c24-d82d06a87bfe/1/x90dPkWW8REhzconoQULUI7Rl80.roa
Signing time:             Fri 02 Jan 2026 06:19:46 +0000
ROA not before:           Fri 02 Jan 2026 06:19:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216054
IP address blocks:        185.60.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/9157a9-04b0-41be-9c24-d82d06a87bfe/1/XdbBOEtKTKUB3TPF8NhYDUQW6zo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/9157a9-04b0-41be-9c24-d82d06a87bfe/1/XdbBOEtKTKUB3TPF8NhYDUQW6zo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XdbBOEtKTKUB3TPF8NhYDUQW6zo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 21:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:b4:19:21:6a:d6:43:6c:2f:2b:e0:5d:36:02:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd6c1384b4a4ca501dd33c5f0d8580d4416eb3a
        Validity
            Not Before: Jan  2 06:19:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c7dd1d3e4596f11121cdca27a1050b508ed197cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:9c:a7:5a:d1:5c:50:8e:c2:14:7c:6f:46:3e:
                    5a:66:31:16:43:fc:a5:ad:31:3f:99:49:10:27:76:
                    1b:a5:e3:0c:fe:84:ca:cd:dd:88:56:6d:f9:a2:79:
                    e1:d3:2f:41:57:e9:a3:91:a2:61:d4:dc:39:49:a5:
                    b3:b3:6a:bc:02:0d:31:01:39:49:b9:a3:4b:cd:8a:
                    5b:b9:1c:f8:8e:c4:5e:e3:74:67:0b:23:ea:73:c6:
                    cc:89:f2:9f:e2:8a:5e:d0:3f:0b:9e:7a:1b:1a:fb:
                    db:70:b1:7d:1e:d6:5a:44:7b:ff:c1:6e:fd:ee:fa:
                    7b:2f:6a:dc:98:4c:04:49:58:b2:83:7a:14:d3:e4:
                    80:69:08:ee:b5:88:d1:39:9f:0b:e9:f9:fe:58:e1:
                    6c:5c:61:44:10:b5:fb:a0:a6:67:96:b4:ca:56:b6:
                    9e:d8:28:47:23:56:c5:7e:cb:01:4f:71:01:51:6d:
                    d8:e5:88:bf:e0:3f:50:e9:8b:f3:84:94:7c:21:f7:
                    57:08:08:72:c5:e1:8c:73:dd:5f:b5:3d:f8:77:13:
                    36:a0:7a:08:36:85:a0:22:9f:67:47:c4:30:fb:5c:
                    bc:8e:43:23:f3:07:2d:93:ba:86:fc:78:49:21:1e:
                    40:23:95:90:65:80:29:d2:d6:ee:bc:c0:4b:ca:6e:
                    fc:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:DD:1D:3E:45:96:F1:11:21:CD:CA:27:A1:05:0B:50:8E:D1:97:CD
            X509v3 Authority Key Identifier:
                keyid:5D:D6:C1:38:4B:4A:4C:A5:01:DD:33:C5:F0:D8:58:0D:44:16:EB:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XdbBOEtKTKUB3TPF8NhYDUQW6zo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/9157a9-04b0-41be-9c24-d82d06a87bfe/1/x90dPkWW8REhzconoQULUI7Rl80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/9157a9-04b0-41be-9c24-d82d06a87bfe/1/XdbBOEtKTKUB3TPF8NhYDUQW6zo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:5a:8d:6f:23:d0:27:10:5e:02:13:0f:33:75:01:95:77:eb:
         27:1a:cd:44:cf:e6:dc:23:a4:cb:c2:30:04:b8:3b:fd:39:0b:
         ff:a8:4b:68:fa:30:22:39:68:f1:73:a0:c8:b8:4e:a8:0e:7a:
         96:c6:dc:f7:6d:1a:05:fc:6e:2e:73:68:c1:5e:bc:a8:d3:f6:
         48:36:47:a2:85:66:a0:dc:90:1e:1c:3d:d2:5d:be:06:b6:39:
         de:e7:70:87:3e:f9:74:ee:ab:ff:ae:90:39:e9:34:c7:8a:c4:
         1e:ca:bc:6e:0e:eb:d3:57:eb:cb:8e:c9:89:31:2b:e5:89:46:
         43:0d:dc:23:2c:78:93:f3:4f:9a:a4:02:df:97:15:a1:12:8f:
         fd:4a:2b:fc:04:28:b4:6e:66:37:13:75:1c:94:ac:7d:0d:c6:
         20:21:ef:e1:a8:28:c5:2a:4f:41:98:43:19:4d:64:d1:11:0c:
         dd:90:5d:a1:a0:08:5f:23:0a:2d:61:1a:c1:9c:b5:53:33:d7:
         f1:a8:ed:b3:31:51:ac:f9:24:c1:d3:80:13:11:e4:12:f3:cc:
         a3:7e:3f:14:63:6c:6a:8d:e5:41:dc:61:8c:70:16:d4:fb:a7:
         d9:8c:a2:61:af:6c:c5:10:cf:57:93:02:31:75:0c:42:dd:e9:
         e6:0f:0f:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XLQZIWrWQ2wvK+BdNgL4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDZjMTM4NGI0YTRjYTUwMWRkMzNjNWYwZDg1ODBkNDQx
NmViM2EwHhcNMjYwMTAyMDYxOTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2RkMWQzZTQ1OTZmMTExMjFjZGNhMjdhMTA1MGI1MDhlZDE5N2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopynWtFcUI7CFHxvRj5aZjEWQ/yl
rTE/mUkQJ3YbpeMM/oTKzd2IVm35onnh0y9BV+mjkaJh1Nw5SaWzs2q8Ag0xATlJ
uaNLzYpbuRz4jsRe43RnCyPqc8bMifKf4ope0D8LnnobGvvbcLF9HtZaRHv/wW79
7vp7L2rcmEwESViyg3oU0+SAaQjutYjROZ8L6fn+WOFsXGFEELX7oKZnlrTKVrae
2ChHI1bFfssBT3EBUW3Y5Yi/4D9Q6YvzhJR8IfdXCAhyxeGMc91ftT34dxM2oHoI
NoWgIp9nR8Qw+1y8jkMj8wctk7qG/HhJIR5AI5WQZYAp0tbuvMBLym78FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMfdHT5FlvERIc3KJ6EFC1CO0ZfNMB8GA1UdIwQY
MBaAFF3WwThLSkylAd0zxfDYWA1EFus6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRiQk9FdEtUS1VCM1RQRjhOaFlEVVFXNnpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi85MTU3YTktMDRiMC00MWJlLTljMjQt
ZDgyZDA2YTg3YmZlLzEveDkwZFBrV1c4UkVoemNvbm9RVUxVSTdSbDgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi85MTU3YTktMDRiMC00MWJlLTljMjQtZDgyZDA2YTg3YmZl
LzEvWGRiQk9FdEtUS1VCM1RQRjhOaFlEVVFXNnpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTw7MA0G
CSqGSIb3DQEBCwUAA4IBAQBvWo1vI9AnEF4CEw8zdQGVd+snGs1Ez+bcI6TLwjAE
uDv9OQv/qEto+jAiOWjxc6DIuE6oDnqWxtz3bRoF/G4uc2jBXryo0/ZINkeihWag
3JAeHD3SXb4Gtjne53CHPvl07qv/rpA56TTHisQeyrxuDuvTV+vLjsmJMSvliUZD
DdwjLHiT80+apALflxWhEo/9Siv8BCi0bmY3E3UclKx9DcYgIe/hqCjFKk9BmEMZ
TWTREQzdkF2hoAhfIwotYRrBnLVTM9fxqO2zMVGs+STB04ATEeQS88yjfj8UY2xq
jeVB3GGMcBbU+6fZjKJhr2zFEM9XkwIxdQxC3enmDw+G
-----END CERTIFICATE-----