This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/XlbisSjtE0VEsvYZfBE1a7SwnPo.roa
File:                     XlbisSjtE0VEsvYZfBE1a7SwnPo.roa (raw, json)
Hash identifier:          ywquchTaiRzJ9EyzBmBuS7GF3u7LPVkY7qatrsHV8Nc=
Subject key identifier:   5E:56:E2:B1:28:ED:13:45:44:B2:F6:19:7C:11:35:6B:B4:B0:9C:FA
Certificate issuer:       /CN=d28c3886c6ef5227c246224cc894a84a53bcf51a
Certificate serial:       019B7C11ECF49FEBE6620B04463D2240902A
Authority key identifier: D2:8C:38:86:C6:EF:52:27:C2:46:22:4C:C8:94:A8:4A:53:BC:F5:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0ow4hsbvUifCRiJMyJSoSlO89Ro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/XlbisSjtE0VEsvYZfBE1a7SwnPo.roa
Signing time:             Fri 02 Jan 2026 00:18:28 +0000
ROA not before:           Fri 02 Jan 2026 00:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34701
IP address blocks:        194.143.156.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/0ow4hsbvUifCRiJMyJSoSlO89Ro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/0ow4hsbvUifCRiJMyJSoSlO89Ro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0ow4hsbvUifCRiJMyJSoSlO89Ro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:ec:f4:9f:eb:e6:62:0b:04:46:3d:22:40:90:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d28c3886c6ef5227c246224cc894a84a53bcf51a
        Validity
            Not Before: Jan  2 00:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e56e2b128ed134544b2f6197c11356bb4b09cfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e6:f3:10:33:2d:ec:98:9d:c7:12:c5:d4:8f:
                    87:15:2a:4c:fe:82:b3:2a:b7:e1:76:ea:fa:6c:47:
                    02:5f:bb:28:2b:4f:f0:87:9b:ba:36:fd:55:a5:9d:
                    14:19:be:11:a3:9c:ea:84:91:27:a9:e9:38:14:17:
                    fc:b2:b6:9e:95:29:aa:b2:a5:2b:e1:e1:87:d6:78:
                    4d:13:b6:0f:99:04:de:cd:76:8b:2a:61:9f:61:90:
                    0e:46:e7:89:80:b6:3b:6a:99:a6:02:1b:96:26:44:
                    31:29:98:dc:29:fb:7f:46:1e:37:43:d2:0d:81:ea:
                    87:97:da:5c:86:41:fe:40:ad:67:db:48:14:c0:9a:
                    1e:f6:4b:93:81:c5:23:4a:cd:2c:50:1b:f1:ba:c8:
                    18:36:00:d6:35:97:21:45:8b:4e:d3:3d:a1:83:ea:
                    3b:d2:d0:6a:dc:be:8d:5c:11:57:88:0b:ea:96:13:
                    d7:f0:c5:48:c6:78:7c:c2:1c:e7:b7:c4:ac:e6:e8:
                    a9:31:a9:e0:dc:11:94:81:c0:07:c9:3a:e4:db:bc:
                    3d:04:77:e1:d9:ea:78:22:3f:c3:d9:7f:b0:22:ae:
                    55:35:a9:c5:6c:11:ef:c3:b1:8a:cd:a4:49:cc:21:
                    0c:e1:7c:d8:eb:e3:6c:cb:7c:a2:d0:3b:5e:f7:ae:
                    ab:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:56:E2:B1:28:ED:13:45:44:B2:F6:19:7C:11:35:6B:B4:B0:9C:FA
            X509v3 Authority Key Identifier:
                keyid:D2:8C:38:86:C6:EF:52:27:C2:46:22:4C:C8:94:A8:4A:53:BC:F5:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0ow4hsbvUifCRiJMyJSoSlO89Ro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/XlbisSjtE0VEsvYZfBE1a7SwnPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/bec19c-5b94-401f-b138-fc421621fe08/1/0ow4hsbvUifCRiJMyJSoSlO89Ro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.143.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:0d:56:95:c1:ea:0f:e8:fe:82:06:c6:2b:4f:06:b1:c2:75:
         ba:2b:02:ac:3b:6b:da:48:a7:1c:44:2b:eb:74:2c:3b:98:e5:
         d1:5f:59:ac:91:8f:d3:60:95:a1:d7:51:d3:92:0a:0f:73:36:
         9b:40:a6:5c:5f:a6:ab:fb:e0:e2:42:14:e0:05:49:85:7e:ea:
         f4:bc:fd:87:27:98:a3:f8:b3:01:0f:4f:ed:e5:54:4c:25:a5:
         9e:73:a9:04:65:c4:75:91:e6:9e:55:c3:5e:50:2f:4f:80:d9:
         46:b7:aa:7b:41:ee:bd:84:6d:bf:ef:16:82:84:99:76:00:ed:
         3e:de:0b:22:21:86:ae:4e:1d:67:bf:dc:71:a1:63:e0:90:81:
         ff:56:18:52:19:44:b9:51:fe:ed:fc:f4:f3:06:1a:7f:39:86:
         33:a9:9f:fe:25:1f:b1:ff:b2:4d:f6:9b:54:57:6c:f1:bc:19:
         fd:99:82:fa:21:ac:c7:db:08:e5:79:b5:ed:45:33:06:80:04:
         85:fa:53:a4:81:89:05:72:71:e8:c5:a8:b5:b1:d9:9b:be:83:
         cd:be:44:b3:b2:1c:7a:90:46:ea:a8:ab:2c:b6:68:d9:ab:26:
         a5:9a:91:20:86:fa:97:b4:ca:1a:99:9f:d3:d7:aa:35:92:53:
         cf:ec:54:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Eez0n+vmYgsERj0iQJAqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyOGMzODg2YzZlZjUyMjdjMjQ2MjI0Y2M4OTRhODRhNTNi
Y2Y1MWEwHhcNMjYwMTAyMDAxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTU2ZTJiMTI4ZWQxMzQ1NDRiMmY2MTk3YzExMzU2YmI0YjA5Y2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+bzEDMt7JidxxLF1I+HFSpM/oKz
Krfhdur6bEcCX7soK0/wh5u6Nv1VpZ0UGb4Ro5zqhJEnqek4FBf8sraelSmqsqUr
4eGH1nhNE7YPmQTezXaLKmGfYZAORueJgLY7apmmAhuWJkQxKZjcKft/Rh43Q9IN
geqHl9pchkH+QK1n20gUwJoe9kuTgcUjSs0sUBvxusgYNgDWNZchRYtO0z2hg+o7
0tBq3L6NXBFXiAvqlhPX8MVIxnh8whznt8Ss5uipMang3BGUgcAHyTrk27w9BHfh
2ep4Ij/D2X+wIq5VNanFbBHvw7GKzaRJzCEM4XzY6+Nsy3yi0Dte966rCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5W4rEo7RNFRLL2GXwRNWu0sJz6MB8GA1UdIwQY
MBaAFNKMOIbG71InwkYiTMiUqEpTvPUaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG93NGhzYnZVaWZDUmlKTXlKU29TbE84OVJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9iZWMxOWMtNWI5NC00MDFmLWIxMzgt
ZmM0MjE2MjFmZTA4LzEvWGxiaXNTanRFMFZFc3ZZWmZCRTFhN1N3blBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9iZWMxOWMtNWI5NC00MDFmLWIxMzgtZmM0MjE2MjFmZTA4
LzEvMG93NGhzYnZVaWZDUmlKTXlKU29TbE84OVJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwo+cMA0G
CSqGSIb3DQEBCwUAA4IBAQBwDVaVweoP6P6CBsYrTwaxwnW6KwKsO2vaSKccRCvr
dCw7mOXRX1mskY/TYJWh11HTkgoPczabQKZcX6ar++DiQhTgBUmFfur0vP2HJ5ij
+LMBD0/t5VRMJaWec6kEZcR1keaeVcNeUC9PgNlGt6p7Qe69hG2/7xaChJl2AO0+
3gsiIYauTh1nv9xxoWPgkIH/VhhSGUS5Uf7t/PTzBhp/OYYzqZ/+JR+x/7JN9ptU
V2zxvBn9mYL6IazH2wjlebXtRTMGgASF+lOkgYkFcnHoxai1sdmbvoPNvkSzshx6
kEbqqKsstmjZqyalmpEghvqXtMoamZ/T16o1klPP7FRf
-----END CERTIFICATE-----