This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/XppJI7pSNx6BdFrEbdtPboTQL6o.roa
File:                     XppJI7pSNx6BdFrEbdtPboTQL6o.roa (raw, json)
Hash identifier:          Cty7u06Lt5vOCxE5CLtni9wB/17m9CZOi2zJp+IGXYM=
Subject key identifier:   5E:9A:49:23:BA:52:37:1E:81:74:5A:C4:6D:DB:4F:6E:84:D0:2F:AA
Certificate issuer:       /CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
Certificate serial:       019B79ED44BA23AD421AC7A51B0CB30BEADC
Authority key identifier: B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/XppJI7pSNx6BdFrEbdtPboTQL6o.roa
Signing time:             Thu 01 Jan 2026 14:19:11 +0000
ROA not before:           Thu 01 Jan 2026 14:19:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6789
IP address blocks:        95.140.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:44:ba:23:ad:42:1a:c7:a5:1b:0c:b3:0b:ea:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
        Validity
            Not Before: Jan  1 14:19:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e9a4923ba52371e81745ac46ddb4f6e84d02faa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c5:40:88:2a:d4:eb:54:ef:95:8e:06:f0:c4:
                    46:89:c8:56:c7:6d:16:8f:77:9c:d7:9e:e7:c0:df:
                    a1:b4:02:c1:36:6f:03:da:12:2d:33:0a:f3:5e:53:
                    10:42:dc:2d:cc:1e:fb:40:4e:ea:c5:87:b1:55:90:
                    f0:b3:13:29:d6:0d:94:e8:3d:57:02:e7:bf:65:d2:
                    f8:7e:46:f0:ed:45:8c:b3:2f:91:24:60:98:61:b0:
                    24:20:c3:bb:71:1a:6f:4b:ff:f1:10:de:e7:e2:20:
                    5b:d7:61:d3:63:bf:71:3d:b7:d7:7e:dd:3f:3f:21:
                    f7:a5:5e:34:24:4d:53:f8:a6:fb:b8:2a:87:79:cb:
                    69:65:4a:b1:96:93:a7:7e:43:63:41:05:1f:5d:a8:
                    b6:3c:9e:f1:0f:ba:15:63:36:88:15:53:bc:05:d0:
                    47:c4:85:59:c6:d2:4c:77:34:b1:02:45:37:99:12:
                    c1:30:55:ec:bc:9f:63:99:d7:b2:02:d4:f7:6f:a1:
                    e9:bf:90:8a:ac:fd:9a:97:4c:f8:af:67:e0:c0:c4:
                    f4:38:7d:86:e8:be:e9:3b:92:83:a9:a2:ea:00:2e:
                    52:73:ec:8a:79:2d:a1:d2:50:d7:28:a6:e3:90:0d:
                    a6:9b:f9:0f:54:27:c1:74:d0:a7:34:5e:b3:1a:1d:
                    a6:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:9A:49:23:BA:52:37:1E:81:74:5A:C4:6D:DB:4F:6E:84:D0:2F:AA
            X509v3 Authority Key Identifier:
                keyid:B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/XppJI7pSNx6BdFrEbdtPboTQL6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.140.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:5a:72:35:38:31:88:d1:c5:c1:76:67:95:13:3f:21:f2:9a:
         15:39:dd:f9:43:a7:d6:d5:f3:de:ae:e7:99:d6:23:7b:62:26:
         b0:a2:16:cf:76:cc:ee:ef:c8:75:58:a3:ba:81:e3:c8:bf:51:
         f2:ba:b5:76:20:b1:4f:43:e6:a6:5f:0f:72:3d:8c:83:05:23:
         04:37:74:68:98:1f:23:42:31:c2:22:69:65:a5:cc:a3:2d:b7:
         87:81:a0:b1:11:75:67:9d:81:ae:9c:5e:64:f0:99:d3:e9:8d:
         ef:ba:cd:4e:d1:8b:46:b9:59:eb:39:a5:34:9b:1a:a9:2c:b4:
         b9:0e:8d:2e:7f:60:7e:1c:ce:38:d7:15:8c:cb:cf:5a:3e:f8:
         57:8c:6a:d3:cd:e7:01:1f:e3:41:a7:c0:93:a2:df:0e:12:7a:
         e7:c6:3d:83:63:d1:84:c2:83:aa:b0:dc:21:ad:50:4e:ed:b8:
         49:91:2f:03:b6:a4:ff:2f:6c:38:25:f9:80:e8:92:67:03:25:
         e9:54:12:ad:c4:4d:d5:72:c1:ec:36:dc:b4:32:36:09:5c:66:
         c3:d9:59:70:3e:fb:db:a6:57:ee:27:92:06:2d:2d:e8:0d:a7:
         a9:0e:37:00:02:03:8e:3f:6e:80:6d:ef:b5:e9:5e:b3:99:0d:
         5f:56:20:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57US6I61CGselGwyzC+rcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZWE4OTM2ZjhlNTMwNjNiNGIzYmRmMGYzYjE1YjJhZTY2
N2VmMTMwHhcNMjYwMTAxMTQxOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTlhNDkyM2JhNTIzNzFlODE3NDVhYzQ2ZGRiNGY2ZTg0ZDAyZmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcVAiCrU61TvlY4G8MRGichWx20W
j3ec157nwN+htALBNm8D2hItMwrzXlMQQtwtzB77QE7qxYexVZDwsxMp1g2U6D1X
Aue/ZdL4fkbw7UWMsy+RJGCYYbAkIMO7cRpvS//xEN7n4iBb12HTY79xPbfXft0/
PyH3pV40JE1T+Kb7uCqHectpZUqxlpOnfkNjQQUfXai2PJ7xD7oVYzaIFVO8BdBH
xIVZxtJMdzSxAkU3mRLBMFXsvJ9jmdeyAtT3b6Hpv5CKrP2al0z4r2fgwMT0OH2G
6L7pO5KDqaLqAC5Sc+yKeS2h0lDXKKbjkA2mm/kPVCfBdNCnNF6zGh2maQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6aSSO6UjcegXRaxG3bT26E0C+qMB8GA1UdIwQY
MBaAFLnqiTb45TBjtLO98POxWyrmZ+8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEt
YjI1MDk5N2ZjNzVkLzEvWHBwSkk3cFNOeDZCZEZyRWJkdFBib1RRTDZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEtYjI1MDk5N2ZjNzVk
LzEvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4yXMA0G
CSqGSIb3DQEBCwUAA4IBAQCgWnI1ODGI0cXBdmeVEz8h8poVOd35Q6fW1fPerueZ
1iN7YiawohbPdszu78h1WKO6gePIv1HyurV2ILFPQ+amXw9yPYyDBSMEN3RomB8j
QjHCImllpcyjLbeHgaCxEXVnnYGunF5k8JnT6Y3vus1O0YtGuVnrOaU0mxqpLLS5
Do0uf2B+HM441xWMy89aPvhXjGrTzecBH+NBp8CTot8OEnrnxj2DY9GEwoOqsNwh
rVBO7bhJkS8DtqT/L2w4JfmA6JJnAyXpVBKtxE3VcsHsNty0MjYJXGbD2VlwPvvb
plfuJ5IGLS3oDaepDjcAAgOOP26Abe+16V6zmQ1fViBM
-----END CERTIFICATE-----