This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/xp9MuE3K7E-Sb2HgnwhKc3yErto.roa
File:                     xp9MuE3K7E-Sb2HgnwhKc3yErto.roa (raw, json)
Hash identifier:          9FJKEkYOHXVi/GiMh+ZQtwPZthuSJbC+u80wUEZ5uBo=
Subject key identifier:   C6:9F:4C:B8:4D:CA:EC:4F:92:6F:61:E0:9F:08:4A:73:7C:84:AE:DA
Certificate issuer:       /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial:       019B7EA6380DDD60CA7B396F83559DAE7887
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/xp9MuE3K7E-Sb2HgnwhKc3yErto.roa
Signing time:             Fri 02 Jan 2026 12:19:41 +0000
ROA not before:           Fri 02 Jan 2026 12:19:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     46337
IP address blocks:        199.103.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:38:0d:dd:60:ca:7b:39:6f:83:55:9d:ae:78:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
        Validity
            Not Before: Jan  2 12:19:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c69f4cb84dcaec4f926f61e09f084a737c84aeda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:82:38:95:98:82:80:9b:2d:f0:25:41:13:48:
                    42:49:66:65:8c:cc:22:b6:21:46:ab:3b:8b:72:bd:
                    01:d4:db:12:73:b2:16:46:35:4c:71:d4:2b:6e:6c:
                    42:43:fb:a8:43:18:9e:e5:3f:4f:08:21:ed:36:d8:
                    d4:21:b1:f1:65:85:c8:bc:fb:64:fe:34:4a:42:9f:
                    95:d7:36:37:62:ac:a8:f6:ff:c5:44:fe:22:b5:b1:
                    98:c2:f5:54:ec:b0:62:7e:7d:21:2f:17:dd:1d:e1:
                    fd:ef:86:8c:d3:3a:e1:3b:f2:61:50:86:5e:01:2e:
                    f8:de:c9:77:1c:be:15:02:50:2f:92:71:9b:6e:a7:
                    d6:0a:fe:76:24:db:20:28:60:ea:8e:ba:d3:e2:7b:
                    d9:c4:9e:64:2b:39:f9:62:76:94:7a:18:fb:e1:17:
                    50:4b:98:e6:fb:8d:2c:0a:74:a5:6d:73:96:da:89:
                    c6:8c:53:b2:ec:ae:9d:66:1a:e3:eb:e8:9a:de:27:
                    16:63:41:32:59:c9:86:43:9f:9c:6d:06:3b:61:62:
                    fa:09:73:d8:0c:08:05:3e:0e:87:be:49:a1:bc:88:
                    e0:6b:23:f5:25:1b:bc:5c:60:a0:26:8f:39:44:93:
                    29:5e:42:14:64:26:c7:ec:69:69:ba:e4:38:b6:92:
                    11:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:9F:4C:B8:4D:CA:EC:4F:92:6F:61:E0:9F:08:4A:73:7C:84:AE:DA
            X509v3 Authority Key Identifier:
                keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/xp9MuE3K7E-Sb2HgnwhKc3yErto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.103.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:50:49:84:b4:04:85:f0:f2:58:c7:e2:76:54:68:4f:55:ca:
         e1:14:7a:f8:1a:95:5c:22:49:ec:28:c8:5b:dd:cf:86:ad:bf:
         63:f0:74:c0:ef:de:58:a5:3e:66:5a:ee:84:2f:da:85:65:b9:
         7b:2b:15:7a:be:91:25:40:b5:da:ad:8e:f7:bc:5e:61:0a:d0:
         80:e2:aa:37:e2:48:ae:f2:b4:5a:3f:6b:1c:13:10:3b:cc:37:
         f7:9d:b7:ad:b0:1a:79:62:30:97:62:8a:5f:ca:72:01:3e:0a:
         2d:50:97:d4:76:47:89:74:0a:20:e1:30:f6:e1:fc:b7:f2:e0:
         15:69:60:3c:8c:de:f8:8b:96:79:a2:5b:32:0a:0a:80:0a:57:
         a2:c4:88:28:8a:e8:b7:53:2a:a4:a5:7a:32:cd:fd:07:36:8b:
         a3:e1:fe:cb:d2:c3:c6:ad:fc:ea:ed:8d:d6:dd:27:2c:67:28:
         a7:9b:f6:ca:52:b2:56:85:00:88:af:28:d9:ca:0b:a0:20:76:
         fa:52:5d:21:40:99:03:4f:35:81:f7:12:16:10:0b:ba:1b:4e:
         97:15:86:ed:0e:ae:70:b6:d9:7c:94:16:38:3e:ad:18:6e:d2:
         8c:33:79:67:84:a8:f0:4b:9a:81:d4:30:e0:d2:5b:17:42:63:
         ed:06:be:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pjgN3WDKezlvg1WdrniHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjYwMTAyMTIxOTQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjlmNGNiODRkY2FlYzRmOTI2ZjYxZTA5ZjA4NGE3MzdjODRhZWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYI4lZiCgJst8CVBE0hCSWZljMwi
tiFGqzuLcr0B1NsSc7IWRjVMcdQrbmxCQ/uoQxie5T9PCCHtNtjUIbHxZYXIvPtk
/jRKQp+V1zY3Yqyo9v/FRP4itbGYwvVU7LBifn0hLxfdHeH974aM0zrhO/JhUIZe
AS743sl3HL4VAlAvknGbbqfWCv52JNsgKGDqjrrT4nvZxJ5kKzn5YnaUehj74RdQ
S5jm+40sCnSlbXOW2onGjFOy7K6dZhrj6+ia3icWY0EyWcmGQ5+cbQY7YWL6CXPY
DAgFPg6HvkmhvIjgayP1JRu8XGCgJo85RJMpXkIUZCbH7GlpuuQ4tpIRdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMafTLhNyuxPkm9h4J8ISnN8hK7aMB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEveHA5TXVFM0s3RS1TYjJIZ253aEtjM3lFcnRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAx2c6MA0G
CSqGSIb3DQEBCwUAA4IBAQBaUEmEtASF8PJYx+J2VGhPVcrhFHr4GpVcIknsKMhb
3c+Grb9j8HTA795YpT5mWu6EL9qFZbl7KxV6vpElQLXarY73vF5hCtCA4qo34kiu
8rRaP2scExA7zDf3nbetsBp5YjCXYopfynIBPgotUJfUdkeJdAog4TD24fy38uAV
aWA8jN74i5Z5olsyCgqACleixIgoiui3UyqkpXoyzf0HNouj4f7L0sPGrfzq7Y3W
3ScsZyinm/bKUrJWhQCIryjZygugIHb6Ul0hQJkDTzWB9xIWEAu6G06XFYbtDq5w
ttl8lBY4Pq0YbtKMM3lnhKjwS5qB1DDg0lsXQmPtBr6c
-----END CERTIFICATE-----