This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/Xz4dqhqCzoZvF10IK-TkgPiAc5Q.roa
File:                     Xz4dqhqCzoZvF10IK-TkgPiAc5Q.roa (raw, json)
Hash identifier:          ZFUgfRsBRCs1X5BDvrArX90/CdgfBgfrW7Rw9sq2N84=
Subject key identifier:   5F:3E:1D:AA:1A:82:CE:86:6F:17:5D:08:2B:E4:E4:80:F8:80:73:94
Certificate issuer:       /CN=a8e75802e7efb8653e3af59cbf1bc06538bca671
Certificate serial:       019B791137B12C19CCE8F5A9B50C28B4C14B
Authority key identifier: A8:E7:58:02:E7:EF:B8:65:3E:3A:F5:9C:BF:1B:C0:65:38:BC:A6:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qOdYAufvuGU-OvWcvxvAZTi8pnE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/Xz4dqhqCzoZvF10IK-TkgPiAc5Q.roa
Signing time:             Thu 01 Jan 2026 10:18:50 +0000
ROA not before:           Thu 01 Jan 2026 10:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212866
IP address blocks:        185.111.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/qOdYAufvuGU-OvWcvxvAZTi8pnE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/qOdYAufvuGU-OvWcvxvAZTi8pnE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qOdYAufvuGU-OvWcvxvAZTi8pnE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 19:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:37:b1:2c:19:cc:e8:f5:a9:b5:0c:28:b4:c1:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8e75802e7efb8653e3af59cbf1bc06538bca671
        Validity
            Not Before: Jan  1 10:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5f3e1daa1a82ce866f175d082be4e480f8807394
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:8d:4c:30:9f:4d:d0:d5:9e:bd:1c:e5:43:5f:
                    08:9c:26:87:41:f0:e0:dc:45:35:3a:04:53:16:5a:
                    af:fa:51:01:d3:a8:56:c1:ef:cc:66:c5:e0:04:22:
                    93:5a:5f:b8:82:74:73:38:b8:89:fc:ec:5e:45:20:
                    d1:4d:b5:62:15:0b:e5:eb:84:ea:c0:64:66:0b:5b:
                    b3:2b:3a:04:e8:69:f7:7d:b0:82:ee:05:5c:6b:3e:
                    e0:c9:d5:c2:b3:69:b4:c4:60:14:2d:68:8b:08:70:
                    e9:aa:38:5c:2f:b9:3e:a3:40:b0:1c:8b:6d:73:59:
                    b5:71:1c:1b:6a:fa:ae:4b:c0:8f:4c:cb:6c:6d:26:
                    47:6a:a1:6e:52:dc:0e:81:94:e9:a9:ac:1a:4e:ac:
                    23:86:70:4e:15:4e:93:ec:19:80:61:c9:2a:b5:f5:
                    71:29:2b:17:df:fe:a6:3e:5b:49:78:60:32:14:7f:
                    6d:d7:c7:75:c0:2f:d4:3f:bb:9f:11:fe:7b:4b:8c:
                    97:fe:5b:4a:b7:dd:f5:23:24:44:8d:01:97:c3:ba:
                    28:87:cb:00:07:dc:c8:42:7c:3d:52:d0:b7:c8:3e:
                    87:b2:85:f7:9d:d1:bf:5e:bd:4a:c3:74:da:a5:f7:
                    9c:32:b3:e1:49:26:c2:81:f2:8f:bc:b5:f8:ee:19:
                    92:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:3E:1D:AA:1A:82:CE:86:6F:17:5D:08:2B:E4:E4:80:F8:80:73:94
            X509v3 Authority Key Identifier:
                keyid:A8:E7:58:02:E7:EF:B8:65:3E:3A:F5:9C:BF:1B:C0:65:38:BC:A6:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qOdYAufvuGU-OvWcvxvAZTi8pnE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/Xz4dqhqCzoZvF10IK-TkgPiAc5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6256b6-36a1-4f2f-a0b9-411f5837fefa/1/qOdYAufvuGU-OvWcvxvAZTi8pnE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:54:89:76:bc:78:95:a7:de:00:14:f9:98:7c:a0:6b:db:14:
         02:67:f0:c9:1b:54:69:e4:85:70:dc:c5:15:de:64:79:c8:e9:
         19:d6:b0:7a:63:51:a1:77:27:5a:6a:38:8c:c1:aa:5d:e3:0c:
         cc:11:be:86:6e:d0:38:14:66:41:82:e3:6e:54:75:d1:1d:79:
         80:83:5e:87:9a:84:29:29:b9:1f:00:97:af:04:1a:d4:83:b2:
         ba:c2:eb:05:7b:d2:97:40:34:66:9c:e0:91:7a:9e:89:b1:1c:
         ab:9a:5e:59:9b:b3:28:01:f3:50:81:6d:ad:69:a1:92:b3:ec:
         65:b9:94:b4:ec:c7:5c:46:a1:bd:04:9b:4c:32:1c:3c:b0:37:
         ef:e3:f5:2a:c3:43:5a:68:3d:d2:c9:ee:99:b5:20:74:48:0e:
         25:f9:24:dd:79:07:56:c9:30:d8:04:f1:87:9b:8b:ff:34:85:
         af:1a:f6:0d:c3:6c:84:cb:47:42:65:33:40:f6:7d:c7:29:09:
         a7:dd:8d:9e:39:5d:08:43:d1:c1:3f:07:26:fb:19:54:13:6a:
         44:83:cf:d2:37:5e:64:32:23:06:f4:93:52:7c:1b:27:b1:e3:
         6d:f4:36:33:2a:d7:5c:33:06:cd:5b:9f:45:a6:68:2f:bd:a8:
         60:a5:c0:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ETexLBnM6PWptQwotMFLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ZTc1ODAyZTdlZmI4NjUzZTNhZjU5Y2JmMWJjMDY1Mzhi
Y2E2NzEwHhcNMjYwMTAxMTAxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjNlMWRhYTFhODJjZTg2NmYxNzVkMDgyYmU0ZTQ4MGY4ODA3Mzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Y1MMJ9N0NWevRzlQ18InCaHQfDg
3EU1OgRTFlqv+lEB06hWwe/MZsXgBCKTWl+4gnRzOLiJ/OxeRSDRTbViFQvl64Tq
wGRmC1uzKzoE6Gn3fbCC7gVcaz7gydXCs2m0xGAULWiLCHDpqjhcL7k+o0CwHItt
c1m1cRwbavquS8CPTMtsbSZHaqFuUtwOgZTpqawaTqwjhnBOFU6T7BmAYckqtfVx
KSsX3/6mPltJeGAyFH9t18d1wC/UP7ufEf57S4yX/ltKt931IyREjQGXw7ooh8sA
B9zIQnw9UtC3yD6HsoX3ndG/Xr1Kw3TapfecMrPhSSbCgfKPvLX47hmS8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8+Haoags6GbxddCCvk5ID4gHOUMB8GA1UdIwQY
MBaAFKjnWALn77hlPjr1nL8bwGU4vKZxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU9kWUF1ZnZ1R1UtT3ZXY3Z4dkFaVGk4cG5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82MjU2YjYtMzZhMS00ZjJmLWEwYjkt
NDExZjU4MzdmZWZhLzEvWHo0ZHFocUN6b1p2RjEwSUstVGtnUGlBYzVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82MjU2YjYtMzZhMS00ZjJmLWEwYjktNDExZjU4MzdmZWZh
LzEvcU9kWUF1ZnZ1R1UtT3ZXY3Z4dkFaVGk4cG5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuW/8MA0G
CSqGSIb3DQEBCwUAA4IBAQA1VIl2vHiVp94AFPmYfKBr2xQCZ/DJG1Rp5IVw3MUV
3mR5yOkZ1rB6Y1GhdydaajiMwapd4wzMEb6GbtA4FGZBguNuVHXRHXmAg16HmoQp
KbkfAJevBBrUg7K6wusFe9KXQDRmnOCRep6JsRyrml5Zm7MoAfNQgW2taaGSs+xl
uZS07MdcRqG9BJtMMhw8sDfv4/Uqw0NaaD3Sye6ZtSB0SA4l+STdeQdWyTDYBPGH
m4v/NIWvGvYNw2yEy0dCZTNA9n3HKQmn3Y2eOV0IQ9HBPwcm+xlUE2pEg8/SN15k
MiMG9JNSfBsnseNt9DYzKtdcMwbNW59FpmgvvahgpcAy
-----END CERTIFICATE-----