This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/XMPEmo3VyZNZxdfu5EddVS62vv8.roa
File:                     XMPEmo3VyZNZxdfu5EddVS62vv8.roa (raw, json)
Hash identifier:          2ZYUsjgp2DTdjQCWXZ434UAo5JDqjz2ePaAoipm0c8M=
Subject key identifier:   5C:C3:C4:9A:8D:D5:C9:93:59:C5:D7:EE:E4:47:5D:55:2E:B6:BE:FF
Certificate issuer:       /CN=8847aa91b06d8c6b87284f3f45a21dc281f7ba55
Certificate serial:       019B7A5AE34C9DFB22B936C1BA37A311DAA3
Authority key identifier: 88:47:AA:91:B0:6D:8C:6B:87:28:4F:3F:45:A2:1D:C2:81:F7:BA:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iEeqkbBtjGuHKE8_RaIdwoH3ulU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/XMPEmo3VyZNZxdfu5EddVS62vv8.roa
Signing time:             Thu 01 Jan 2026 16:18:55 +0000
ROA not before:           Thu 01 Jan 2026 16:18:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202468
IP address blocks:        188.213.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/iEeqkbBtjGuHKE8_RaIdwoH3ulU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/iEeqkbBtjGuHKE8_RaIdwoH3ulU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iEeqkbBtjGuHKE8_RaIdwoH3ulU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:e3:4c:9d:fb:22:b9:36:c1:ba:37:a3:11:da:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8847aa91b06d8c6b87284f3f45a21dc281f7ba55
        Validity
            Not Before: Jan  1 16:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5cc3c49a8dd5c99359c5d7eee4475d552eb6beff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:c0:6f:e7:9b:b5:25:27:3d:7d:bc:fd:2e:90:
                    b2:6d:44:ce:b1:16:f0:ff:a2:a7:32:46:c1:1a:0e:
                    4c:39:07:a4:a9:b2:16:d4:b6:0e:93:63:48:11:80:
                    1b:65:0b:d9:0e:b4:3e:dd:5e:74:94:ec:e0:b9:5e:
                    2b:cf:12:cf:91:fc:6e:dd:c2:f2:df:b7:93:b1:5e:
                    c1:4f:65:35:20:9e:f0:e2:78:1b:2f:d9:9b:a0:c0:
                    c0:3f:84:8f:9b:a1:93:ee:73:bf:a2:69:28:56:4d:
                    72:8c:72:52:07:81:e9:ca:3c:83:07:66:29:e3:ef:
                    0c:34:ef:ba:9d:04:02:83:c7:9a:f8:b0:56:1e:af:
                    1a:43:27:78:d0:e0:e0:d4:fc:b6:a2:04:c9:27:97:
                    67:96:cc:f1:99:ad:86:d5:93:b1:eb:42:a2:cb:be:
                    17:bd:f5:67:a1:5a:06:aa:91:bd:34:a9:56:8e:8a:
                    85:d5:2b:c5:b7:eb:16:ca:f2:75:d7:68:21:a4:be:
                    a8:21:77:85:1f:e9:e1:55:2e:9d:89:89:b4:60:90:
                    19:eb:da:e3:a2:20:c9:09:7c:2b:ae:1f:13:e1:f3:
                    c7:57:f3:f2:80:f1:e3:ea:b1:07:79:e4:6c:a7:fb:
                    89:0a:37:35:41:8b:25:36:ea:89:2e:25:ec:38:d2:
                    bb:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:C3:C4:9A:8D:D5:C9:93:59:C5:D7:EE:E4:47:5D:55:2E:B6:BE:FF
            X509v3 Authority Key Identifier:
                keyid:88:47:AA:91:B0:6D:8C:6B:87:28:4F:3F:45:A2:1D:C2:81:F7:BA:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iEeqkbBtjGuHKE8_RaIdwoH3ulU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/XMPEmo3VyZNZxdfu5EddVS62vv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/fdf296-75e5-4635-9546-cea75d0cd671/1/iEeqkbBtjGuHKE8_RaIdwoH3ulU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.213.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:b9:da:8f:55:0d:8c:ac:ef:c4:ea:08:3c:3c:bd:b5:b8:ed:
         05:ef:0e:cc:92:6f:89:67:8e:1e:f9:61:01:13:45:db:70:e4:
         eb:90:c9:0c:9b:53:1f:d9:59:a9:ca:4d:68:a6:f5:8f:cb:98:
         53:09:6c:b2:46:29:49:f3:45:44:50:f2:bb:b9:c9:ad:52:a4:
         ba:19:5e:6f:57:b0:d7:14:17:90:51:fc:e4:41:fe:86:7b:34:
         b5:d7:bb:7c:6e:93:0a:8f:0b:76:9a:7c:a5:ab:c7:31:44:3b:
         e1:a3:83:26:61:90:a2:80:b0:ce:88:e4:1a:10:d0:2d:91:a2:
         b1:30:cc:2c:99:1d:f4:38:87:a8:f8:e5:b9:f8:a8:7d:97:30:
         ec:dd:94:6d:f7:9f:d7:30:ff:33:86:d3:c6:43:35:a3:98:7f:
         56:55:ef:a2:99:50:e5:63:31:fa:75:ff:a8:23:f1:30:6a:96:
         eb:30:a9:6e:51:95:bf:1e:a0:95:a3:d6:d1:25:75:2c:c5:6e:
         21:27:ed:db:d4:47:92:98:d7:4b:95:42:7f:4b:dd:79:46:0e:
         12:6c:3c:bf:5d:21:f5:ae:48:48:e4:28:64:b2:43:9a:5d:e2:
         a4:f7:74:ca:a3:6c:30:55:87:6c:7c:d2:a6:a5:05:62:92:73:
         7b:19:17:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WuNMnfsiuTbBujejEdqjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NDdhYTkxYjA2ZDhjNmI4NzI4NGYzZjQ1YTIxZGMyODFm
N2JhNTUwHhcNMjYwMTAxMTYxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2MzYzQ5YThkZDVjOTkzNTljNWQ3ZWVlNDQ3NWQ1NTJlYjZiZWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6MBv55u1JSc9fbz9LpCybUTOsRbw
/6KnMkbBGg5MOQekqbIW1LYOk2NIEYAbZQvZDrQ+3V50lOzguV4rzxLPkfxu3cLy
37eTsV7BT2U1IJ7w4ngbL9mboMDAP4SPm6GT7nO/omkoVk1yjHJSB4HpyjyDB2Yp
4+8MNO+6nQQCg8ea+LBWHq8aQyd40ODg1Py2ogTJJ5dnlszxma2G1ZOx60Kiy74X
vfVnoVoGqpG9NKlWjoqF1SvFt+sWyvJ112ghpL6oIXeFH+nhVS6diYm0YJAZ69rj
oiDJCXwrrh8T4fPHV/PygPHj6rEHeeRsp/uJCjc1QYslNuqJLiXsONK7eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFzDxJqN1cmTWcXX7uRHXVUutr7/MB8GA1UdIwQY
MBaAFIhHqpGwbYxrhyhPP0WiHcKB97pVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUVlcWtiQnRqR3VIS0U4X1JhSWR3b0gzdWxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9mZGYyOTYtNzVlNS00NjM1LTk1NDYt
Y2VhNzVkMGNkNjcxLzEvWE1QRW1vM1Z5Wk5aeGRmdTVFZGRWUzYydnY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9mZGYyOTYtNzVlNS00NjM1LTk1NDYtY2VhNzVkMGNkNjcx
LzEvaUVlcWtiQnRqR3VIS0U4X1JhSWR3b0gzdWxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvNXEMA0G
CSqGSIb3DQEBCwUAA4IBAQAiudqPVQ2MrO/E6gg8PL21uO0F7w7Mkm+JZ44e+WEB
E0XbcOTrkMkMm1Mf2Vmpyk1opvWPy5hTCWyyRilJ80VEUPK7ucmtUqS6GV5vV7DX
FBeQUfzkQf6GezS117t8bpMKjwt2mnylq8cxRDvho4MmYZCigLDOiOQaENAtkaKx
MMwsmR30OIeo+OW5+Kh9lzDs3ZRt95/XMP8zhtPGQzWjmH9WVe+imVDlYzH6df+o
I/EwapbrMKluUZW/HqCVo9bRJXUsxW4hJ+3b1EeSmNdLlUJ/S915Rg4SbDy/XSH1
rkhI5ChkskOaXeKk93TKo2wwVYdsfNKmpQViknN7GRdl
-----END CERTIFICATE-----