This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/SxCmwkP6Nm4OCkq0cafIGZz0UzE.roa
File:                     SxCmwkP6Nm4OCkq0cafIGZz0UzE.roa (raw, json)
Hash identifier:          xnBBhj7JCuhXFRvrPefaRqPCoJ+R9TXOqzjYihjmxgg=
Subject key identifier:   4B:10:A6:C2:43:FA:36:6E:0E:0A:4A:B4:71:A7:C8:19:9C:F4:53:31
Certificate issuer:       /CN=297ae7592ca52491dc166a30fe1477d712bd465d
Certificate serial:       019B7C806081B9ED8075BD08D5B8B670689A
Authority key identifier: 29:7A:E7:59:2C:A5:24:91:DC:16:6A:30:FE:14:77:D7:12:BD:46:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXrnWSylJJHcFmow_hR31xK9Rl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/SxCmwkP6Nm4OCkq0cafIGZz0UzE.roa
Signing time:             Fri 02 Jan 2026 02:19:06 +0000
ROA not before:           Fri 02 Jan 2026 02:19:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51219
IP address blocks:        94.159.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/KXrnWSylJJHcFmow_hR31xK9Rl0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/KXrnWSylJJHcFmow_hR31xK9Rl0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXrnWSylJJHcFmow_hR31xK9Rl0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:60:81:b9:ed:80:75:bd:08:d5:b8:b6:70:68:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ae7592ca52491dc166a30fe1477d712bd465d
        Validity
            Not Before: Jan  2 02:19:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4b10a6c243fa366e0e0a4ab471a7c8199cf45331
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:61:f4:cb:c8:74:96:50:cf:21:db:35:5a:0a:
                    2f:8e:d2:08:f3:0b:36:8f:cf:32:60:df:f4:e5:cd:
                    e8:9c:58:79:e8:4f:75:58:fb:0f:35:20:ed:d6:61:
                    23:6a:39:fb:d1:ab:55:2c:8a:b8:a8:af:e8:8f:1d:
                    65:ef:80:d6:2f:e2:f9:1d:65:2d:5d:36:25:f6:39:
                    5e:a8:85:00:3c:cd:c3:bc:13:55:b9:28:c4:52:87:
                    77:a4:35:bc:89:47:7f:b1:04:5b:58:6a:55:6f:7b:
                    36:ef:9c:31:58:cf:3e:14:fc:1f:cb:43:3f:67:ed:
                    f4:18:50:c5:61:bc:7f:8b:16:c0:74:ab:ba:25:55:
                    90:53:ce:ad:04:93:51:a8:25:54:08:ab:58:de:79:
                    b3:a5:d3:40:04:c3:6a:c5:4c:96:60:ba:66:64:d6:
                    77:9e:1e:e5:09:2f:83:c0:64:bc:9e:23:31:d0:f2:
                    86:9a:7b:d1:07:99:73:8f:da:e0:87:96:00:da:83:
                    0b:89:3e:f4:75:77:ca:ce:eb:7b:1a:a4:9c:01:fa:
                    43:95:e5:16:7e:1a:11:e4:71:f2:c5:16:16:fb:a6:
                    33:93:03:8f:68:e0:1f:c5:61:e6:39:14:c9:c0:33:
                    51:c8:f9:7e:09:83:57:38:f2:56:1a:5d:3d:9d:99:
                    5a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:10:A6:C2:43:FA:36:6E:0E:0A:4A:B4:71:A7:C8:19:9C:F4:53:31
            X509v3 Authority Key Identifier:
                keyid:29:7A:E7:59:2C:A5:24:91:DC:16:6A:30:FE:14:77:D7:12:BD:46:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXrnWSylJJHcFmow_hR31xK9Rl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/SxCmwkP6Nm4OCkq0cafIGZz0UzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/KXrnWSylJJHcFmow_hR31xK9Rl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.159.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:2a:6e:6b:4d:2c:64:e7:4a:49:25:04:ae:b5:fe:d0:49:b3:
         4c:be:a8:b6:cb:87:c0:33:b6:c5:7d:f4:c8:b9:e9:05:ef:5c:
         4b:ca:75:74:ae:91:f5:67:98:9f:ca:bf:89:e2:6e:53:c3:e7:
         c5:1f:bc:15:30:1e:6f:d6:b5:10:46:34:2f:a9:eb:cd:00:39:
         62:e3:8d:b5:12:c0:5c:b5:cf:63:f2:5b:05:c6:65:f0:2c:83:
         b6:f6:7e:a4:b8:ef:03:eb:bc:f2:28:0b:db:91:66:3b:5e:f9:
         cf:23:e5:0b:f3:17:2d:c4:d1:d9:c5:73:6d:20:15:d2:8e:ec:
         60:5f:34:46:a9:0f:89:ee:c7:61:01:98:17:40:02:02:b4:6a:
         24:63:34:c4:c2:c7:e1:e1:dc:4a:fc:ad:2e:5b:0e:61:3e:42:
         6d:e6:06:c1:ab:ad:eb:47:ae:0f:2f:05:35:ea:b8:80:c9:2d:
         ec:fb:0d:f1:03:28:d7:d1:b8:3c:63:64:f0:3f:3a:c6:30:2d:
         1a:be:1d:2e:c6:e1:88:30:70:61:6a:aa:bd:02:41:62:65:ed:
         95:02:f1:fd:92:dd:6a:86:33:5f:41:bd:aa:02:ce:73:fc:ab:
         c4:af:07:1c:69:e5:8c:9d:32:55:c0:f5:4a:81:c8:36:13:38:
         3f:48:e4:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gGCBue2Adb0I1bi2cGiaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2FlNzU5MmNhNTI0OTFkYzE2NmEzMGZlMTQ3N2Q3MTJi
ZDQ2NWQwHhcNMjYwMTAyMDIxOTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjEwYTZjMjQzZmEzNjZlMGUwYTRhYjQ3MWE3YzgxOTljZjQ1MzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmH0y8h0llDPIds1WgovjtII8ws2
j88yYN/05c3onFh56E91WPsPNSDt1mEjajn70atVLIq4qK/ojx1l74DWL+L5HWUt
XTYl9jleqIUAPM3DvBNVuSjEUod3pDW8iUd/sQRbWGpVb3s275wxWM8+FPwfy0M/
Z+30GFDFYbx/ixbAdKu6JVWQU86tBJNRqCVUCKtY3nmzpdNABMNqxUyWYLpmZNZ3
nh7lCS+DwGS8niMx0PKGmnvRB5lzj9rgh5YA2oMLiT70dXfKzut7GqScAfpDleUW
fhoR5HHyxRYW+6YzkwOPaOAfxWHmORTJwDNRyPl+CYNXOPJWGl09nZlarQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEsQpsJD+jZuDgpKtHGnyBmc9FMxMB8GA1UdIwQY
MBaAFCl651kspSSR3BZqMP4Ud9cSvUZdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1hybldTeWxKSkhjRm1vd19oUjMxeEs5UmwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS80OGUxZTgtMzI4ZC00ZjgyLTkzOTgt
MzkxMGE1OWExMTIxLzEvU3hDbXdrUDZObTRPQ2txMGNhZklHWnowVXpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS80OGUxZTgtMzI4ZC00ZjgyLTkzOTgtMzkxMGE1OWExMTIx
LzEvS1hybldTeWxKSkhjRm1vd19oUjMxeEs5UmwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXp9dMA0G
CSqGSIb3DQEBCwUAA4IBAQAQKm5rTSxk50pJJQSutf7QSbNMvqi2y4fAM7bFffTI
uekF71xLynV0rpH1Z5ifyr+J4m5Tw+fFH7wVMB5v1rUQRjQvqevNADli4421EsBc
tc9j8lsFxmXwLIO29n6kuO8D67zyKAvbkWY7XvnPI+UL8xctxNHZxXNtIBXSjuxg
XzRGqQ+J7sdhAZgXQAICtGokYzTEwsfh4dxK/K0uWw5hPkJt5gbBq63rR64PLwU1
6riAyS3s+w3xAyjX0bg8Y2TwPzrGMC0avh0uxuGIMHBhaqq9AkFiZe2VAvH9kt1q
hjNfQb2qAs5z/KvErwccaeWMnTJVwPVKgcg2Ezg/SOT2
-----END CERTIFICATE-----