This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b8d065-ed81-409e-b1f1-76ab3fca1f32/1/XA0hanAouJl2ycFS_6jOkWOebDo.roa
File:                     XA0hanAouJl2ycFS_6jOkWOebDo.roa (raw, json)
Hash identifier:          A3fTkPkEhBhccpT47iyF3/WYn8UVXxPajs9rFRIKGYs=
Subject key identifier:   5C:0D:21:6A:70:28:B8:99:76:C9:C1:52:FF:A8:CE:91:63:9E:6C:3A
Certificate issuer:       /CN=943bc576732374e8d89d7013ab3630b6e0a9f19a
Certificate serial:       019B7BA43A5AB2A70B587C7FF2E46A03CD6E
Authority key identifier: 94:3B:C5:76:73:23:74:E8:D8:9D:70:13:AB:36:30:B6:E0:A9:F1:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lDvFdnMjdOjYnXATqzYwtuCp8Zo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b8d065-ed81-409e-b1f1-76ab3fca1f32/1/XA0hanAouJl2ycFS_6jOkWOebDo.roa
Signing time:             Thu 01 Jan 2026 22:18:38 +0000
ROA not before:           Thu 01 Jan 2026 22:18:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49289
IP address blocks:        193.200.26.0/24 maxlen: 24
                          193.200.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b8d065-ed81-409e-b1f1-76ab3fca1f32/1/lDvFdnMjdOjYnXATqzYwtuCp8Zo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b8d065-ed81-409e-b1f1-76ab3fca1f32/1/lDvFdnMjdOjYnXATqzYwtuCp8Zo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lDvFdnMjdOjYnXATqzYwtuCp8Zo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:3a:5a:b2:a7:0b:58:7c:7f:f2:e4:6a:03:cd:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=943bc576732374e8d89d7013ab3630b6e0a9f19a
        Validity
            Not Before: Jan  1 22:18:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c0d216a7028b89976c9c152ffa8ce91639e6c3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:1c:e6:16:52:93:42:ce:85:00:97:9a:e9:7c:
                    99:18:67:b0:18:4b:da:91:4f:0b:24:20:7d:c1:59:
                    28:25:e9:3f:45:c4:7e:ca:2b:0a:04:45:eb:52:ba:
                    9c:f1:ba:73:fc:a8:b9:6b:93:5a:4d:e8:0a:8c:7e:
                    06:fa:a7:39:dc:2f:70:e3:77:b8:e9:13:94:04:83:
                    cb:7c:2c:40:19:01:c4:f7:5c:d4:e1:32:e3:53:e6:
                    22:7c:32:af:9f:c4:da:71:dc:56:ff:15:ed:8d:37:
                    31:9c:e4:6f:b6:af:7f:26:ea:14:de:b6:36:11:9a:
                    c6:5c:75:83:6f:ab:f0:b4:6a:02:56:82:b2:61:ea:
                    f3:97:87:21:6a:ef:95:46:cd:a8:60:47:f7:fe:25:
                    63:40:e6:c4:65:c9:69:fe:c7:50:88:39:75:dc:12:
                    b6:44:9d:28:ae:ef:2c:3a:90:72:6d:78:2f:83:73:
                    42:27:48:cb:51:0d:5e:d9:0a:15:9a:3f:08:8f:48:
                    c6:23:00:d8:96:65:da:f2:4c:08:e4:d1:cb:3d:25:
                    81:7f:3f:38:83:2c:52:a6:9f:a4:74:ce:cd:3f:03:
                    fe:e6:63:6d:8d:f7:77:ea:44:e6:ce:93:d6:36:73:
                    44:67:d9:3e:0d:32:14:22:a9:52:82:aa:28:44:35:
                    c0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:0D:21:6A:70:28:B8:99:76:C9:C1:52:FF:A8:CE:91:63:9E:6C:3A
            X509v3 Authority Key Identifier:
                keyid:94:3B:C5:76:73:23:74:E8:D8:9D:70:13:AB:36:30:B6:E0:A9:F1:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lDvFdnMjdOjYnXATqzYwtuCp8Zo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b8d065-ed81-409e-b1f1-76ab3fca1f32/1/XA0hanAouJl2ycFS_6jOkWOebDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b8d065-ed81-409e-b1f1-76ab3fca1f32/1/lDvFdnMjdOjYnXATqzYwtuCp8Zo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:56:7a:e6:4e:8c:3a:8b:f9:2e:ca:7c:47:9a:ed:fe:b6:30:
         fe:99:83:ed:50:f2:4b:db:01:57:cf:bf:5f:f0:02:de:f2:f7:
         0e:ce:a8:55:44:df:fd:fb:b6:ac:b1:80:9b:db:b3:0e:c5:7b:
         76:d1:b9:33:67:bd:a3:e8:cc:2f:e3:db:54:4f:92:b8:ad:14:
         4d:6a:9b:30:d2:79:65:cb:12:35:f7:67:5f:e9:80:57:9b:cb:
         38:b1:17:2f:79:3d:d0:01:2f:f3:20:18:b1:77:cc:44:50:74:
         f5:fb:40:a4:25:27:75:6a:d0:62:35:9f:04:a9:1b:71:02:bd:
         01:9a:32:2d:3b:a9:66:0c:e1:71:15:04:cc:c0:99:01:6a:96:
         36:23:d4:a2:51:1e:1f:50:14:e3:69:0a:43:07:28:83:20:8a:
         9b:26:4f:4e:ea:75:36:57:93:19:5f:80:87:6d:e8:0a:11:8c:
         9b:5c:ce:35:43:ed:5d:7c:2c:08:f2:02:92:48:cc:d6:22:fa:
         c8:88:bc:da:d8:43:15:7f:44:a7:cc:87:5e:60:92:82:9b:b8:
         28:e0:c0:85:ab:b6:5d:9b:a6:eb:78:d6:76:bc:ee:b4:3d:5f:
         3f:79:36:7e:66:db:cc:b2:78:85:7a:38:c3:0e:8f:a8:e2:dc:
         c9:e1:36:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pDpasqcLWHx/8uRqA81uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0M2JjNTc2NzMyMzc0ZThkODlkNzAxM2FiMzYzMGI2ZTBh
OWYxOWEwHhcNMjYwMTAxMjIxODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzBkMjE2YTcwMjhiODk5NzZjOWMxNTJmZmE4Y2U5MTYzOWU2YzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxzmFlKTQs6FAJea6XyZGGewGEva
kU8LJCB9wVkoJek/RcR+yisKBEXrUrqc8bpz/Ki5a5NaTegKjH4G+qc53C9w43e4
6ROUBIPLfCxAGQHE91zU4TLjU+YifDKvn8TacdxW/xXtjTcxnORvtq9/JuoU3rY2
EZrGXHWDb6vwtGoCVoKyYerzl4chau+VRs2oYEf3/iVjQObEZclp/sdQiDl13BK2
RJ0oru8sOpBybXgvg3NCJ0jLUQ1e2QoVmj8Ij0jGIwDYlmXa8kwI5NHLPSWBfz84
gyxSpp+kdM7NPwP+5mNtjfd36kTmzpPWNnNEZ9k+DTIUIqlSgqooRDXAmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwNIWpwKLiZdsnBUv+ozpFjnmw6MB8GA1UdIwQY
MBaAFJQ7xXZzI3To2J1wE6s2MLbgqfGaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbER2RmRuTWpkT2pZblhBVHF6WXd0dUNwOFpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iOGQwNjUtZWQ4MS00MDllLWIxZjEt
NzZhYjNmY2ExZjMyLzEvWEEwaGFuQW91SmwyeWNGU182ak9rV09lYkRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iOGQwNjUtZWQ4MS00MDllLWIxZjEtNzZhYjNmY2ExZjMy
LzEvbER2RmRuTWpkT2pZblhBVHF6WXd0dUNwOFpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwcgaMA0G
CSqGSIb3DQEBCwUAA4IBAQA+VnrmTow6i/kuynxHmu3+tjD+mYPtUPJL2wFXz79f
8ALe8vcOzqhVRN/9+7assYCb27MOxXt20bkzZ72j6Mwv49tUT5K4rRRNapsw0nll
yxI192df6YBXm8s4sRcveT3QAS/zIBixd8xEUHT1+0CkJSd1atBiNZ8EqRtxAr0B
mjItO6lmDOFxFQTMwJkBapY2I9SiUR4fUBTjaQpDByiDIIqbJk9O6nU2V5MZX4CH
begKEYybXM41Q+1dfCwI8gKSSMzWIvrIiLza2EMVf0SnzIdeYJKCm7go4MCFq7Zd
m6breNZ2vO60PV8/eTZ+ZtvMsniFejjDDo+o4tzJ4TZp
-----END CERTIFICATE-----