This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/6f49e1-e704-4ab4-b94c-5fdcb783a6ec/1/xhl0o4V6-hvD85CUbuSTASM7Pe8.roa
File:                     xhl0o4V6-hvD85CUbuSTASM7Pe8.roa (raw, json)
Hash identifier:          UOzsj8ZtwxxJK1k4oeGehyFJR/EivykYvRbt7Q6K/PA=
Subject key identifier:   C6:19:74:A3:85:7A:FA:1B:C3:F3:90:94:6E:E4:93:01:23:3B:3D:EF
Certificate issuer:       /CN=f7b069d33df1225a8b3643a01364f279df40d877
Certificate serial:       019B7CECE60FBE44B76B8BD605821B6B63BB
Authority key identifier: F7:B0:69:D3:3D:F1:22:5A:8B:36:43:A0:13:64:F2:79:DF:40:D8:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/97Bp0z3xIlqLNkOgE2Tyed9A2Hc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/6f49e1-e704-4ab4-b94c-5fdcb783a6ec/1/xhl0o4V6-hvD85CUbuSTASM7Pe8.roa
Signing time:             Fri 02 Jan 2026 04:17:38 +0000
ROA not before:           Fri 02 Jan 2026 04:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12859
IP address blocks:        91.207.232.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/6f49e1-e704-4ab4-b94c-5fdcb783a6ec/1/97Bp0z3xIlqLNkOgE2Tyed9A2Hc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/6f49e1-e704-4ab4-b94c-5fdcb783a6ec/1/97Bp0z3xIlqLNkOgE2Tyed9A2Hc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/97Bp0z3xIlqLNkOgE2Tyed9A2Hc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 10:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ec:e6:0f:be:44:b7:6b:8b:d6:05:82:1b:6b:63:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7b069d33df1225a8b3643a01364f279df40d877
        Validity
            Not Before: Jan  2 04:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c61974a3857afa1bc3f390946ee49301233b3def
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:66:aa:76:91:d5:14:f5:5d:50:19:66:17:11:
                    1d:3c:6b:c8:04:a1:e3:82:ed:7f:93:c7:a3:cb:ec:
                    d1:e9:4a:27:5d:8e:21:36:84:a4:9b:57:e6:85:ba:
                    b2:80:94:4d:0a:3c:76:ac:68:53:91:ca:7f:e5:81:
                    6e:09:f4:bc:75:98:f1:ef:28:61:1d:c1:25:c5:26:
                    eb:0b:90:c1:b2:0e:c9:77:9b:33:b8:b1:25:24:4f:
                    7c:97:72:2c:fb:e0:21:d8:e2:98:4b:4d:60:7c:b6:
                    2f:8a:7e:5e:2c:c7:b7:20:56:a0:01:9b:89:cd:d7:
                    78:99:47:1e:db:6a:7d:30:9e:26:38:1a:75:96:8f:
                    72:6e:bd:72:67:5a:e0:64:69:4e:27:a9:80:7d:ba:
                    c2:2e:c5:42:ec:1a:b5:2c:f2:a9:3e:18:92:c1:9c:
                    33:04:d5:e1:10:1c:b9:7a:78:a0:ff:ab:c4:df:4d:
                    63:76:b7:5f:76:e2:9d:e0:5a:fd:e0:02:c9:b1:3d:
                    50:ac:fb:94:9e:3c:8c:8a:c9:de:5f:3e:95:61:78:
                    1d:75:71:03:9a:09:de:05:88:af:f1:c5:01:a6:96:
                    38:9f:73:78:b3:be:eb:bd:56:93:f0:37:54:aa:8c:
                    18:63:e1:f2:a5:27:1b:54:08:aa:33:ed:16:3b:41:
                    13:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:19:74:A3:85:7A:FA:1B:C3:F3:90:94:6E:E4:93:01:23:3B:3D:EF
            X509v3 Authority Key Identifier:
                keyid:F7:B0:69:D3:3D:F1:22:5A:8B:36:43:A0:13:64:F2:79:DF:40:D8:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/97Bp0z3xIlqLNkOgE2Tyed9A2Hc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6f49e1-e704-4ab4-b94c-5fdcb783a6ec/1/xhl0o4V6-hvD85CUbuSTASM7Pe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6f49e1-e704-4ab4-b94c-5fdcb783a6ec/1/97Bp0z3xIlqLNkOgE2Tyed9A2Hc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:06:d8:f9:0f:dd:5d:25:46:be:e7:44:8d:dd:a5:21:2b:b1:
         a3:22:71:af:e3:39:94:5f:47:00:20:8f:46:e5:9d:a0:b5:88:
         9e:5b:48:04:b6:ee:2c:de:a9:11:e8:03:c1:fa:10:ea:33:34:
         43:9b:a0:14:c6:c4:00:50:7d:16:2a:0d:c5:7c:39:27:65:78:
         af:00:5a:9b:5a:db:d5:76:0c:2e:c4:85:50:b4:06:9a:73:22:
         14:b7:8a:e0:a7:ea:ba:f3:b5:28:9e:cb:6b:4c:59:31:44:df:
         41:a5:6b:09:36:84:1b:f5:22:1e:82:a3:d4:d2:99:08:e5:d5:
         e7:34:4f:ef:3d:49:31:92:c3:e6:07:a1:b0:df:db:3b:9e:01:
         51:16:48:67:6c:a4:fb:78:0b:97:89:0c:ff:d2:0c:bd:e7:27:
         9f:2f:58:fd:d2:b4:87:31:e9:23:ea:3a:4e:33:5a:2a:3e:d3:
         2b:d3:cc:85:c1:f0:fc:cd:04:63:8c:1a:00:fd:58:1f:bb:08:
         4d:17:6e:c4:69:7a:20:44:47:22:fc:be:f9:98:f9:96:94:5b:
         84:9a:d7:d6:64:53:e0:26:22:4f:de:a9:4d:10:8f:f6:e4:93:
         a8:4b:2e:f8:dd:11:dd:57:bc:be:aa:a8:15:a1:27:81:fb:90:
         ef:3d:ae:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87OYPvkS3a4vWBYIba2O7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YjA2OWQzM2RmMTIyNWE4YjM2NDNhMDEzNjRmMjc5ZGY0
MGQ4NzcwHhcNMjYwMTAyMDQxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjE5NzRhMzg1N2FmYTFiYzNmMzkwOTQ2ZWU0OTMwMTIzM2IzZGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmaqdpHVFPVdUBlmFxEdPGvIBKHj
gu1/k8ejy+zR6UonXY4hNoSkm1fmhbqygJRNCjx2rGhTkcp/5YFuCfS8dZjx7yhh
HcElxSbrC5DBsg7Jd5szuLElJE98l3Is++Ah2OKYS01gfLYvin5eLMe3IFagAZuJ
zdd4mUce22p9MJ4mOBp1lo9ybr1yZ1rgZGlOJ6mAfbrCLsVC7Bq1LPKpPhiSwZwz
BNXhEBy5enig/6vE301jdrdfduKd4Fr94ALJsT1QrPuUnjyMisneXz6VYXgddXED
mgneBYiv8cUBppY4n3N4s77rvVaT8DdUqowYY+HypScbVAiqM+0WO0ETbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMYZdKOFevobw/OQlG7kkwEjOz3vMB8GA1UdIwQY
MBaAFPewadM98SJaizZDoBNk8nnfQNh3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTdCcDB6M3hJbHFMTmtPZ0UyVHllZDlBMkhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi82ZjQ5ZTEtZTcwNC00YWI0LWI5NGMt
NWZkY2I3ODNhNmVjLzEveGhsMG80VjYtaHZEODVDVWJ1U1RBU003UGU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi82ZjQ5ZTEtZTcwNC00YWI0LWI5NGMtNWZkY2I3ODNhNmVj
LzEvOTdCcDB6M3hJbHFMTmtPZ0UyVHllZDlBMkhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8/oMA0G
CSqGSIb3DQEBCwUAA4IBAQBXBtj5D91dJUa+50SN3aUhK7GjInGv4zmUX0cAII9G
5Z2gtYieW0gEtu4s3qkR6APB+hDqMzRDm6AUxsQAUH0WKg3FfDknZXivAFqbWtvV
dgwuxIVQtAaacyIUt4rgp+q687UonstrTFkxRN9BpWsJNoQb9SIegqPU0pkI5dXn
NE/vPUkxksPmB6Gw39s7ngFRFkhnbKT7eAuXiQz/0gy95yefL1j90rSHMekj6jpO
M1oqPtMr08yFwfD8zQRjjBoA/VgfuwhNF27EaXogREci/L75mPmWlFuEmtfWZFPg
JiJP3qlNEI/25JOoSy743RHdV7y+qqgVoSeB+5DvPa6s
-----END CERTIFICATE-----