This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/8a9417-bc28-4a02-a92f-a408bba735ee/1/xzZmjyBgUA5PVhf5CC_hJNwcVzY.roa
File:                     xzZmjyBgUA5PVhf5CC_hJNwcVzY.roa (raw, json)
Hash identifier:          NZxy7sLP8vd+st6fA6TY6gFnYnOKj2RudHOzgNs7jsI=
Subject key identifier:   C7:36:66:8F:20:60:50:0E:4F:56:17:F9:08:2F:E1:24:DC:1C:57:36
Certificate issuer:       /CN=d462ece547572adeca1a9ff057e0ba8eae8c5d5e
Certificate serial:       019B7AC9445E24CC0402B0ABD98A09410E44
Authority key identifier: D4:62:EC:E5:47:57:2A:DE:CA:1A:9F:F0:57:E0:BA:8E:AE:8C:5D:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1GLs5UdXKt7KGp_wV-C6jq6MXV4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/8a9417-bc28-4a02-a92f-a408bba735ee/1/xzZmjyBgUA5PVhf5CC_hJNwcVzY.roa
Signing time:             Thu 01 Jan 2026 18:19:29 +0000
ROA not before:           Thu 01 Jan 2026 18:19:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216054
IP address blocks:        213.177.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/8a9417-bc28-4a02-a92f-a408bba735ee/1/1GLs5UdXKt7KGp_wV-C6jq6MXV4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/8a9417-bc28-4a02-a92f-a408bba735ee/1/1GLs5UdXKt7KGp_wV-C6jq6MXV4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1GLs5UdXKt7KGp_wV-C6jq6MXV4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:44:5e:24:cc:04:02:b0:ab:d9:8a:09:41:0e:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d462ece547572adeca1a9ff057e0ba8eae8c5d5e
        Validity
            Not Before: Jan  1 18:19:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c736668f2060500e4f5617f9082fe124dc1c5736
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:da:1c:5f:a2:e4:1f:3e:bf:49:ae:c2:ba:ed:
                    a0:46:e7:48:10:ac:a0:65:67:9e:ad:8b:c3:a5:7e:
                    cc:86:89:ae:31:32:c0:53:36:31:e0:b3:53:46:5f:
                    bf:29:8d:fd:75:b0:79:da:b3:0c:b4:a0:08:eb:5c:
                    d2:4e:0e:9f:57:de:93:b8:63:cd:eb:ce:63:50:13:
                    a0:bc:8d:d9:7b:a6:80:a2:a1:03:06:17:c9:79:94:
                    b0:4d:66:01:ff:0e:33:6f:09:2f:68:70:0f:74:75:
                    1a:c1:67:a5:b2:cb:6f:f2:1f:03:3b:94:6e:3d:c4:
                    1d:b3:ab:e8:c1:dc:f4:f1:97:b1:20:8d:a7:2d:8c:
                    e3:a7:c3:f6:96:04:1b:cf:a2:1e:7a:b2:36:78:aa:
                    fc:9f:95:61:25:55:e1:77:26:12:02:f8:69:aa:d3:
                    45:48:b4:36:06:4f:63:40:67:62:f5:a7:72:92:2f:
                    05:2a:40:59:f4:85:db:36:8c:bb:6a:69:a4:f8:75:
                    a8:0e:5a:f6:3e:f2:b2:11:f5:c8:b6:71:5a:38:a2:
                    e7:b0:fa:78:e6:5e:4d:49:d5:89:80:6d:5e:1e:e4:
                    db:84:1d:a3:bd:59:39:0d:fd:b1:f2:0c:63:33:25:
                    45:53:b4:4f:23:22:73:5e:13:e1:0a:d9:f9:e9:f0:
                    9a:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:36:66:8F:20:60:50:0E:4F:56:17:F9:08:2F:E1:24:DC:1C:57:36
            X509v3 Authority Key Identifier:
                keyid:D4:62:EC:E5:47:57:2A:DE:CA:1A:9F:F0:57:E0:BA:8E:AE:8C:5D:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1GLs5UdXKt7KGp_wV-C6jq6MXV4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/8a9417-bc28-4a02-a92f-a408bba735ee/1/xzZmjyBgUA5PVhf5CC_hJNwcVzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/8a9417-bc28-4a02-a92f-a408bba735ee/1/1GLs5UdXKt7KGp_wV-C6jq6MXV4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.177.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:59:21:16:07:71:b0:08:9f:9f:52:02:53:cb:f0:a0:04:0d:
         ae:ac:78:ff:1d:21:3b:3a:f1:90:f7:33:12:b5:7d:a4:d3:e6:
         68:b8:e4:87:6f:33:fa:f3:79:8e:3b:fe:5f:0d:47:28:dc:39:
         17:fc:80:85:14:77:fa:ee:9a:b5:38:88:75:06:37:01:b0:ae:
         d1:16:e0:32:cc:28:3e:76:0e:38:eb:20:07:e4:d2:d0:df:ca:
         05:62:db:4c:15:4f:08:7f:15:f6:59:66:5e:12:65:79:a1:63:
         98:d3:a6:84:ab:1f:50:20:59:d8:f1:b5:28:84:92:19:d8:ab:
         33:20:85:2d:ca:1b:f7:d3:20:97:a6:91:61:e6:08:93:34:37:
         26:21:0a:df:5d:47:ce:9a:d6:d6:cc:03:28:23:0f:53:13:9d:
         1d:ec:32:29:be:c2:96:c6:34:2a:1f:f0:7e:4e:88:61:94:c6:
         13:9e:c8:38:92:c6:bc:da:d4:66:e1:b9:7c:0a:a8:05:3b:7c:
         91:f8:0e:ff:78:86:1f:bc:a9:6b:a9:68:4b:5e:f9:3d:fe:61:
         a6:0c:5a:d4:46:bf:dd:7e:4a:6b:ab:c8:43:89:0a:1c:ae:8c:
         b0:46:e8:b1:11:da:ae:dd:cc:07:f1:fd:f3:02:f8:f8:75:e7:
         0f:54:46:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yUReJMwEArCr2YoJQQ5EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NjJlY2U1NDc1NzJhZGVjYTFhOWZmMDU3ZTBiYThlYWU4
YzVkNWUwHhcNMjYwMTAxMTgxOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzM2NjY4ZjIwNjA1MDBlNGY1NjE3ZjkwODJmZTEyNGRjMWM1NzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstocX6LkHz6/Sa7Cuu2gRudIEKyg
ZWeerYvDpX7MhomuMTLAUzYx4LNTRl+/KY39dbB52rMMtKAI61zSTg6fV96TuGPN
685jUBOgvI3Ze6aAoqEDBhfJeZSwTWYB/w4zbwkvaHAPdHUawWelsstv8h8DO5Ru
PcQds6vowdz08ZexII2nLYzjp8P2lgQbz6IeerI2eKr8n5VhJVXhdyYSAvhpqtNF
SLQ2Bk9jQGdi9adyki8FKkBZ9IXbNoy7ammk+HWoDlr2PvKyEfXItnFaOKLnsPp4
5l5NSdWJgG1eHuTbhB2jvVk5Df2x8gxjMyVFU7RPIyJzXhPhCtn56fCaNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMc2Zo8gYFAOT1YX+Qgv4STcHFc2MB8GA1UdIwQY
MBaAFNRi7OVHVyreyhqf8Ffguo6ujF1eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUdMczVVZFhLdDdLR3Bfd1YtQzZqcTZNWFY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC84YTk0MTctYmMyOC00YTAyLWE5MmYt
YTQwOGJiYTczNWVlLzEveHpabWp5QmdVQTVQVmhmNUNDX2hKTndjVnpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC84YTk0MTctYmMyOC00YTAyLWE5MmYtYTQwOGJiYTczNWVl
LzEvMUdMczVVZFhLdDdLR3Bfd1YtQzZqcTZNWFY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bGwMA0G
CSqGSIb3DQEBCwUAA4IBAQASWSEWB3GwCJ+fUgJTy/CgBA2urHj/HSE7OvGQ9zMS
tX2k0+ZouOSHbzP683mOO/5fDUco3DkX/ICFFHf67pq1OIh1BjcBsK7RFuAyzCg+
dg446yAH5NLQ38oFYttMFU8IfxX2WWZeEmV5oWOY06aEqx9QIFnY8bUohJIZ2Ksz
IIUtyhv30yCXppFh5giTNDcmIQrfXUfOmtbWzAMoIw9TE50d7DIpvsKWxjQqH/B+
TohhlMYTnsg4ksa82tRm4bl8CqgFO3yR+A7/eIYfvKlrqWhLXvk9/mGmDFrURr/d
fkprq8hDiQocroywRuixEdqu3cwH8f3zAvj4decPVEbj
-----END CERTIFICATE-----