This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Xy6Z-rIbH0hgAqQjTwKGR6DEyi0.roa
File:                     Xy6Z-rIbH0hgAqQjTwKGR6DEyi0.roa (raw, json)
Hash identifier:          LtmWWXn0+vI3IbQM0lLfdmQI+KzF/VkiCv714x9GF9Y=
Subject key identifier:   5F:2E:99:FA:B2:1B:1F:48:60:02:A4:23:4F:02:86:47:A0:C4:CA:2D
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019B7E37C1DD47833929795CA218E0C507BE
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Xy6Z-rIbH0hgAqQjTwKGR6DEyi0.roa
Signing time:             Fri 02 Jan 2026 10:19:01 +0000
ROA not before:           Fri 02 Jan 2026 10:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201409
IP address blocks:        193.142.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 00:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:c1:dd:47:83:39:29:79:5c:a2:18:e0:c5:07:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jan  2 10:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5f2e99fab21b1f486002a4234f028647a0c4ca2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:20:6f:92:75:42:3c:5e:eb:0f:5d:21:60:08:
                    4f:a4:b1:31:bc:a8:b8:b2:df:dc:55:29:3f:2c:4d:
                    a8:1c:43:6c:ae:a4:35:55:ba:38:aa:9e:80:56:64:
                    d4:9c:81:c9:55:ea:de:8d:7b:4c:2c:8d:9b:e9:b7:
                    81:4c:75:ee:12:89:74:61:1f:c4:8a:12:6d:70:42:
                    82:3d:a3:3b:5b:8e:df:72:45:95:f2:c2:ae:a7:e9:
                    62:04:4e:9a:99:c8:a2:46:3a:c4:62:f8:62:ed:65:
                    04:10:cb:e6:19:04:05:a3:bf:73:27:32:96:cf:65:
                    e3:7e:c7:fe:a1:75:1a:9b:32:e1:8c:3c:56:f2:b0:
                    97:c2:e7:d3:a9:55:ad:e5:ce:12:58:55:e4:c6:2a:
                    ea:a9:f3:85:c0:30:46:42:06:71:ca:55:b3:ea:1b:
                    a6:81:79:5a:bd:c9:ca:a8:ab:ff:97:d2:bb:04:68:
                    a4:5e:c0:fb:7a:92:da:4d:21:bf:bf:af:fd:2f:b2:
                    59:da:12:a8:12:35:30:13:5f:29:15:68:d0:4a:9c:
                    f2:d1:f1:be:64:75:27:20:86:e8:97:c3:66:14:97:
                    d5:6b:71:eb:ae:37:c5:27:37:8c:92:97:01:b3:9c:
                    34:7e:49:8a:83:84:fe:82:4a:8f:25:49:d6:54:9c:
                    f0:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:2E:99:FA:B2:1B:1F:48:60:02:A4:23:4F:02:86:47:A0:C4:CA:2D
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/Xy6Z-rIbH0hgAqQjTwKGR6DEyi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:6e:09:74:38:c8:37:e8:93:97:7b:cd:1a:73:ba:4d:43:c9:
         15:b5:30:8b:29:7d:f1:6d:9f:7e:6e:cd:be:d8:cd:98:ed:3e:
         c1:eb:35:af:ea:5b:c3:3f:6e:3b:f8:46:19:86:b2:76:98:7f:
         92:de:59:63:3d:58:40:76:c7:29:fc:e2:bc:1d:33:f2:12:0f:
         27:dc:01:75:43:70:c9:9b:6b:69:3e:de:c2:c2:6a:9b:60:51:
         fc:4c:20:90:b6:0c:56:ef:a4:ac:f4:2e:d2:0d:77:a8:de:68:
         53:36:b4:00:f5:29:2c:dc:ec:ce:41:58:7a:28:95:89:11:23:
         02:80:79:99:2b:3a:72:f9:78:b7:0b:b7:ea:f4:3d:0c:d7:f8:
         6b:74:4b:53:9f:44:6b:96:d7:bb:af:e9:96:b6:d6:09:9b:6c:
         1a:b1:36:1d:ca:da:4f:cc:5a:32:29:5b:10:0a:97:d4:d4:5e:
         0c:55:b7:59:ce:96:99:32:35:c3:6d:40:cb:6e:fd:d8:65:9c:
         34:3e:a6:39:2e:4f:a0:31:06:37:22:bb:32:72:13:46:ff:7e:
         4e:4b:81:36:2f:b9:70:ff:54:3d:85:51:0e:19:3f:dc:56:8d:
         46:35:86:4b:a9:d6:37:97:fb:ed:9a:17:ca:c8:b3:38:cb:84:
         24:27:92:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N8HdR4M5KXlcohjgxQe+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMTAyMTAxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjJlOTlmYWIyMWIxZjQ4NjAwMmE0MjM0ZjAyODY0N2EwYzRjYTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSBvknVCPF7rD10hYAhPpLExvKi4
st/cVSk/LE2oHENsrqQ1Vbo4qp6AVmTUnIHJVerejXtMLI2b6beBTHXuEol0YR/E
ihJtcEKCPaM7W47fckWV8sKup+liBE6amciiRjrEYvhi7WUEEMvmGQQFo79zJzKW
z2Xjfsf+oXUamzLhjDxW8rCXwufTqVWt5c4SWFXkxirqqfOFwDBGQgZxylWz6hum
gXlavcnKqKv/l9K7BGikXsD7epLaTSG/v6/9L7JZ2hKoEjUwE18pFWjQSpzy0fG+
ZHUnIIbol8NmFJfVa3HrrjfFJzeMkpcBs5w0fkmKg4T+gkqPJUnWVJzwHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8umfqyGx9IYAKkI08ChkegxMotMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvWHk2Wi1ySWJIMGhnQXFRalR3S0dSNkRFeWkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwY47MA0G
CSqGSIb3DQEBCwUAA4IBAQAubgl0OMg36JOXe80ac7pNQ8kVtTCLKX3xbZ9+bs2+
2M2Y7T7B6zWv6lvDP247+EYZhrJ2mH+S3lljPVhAdscp/OK8HTPyEg8n3AF1Q3DJ
m2tpPt7CwmqbYFH8TCCQtgxW76Ss9C7SDXeo3mhTNrQA9Sks3OzOQVh6KJWJESMC
gHmZKzpy+Xi3C7fq9D0M1/hrdEtTn0Rrlte7r+mWttYJm2wasTYdytpPzFoyKVsQ
CpfU1F4MVbdZzpaZMjXDbUDLbv3YZZw0PqY5Lk+gMQY3IrsychNG/35OS4E2L7lw
/1Q9hVEOGT/cVo1GNYZLqdY3l/vtmhfKyLM4y4QkJ5JY
-----END CERTIFICATE-----