This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/xpxQq-XYLTeZi1RJOWi2RhOZm6M.roa
File:                     xpxQq-XYLTeZi1RJOWi2RhOZm6M.roa (raw, json)
Hash identifier:          stugu/O0ZbeQlykuDSWoq5P19xqk7ytCQZZAgWlL1aI=
Subject key identifier:   C6:9C:50:AB:E5:D8:2D:37:99:8B:54:49:39:68:B6:46:13:99:9B:A3
Certificate issuer:       /CN=99ce569a14c2db3772f23187ce68e6541ec0048e
Certificate serial:       019B7EA514B15D8BA9461C3828F5C732C0D1
Authority key identifier: 99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/xpxQq-XYLTeZi1RJOWi2RhOZm6M.roa
Signing time:             Fri 02 Jan 2026 12:18:26 +0000
ROA not before:           Fri 02 Jan 2026 12:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214728
IP address blocks:        185.170.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:14:b1:5d:8b:a9:46:1c:38:28:f5:c7:32:c0:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99ce569a14c2db3772f23187ce68e6541ec0048e
        Validity
            Not Before: Jan  2 12:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c69c50abe5d82d37998b54493968b64613999ba3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:68:ae:f4:78:ea:af:2a:0e:e0:ab:dc:c9:d4:
                    22:96:e0:27:af:e7:84:b9:5e:5e:cb:26:2e:9f:62:
                    c2:c6:6d:c7:2e:f7:9e:b3:25:14:98:1a:c9:e5:20:
                    58:d8:99:bf:25:80:32:3a:1e:15:bc:e4:b4:85:d2:
                    e9:32:d0:55:91:05:93:1a:c1:dc:5b:c8:d9:2e:6c:
                    a2:1f:47:e2:93:96:df:27:bd:fa:fa:e7:5d:d9:90:
                    1e:19:a5:47:b8:f8:03:c2:82:6c:41:bf:15:3e:40:
                    7b:8a:16:0b:2b:e5:17:fa:bc:f4:27:8a:20:e0:27:
                    20:62:6b:96:48:b7:97:24:e5:6b:72:7a:96:8f:4e:
                    3e:9b:a9:2b:0d:ed:ed:e5:80:a2:56:32:d7:35:4a:
                    65:6d:9f:b1:9d:56:9d:83:64:06:53:70:4b:e8:50:
                    87:93:13:5f:1c:94:c5:7f:26:85:de:e5:e8:3e:a6:
                    b6:6b:ce:f6:f5:8d:74:14:94:c5:f4:70:d8:13:e9:
                    72:d9:8d:c3:61:a9:7e:51:11:f0:74:2f:ee:33:64:
                    66:8a:e8:f5:14:a6:68:d1:f2:58:e9:5d:7c:a4:34:
                    ba:fb:de:c9:f6:2b:1d:88:7f:1e:6f:d2:be:d5:bd:
                    8e:ee:84:7b:3c:5b:c7:65:6a:4d:60:30:47:b6:77:
                    71:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:9C:50:AB:E5:D8:2D:37:99:8B:54:49:39:68:B6:46:13:99:9B:A3
            X509v3 Authority Key Identifier:
                keyid:99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/xpxQq-XYLTeZi1RJOWi2RhOZm6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:45:13:7f:dc:23:30:42:de:45:58:6e:87:00:a9:40:57:0c:
         9c:95:3b:64:46:f6:3d:37:32:5c:67:df:5c:d4:d9:52:ab:3e:
         d0:e7:aa:5c:b6:73:0e:43:d9:2d:89:67:df:ff:c7:66:ab:73:
         2f:a3:51:c6:27:11:18:a7:f5:a7:ae:e3:fc:04:47:c8:5e:6d:
         02:f2:1b:8d:09:a9:67:ec:75:05:c2:71:12:21:ca:8c:15:bd:
         87:e1:41:23:42:c3:60:fc:7b:1f:2f:24:2f:db:d2:46:f2:ee:
         2c:b2:70:c6:9d:83:24:53:1d:ac:72:2c:1b:68:27:2e:91:b0:
         e8:96:fa:78:ae:49:bf:fc:6b:eb:fe:94:d4:fb:50:ae:ab:9a:
         9c:ae:ba:9d:9e:37:8d:5b:9e:fb:f2:8e:d3:e2:36:e6:dd:14:
         0f:10:5f:89:f2:c1:3c:8b:3c:25:35:c6:b5:f4:0a:b6:be:99:
         2c:5c:35:23:cc:3b:2f:a2:67:ae:ba:2c:af:d8:ee:d1:b2:6b:
         39:9f:e0:c4:3a:8c:55:2b:57:c5:66:bd:e4:ca:25:95:94:4b:
         99:7e:fb:23:f0:e8:49:38:88:7b:73:db:17:c7:d5:e8:18:c2:
         6b:65:0d:a0:4c:0a:bc:1d:38:58:8b:77:e9:0d:5d:a1:13:56:
         a5:78:3a:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pRSxXYupRhw4KPXHMsDRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5Y2U1NjlhMTRjMmRiMzc3MmYyMzE4N2NlNjhlNjU0MWVj
MDA0OGUwHhcNMjYwMTAyMTIxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjljNTBhYmU1ZDgyZDM3OTk4YjU0NDkzOTY4YjY0NjEzOTk5YmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2iu9HjqryoO4KvcydQiluAnr+eE
uV5eyyYun2LCxm3HLveesyUUmBrJ5SBY2Jm/JYAyOh4VvOS0hdLpMtBVkQWTGsHc
W8jZLmyiH0fik5bfJ736+udd2ZAeGaVHuPgDwoJsQb8VPkB7ihYLK+UX+rz0J4og
4CcgYmuWSLeXJOVrcnqWj04+m6krDe3t5YCiVjLXNUplbZ+xnVadg2QGU3BL6FCH
kxNfHJTFfyaF3uXoPqa2a8729Y10FJTF9HDYE+ly2Y3DYal+URHwdC/uM2Rmiuj1
FKZo0fJY6V18pDS6+97J9isdiH8eb9K+1b2O7oR7PFvHZWpNYDBHtndxbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMacUKvl2C03mYtUSTlotkYTmZujMB8GA1UdIwQY
MBaAFJnOVpoUwts3cvIxh85o5lQewASOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQt
MTA5NTU0NGM2YzUwLzEveHB4UXEtWFlMVGVaaTFSSk9XaTJSaE9abTZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQtMTA5NTU0NGM2YzUw
LzEvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaqBMA0G
CSqGSIb3DQEBCwUAA4IBAQBARRN/3CMwQt5FWG6HAKlAVwyclTtkRvY9NzJcZ99c
1NlSqz7Q56pctnMOQ9ktiWff/8dmq3Mvo1HGJxEYp/WnruP8BEfIXm0C8huNCaln
7HUFwnESIcqMFb2H4UEjQsNg/HsfLyQv29JG8u4ssnDGnYMkUx2sciwbaCcukbDo
lvp4rkm//Gvr/pTU+1Cuq5qcrrqdnjeNW5778o7T4jbm3RQPEF+J8sE8izwlNca1
9Aq2vpksXDUjzDsvomeuuiyv2O7Rsms5n+DEOoxVK1fFZr3kyiWVlEuZfvsj8OhJ
OIh7c9sXx9XoGMJrZQ2gTAq8HThYi3fpDV2hE1aleDp+
-----END CERTIFICATE-----