This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/XpRtGgpQMgfYPr6Ae4n-CrXAlUE.roa
File:                     XpRtGgpQMgfYPr6Ae4n-CrXAlUE.roa (raw, json)
Hash identifier:          NDYAShaJd5oq4XV/s8UZ9bjqNMFDxRAsxUeNLahhptc=
Subject key identifier:   5E:94:6D:1A:0A:50:32:07:D8:3E:BE:80:7B:89:FE:0A:B5:C0:95:41
Certificate issuer:       /CN=ebf385ced090dbf1d044734e12a270ee6b841c96
Certificate serial:       019B797DF2AF8D6D4FC972480F2926F070A9
Authority key identifier: EB:F3:85:CE:D0:90:DB:F1:D0:44:73:4E:12:A2:70:EE:6B:84:1C:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6_OFztCQ2_HQRHNOEqJw7muEHJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/XpRtGgpQMgfYPr6Ae4n-CrXAlUE.roa
Signing time:             Thu 01 Jan 2026 12:17:35 +0000
ROA not before:           Thu 01 Jan 2026 12:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396982
IP address blocks:        45.141.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/6_OFztCQ2_HQRHNOEqJw7muEHJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/6_OFztCQ2_HQRHNOEqJw7muEHJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6_OFztCQ2_HQRHNOEqJw7muEHJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 21:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7d:f2:af:8d:6d:4f:c9:72:48:0f:29:26:f0:70:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebf385ced090dbf1d044734e12a270ee6b841c96
        Validity
            Not Before: Jan  1 12:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e946d1a0a503207d83ebe807b89fe0ab5c09541
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:37:d5:e4:8b:f4:db:d1:2d:db:7a:65:43:d7:
                    91:55:a4:b8:35:db:4e:ae:08:b5:6e:2a:56:ed:7b:
                    24:f1:59:08:aa:12:8e:a5:ad:bb:e1:36:05:4f:60:
                    ae:0e:a3:9d:ef:fa:b3:0c:f1:8d:cf:d0:85:22:cc:
                    cb:0d:ed:df:cb:ad:bd:34:a2:32:40:e5:31:de:ae:
                    a3:2d:e9:58:5f:2f:12:b2:4a:2c:3a:76:06:bb:34:
                    c5:8b:c2:c8:fb:33:97:2d:64:00:84:d5:7d:e3:a5:
                    d3:ed:22:f5:af:f6:44:6f:aa:f8:61:bf:a1:f0:d5:
                    2e:a9:fe:51:0f:5a:53:20:3b:2b:7b:81:ed:e6:30:
                    a7:80:dd:bd:67:e8:20:84:26:29:67:9f:38:07:41:
                    1d:46:13:11:e0:7d:e2:6d:0d:ec:eb:3f:9f:66:5b:
                    2e:33:a3:c8:f9:ab:09:0e:a9:bb:67:3a:4f:25:d9:
                    35:ff:51:01:ad:7d:ee:c3:28:cf:29:9a:cd:3f:c5:
                    b8:5c:04:cb:a3:a1:fb:f3:58:9f:c0:3f:cc:09:7a:
                    82:5c:31:95:18:22:08:51:88:e2:31:bf:d2:28:9e:
                    04:70:5d:83:bb:50:cf:92:81:17:d9:d3:7e:8c:64:
                    a3:f0:37:e7:7e:10:08:89:e7:30:92:22:d4:ce:4a:
                    29:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:94:6D:1A:0A:50:32:07:D8:3E:BE:80:7B:89:FE:0A:B5:C0:95:41
            X509v3 Authority Key Identifier:
                keyid:EB:F3:85:CE:D0:90:DB:F1:D0:44:73:4E:12:A2:70:EE:6B:84:1C:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_OFztCQ2_HQRHNOEqJw7muEHJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/XpRtGgpQMgfYPr6Ae4n-CrXAlUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/6_OFztCQ2_HQRHNOEqJw7muEHJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:e3:fa:6e:15:40:5a:2f:ab:10:fd:42:9c:77:75:d4:1a:1a:
         40:a1:cd:e9:f3:ad:3d:e3:30:80:05:a5:4c:33:e0:08:ff:98:
         c4:31:54:3c:ab:c5:d0:8c:01:98:6f:49:d3:c5:cb:f2:fa:63:
         c0:39:6d:3f:be:b7:62:5f:8c:33:a0:a8:0f:83:fd:87:67:5f:
         35:e4:c9:93:25:e3:b1:d4:34:2f:34:06:e5:48:18:6a:2d:b3:
         24:35:24:e7:5d:58:d3:5c:03:0b:3b:70:d1:6e:32:01:e9:ec:
         59:37:69:bd:f1:bf:a1:56:86:41:df:5a:1f:c2:eb:0c:94:fa:
         eb:ab:1e:27:d6:39:5b:4d:ca:3b:ba:c3:25:96:6e:48:29:ec:
         02:b4:5f:e3:bd:5f:b8:fa:60:02:b7:b2:d7:82:4d:f1:ea:75:
         fa:5a:d4:85:1d:51:61:15:76:25:00:91:4b:45:52:a4:5d:71:
         37:55:b3:aa:5d:dd:52:cc:29:bc:c0:fb:fd:04:7b:a9:f6:82:
         e7:71:e5:f1:16:ac:9c:d5:9d:20:83:bc:c5:28:3c:04:9d:ce:
         dc:6d:b3:a7:3e:f5:ec:1a:07:ff:d0:96:47:43:0e:21:62:cf:
         4b:4c:f4:b1:34:97:4c:62:67:5e:af:40:bc:48:97:52:1f:95:
         09:38:39:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ffKvjW1PyXJIDykm8HCpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZjM4NWNlZDA5MGRiZjFkMDQ0NzM0ZTEyYTI3MGVlNmI4
NDFjOTYwHhcNMjYwMTAxMTIxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTk0NmQxYTBhNTAzMjA3ZDgzZWJlODA3Yjg5ZmUwYWI1YzA5NTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjfV5Iv029Et23plQ9eRVaS4NdtO
rgi1bipW7Xsk8VkIqhKOpa274TYFT2CuDqOd7/qzDPGNz9CFIszLDe3fy629NKIy
QOUx3q6jLelYXy8SskosOnYGuzTFi8LI+zOXLWQAhNV946XT7SL1r/ZEb6r4Yb+h
8NUuqf5RD1pTIDsre4Ht5jCngN29Z+gghCYpZ584B0EdRhMR4H3ibQ3s6z+fZlsu
M6PI+asJDqm7ZzpPJdk1/1EBrX3uwyjPKZrNP8W4XATLo6H781ifwD/MCXqCXDGV
GCIIUYjiMb/SKJ4EcF2Du1DPkoEX2dN+jGSj8DfnfhAIiecwkiLUzkop5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6UbRoKUDIH2D6+gHuJ/gq1wJVBMB8GA1UdIwQY
MBaAFOvzhc7QkNvx0ERzThKicO5rhByWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNl9PRnp0Q1EyX0hRUkhOT0VxSnc3bXVFSEpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8xYTllMTQtN2ZiNC00ODliLTkwYmUt
NDY1ZDIyM2IyMzJlLzEvWHBSdEdncFFNZ2ZZUHI2QWU0bi1DclhBbFVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8xYTllMTQtN2ZiNC00ODliLTkwYmUtNDY1ZDIyM2IyMzJl
LzEvNl9PRnp0Q1EyX0hRUkhOT0VxSnc3bXVFSEpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY1bMA0G
CSqGSIb3DQEBCwUAA4IBAQAS4/puFUBaL6sQ/UKcd3XUGhpAoc3p86094zCABaVM
M+AI/5jEMVQ8q8XQjAGYb0nTxcvy+mPAOW0/vrdiX4wzoKgPg/2HZ1815MmTJeOx
1DQvNAblSBhqLbMkNSTnXVjTXAMLO3DRbjIB6exZN2m98b+hVoZB31ofwusMlPrr
qx4n1jlbTco7usMllm5IKewCtF/jvV+4+mACt7LXgk3x6nX6WtSFHVFhFXYlAJFL
RVKkXXE3VbOqXd1SzCm8wPv9BHup9oLnceXxFqyc1Z0gg7zFKDwEnc7cbbOnPvXs
Ggf/0JZHQw4hYs9LTPSxNJdMYmder0C8SJdSH5UJODkr
-----END CERTIFICATE-----