This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/xaTqzIpplAPi5fIp3W_BRcG9eWM.roa
File:                     xaTqzIpplAPi5fIp3W_BRcG9eWM.roa (raw, json)
Hash identifier:          76S85TASVVkhTqJob0eFUdOeHj3ULo+IHnBmwT6Z/Dk=
Subject key identifier:   C5:A4:EA:CC:8A:69:94:03:E2:E5:F2:29:DD:6F:C1:45:C1:BD:79:63
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019B7B3596FB8462429488A03EBFBED80E0A
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/xaTqzIpplAPi5fIp3W_BRcG9eWM.roa
Signing time:             Thu 01 Jan 2026 20:17:48 +0000
ROA not before:           Thu 01 Jan 2026 20:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212221
IP address blocks:        85.120.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:96:fb:84:62:42:94:88:a0:3e:bf:be:d8:0e:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 20:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c5a4eacc8a699403e2e5f229dd6fc145c1bd7963
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:4d:e6:b2:11:91:e8:90:bd:65:c3:38:fb:26:
                    46:26:d4:5b:b7:bc:ca:72:67:41:82:94:a0:ca:ec:
                    3d:1f:3b:a8:ae:67:96:a5:a3:9b:03:f5:89:84:56:
                    b1:36:06:16:b4:5c:08:f1:19:d5:35:7e:4e:ac:46:
                    09:16:e8:7f:b0:25:c8:05:26:bb:86:ac:32:93:1a:
                    38:27:43:50:e9:66:83:09:32:93:b8:59:02:e4:f1:
                    80:7b:e5:03:23:10:19:54:62:12:35:63:07:dc:e1:
                    6e:44:00:65:b8:a3:ce:4f:f8:81:d6:b6:8d:41:5a:
                    d1:e5:b0:48:78:92:81:b5:9c:97:b2:7a:7e:63:aa:
                    10:49:ec:3d:56:cc:a7:60:10:21:8a:bc:2d:6e:74:
                    97:5c:80:19:80:a5:42:d5:92:f2:f8:5f:be:84:22:
                    42:bd:f0:76:e2:fc:b0:98:f6:ed:42:45:d3:2a:a9:
                    56:85:63:da:e1:3b:15:2e:72:47:3b:cc:88:42:f6:
                    55:03:f3:ea:bd:c7:07:56:e1:21:b4:db:31:1c:d6:
                    1a:6b:a5:76:63:16:a3:da:36:d0:96:f1:d6:23:3d:
                    7d:48:78:65:91:79:62:2c:de:5c:bb:6e:9f:4d:1a:
                    29:86:6f:a4:07:75:1b:74:5e:a9:c6:11:d3:be:c0:
                    cd:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:A4:EA:CC:8A:69:94:03:E2:E5:F2:29:DD:6F:C1:45:C1:BD:79:63
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/xaTqzIpplAPi5fIp3W_BRcG9eWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:94:ee:17:69:9c:d6:2f:69:18:5d:56:67:61:68:65:67:f1:
         d9:51:13:56:d9:b5:01:4d:db:e7:95:5a:d2:34:27:c6:c2:14:
         46:5c:eb:a5:36:1b:98:9a:8c:d2:50:78:2a:ee:a9:7b:1e:f7:
         c4:f5:b4:3f:da:13:49:2d:4c:3d:d0:00:29:71:6b:a1:e6:0a:
         4a:0e:f8:7a:0c:2d:19:44:30:81:a1:f4:a9:1c:0e:26:da:bb:
         36:58:55:26:2f:e1:d9:90:95:39:56:a7:3e:bb:df:a7:60:11:
         af:2c:a5:55:d5:6a:1c:ae:ef:b8:ed:10:ea:89:de:c6:66:31:
         77:c9:9a:ef:54:6c:26:5f:29:3c:cf:46:a9:a2:1f:12:26:05:
         a5:18:ab:d7:2c:c4:53:35:46:5b:5b:bf:27:2f:a5:1e:27:89:
         83:53:b6:8f:2d:c6:e5:78:b7:5c:ef:80:94:df:19:8a:a9:5b:
         7f:6a:5c:2a:e8:e6:8e:f1:5c:88:9b:04:73:1d:bc:79:90:6d:
         41:b0:9f:7c:2e:56:da:ae:79:40:99:c3:11:5b:66:9a:62:6a:
         33:63:bd:e0:1f:c1:fc:31:0d:d6:fe:40:9d:d3:d3:aa:81:9a:
         f6:2b:9e:99:c5:2f:87:97:81:a4:88:24:9c:8a:71:f2:4a:25:
         6a:f8:3d:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NZb7hGJClIigPr++2A4KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMTAxMjAxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWE0ZWFjYzhhNjk5NDAzZTJlNWYyMjlkZDZmYzE0NWMxYmQ3OTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvk3mshGR6JC9ZcM4+yZGJtRbt7zK
cmdBgpSgyuw9HzuormeWpaObA/WJhFaxNgYWtFwI8RnVNX5OrEYJFuh/sCXIBSa7
hqwykxo4J0NQ6WaDCTKTuFkC5PGAe+UDIxAZVGISNWMH3OFuRABluKPOT/iB1raN
QVrR5bBIeJKBtZyXsnp+Y6oQSew9VsynYBAhirwtbnSXXIAZgKVC1ZLy+F++hCJC
vfB24vywmPbtQkXTKqlWhWPa4TsVLnJHO8yIQvZVA/PqvccHVuEhtNsxHNYaa6V2
Yxaj2jbQlvHWIz19SHhlkXliLN5cu26fTRophm+kB3UbdF6pxhHTvsDN/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWk6syKaZQD4uXyKd1vwUXBvXljMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEveGFUcXpJcHBsQVBpNWZJcDNXX0JSY0c5ZVdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXj7MA0G
CSqGSIb3DQEBCwUAA4IBAQAVlO4XaZzWL2kYXVZnYWhlZ/HZURNW2bUBTdvnlVrS
NCfGwhRGXOulNhuYmozSUHgq7ql7HvfE9bQ/2hNJLUw90AApcWuh5gpKDvh6DC0Z
RDCBofSpHA4m2rs2WFUmL+HZkJU5Vqc+u9+nYBGvLKVV1Wocru+47RDqid7GZjF3
yZrvVGwmXyk8z0apoh8SJgWlGKvXLMRTNUZbW78nL6UeJ4mDU7aPLcbleLdc74CU
3xmKqVt/alwq6OaO8VyImwRzHbx5kG1BsJ98LlbarnlAmcMRW2aaYmozY73gH8H8
MQ3W/kCd09OqgZr2K56ZxS+Hl4GkiCScinHySiVq+D3n
-----END CERTIFICATE-----