This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/33d71a-9350-4345-b6b8-a83d6c3cf053/1/xKm57GReunR2ffbJxKuGcJAeOYk.roa
File:                     xKm57GReunR2ffbJxKuGcJAeOYk.roa (raw, json)
Hash identifier:          cGbG594c8tC4/cj9e3kZQ+QWuZmMda7G3mnGYENWjyU=
Subject key identifier:   C4:A9:B9:EC:64:5E:BA:74:76:7D:F6:C9:C4:AB:86:70:90:1E:39:89
Certificate issuer:       /CN=a63c6dbaf2bcf52f27e58c2d89c6c1c55b95df26
Certificate serial:       019B7C80DB537415D770B2D5CC1ED0D21E32
Authority key identifier: A6:3C:6D:BA:F2:BC:F5:2F:27:E5:8C:2D:89:C6:C1:C5:5B:95:DF:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pjxtuvK89S8n5YwticbBxVuV3yY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/33d71a-9350-4345-b6b8-a83d6c3cf053/1/xKm57GReunR2ffbJxKuGcJAeOYk.roa
Signing time:             Fri 02 Jan 2026 02:19:37 +0000
ROA not before:           Fri 02 Jan 2026 02:19:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        193.17.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/33d71a-9350-4345-b6b8-a83d6c3cf053/1/pjxtuvK89S8n5YwticbBxVuV3yY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/33d71a-9350-4345-b6b8-a83d6c3cf053/1/pjxtuvK89S8n5YwticbBxVuV3yY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pjxtuvK89S8n5YwticbBxVuV3yY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 02:20:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:db:53:74:15:d7:70:b2:d5:cc:1e:d0:d2:1e:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a63c6dbaf2bcf52f27e58c2d89c6c1c55b95df26
        Validity
            Not Before: Jan  2 02:19:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c4a9b9ec645eba74767df6c9c4ab8670901e3989
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:8a:07:ac:04:c3:86:ec:23:d8:8f:2a:74:de:
                    21:d9:d9:dd:51:eb:b4:09:25:60:0b:9d:c1:43:29:
                    a2:32:6f:38:8d:b1:69:99:73:04:0a:24:e9:e6:4d:
                    e0:ca:70:55:7a:41:82:ac:2d:74:89:e3:d8:5f:71:
                    45:1c:73:7c:d1:f6:21:5b:da:d2:31:de:40:00:49:
                    5e:55:78:49:b0:dc:1f:e3:23:df:a4:ab:ee:e4:c6:
                    91:62:64:f6:0a:40:fd:33:12:1a:bd:c3:5c:72:08:
                    43:d5:9d:75:e2:73:be:f3:8b:b2:de:e2:39:20:c3:
                    cd:5c:a4:8c:6d:62:da:9d:5d:c8:a9:c6:23:b8:de:
                    77:f5:7c:95:02:5a:4d:5c:3e:6d:9a:4a:63:da:27:
                    00:28:f0:df:cb:5c:1c:7a:49:4a:65:e1:1d:c6:96:
                    32:e2:03:0b:dc:7c:71:8b:c8:ea:6e:41:6b:f9:60:
                    94:91:88:5a:83:f3:13:bd:f6:c7:04:8d:1e:00:16:
                    bf:d1:b8:27:c7:18:a2:7e:c7:27:94:45:2e:4c:7e:
                    98:6e:44:e6:3a:42:56:49:31:79:0b:69:13:61:c9:
                    e4:03:15:fd:11:cd:d9:0c:cc:dc:42:cf:ad:7b:8e:
                    af:e7:33:64:2d:6b:10:e3:6b:88:96:54:93:f2:fc:
                    2f:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:A9:B9:EC:64:5E:BA:74:76:7D:F6:C9:C4:AB:86:70:90:1E:39:89
            X509v3 Authority Key Identifier:
                keyid:A6:3C:6D:BA:F2:BC:F5:2F:27:E5:8C:2D:89:C6:C1:C5:5B:95:DF:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pjxtuvK89S8n5YwticbBxVuV3yY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/33d71a-9350-4345-b6b8-a83d6c3cf053/1/xKm57GReunR2ffbJxKuGcJAeOYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/33d71a-9350-4345-b6b8-a83d6c3cf053/1/pjxtuvK89S8n5YwticbBxVuV3yY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:44:e9:3a:bd:57:8e:06:5b:94:a8:b3:76:5a:69:22:46:ed:
         a0:dd:c4:ff:67:fc:d9:05:97:43:bf:8a:0a:e2:90:54:ae:c8:
         60:ce:d0:61:6a:cd:ec:8b:4c:b4:66:13:9c:43:38:cf:7c:c5:
         04:30:81:2f:a2:79:97:c6:bf:4f:fc:5a:41:39:3a:91:be:7b:
         67:23:c8:f0:07:85:55:e0:0a:c6:bb:e2:1e:24:47:c4:79:8d:
         0d:36:e3:19:e9:74:f0:39:fa:a8:b6:d6:0d:c9:7d:b0:83:5c:
         e5:98:4a:c3:4e:fa:fc:23:2b:8a:8b:b8:44:52:9e:67:67:1f:
         01:85:6a:42:c7:a7:cd:96:cb:c4:ad:18:f2:8b:34:ca:71:34:
         aa:d1:80:d6:7c:af:00:52:2b:d7:dd:3c:c5:c5:57:ad:37:3b:
         7b:0d:73:1d:ab:83:52:11:7b:e0:b9:fb:26:b6:8d:74:6c:e6:
         23:3d:2f:d4:ef:6e:c9:c3:6d:48:97:2a:2c:38:74:15:08:5c:
         45:12:6d:1a:f6:a8:62:9a:d3:ec:5a:af:da:5e:cb:7d:0e:d9:
         e4:e6:69:35:5b:53:75:14:9e:9e:44:b5:75:82:58:f0:4b:fa:
         c5:9b:e5:3f:43:a0:3d:0b:3f:a2:34:2b:b1:1e:ef:7a:1d:81:
         36:22:08:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gNtTdBXXcLLVzB7Q0h4yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2M2M2ZGJhZjJiY2Y1MmYyN2U1OGMyZDg5YzZjMWM1NWI5
NWRmMjYwHhcNMjYwMTAyMDIxOTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGE5YjllYzY0NWViYTc0NzY3ZGY2YzljNGFiODY3MDkwMWUzOTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA04oHrATDhuwj2I8qdN4h2dndUeu0
CSVgC53BQymiMm84jbFpmXMECiTp5k3gynBVekGCrC10iePYX3FFHHN80fYhW9rS
Md5AAEleVXhJsNwf4yPfpKvu5MaRYmT2CkD9MxIavcNccghD1Z114nO+84uy3uI5
IMPNXKSMbWLanV3IqcYjuN539XyVAlpNXD5tmkpj2icAKPDfy1wceklKZeEdxpYy
4gML3Hxxi8jqbkFr+WCUkYhag/MTvfbHBI0eABa/0bgnxxiifscnlEUuTH6YbkTm
OkJWSTF5C2kTYcnkAxX9Ec3ZDMzcQs+te46v5zNkLWsQ42uIllST8vwvzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSpuexkXrp0dn32ycSrhnCQHjmJMB8GA1UdIwQY
MBaAFKY8bbryvPUvJ+WMLYnGwcVbld8mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGp4dHV2Szg5UzhuNVl3dGljYkJ4VnVWM3lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zM2Q3MWEtOTM1MC00MzQ1LWI2Yjgt
YTgzZDZjM2NmMDUzLzEveEttNTdHUmV1blIyZmZiSnhLdUdjSkFlT1lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zM2Q3MWEtOTM1MC00MzQ1LWI2YjgtYTgzZDZjM2NmMDUz
LzEvcGp4dHV2Szg5UzhuNVl3dGljYkJ4VnVWM3lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRHRMA0G
CSqGSIb3DQEBCwUAA4IBAQCgROk6vVeOBluUqLN2WmkiRu2g3cT/Z/zZBZdDv4oK
4pBUrshgztBhas3si0y0ZhOcQzjPfMUEMIEvonmXxr9P/FpBOTqRvntnI8jwB4VV
4ArGu+IeJEfEeY0NNuMZ6XTwOfqottYNyX2wg1zlmErDTvr8IyuKi7hEUp5nZx8B
hWpCx6fNlsvErRjyizTKcTSq0YDWfK8AUivX3TzFxVetNzt7DXMdq4NSEXvgufsm
to10bOYjPS/U727Jw21IlyosOHQVCFxFEm0a9qhimtPsWq/aXst9Dtnk5mk1W1N1
FJ6eRLV1gljwS/rFm+U/Q6A9Cz+iNCuxHu96HYE2Igid
-----END CERTIFICATE-----