This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/xzajxbSglJWBTgix_ZbEUSJXGso.roa
File:                     xzajxbSglJWBTgix_ZbEUSJXGso.roa (raw, json)
Hash identifier:          G5Ggaw/eKVso3Rejuvt8Y3ASD0rARSSOo4EE3D7ruh4=
Subject key identifier:   C7:36:A3:C5:B4:A0:94:95:81:4E:08:B1:FD:96:C4:51:22:57:1A:CA
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019B797E73A05D4D2D3B0F05F5693F868F0F
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/xzajxbSglJWBTgix_ZbEUSJXGso.roa
Signing time:             Thu 01 Jan 2026 12:18:08 +0000
ROA not before:           Thu 01 Jan 2026 12:18:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202704
IP address blocks:        109.122.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:73:a0:5d:4d:2d:3b:0f:05:f5:69:3f:86:8f:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  1 12:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c736a3c5b4a09495814e08b1fd96c45122571aca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:a8:85:92:5e:1f:93:e4:c1:34:3f:1e:81:4f:
                    7a:ff:e9:fb:3f:90:29:e6:cd:b7:7d:8f:28:4b:90:
                    80:90:ce:b1:af:00:e1:a6:81:40:ee:d5:88:3b:fa:
                    e1:56:3c:b0:69:35:93:45:c6:d0:19:26:ff:c5:48:
                    25:e5:eb:52:e1:4c:01:89:6d:04:e5:3e:f3:16:e1:
                    11:be:d2:20:8e:71:a7:b2:75:c6:26:e2:dc:3a:0b:
                    3d:e6:bb:2d:88:c0:a6:33:08:67:62:b1:ea:0e:64:
                    42:d3:61:23:48:56:82:50:39:48:5f:d2:a2:a5:82:
                    3e:17:dc:67:d2:e1:6f:b4:14:06:16:df:81:b4:cf:
                    f3:0a:33:c9:ab:cc:d5:dc:5a:16:be:40:25:7d:6e:
                    bc:ba:51:34:fe:a3:ab:77:de:32:8c:19:af:29:ba:
                    21:82:8c:8b:60:e2:0b:a3:14:7f:b1:4e:24:3c:07:
                    78:5d:04:4f:ac:80:c6:d2:ed:41:f6:5d:56:f1:c3:
                    01:58:bc:26:f5:09:a9:df:1d:1a:ab:3d:e1:96:04:
                    c3:41:f2:cd:ae:03:73:55:3b:02:d6:e9:b0:ec:6d:
                    07:59:3c:2c:bf:58:62:f0:49:54:66:a8:fc:28:92:
                    be:01:cc:8a:f6:c0:f6:29:58:36:75:ee:95:7a:c4:
                    83:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:36:A3:C5:B4:A0:94:95:81:4E:08:B1:FD:96:C4:51:22:57:1A:CA
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/xzajxbSglJWBTgix_ZbEUSJXGso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:9e:e6:27:9c:56:0b:79:b9:90:f5:83:89:d4:ed:8f:2c:8c:
         f9:4f:cb:0e:21:42:a4:ec:69:9c:87:05:50:c4:a5:af:37:06:
         d8:a9:3c:b0:d5:53:ab:f7:3b:06:f8:bf:d0:d6:d4:8f:b0:84:
         49:14:de:a9:af:14:3f:ff:85:c8:61:88:e8:d4:2a:f4:82:69:
         e4:d9:6a:97:50:7f:26:49:b3:9c:2f:a1:86:b9:b0:cf:cd:0b:
         07:9f:51:22:89:5f:46:55:e4:a1:a6:6d:5e:73:19:bc:eb:18:
         95:45:97:26:25:63:be:2e:78:c8:64:7b:b5:06:9e:3e:0e:de:
         d3:be:ea:1e:31:3e:be:f7:14:49:d6:da:7a:15:3f:0b:fc:18:
         1c:e1:58:c0:6a:b8:ab:de:b6:2e:d5:8c:7a:35:25:0b:10:b1:
         c7:98:56:1a:ed:af:8c:9a:55:a0:dc:6f:eb:9e:5e:b5:81:86:
         0d:e1:7f:6c:9d:2a:aa:f8:e7:2b:e3:f7:e7:f7:2e:52:d9:21:
         96:97:0e:9a:d6:b4:4f:f4:e3:98:55:3c:db:c7:c0:8c:d5:c2:
         af:16:35:d9:24:14:44:e1:35:d1:39:16:01:94:37:b5:65:5d:
         fe:0d:24:62:51:67:c4:4f:ed:0c:d4:6e:80:91:58:24:32:1f:
         6b:1a:fe:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fnOgXU0tOw8F9Wk/ho8PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwMTAxMTIxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzM2YTNjNWI0YTA5NDk1ODE0ZTA4YjFmZDk2YzQ1MTIyNTcxYWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3aiFkl4fk+TBND8egU96/+n7P5Ap
5s23fY8oS5CAkM6xrwDhpoFA7tWIO/rhVjywaTWTRcbQGSb/xUgl5etS4UwBiW0E
5T7zFuERvtIgjnGnsnXGJuLcOgs95rstiMCmMwhnYrHqDmRC02EjSFaCUDlIX9Ki
pYI+F9xn0uFvtBQGFt+BtM/zCjPJq8zV3FoWvkAlfW68ulE0/qOrd94yjBmvKboh
goyLYOILoxR/sU4kPAd4XQRPrIDG0u1B9l1W8cMBWLwm9Qmp3x0aqz3hlgTDQfLN
rgNzVTsC1umw7G0HWTwsv1hi8ElUZqj8KJK+AcyK9sD2KVg2de6VesSDgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMc2o8W0oJSVgU4Isf2WxFEiVxrKMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEveHphanhiU2dsSldCVGdpeF9aYkVVU0pYR3NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXooMA0G
CSqGSIb3DQEBCwUAA4IBAQBhnuYnnFYLebmQ9YOJ1O2PLIz5T8sOIUKk7GmchwVQ
xKWvNwbYqTyw1VOr9zsG+L/Q1tSPsIRJFN6prxQ//4XIYYjo1Cr0gmnk2WqXUH8m
SbOcL6GGubDPzQsHn1EiiV9GVeShpm1ecxm86xiVRZcmJWO+LnjIZHu1Bp4+Dt7T
vuoeMT6+9xRJ1tp6FT8L/Bgc4VjAarir3rYu1Yx6NSULELHHmFYa7a+MmlWg3G/r
nl61gYYN4X9snSqq+Ocr4/fn9y5S2SGWlw6a1rRP9OOYVTzbx8CM1cKvFjXZJBRE
4TXRORYBlDe1ZV3+DSRiUWfET+0M1G6AkVgkMh9rGv43
-----END CERTIFICATE-----