This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/xkh0_qQROZrSh7wQT28dLg374SY.roa
File:                     xkh0_qQROZrSh7wQT28dLg374SY.roa (raw, json)
Hash identifier:          DYUAA1oa5//rqv0OvMnn2Z1Gp+Lzbo3Hx+khO/MXiMs=
Subject key identifier:   C6:48:74:FE:A4:11:39:9A:D2:87:BC:10:4F:6F:1D:2E:0D:FB:E1:26
Certificate issuer:       /CN=621310302018a387c692146a35efd33a6ed6b1ef
Certificate serial:       019B797F207E4297B5DCCE12A277791663F0
Authority key identifier: 62:13:10:30:20:18:A3:87:C6:92:14:6A:35:EF:D3:3A:6E:D6:B1:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/xkh0_qQROZrSh7wQT28dLg374SY.roa
Signing time:             Thu 01 Jan 2026 12:18:53 +0000
ROA not before:           Thu 01 Jan 2026 12:18:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401443
IP address blocks:        185.151.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 00:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:20:7e:42:97:b5:dc:ce:12:a2:77:79:16:63:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=621310302018a387c692146a35efd33a6ed6b1ef
        Validity
            Not Before: Jan  1 12:18:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c64874fea411399ad287bc104f6f1d2e0dfbe126
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:1a:76:4b:82:61:2a:6c:9b:f5:e7:87:53:fc:
                    a7:05:93:e3:c3:98:f5:39:48:6f:24:38:c7:42:0d:
                    e2:2b:d8:c5:93:2e:ee:62:9c:62:bf:ed:76:13:a7:
                    da:dd:f0:f4:46:e5:96:ec:e7:85:84:0e:e4:7a:bf:
                    d2:a3:65:f2:26:31:5e:72:db:95:72:55:4c:a3:52:
                    98:db:99:89:c6:e8:6a:6b:fd:a9:ce:bd:21:b2:53:
                    7d:44:1d:31:48:d8:ca:bc:e0:ed:05:d0:9f:b6:ed:
                    00:38:31:e4:a0:c3:0d:59:f8:d8:63:c6:0f:59:65:
                    ee:5e:80:a8:9a:04:1e:ab:bb:6b:70:2e:1f:fd:df:
                    3c:a2:0e:ce:91:5c:02:27:1a:a8:95:21:c6:ee:d8:
                    b3:fe:d1:ca:97:6b:9e:21:e6:db:b9:a7:39:1d:b7:
                    6e:08:15:12:4e:7c:d9:1d:0b:0a:97:8e:34:3f:07:
                    ee:b2:96:57:ed:8c:98:36:b7:65:71:2c:5e:e3:ad:
                    48:0b:e6:82:eb:1c:7d:18:aa:65:ac:8e:70:f5:d5:
                    96:c8:fb:69:43:33:02:2a:6a:75:82:86:d5:d8:91:
                    c9:90:6f:69:1e:27:a5:b5:ea:50:ba:14:a0:4f:4d:
                    b5:8a:76:d1:eb:45:0b:e5:96:ed:f3:19:6e:0b:65:
                    7c:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:48:74:FE:A4:11:39:9A:D2:87:BC:10:4F:6F:1D:2E:0D:FB:E1:26
            X509v3 Authority Key Identifier:
                keyid:62:13:10:30:20:18:A3:87:C6:92:14:6A:35:EF:D3:3A:6E:D6:B1:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/xkh0_qQROZrSh7wQT28dLg374SY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:3f:38:a7:a0:48:9b:3c:8f:f8:85:00:7e:df:78:13:66:2e:
         58:46:4b:56:89:24:76:f1:06:22:75:a0:c2:58:78:c0:0b:d4:
         df:30:23:5d:dc:ca:05:8e:8a:26:41:49:8d:ca:a6:c3:db:c6:
         f7:f4:2b:f8:66:32:4b:2d:18:f3:d4:ba:cd:08:39:09:64:2d:
         66:8b:72:a1:dd:24:66:88:d0:3f:bf:e9:00:2d:68:d7:47:8b:
         70:e7:6e:bf:37:76:8c:b3:1b:9f:61:96:ee:3d:96:66:57:0a:
         12:17:59:ec:99:ae:d5:e8:54:5b:81:87:ad:66:4b:47:9b:94:
         f4:70:21:88:f7:52:be:c1:be:ff:6f:1f:b7:1a:09:b3:d7:25:
         de:75:ea:b5:90:4c:7a:4a:40:d3:c5:44:cb:06:26:9e:71:4c:
         93:8e:13:75:76:65:bb:6a:96:82:44:4e:d9:df:8c:c2:90:44:
         cd:02:19:db:d6:2c:af:f1:b4:1b:9e:f2:b8:ea:18:34:5b:65:
         77:1e:f0:41:54:bb:3b:5e:b6:89:ff:a7:e7:44:5d:ec:24:ef:
         01:17:20:10:de:1a:95:70:91:b9:18:2d:0c:63:0a:34:e0:54:
         03:90:fa:af:45:e3:cc:27:b8:57:d9:ab:ce:55:8d:0d:79:ed:
         8c:ee:b2:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fyB+Qpe13M4Sond5FmPwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMTMxMDMwMjAxOGEzODdjNjkyMTQ2YTM1ZWZkMzNhNmVk
NmIxZWYwHhcNMjYwMTAxMTIxODUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjQ4NzRmZWE0MTEzOTlhZDI4N2JjMTA0ZjZmMWQyZTBkZmJlMTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hp2S4JhKmyb9eeHU/ynBZPjw5j1
OUhvJDjHQg3iK9jFky7uYpxiv+12E6fa3fD0RuWW7OeFhA7ker/So2XyJjFectuV
clVMo1KY25mJxuhqa/2pzr0hslN9RB0xSNjKvODtBdCftu0AODHkoMMNWfjYY8YP
WWXuXoComgQeq7trcC4f/d88og7OkVwCJxqolSHG7tiz/tHKl2ueIebbuac5Hbdu
CBUSTnzZHQsKl440PwfuspZX7YyYNrdlcSxe461IC+aC6xx9GKplrI5w9dWWyPtp
QzMCKmp1gobV2JHJkG9pHieltepQuhSgT021inbR60UL5Zbt8xluC2V8dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZIdP6kETma0oe8EE9vHS4N++EmMB8GA1UdIwQY
MBaAFGITEDAgGKOHxpIUajXv0zpu1rHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWhNUU1DQVlvNGZHa2hScU5lX1RPbTdXc2U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9mNThhYzgtNTNlOS00Y2E2LWFjYjIt
YmU1N2Q3ZGZhMGRlLzEveGtoMF9xUVJPWnJTaDd3UVQyOGRMZzM3NFNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9mNThhYzgtNTNlOS00Y2E2LWFjYjItYmU1N2Q3ZGZhMGRl
LzEvWWhNUU1DQVlvNGZHa2hScU5lX1RPbTdXc2U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZeSMA0G
CSqGSIb3DQEBCwUAA4IBAQAKPzinoEibPI/4hQB+33gTZi5YRktWiSR28QYidaDC
WHjAC9TfMCNd3MoFjoomQUmNyqbD28b39Cv4ZjJLLRjz1LrNCDkJZC1mi3Kh3SRm
iNA/v+kALWjXR4tw526/N3aMsxufYZbuPZZmVwoSF1nsma7V6FRbgYetZktHm5T0
cCGI91K+wb7/bx+3Ggmz1yXedeq1kEx6SkDTxUTLBiaecUyTjhN1dmW7apaCRE7Z
34zCkETNAhnb1iyv8bQbnvK46hg0W2V3HvBBVLs7XraJ/6fnRF3sJO8BFyAQ3hqV
cJG5GC0MYwo04FQDkPqvRePMJ7hX2avOVY0Nee2M7rJw
-----END CERTIFICATE-----