This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/be9dab-5f27-43ce-ab22-739a91c620ac/1/Xhzxh_1tEvbHh31P53cpofaJHAY.roa
File:                     Xhzxh_1tEvbHh31P53cpofaJHAY.roa (raw, json)
Hash identifier:          31jnPeVemUW3b4ECC8z4gudFDjDHIoHHJ4mUtzZB8F8=
Subject key identifier:   5E:1C:F1:87:FD:6D:12:F6:C7:87:7D:4F:E7:77:29:A1:F6:89:1C:06
Certificate issuer:       /CN=e0776b0838fa0e1da1be4edccf8924bd413b1db7
Certificate serial:       019B7A5AF4A07FC0B59525152F0B1DAFD24A
Authority key identifier: E0:77:6B:08:38:FA:0E:1D:A1:BE:4E:DC:CF:89:24:BD:41:3B:1D:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4HdrCDj6Dh2hvk7cz4kkvUE7Hbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/be9dab-5f27-43ce-ab22-739a91c620ac/1/Xhzxh_1tEvbHh31P53cpofaJHAY.roa
Signing time:             Thu 01 Jan 2026 16:18:59 +0000
ROA not before:           Thu 01 Jan 2026 16:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50398
IP address blocks:        91.245.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/be9dab-5f27-43ce-ab22-739a91c620ac/1/4HdrCDj6Dh2hvk7cz4kkvUE7Hbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/be9dab-5f27-43ce-ab22-739a91c620ac/1/4HdrCDj6Dh2hvk7cz4kkvUE7Hbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4HdrCDj6Dh2hvk7cz4kkvUE7Hbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:f4:a0:7f:c0:b5:95:25:15:2f:0b:1d:af:d2:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0776b0838fa0e1da1be4edccf8924bd413b1db7
        Validity
            Not Before: Jan  1 16:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e1cf187fd6d12f6c7877d4fe77729a1f6891c06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:4a:c6:9e:9c:8c:2a:76:23:18:1b:cc:b4:a7:
                    c0:33:96:b0:a4:5b:5f:eb:da:53:44:fa:6e:26:a9:
                    d7:5a:9b:46:e6:ca:64:12:ab:e7:0b:c4:08:bc:7b:
                    86:77:5f:4f:0d:a0:5a:8a:54:ce:39:28:97:ac:61:
                    10:12:8e:0b:de:1d:6d:41:ee:50:49:2b:80:0e:12:
                    73:01:55:74:c9:2d:7c:f7:14:25:08:2d:25:59:e2:
                    ea:bb:fe:24:8e:3a:42:d1:1b:b4:51:68:e9:5b:e1:
                    26:44:02:89:31:4f:12:5a:7d:92:d0:73:c3:4a:5d:
                    ae:31:26:a5:d0:0e:77:89:cb:86:01:2e:6c:26:58:
                    cd:ba:00:be:ee:f2:47:9c:ca:f2:14:70:84:27:e2:
                    1a:ce:a0:60:4f:b7:e1:82:ff:c0:80:3c:55:73:8d:
                    e2:b2:0b:89:a9:1d:0d:00:c7:60:e1:04:b4:9a:b7:
                    dd:94:59:cd:23:68:d7:59:22:79:db:e4:28:aa:57:
                    48:b3:b6:13:07:8a:a7:4a:9b:3a:40:7a:5a:91:ca:
                    97:38:93:f6:76:ed:b8:a3:66:6c:e8:a6:37:d4:74:
                    8c:17:ec:13:9d:00:bd:dc:1d:5b:cd:55:a1:a5:d2:
                    34:16:fe:81:40:ea:bf:29:65:d6:71:89:dd:77:38:
                    9d:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:1C:F1:87:FD:6D:12:F6:C7:87:7D:4F:E7:77:29:A1:F6:89:1C:06
            X509v3 Authority Key Identifier:
                keyid:E0:77:6B:08:38:FA:0E:1D:A1:BE:4E:DC:CF:89:24:BD:41:3B:1D:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4HdrCDj6Dh2hvk7cz4kkvUE7Hbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/be9dab-5f27-43ce-ab22-739a91c620ac/1/Xhzxh_1tEvbHh31P53cpofaJHAY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/be9dab-5f27-43ce-ab22-739a91c620ac/1/4HdrCDj6Dh2hvk7cz4kkvUE7Hbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.245.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:96:66:c5:45:c0:fb:5e:4a:24:bd:75:20:93:99:2f:5a:08:
         6c:29:cd:19:05:8c:bc:d7:66:a2:d8:83:45:1e:df:8c:8c:58:
         55:d8:0f:94:a6:70:4c:ed:70:26:85:7f:0e:df:89:04:f3:4c:
         cb:39:54:c2:a2:38:52:38:e3:0e:e3:4b:a7:b3:88:56:12:63:
         cb:fc:a9:d8:3d:2b:87:01:b9:35:5c:17:cb:8f:bc:46:87:44:
         d1:a3:6a:26:76:81:3b:54:8c:8a:09:6f:16:1e:45:a1:73:41:
         1b:c5:93:c6:ff:ee:cd:44:09:56:5b:d0:1a:08:99:df:53:ba:
         96:cb:2f:86:b4:6c:f2:41:76:ce:42:e4:42:5d:54:9c:91:6c:
         52:db:d8:23:ba:df:48:21:ec:1e:42:6c:91:7c:87:fc:17:2d:
         0e:ea:37:32:8c:c6:5f:30:26:10:7b:93:01:66:0a:8d:0b:89:
         79:a2:34:fe:9b:e3:e7:a5:3f:66:ce:40:3d:16:a4:90:b0:4e:
         04:13:74:75:1b:83:f2:90:12:4f:6a:6e:bb:70:d8:d6:03:ad:
         8a:f0:5c:6f:3d:fd:47:e5:a5:a7:4f:22:c5:91:99:6a:72:c1:
         cc:f3:71:85:16:38:ba:cf:8a:17:e0:62:77:64:28:55:a7:ff:
         b3:76:42:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WvSgf8C1lSUVLwsdr9JKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNzc2YjA4MzhmYTBlMWRhMWJlNGVkY2NmODkyNGJkNDEz
YjFkYjcwHhcNMjYwMTAxMTYxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTFjZjE4N2ZkNmQxMmY2Yzc4NzdkNGZlNzc3MjlhMWY2ODkxYzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuErGnpyMKnYjGBvMtKfAM5awpFtf
69pTRPpuJqnXWptG5spkEqvnC8QIvHuGd19PDaBailTOOSiXrGEQEo4L3h1tQe5Q
SSuADhJzAVV0yS189xQlCC0lWeLqu/4kjjpC0Ru0UWjpW+EmRAKJMU8SWn2S0HPD
Sl2uMSal0A53icuGAS5sJljNugC+7vJHnMryFHCEJ+IazqBgT7fhgv/AgDxVc43i
sguJqR0NAMdg4QS0mrfdlFnNI2jXWSJ52+QoqldIs7YTB4qnSps6QHpakcqXOJP2
du24o2Zs6KY31HSMF+wTnQC93B1bzVWhpdI0Fv6BQOq/KWXWcYnddzidwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF4c8Yf9bRL2x4d9T+d3KaH2iRwGMB8GA1UdIwQY
MBaAFOB3awg4+g4dob5O3M+JJL1BOx23MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEhkckNEajZEaDJodms3Y3o0a2t2VUU3SGJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9iZTlkYWItNWYyNy00M2NlLWFiMjIt
NzM5YTkxYzYyMGFjLzEvWGh6eGhfMXRFdmJIaDMxUDUzY3BvZmFKSEFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9iZTlkYWItNWYyNy00M2NlLWFiMjItNzM5YTkxYzYyMGFj
LzEvNEhkckNEajZEaDJodms3Y3o0a2t2VUU3SGJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/UFMA0G
CSqGSIb3DQEBCwUAA4IBAQCSlmbFRcD7XkokvXUgk5kvWghsKc0ZBYy812ai2INF
Ht+MjFhV2A+UpnBM7XAmhX8O34kE80zLOVTCojhSOOMO40uns4hWEmPL/KnYPSuH
Abk1XBfLj7xGh0TRo2omdoE7VIyKCW8WHkWhc0EbxZPG/+7NRAlWW9AaCJnfU7qW
yy+GtGzyQXbOQuRCXVSckWxS29gjut9IIeweQmyRfIf8Fy0O6jcyjMZfMCYQe5MB
ZgqNC4l5ojT+m+PnpT9mzkA9FqSQsE4EE3R1G4PykBJPam67cNjWA62K8FxvPf1H
5aWnTyLFkZlqcsHM83GFFji6z4oX4GJ3ZChVp/+zdkJh
-----END CERTIFICATE-----