This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/016246-376c-4725-80ae-75bd946a7355/1/KXpXJO-YFLLgP89XzYYz7qcHQUY.roa
File:                     KXpXJO-YFLLgP89XzYYz7qcHQUY.roa (raw, json)
Hash identifier:          GGh45Wv5joUkRSI7WVUZH33rmAafKbq5cLNpmunXMXY=
Subject key identifier:   29:7A:57:24:EF:98:14:B2:E0:3F:CF:57:CD:86:33:EE:A7:07:41:46
Certificate issuer:       /CN=460d3149fc50ca9797f50fde9e02a083134c5019
Certificate serial:       019B791022E7F7431ADFBF1BD0CCCF53BF4A
Authority key identifier: 46:0D:31:49:FC:50:CA:97:97:F5:0F:DE:9E:02:A0:83:13:4C:50:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rg0xSfxQypeX9Q_engKggxNMUBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/016246-376c-4725-80ae-75bd946a7355/1/KXpXJO-YFLLgP89XzYYz7qcHQUY.roa
Signing time:             Thu 01 Jan 2026 10:17:39 +0000
ROA not before:           Thu 01 Jan 2026 10:17:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206858
IP address blocks:        193.228.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/016246-376c-4725-80ae-75bd946a7355/1/Rg0xSfxQypeX9Q_engKggxNMUBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/016246-376c-4725-80ae-75bd946a7355/1/Rg0xSfxQypeX9Q_engKggxNMUBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rg0xSfxQypeX9Q_engKggxNMUBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 22:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:22:e7:f7:43:1a:df:bf:1b:d0:cc:cf:53:bf:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=460d3149fc50ca9797f50fde9e02a083134c5019
        Validity
            Not Before: Jan  1 10:17:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=297a5724ef9814b2e03fcf57cd8633eea7074146
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:3d:d3:43:25:87:c6:3d:74:67:43:b6:d4:46:
                    8d:50:0c:1e:4d:d1:30:3b:a6:67:ba:fd:8a:66:74:
                    cf:42:87:da:0c:72:0c:63:78:2e:2e:a2:7c:ae:8a:
                    6e:05:61:5d:4b:80:9c:ff:f4:26:33:b3:b2:2a:cc:
                    98:0b:88:6e:df:1d:8d:e2:92:0a:c5:44:c7:31:ad:
                    fe:e2:65:96:a3:eb:55:1a:0b:da:8d:d3:28:9f:68:
                    00:61:e4:bb:61:1c:db:a9:51:54:46:ce:82:fd:c4:
                    0a:24:85:e9:83:df:20:19:99:bb:02:df:6b:12:13:
                    6d:5d:39:4d:00:82:02:15:ba:04:1f:53:50:e5:39:
                    a1:53:c8:d3:c4:73:b7:ad:1c:43:09:02:d9:97:87:
                    86:c2:27:4c:ef:cd:4d:97:42:8a:75:5c:fa:9e:3c:
                    98:63:9b:a8:34:d9:53:99:23:2f:a0:d8:0f:0b:b5:
                    51:6a:bb:2d:fb:39:9c:97:60:bc:a1:b9:14:ba:d1:
                    b8:93:5b:42:08:c7:7a:bb:3f:f9:bc:3c:f0:73:cf:
                    27:20:6d:3d:30:79:3c:df:a9:62:bd:29:24:00:64:
                    57:3f:4d:b8:55:1b:f5:eb:46:a8:3f:7b:6e:3c:e1:
                    41:3b:41:a4:2b:3d:fc:c0:04:ae:dd:35:52:9d:61:
                    ff:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:7A:57:24:EF:98:14:B2:E0:3F:CF:57:CD:86:33:EE:A7:07:41:46
            X509v3 Authority Key Identifier:
                keyid:46:0D:31:49:FC:50:CA:97:97:F5:0F:DE:9E:02:A0:83:13:4C:50:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rg0xSfxQypeX9Q_engKggxNMUBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/016246-376c-4725-80ae-75bd946a7355/1/KXpXJO-YFLLgP89XzYYz7qcHQUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/016246-376c-4725-80ae-75bd946a7355/1/Rg0xSfxQypeX9Q_engKggxNMUBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:89:67:c9:f6:e3:80:16:ba:a0:f4:ac:20:f9:2b:85:f1:1d:
         86:a6:42:6b:4c:3e:72:38:f8:b8:64:66:f4:8d:38:e1:1f:43:
         04:b7:c2:5a:8d:30:4e:81:ac:66:ce:2f:03:5a:79:bf:45:d8:
         15:f7:6f:54:8a:0e:99:ee:55:7e:45:1d:14:54:77:88:62:d7:
         b7:b3:ab:eb:0b:93:49:ce:b6:eb:ff:f3:68:9f:d1:f5:ea:7d:
         69:b6:31:13:e4:2a:bd:4c:1d:91:f0:d7:7a:75:94:c9:1d:6c:
         62:83:89:be:eb:03:c3:eb:77:df:9e:3f:2a:e2:05:32:0c:f8:
         e4:f7:a5:63:40:09:90:4d:90:98:4d:47:aa:7a:c5:25:b6:b4:
         fa:7a:47:10:7a:2f:a1:4d:83:a9:82:91:61:6d:27:27:0b:05:
         64:49:0e:c7:35:73:a7:10:83:46:31:1f:33:49:ba:ed:b1:2f:
         e8:9d:5d:5f:61:49:29:69:7a:ac:e6:d6:82:20:17:cb:7d:5d:
         af:34:f3:0a:18:23:5f:85:6f:2d:a7:96:9a:09:1d:9d:1c:06:
         10:06:20:3d:1b:89:9a:3e:c9:2a:7c:62:e5:6b:7f:47:c1:a2:
         32:7d:74:61:1a:3c:a2:33:c8:8f:a2:a9:ea:58:8a:98:1b:f2:
         c3:3c:83:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ECLn90Ma378b0MzPU79KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2MGQzMTQ5ZmM1MGNhOTc5N2Y1MGZkZTllMDJhMDgzMTM0
YzUwMTkwHhcNMjYwMTAxMTAxNzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTdhNTcyNGVmOTgxNGIyZTAzZmNmNTdjZDg2MzNlZWE3MDc0MTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnD3TQyWHxj10Z0O21EaNUAweTdEw
O6Znuv2KZnTPQofaDHIMY3guLqJ8ropuBWFdS4Cc//QmM7OyKsyYC4hu3x2N4pIK
xUTHMa3+4mWWo+tVGgvajdMon2gAYeS7YRzbqVFURs6C/cQKJIXpg98gGZm7At9r
EhNtXTlNAIICFboEH1NQ5TmhU8jTxHO3rRxDCQLZl4eGwidM781Nl0KKdVz6njyY
Y5uoNNlTmSMvoNgPC7VRarst+zmcl2C8obkUutG4k1tCCMd6uz/5vDzwc88nIG09
MHk836livSkkAGRXP024VRv160aoP3tuPOFBO0GkKz38wASu3TVSnWH/BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCl6VyTvmBSy4D/PV82GM+6nB0FGMB8GA1UdIwQY
MBaAFEYNMUn8UMqXl/UP3p4CoIMTTFAZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmcweFNmeFF5cGVYOVFfZW5nS2dneE5NVUJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wMTYyNDYtMzc2Yy00NzI1LTgwYWUt
NzViZDk0NmE3MzU1LzEvS1hwWEpPLVlGTExnUDg5WHpZWXo3cWNIUVVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wMTYyNDYtMzc2Yy00NzI1LTgwYWUtNzViZDk0NmE3MzU1
LzEvUmcweFNmeFF5cGVYOVFfZW5nS2dneE5NVUJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweSPMA0G
CSqGSIb3DQEBCwUAA4IBAQBniWfJ9uOAFrqg9Kwg+SuF8R2GpkJrTD5yOPi4ZGb0
jTjhH0MEt8JajTBOgaxmzi8DWnm/RdgV929Uig6Z7lV+RR0UVHeIYte3s6vrC5NJ
zrbr//Non9H16n1ptjET5Cq9TB2R8Nd6dZTJHWxig4m+6wPD63ffnj8q4gUyDPjk
96VjQAmQTZCYTUeqesUltrT6ekcQei+hTYOpgpFhbScnCwVkSQ7HNXOnEINGMR8z
SbrtsS/onV1fYUkpaXqs5taCIBfLfV2vNPMKGCNfhW8tp5aaCR2dHAYQBiA9G4ma
PskqfGLla39HwaIyfXRhGjyiM8iPoqnqWIqYG/LDPIPS
-----END CERTIFICATE-----