This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/XKNodyTpVE_edu5x6d6F6Y2O2tk.roa
File:                     XKNodyTpVE_edu5x6d6F6Y2O2tk.roa (raw, json)
Hash identifier:          bwj5H0svZvvLnoA8x9sKQziSKp08OjMhTh7PRO1SLcQ=
Subject key identifier:   5C:A3:68:77:24:E9:54:4F:DE:76:EE:71:E9:DE:85:E9:8D:8E:DA:D9
Certificate issuer:       /CN=de0d9d6b697ca1c86570c256862e6858b4799c85
Certificate serial:       019B7DCA6CDBD5C835AF205392F8BE0372B3
Authority key identifier: DE:0D:9D:6B:69:7C:A1:C8:65:70:C2:56:86:2E:68:58:B4:79:9C:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3g2da2l8ochlcMJWhi5oWLR5nIU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/XKNodyTpVE_edu5x6d6F6Y2O2tk.roa
Signing time:             Fri 02 Jan 2026 08:19:36 +0000
ROA not before:           Fri 02 Jan 2026 08:19:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36351
IP address blocks:        95.142.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/3g2da2l8ochlcMJWhi5oWLR5nIU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/3g2da2l8ochlcMJWhi5oWLR5nIU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3g2da2l8ochlcMJWhi5oWLR5nIU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 08:21:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:6c:db:d5:c8:35:af:20:53:92:f8:be:03:72:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de0d9d6b697ca1c86570c256862e6858b4799c85
        Validity
            Not Before: Jan  2 08:19:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ca3687724e9544fde76ee71e9de85e98d8edad9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d5:6c:e9:51:85:5d:38:e8:d7:fc:73:15:15:
                    b0:e0:30:3e:14:55:b2:b6:31:4b:03:01:fa:b8:46:
                    03:ad:c8:8e:78:1c:b8:a6:58:dc:8e:72:41:ce:62:
                    8b:16:40:35:18:9f:5d:80:a3:86:1a:ad:4b:62:65:
                    46:11:96:2b:87:5e:ee:6d:f1:e1:da:04:3b:06:34:
                    c6:98:21:e2:68:6b:9d:16:7c:7a:f8:1f:28:4f:8a:
                    7d:12:cb:b3:af:fd:d4:f2:a4:09:da:b3:78:da:7c:
                    8c:5b:1b:da:c6:e4:ce:8e:ef:ca:16:f7:f7:9c:a7:
                    c5:af:b6:80:11:01:7c:e9:11:fb:15:e0:5a:1d:dc:
                    51:6e:91:f7:a9:53:1d:98:5a:0c:b7:da:ee:7b:ba:
                    6e:b4:d0:cc:0b:5e:dc:61:a5:3a:5e:45:81:da:bf:
                    60:12:6d:7e:94:24:0a:cf:61:ed:1f:fd:d3:1f:04:
                    7f:6e:92:31:c2:f0:1e:eb:e3:8c:69:1e:c5:f7:0f:
                    29:fd:92:99:a1:da:d0:32:88:fd:ca:ae:c1:24:0f:
                    5f:eb:53:7b:7e:d4:31:e9:82:55:11:13:35:26:5e:
                    93:6f:02:0f:bc:e0:38:9f:f2:d3:a5:b2:f4:c1:ca:
                    b4:98:9b:f6:cd:9c:0d:08:85:4f:8c:13:43:78:c3:
                    38:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:A3:68:77:24:E9:54:4F:DE:76:EE:71:E9:DE:85:E9:8D:8E:DA:D9
            X509v3 Authority Key Identifier:
                keyid:DE:0D:9D:6B:69:7C:A1:C8:65:70:C2:56:86:2E:68:58:B4:79:9C:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3g2da2l8ochlcMJWhi5oWLR5nIU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/XKNodyTpVE_edu5x6d6F6Y2O2tk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/68dc3c-df2e-4461-b7a6-01cbfc0e94e7/1/3g2da2l8ochlcMJWhi5oWLR5nIU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.142.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:aa:cf:db:05:15:da:29:14:87:9a:ab:c8:4d:57:e7:fa:1d:
         45:dd:2c:74:48:20:8a:42:1c:10:89:71:ed:96:5f:27:72:55:
         f8:d2:8e:da:b7:59:5a:b4:46:21:1a:9d:e8:65:62:85:08:85:
         f9:56:2a:05:04:8d:66:a9:38:b6:d3:99:48:51:e0:55:1a:a5:
         51:2d:18:c1:e9:4b:14:83:0e:01:37:27:aa:db:43:c7:6f:2a:
         fc:c5:9c:2d:70:47:d1:15:26:10:93:7b:89:45:0a:81:12:2a:
         a1:2f:31:1b:66:7b:7c:2e:f1:c4:4f:38:70:4a:1c:96:2c:b4:
         32:50:79:86:10:f3:1b:6a:06:fa:86:f0:f3:65:fd:97:5d:0e:
         0c:20:6c:80:04:7b:3f:65:78:20:bf:5f:0f:f1:de:ef:46:d4:
         2b:99:14:4f:fa:26:f0:49:62:fa:3d:b4:44:cb:04:f1:41:48:
         ca:1c:fc:39:e7:e7:87:a8:9e:8f:b6:17:f2:48:ec:ea:d1:6d:
         e3:be:40:41:3c:ed:d0:61:a0:a3:ac:ba:b5:2d:3d:0c:a6:e5:
         a2:91:d6:3e:69:25:b3:c9:83:8c:3a:24:4d:25:75:1b:d1:97:
         ec:c4:62:4d:47:66:37:49:df:d4:2c:bc:50:d2:50:a0:08:90:
         fb:57:2a:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ymzb1cg1ryBTkvi+A3KzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMGQ5ZDZiNjk3Y2ExYzg2NTcwYzI1Njg2MmU2ODU4YjQ3
OTljODUwHhcNMjYwMTAyMDgxOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2EzNjg3NzI0ZTk1NDRmZGU3NmVlNzFlOWRlODVlOThkOGVkYWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNVs6VGFXTjo1/xzFRWw4DA+FFWy
tjFLAwH6uEYDrciOeBy4pljcjnJBzmKLFkA1GJ9dgKOGGq1LYmVGEZYrh17ubfHh
2gQ7BjTGmCHiaGudFnx6+B8oT4p9Esuzr/3U8qQJ2rN42nyMWxvaxuTOju/KFvf3
nKfFr7aAEQF86RH7FeBaHdxRbpH3qVMdmFoMt9rue7putNDMC17cYaU6XkWB2r9g
Em1+lCQKz2HtH/3THwR/bpIxwvAe6+OMaR7F9w8p/ZKZodrQMoj9yq7BJA9f61N7
ftQx6YJVERM1Jl6TbwIPvOA4n/LTpbL0wcq0mJv2zZwNCIVPjBNDeMM4zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyjaHck6VRP3nbucenehemNjtrZMB8GA1UdIwQY
MBaAFN4NnWtpfKHIZXDCVoYuaFi0eZyFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2cyZGEybDhvY2hsY01KV2hpNW9XTFI1bklVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy82OGRjM2MtZGYyZS00NDYxLWI3YTYt
MDFjYmZjMGU5NGU3LzEvWEtOb2R5VHBWRV9lZHU1eDZkNkY2WTJPMnRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy82OGRjM2MtZGYyZS00NDYxLWI3YTYtMDFjYmZjMGU5NGU3
LzEvM2cyZGEybDhvY2hsY01KV2hpNW9XTFI1bklVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX454MA0G
CSqGSIb3DQEBCwUAA4IBAQCSqs/bBRXaKRSHmqvITVfn+h1F3Sx0SCCKQhwQiXHt
ll8nclX40o7at1latEYhGp3oZWKFCIX5VioFBI1mqTi205lIUeBVGqVRLRjB6UsU
gw4BNyeq20PHbyr8xZwtcEfRFSYQk3uJRQqBEiqhLzEbZnt8LvHETzhwShyWLLQy
UHmGEPMbagb6hvDzZf2XXQ4MIGyABHs/ZXggv18P8d7vRtQrmRRP+ibwSWL6PbRE
ywTxQUjKHPw55+eHqJ6PthfySOzq0W3jvkBBPO3QYaCjrLq1LT0MpuWikdY+aSWz
yYOMOiRNJXUb0ZfsxGJNR2Y3Sd/ULLxQ0lCgCJD7VyqT
-----END CERTIFICATE-----