This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/7ee981-0d7c-4a53-ada1-ce1a8dc94048/1/XTqrU8Fe3dyCsrhN-j7VCGJxXio.roa
File:                     XTqrU8Fe3dyCsrhN-j7VCGJxXio.roa (raw, json)
Hash identifier:          f4c8Huch2WTliXq5MFgPvjqV6741k9rGMrHBDUOfaY8=
Subject key identifier:   5D:3A:AB:53:C1:5E:DD:DC:82:B2:B8:4D:FA:3E:D5:08:62:71:5E:2A
Certificate issuer:       /CN=11fe3900e141c3b169a3cccb3557bccef2895e85
Certificate serial:       019B79ECB69D95959D4E2A2671917FAB9358
Authority key identifier: 11:FE:39:00:E1:41:C3:B1:69:A3:CC:CB:35:57:BC:CE:F2:89:5E:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ef45AOFBw7Fpo8zLNVe8zvKJXoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/7ee981-0d7c-4a53-ada1-ce1a8dc94048/1/XTqrU8Fe3dyCsrhN-j7VCGJxXio.roa
Signing time:             Thu 01 Jan 2026 14:18:34 +0000
ROA not before:           Thu 01 Jan 2026 14:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12676
IP address blocks:        193.143.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/7ee981-0d7c-4a53-ada1-ce1a8dc94048/1/Ef45AOFBw7Fpo8zLNVe8zvKJXoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/7ee981-0d7c-4a53-ada1-ce1a8dc94048/1/Ef45AOFBw7Fpo8zLNVe8zvKJXoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ef45AOFBw7Fpo8zLNVe8zvKJXoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:b6:9d:95:95:9d:4e:2a:26:71:91:7f:ab:93:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11fe3900e141c3b169a3cccb3557bccef2895e85
        Validity
            Not Before: Jan  1 14:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d3aab53c15edddc82b2b84dfa3ed50862715e2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:19:e0:d3:78:81:65:aa:19:46:83:ea:20:e3:
                    21:9e:ca:d3:e4:a2:0c:be:95:da:6f:43:63:9a:f5:
                    ea:cc:9f:98:76:91:87:f6:e8:62:58:43:86:75:53:
                    0e:51:49:f1:99:64:60:06:04:d2:4d:28:1b:10:b8:
                    6a:3e:4b:a9:33:15:30:d4:56:0e:d7:c9:0f:59:c0:
                    ed:63:25:00:b7:15:f9:cc:17:41:20:8d:af:5c:fa:
                    2f:35:a6:df:2e:ac:f1:02:e4:ba:76:bd:14:d3:42:
                    5e:99:bf:0e:21:b6:e4:bf:64:4b:4b:e8:72:1a:ca:
                    1f:5f:3f:a3:50:66:5e:24:43:be:d2:d4:78:5b:18:
                    b8:d9:97:57:97:b0:df:78:2c:30:2f:e8:f5:65:0a:
                    4b:da:64:2b:6e:ec:cd:1a:b0:d1:27:7d:6f:a8:75:
                    5f:cd:45:51:79:f3:57:0b:b5:8b:17:0f:71:f3:4d:
                    33:92:68:a8:a5:5d:ed:4b:6f:7e:d3:63:5f:3d:80:
                    d5:f5:9a:88:a4:8e:e6:07:b7:7e:8e:34:3a:7d:c3:
                    d5:10:d0:4a:ae:49:05:4f:d5:74:89:27:91:c4:50:
                    8a:6a:8c:f7:1a:16:56:37:44:af:5b:96:90:15:6a:
                    c2:81:6b:5d:16:15:52:4c:d9:4e:88:86:c5:a6:73:
                    48:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:3A:AB:53:C1:5E:DD:DC:82:B2:B8:4D:FA:3E:D5:08:62:71:5E:2A
            X509v3 Authority Key Identifier:
                keyid:11:FE:39:00:E1:41:C3:B1:69:A3:CC:CB:35:57:BC:CE:F2:89:5E:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ef45AOFBw7Fpo8zLNVe8zvKJXoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/7ee981-0d7c-4a53-ada1-ce1a8dc94048/1/XTqrU8Fe3dyCsrhN-j7VCGJxXio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/7ee981-0d7c-4a53-ada1-ce1a8dc94048/1/Ef45AOFBw7Fpo8zLNVe8zvKJXoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.143.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:44:5a:c1:ca:a3:a0:69:c7:24:93:49:ce:9b:30:2b:14:8a:
         51:d2:66:33:97:f3:e4:b6:9b:ee:91:73:6f:76:c2:41:ca:a0:
         00:b4:e7:e3:4c:16:92:06:5d:c7:bd:ea:05:53:d0:ce:d7:a6:
         32:ff:bf:8f:cd:94:92:01:8e:97:ff:27:3d:11:04:37:28:c7:
         6b:6b:ef:f5:61:04:4a:e1:a9:1b:40:f3:15:cf:00:e2:e5:7b:
         92:e1:61:db:cd:51:a4:b4:60:98:64:85:a3:f9:aa:cf:01:0e:
         0c:c4:1e:ba:90:25:af:80:38:bd:69:05:cb:1e:f4:b0:97:7a:
         90:20:13:af:00:7a:bf:c8:98:19:69:a7:0c:9e:fa:8a:70:3f:
         f4:f6:13:0c:a2:8f:8f:a9:c1:bd:f6:00:84:6b:89:29:15:47:
         5d:5e:ad:38:91:52:54:b0:5c:91:2c:4b:a5:dd:07:b4:1b:7e:
         4f:02:fe:69:89:c3:40:da:a7:98:ae:71:57:c7:2f:46:34:10:
         c9:09:1f:d6:56:2a:19:4b:46:fe:a0:a6:d1:ef:67:50:68:b8:
         5e:ad:ef:b1:6b:3b:18:28:51:71:4f:fd:32:3f:77:a4:77:90:
         c8:88:19:be:76:2b:7e:33:fa:dc:e8:2f:00:48:9a:7f:8f:58:
         eb:eb:55:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57LadlZWdTiomcZF/q5NYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZmUzOTAwZTE0MWMzYjE2OWEzY2NjYjM1NTdiY2NlZjI4
OTVlODUwHhcNMjYwMTAxMTQxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDNhYWI1M2MxNWVkZGRjODJiMmI4NGRmYTNlZDUwODYyNzE1ZTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBng03iBZaoZRoPqIOMhnsrT5KIM
vpXab0NjmvXqzJ+YdpGH9uhiWEOGdVMOUUnxmWRgBgTSTSgbELhqPkupMxUw1FYO
18kPWcDtYyUAtxX5zBdBII2vXPovNabfLqzxAuS6dr0U00Jemb8OIbbkv2RLS+hy
GsofXz+jUGZeJEO+0tR4Wxi42ZdXl7DfeCwwL+j1ZQpL2mQrbuzNGrDRJ31vqHVf
zUVRefNXC7WLFw9x800zkmiopV3tS29+02NfPYDV9ZqIpI7mB7d+jjQ6fcPVENBK
rkkFT9V0iSeRxFCKaoz3GhZWN0SvW5aQFWrCgWtdFhVSTNlOiIbFpnNI3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF06q1PBXt3cgrK4Tfo+1QhicV4qMB8GA1UdIwQY
MBaAFBH+OQDhQcOxaaPMyzVXvM7yiV6FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWY0NUFPRkJ3N0Zwbzh6TE5WZTh6dktKWG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC83ZWU5ODEtMGQ3Yy00YTUzLWFkYTEt
Y2UxYThkYzk0MDQ4LzEvWFRxclU4RmUzZHlDc3JoTi1qN1ZDR0p4WGlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC83ZWU5ODEtMGQ3Yy00YTUzLWFkYTEtY2UxYThkYzk0MDQ4
LzEvRWY0NUFPRkJ3N0Zwbzh6TE5WZTh6dktKWG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwY96MA0G
CSqGSIb3DQEBCwUAA4IBAQCdRFrByqOgacckk0nOmzArFIpR0mYzl/PktpvukXNv
dsJByqAAtOfjTBaSBl3HveoFU9DO16Yy/7+PzZSSAY6X/yc9EQQ3KMdra+/1YQRK
4akbQPMVzwDi5XuS4WHbzVGktGCYZIWj+arPAQ4MxB66kCWvgDi9aQXLHvSwl3qQ
IBOvAHq/yJgZaacMnvqKcD/09hMMoo+PqcG99gCEa4kpFUddXq04kVJUsFyRLEul
3Qe0G35PAv5picNA2qeYrnFXxy9GNBDJCR/WVioZS0b+oKbR72dQaLhere+xazsY
KFFxT/0yP3ekd5DIiBm+dit+M/rc6C8ASJp/j1jr61VE
-----END CERTIFICATE-----