This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ea12b-51c6-4195-aeb6-c1addd7debaa/1/XwwEduTGUdEUmzQ6Vn1Qh0lULKE.roa
File:                     XwwEduTGUdEUmzQ6Vn1Qh0lULKE.roa (raw, json)
Hash identifier:          yP/C4oSHOkCL3b3u7lTD0ceM0Z9V/7tsggm9f4RRupE=
Subject key identifier:   5F:0C:04:76:E4:C6:51:D1:14:9B:34:3A:56:7D:50:87:49:54:2C:A1
Certificate issuer:       /CN=ee4381ce03baa625019980f378fe41bb2b6621b9
Certificate serial:       019B79102F18AA60220BD4B8A8F8F1522C8F
Authority key identifier: EE:43:81:CE:03:BA:A6:25:01:99:80:F3:78:FE:41:BB:2B:66:21:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7kOBzgO6piUBmYDzeP5BuytmIbk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ea12b-51c6-4195-aeb6-c1addd7debaa/1/XwwEduTGUdEUmzQ6Vn1Qh0lULKE.roa
Signing time:             Thu 01 Jan 2026 10:17:42 +0000
ROA not before:           Thu 01 Jan 2026 10:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     65989
IP address blocks:        46.221.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/5ea12b-51c6-4195-aeb6-c1addd7debaa/1/7kOBzgO6piUBmYDzeP5BuytmIbk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/5ea12b-51c6-4195-aeb6-c1addd7debaa/1/7kOBzgO6piUBmYDzeP5BuytmIbk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7kOBzgO6piUBmYDzeP5BuytmIbk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 14:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:2f:18:aa:60:22:0b:d4:b8:a8:f8:f1:52:2c:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee4381ce03baa625019980f378fe41bb2b6621b9
        Validity
            Not Before: Jan  1 10:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5f0c0476e4c651d1149b343a567d508749542ca1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:22:72:75:2b:d9:89:67:e5:3c:e5:32:88:0c:
                    14:1a:df:80:1c:83:22:b0:26:c2:86:d1:45:69:ed:
                    45:23:dc:d6:f8:72:fc:b6:a3:3c:c3:99:8b:02:95:
                    f3:6b:ad:29:1d:79:dd:78:e2:6b:d5:7d:49:65:50:
                    8f:56:d5:1f:b9:75:5d:47:84:79:ba:c6:5f:0c:0a:
                    5f:37:20:4a:4e:e5:34:74:e3:54:3f:44:96:e7:49:
                    9c:24:20:41:33:50:c9:9f:24:87:fa:82:6e:f7:a3:
                    b5:fd:58:62:25:e2:71:79:af:9c:19:67:b0:da:e7:
                    94:7d:b3:15:4c:de:6b:ec:77:28:fc:df:8a:0b:d2:
                    8a:2d:44:a8:78:ff:81:22:66:73:c9:a6:84:37:b4:
                    a1:aa:bb:d9:29:a9:cb:62:8d:10:4f:23:9e:ed:e6:
                    3f:9f:6d:9b:81:fc:5d:72:29:a4:0d:46:37:ec:4e:
                    f9:fe:bf:74:bf:61:2b:e5:1e:d1:0c:7d:cb:57:33:
                    9a:1d:01:b2:c1:d9:d6:74:16:09:67:b7:d5:b5:95:
                    fa:ff:4f:5b:9c:f9:7c:aa:cb:51:0b:0e:ad:e7:32:
                    48:16:6e:09:0e:9d:d9:1a:58:19:b2:63:94:d2:53:
                    66:d5:d4:7e:8c:44:23:50:64:b4:a7:d0:cf:00:7a:
                    49:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:0C:04:76:E4:C6:51:D1:14:9B:34:3A:56:7D:50:87:49:54:2C:A1
            X509v3 Authority Key Identifier:
                keyid:EE:43:81:CE:03:BA:A6:25:01:99:80:F3:78:FE:41:BB:2B:66:21:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7kOBzgO6piUBmYDzeP5BuytmIbk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ea12b-51c6-4195-aeb6-c1addd7debaa/1/XwwEduTGUdEUmzQ6Vn1Qh0lULKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ea12b-51c6-4195-aeb6-c1addd7debaa/1/7kOBzgO6piUBmYDzeP5BuytmIbk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.221.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:1c:ed:8f:80:b2:58:42:6f:4a:c3:de:39:cf:b7:19:ea:36:
         3f:c2:2a:c1:36:e9:b2:7b:c3:84:9f:63:a8:1a:e0:63:3e:11:
         50:08:14:63:93:3d:84:64:50:fc:eb:12:9b:a0:89:d6:c5:90:
         24:b3:10:d4:9e:20:a3:c3:50:72:29:71:c1:fe:0a:dc:63:d2:
         3a:06:ba:85:f9:39:a2:7c:f3:c9:3a:8b:42:57:1d:89:e7:49:
         db:32:56:8c:89:ee:ee:ab:d3:21:ae:d9:76:c6:a6:fa:23:ff:
         25:5d:06:14:2a:e7:a4:62:38:47:57:f5:07:c7:ed:7b:91:ca:
         e8:62:7e:78:b5:8b:2a:6a:df:f0:9f:60:b2:56:2c:21:32:10:
         7e:f6:6e:42:b3:2b:08:9f:ba:a3:4a:5b:31:5c:ae:8c:6d:09:
         e6:b1:cc:1e:e8:3f:3e:b2:c3:1a:11:28:93:d9:b5:fd:80:20:
         53:e2:c5:bd:f6:45:21:47:84:91:76:3b:a3:9a:fd:2a:2d:63:
         32:22:39:bc:89:86:76:e7:94:a6:96:87:c8:0c:f9:d4:42:b5:
         48:db:46:25:82:c2:da:d9:6e:8d:9b:7b:b5:3e:a5:20:25:3a:
         e3:36:86:86:25:f6:11:f9:4a:ce:4a:3a:ad:50:c5:1f:df:84:
         1a:96:5e:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EC8YqmAiC9S4qPjxUiyPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlNDM4MWNlMDNiYWE2MjUwMTk5ODBmMzc4ZmU0MWJiMmI2
NjIxYjkwHhcNMjYwMTAxMTAxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjBjMDQ3NmU0YzY1MWQxMTQ5YjM0M2E1NjdkNTA4NzQ5NTQyY2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyJydSvZiWflPOUyiAwUGt+AHIMi
sCbChtFFae1FI9zW+HL8tqM8w5mLApXza60pHXndeOJr1X1JZVCPVtUfuXVdR4R5
usZfDApfNyBKTuU0dONUP0SW50mcJCBBM1DJnySH+oJu96O1/VhiJeJxea+cGWew
2ueUfbMVTN5r7Hco/N+KC9KKLUSoeP+BImZzyaaEN7ShqrvZKanLYo0QTyOe7eY/
n22bgfxdcimkDUY37E75/r90v2Er5R7RDH3LVzOaHQGywdnWdBYJZ7fVtZX6/09b
nPl8qstRCw6t5zJIFm4JDp3ZGlgZsmOU0lNm1dR+jEQjUGS0p9DPAHpJjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8MBHbkxlHRFJs0OlZ9UIdJVCyhMB8GA1UdIwQY
MBaAFO5Dgc4DuqYlAZmA83j+QbsrZiG5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2tPQnpnTzZwaVVCbVlEemVQNUJ1eXRtSWJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWExMmItNTFjNi00MTk1LWFlYjYt
YzFhZGRkN2RlYmFhLzEvWHd3RWR1VEdVZEVVbXpRNlZuMVFoMGxVTEtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWExMmItNTFjNi00MTk1LWFlYjYtYzFhZGRkN2RlYmFh
LzEvN2tPQnpnTzZwaVVCbVlEemVQNUJ1eXRtSWJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALt0GMA0G
CSqGSIb3DQEBCwUAA4IBAQB8HO2PgLJYQm9Kw945z7cZ6jY/wirBNumye8OEn2Oo
GuBjPhFQCBRjkz2EZFD86xKboInWxZAksxDUniCjw1ByKXHB/grcY9I6BrqF+Tmi
fPPJOotCVx2J50nbMlaMie7uq9Mhrtl2xqb6I/8lXQYUKuekYjhHV/UHx+17kcro
Yn54tYsqat/wn2CyViwhMhB+9m5CsysIn7qjSlsxXK6MbQnmscwe6D8+ssMaESiT
2bX9gCBT4sW99kUhR4SRdjujmv0qLWMyIjm8iYZ255SmlofIDPnUQrVI20YlgsLa
2W6Nm3u1PqUgJTrjNoaGJfYR+UrOSjqtUMUf34Qall66
-----END CERTIFICATE-----