This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/XfYuhkKGxuWqYVZsxvacmZ8NHqI.roa
File:                     XfYuhkKGxuWqYVZsxvacmZ8NHqI.roa (raw, json)
Hash identifier:          UsJsqIbh52Sv6gjqXGmIkydItbrzNspMFi73hbQ2V0A=
Subject key identifier:   5D:F6:2E:86:42:86:C6:E5:AA:61:56:6C:C6:F6:9C:99:9F:0D:1E:A2
Certificate issuer:       /CN=35ef79c51e3fa084332064aa0b83608d6e41c12b
Certificate serial:       019B77C680FACEB98FE0C43708F6C9158B23
Authority key identifier: 35:EF:79:C5:1E:3F:A0:84:33:20:64:AA:0B:83:60:8D:6E:41:C1:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ne95xR4_oIQzIGSqC4NgjW5BwSs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/XfYuhkKGxuWqYVZsxvacmZ8NHqI.roa
Signing time:             Thu 01 Jan 2026 04:17:36 +0000
ROA not before:           Thu 01 Jan 2026 04:17:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20115
IP address blocks:        157.5.48.0/21 maxlen: 21
                          157.5.56.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/Ne95xR4_oIQzIGSqC4NgjW5BwSs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/Ne95xR4_oIQzIGSqC4NgjW5BwSs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ne95xR4_oIQzIGSqC4NgjW5BwSs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:80:fa:ce:b9:8f:e0:c4:37:08:f6:c9:15:8b:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35ef79c51e3fa084332064aa0b83608d6e41c12b
        Validity
            Not Before: Jan  1 04:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5df62e864286c6e5aa61566cc6f69c999f0d1ea2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:96:b9:7c:b4:d7:c5:57:57:5c:03:b7:86:02:
                    1a:e9:ac:99:6a:b4:a6:44:44:76:32:9c:3c:da:20:
                    fb:ec:42:57:5a:14:d3:09:ae:c8:cf:a9:df:67:0b:
                    16:cc:21:c3:2c:06:65:34:47:c7:3f:5b:3a:64:16:
                    74:60:bc:af:67:7f:21:36:d9:1a:85:fa:2e:22:78:
                    c1:16:bc:91:cf:d6:c7:bf:e9:77:b4:14:f6:e2:df:
                    b6:4a:c4:17:49:48:6e:e5:56:ed:94:3f:ce:c4:ca:
                    bb:58:4c:39:31:6b:0d:4f:75:26:30:1e:0c:c6:73:
                    fa:f5:21:2e:85:f5:11:29:32:c8:2c:b7:65:21:60:
                    30:12:de:c2:b0:41:30:5a:b7:87:44:b0:c6:bf:1c:
                    68:e9:64:05:b8:64:b0:df:1d:47:12:81:6d:63:79:
                    2d:b9:49:c3:4e:17:da:6e:60:e5:0f:41:6f:42:6f:
                    a6:f2:24:64:2a:15:d2:d9:53:da:af:00:94:1b:a9:
                    42:f9:7d:18:f9:57:4d:43:87:44:64:97:a9:2f:b4:
                    b6:be:6a:84:a7:74:ef:86:4c:04:af:77:0c:0e:f3:
                    c0:46:e8:7d:3b:e8:96:12:39:c4:a7:7a:16:22:89:
                    e1:40:ad:04:19:81:16:bd:d0:fb:e7:83:5f:01:13:
                    22:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:F6:2E:86:42:86:C6:E5:AA:61:56:6C:C6:F6:9C:99:9F:0D:1E:A2
            X509v3 Authority Key Identifier:
                keyid:35:EF:79:C5:1E:3F:A0:84:33:20:64:AA:0B:83:60:8D:6E:41:C1:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ne95xR4_oIQzIGSqC4NgjW5BwSs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/XfYuhkKGxuWqYVZsxvacmZ8NHqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/Ne95xR4_oIQzIGSqC4NgjW5BwSs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.5.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         4b:8c:0a:c5:27:a7:df:f9:11:1a:0b:ac:8c:52:e6:74:0a:fd:
         91:bf:5e:a6:c0:d5:cd:c4:b2:ce:dc:a8:90:da:c4:06:ad:d9:
         96:b9:58:28:f0:cd:89:d3:25:60:08:61:84:a2:6c:e0:bf:90:
         32:63:3f:59:42:ab:9d:2f:75:0c:a4:f8:97:1f:50:d2:99:ae:
         47:ec:de:29:41:bb:28:9a:13:b2:05:dd:2d:8a:9f:9a:86:de:
         e5:fd:71:4e:55:62:64:e4:ec:7a:b2:87:4e:6c:2e:58:c8:d1:
         f0:90:3d:80:83:aa:0e:eb:2d:b7:aa:20:5c:72:d6:73:0f:73:
         8e:40:e5:93:96:67:e7:61:44:a4:6e:7c:3e:74:26:94:77:75:
         9d:da:da:1c:2d:2a:08:e1:09:7b:12:c5:d0:1f:bc:75:78:8d:
         eb:cb:55:e2:22:f3:d9:57:89:fa:b0:f3:ca:7c:ca:18:33:ec:
         27:99:bc:54:cc:d4:d0:46:99:00:9e:cb:8c:c8:02:29:c1:a8:
         94:0e:0a:86:f1:5a:50:35:1b:df:70:29:36:30:e9:8c:a4:f9:
         60:a6:f9:49:c7:22:73:ee:38:87:44:eb:aa:e8:ff:44:c4:74:
         50:bd:2a:ba:b8:8d:56:4b:6b:6a:87:e5:a9:da:9e:e5:de:65:
         a2:91:0c:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xoD6zrmP4MQ3CPbJFYsjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1ZWY3OWM1MWUzZmEwODQzMzIwNjRhYTBiODM2MDhkNmU0
MWMxMmIwHhcNMjYwMTAxMDQxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGY2MmU4NjQyODZjNmU1YWE2MTU2NmNjNmY2OWM5OTlmMGQxZWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5a5fLTXxVdXXAO3hgIa6ayZarSm
RER2Mpw82iD77EJXWhTTCa7Iz6nfZwsWzCHDLAZlNEfHP1s6ZBZ0YLyvZ38hNtka
hfouInjBFryRz9bHv+l3tBT24t+2SsQXSUhu5VbtlD/OxMq7WEw5MWsNT3UmMB4M
xnP69SEuhfURKTLILLdlIWAwEt7CsEEwWreHRLDGvxxo6WQFuGSw3x1HEoFtY3kt
uUnDThfabmDlD0FvQm+m8iRkKhXS2VParwCUG6lC+X0Y+VdNQ4dEZJepL7S2vmqE
p3TvhkwEr3cMDvPARuh9O+iWEjnEp3oWIonhQK0EGYEWvdD754NfARMiowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF32LoZChsblqmFWbMb2nJmfDR6iMB8GA1UdIwQY
MBaAFDXvecUeP6CEMyBkqguDYI1uQcErMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmU5NXhSNF9vSVF6SUdTcUM0TmdqVzVCd1NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9kM2YwZjMtZGRlZC00MmRjLTgyZTAt
ZTNkOTUzMWRmZDJiLzEvWGZZdWhrS0d4dVdxWVZac3h2YWNtWjhOSHFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9kM2YwZjMtZGRlZC00MmRjLTgyZTAtZTNkOTUzMWRmZDJi
LzEvTmU5NXhSNF9vSVF6SUdTcUM0TmdqVzVCd1NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEnQUwMA0G
CSqGSIb3DQEBCwUAA4IBAQBLjArFJ6ff+REaC6yMUuZ0Cv2Rv16mwNXNxLLO3KiQ
2sQGrdmWuVgo8M2J0yVgCGGEomzgv5AyYz9ZQqudL3UMpPiXH1DSma5H7N4pQbso
mhOyBd0tip+aht7l/XFOVWJk5Ox6sodObC5YyNHwkD2Ag6oO6y23qiBcctZzD3OO
QOWTlmfnYUSkbnw+dCaUd3Wd2tocLSoI4Ql7EsXQH7x1eI3ry1XiIvPZV4n6sPPK
fMoYM+wnmbxUzNTQRpkAnsuMyAIpwaiUDgqG8VpQNRvfcCk2MOmMpPlgpvlJxyJz
7jiHROuq6P9ExHRQvSq6uI1WS2tqh+Wp2p7l3mWikQwN
-----END CERTIFICATE-----