This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/XHlnD811u3em9JVJklrQN7J3cm0.roa
File:                     XHlnD811u3em9JVJklrQN7J3cm0.roa (raw, json)
Hash identifier:          u0+XGjhQ3bXTODeSfwve+tcBoDp30OCy9deDRC9QRYE=
Subject key identifier:   5C:79:67:0F:CD:75:BB:77:A6:F4:95:49:92:5A:D0:37:B2:77:72:6D
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       019B7A5AB7709616F16CF6EFAE14BB9C4E82
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/XHlnD811u3em9JVJklrQN7J3cm0.roa
Signing time:             Thu 01 Jan 2026 16:18:44 +0000
ROA not before:           Thu 01 Jan 2026 16:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212685
IP address blocks:        37.114.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 19:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:b7:70:96:16:f1:6c:f6:ef:ae:14:bb:9c:4e:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Jan  1 16:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5c79670fcd75bb77a6f49549925ad037b277726d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:2f:3c:eb:f2:80:e0:43:7b:41:c2:e0:00:39:
                    34:2f:f7:73:d4:91:a7:62:df:8b:e5:3a:d1:2f:37:
                    d6:2a:a5:da:0f:6f:0d:81:ae:d3:56:3c:e7:e7:fd:
                    58:31:ab:cb:e7:0e:e0:1c:05:a1:0a:f5:33:d4:51:
                    08:67:7b:bf:7c:26:c5:62:a5:a6:b8:76:2b:d0:f9:
                    de:1a:6a:7f:7d:38:ef:a1:62:74:cf:e0:8d:d2:84:
                    64:42:ca:79:4c:ae:cf:6c:4f:91:80:1b:8c:0a:18:
                    85:33:85:41:ff:65:e0:bd:9b:c8:03:a2:1d:5e:04:
                    c3:24:75:ad:d9:e6:de:98:c1:17:20:be:59:8e:c4:
                    75:72:9b:5b:54:e3:4f:5a:f1:60:da:bd:20:3c:4c:
                    8a:ff:bc:eb:7b:30:6f:4d:2a:75:cb:fe:93:f8:59:
                    18:61:80:1d:fc:af:5f:90:53:eb:4a:97:c6:13:d0:
                    d6:43:9a:17:04:30:b0:35:cc:13:9a:26:92:9e:16:
                    fa:70:61:3f:50:3c:da:2c:43:5d:cb:b3:c5:8c:78:
                    b1:de:f8:4b:45:51:07:7a:26:c1:01:8f:d3:b0:30:
                    04:8f:1d:d5:7c:f5:04:4c:01:a6:b0:0f:8c:e3:49:
                    2f:07:07:52:19:0d:02:11:f9:35:2f:22:9b:bc:64:
                    62:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:79:67:0F:CD:75:BB:77:A6:F4:95:49:92:5A:D0:37:B2:77:72:6D
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/XHlnD811u3em9JVJklrQN7J3cm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:8a:c0:3d:90:85:fa:31:c3:2e:d6:62:a2:15:f8:d1:b7:38:
         bd:4a:92:d3:c6:c4:fd:9e:7b:01:62:03:5e:9b:7a:07:d2:d4:
         ae:e4:05:d0:36:d3:28:f5:48:13:fa:f5:c7:b9:0d:c6:59:1a:
         b9:a3:29:c5:90:5a:a7:4c:11:11:e9:ee:58:fb:67:da:44:1a:
         35:02:e9:c2:7e:78:81:70:45:50:ef:14:6c:0d:20:15:ba:ef:
         1a:26:2d:75:f4:fc:2d:8d:5d:a1:24:4c:90:3c:81:be:18:56:
         c1:ba:1e:28:23:9b:20:c5:4b:d8:ec:a7:75:d6:48:70:b8:a7:
         fd:9c:52:1d:5e:c8:9b:74:0c:26:c2:ac:4a:2c:02:37:61:3c:
         3f:48:68:35:bb:8b:f7:29:11:35:53:60:56:27:b6:16:89:e1:
         0b:20:fe:8a:c9:64:6a:cc:bd:33:ff:b7:16:1b:b8:75:97:61:
         9e:25:39:20:3c:19:e9:9d:43:bb:96:92:74:9d:3b:13:e1:6e:
         e5:94:17:91:a0:3c:a5:df:8e:b4:d2:cc:df:4f:4e:ef:88:ab:
         16:e9:4a:98:5f:82:ee:15:86:3b:86:33:56:cd:b5:4a:49:47:
         f2:62:91:01:d3:19:85:2f:15:cd:b7:20:5c:1e:cf:05:2b:a0:
         f9:15:5f:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WrdwlhbxbPbvrhS7nE6CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjYwMTAxMTYxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yzc5NjcwZmNkNzViYjc3YTZmNDk1NDk5MjVhZDAzN2IyNzc3MjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6i886/KA4EN7QcLgADk0L/dz1JGn
Yt+L5TrRLzfWKqXaD28Nga7TVjzn5/1YMavL5w7gHAWhCvUz1FEIZ3u/fCbFYqWm
uHYr0PneGmp/fTjvoWJ0z+CN0oRkQsp5TK7PbE+RgBuMChiFM4VB/2XgvZvIA6Id
XgTDJHWt2ebemMEXIL5ZjsR1cptbVONPWvFg2r0gPEyK/7zrezBvTSp1y/6T+FkY
YYAd/K9fkFPrSpfGE9DWQ5oXBDCwNcwTmiaSnhb6cGE/UDzaLENdy7PFjHix3vhL
RVEHeibBAY/TsDAEjx3VfPUETAGmsA+M40kvBwdSGQ0CEfk1LyKbvGRiYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFx5Zw/Ndbt3pvSVSZJa0Deyd3JtMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvWEhsbkQ4MTF1M2VtOUpWSmtsclFON0ozY20wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJXIkMA0G
CSqGSIb3DQEBCwUAA4IBAQA2isA9kIX6McMu1mKiFfjRtzi9SpLTxsT9nnsBYgNe
m3oH0tSu5AXQNtMo9UgT+vXHuQ3GWRq5oynFkFqnTBER6e5Y+2faRBo1AunCfniB
cEVQ7xRsDSAVuu8aJi119PwtjV2hJEyQPIG+GFbBuh4oI5sgxUvY7Kd11khwuKf9
nFIdXsibdAwmwqxKLAI3YTw/SGg1u4v3KRE1U2BWJ7YWieELIP6KyWRqzL0z/7cW
G7h1l2GeJTkgPBnpnUO7lpJ0nTsT4W7llBeRoDyl34600szfT07viKsW6UqYX4Lu
FYY7hjNWzbVKSUfyYpEB0xmFLxXNtyBcHs8FK6D5FV8L
-----END CERTIFICATE-----