This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Xrch0-LEJvcbOa4tfm2B8Xhq_2Y.roa
File:                     Xrch0-LEJvcbOa4tfm2B8Xhq_2Y.roa (raw, json)
Hash identifier:          m0vjarofdbEpr/evSQHpVVnxLD9MVnITD4uoECpAeW8=
Subject key identifier:   5E:B7:21:D3:E2:C4:26:F7:1B:39:AE:2D:7E:6D:81:F1:78:6A:FF:66
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019B7D5D091D636B0344B07789B440968CCE
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Xrch0-LEJvcbOa4tfm2B8Xhq_2Y.roa
Signing time:             Fri 02 Jan 2026 06:20:07 +0000
ROA not before:           Fri 02 Jan 2026 06:20:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207513
IP address blocks:        45.148.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 03:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:09:1d:63:6b:03:44:b0:77:89:b4:40:96:8c:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 06:20:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5eb721d3e2c426f71b39ae2d7e6d81f1786aff66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:64:2f:83:9d:23:48:ec:48:f2:e5:32:52:e9:
                    21:55:48:24:3d:41:48:e2:aa:38:d5:06:df:83:3b:
                    89:fc:29:47:12:90:76:d9:a2:4d:1c:ce:ce:0b:ea:
                    d8:34:f1:1d:a6:ab:1f:b1:76:6a:c9:e7:bf:b7:ce:
                    e1:3a:ab:59:08:9a:72:d7:12:16:df:3a:e4:14:55:
                    be:d6:6a:0f:12:bf:ae:a5:79:27:fa:fd:f1:6e:6a:
                    6b:21:02:10:ba:3a:22:fc:63:f1:c0:81:80:c4:40:
                    0b:00:86:f8:af:0e:da:02:11:b5:de:25:89:ee:08:
                    53:bf:e1:cd:ca:3c:de:d9:4c:0c:83:80:d8:76:c3:
                    c2:81:3d:31:bd:28:46:83:1d:87:67:e3:67:f5:ba:
                    c3:57:fa:fa:ee:71:ba:eb:c7:79:dc:50:ed:d0:69:
                    e9:79:7e:15:4e:20:22:1b:31:90:82:8b:69:36:54:
                    7f:54:e9:29:47:ca:8b:47:65:b2:43:0d:70:e3:65:
                    90:33:12:6f:d4:55:85:d3:d7:68:e5:70:70:a1:17:
                    14:a6:4e:0e:11:ac:db:ae:e9:04:47:5b:0f:66:71:
                    a1:58:39:6b:d0:47:e3:62:62:f4:54:43:78:2e:4d:
                    92:37:55:b5:51:27:91:4b:53:ca:88:ac:d9:94:63:
                    f2:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:B7:21:D3:E2:C4:26:F7:1B:39:AE:2D:7E:6D:81:F1:78:6A:FF:66
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Xrch0-LEJvcbOa4tfm2B8Xhq_2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:46:eb:53:83:2c:05:42:3b:db:17:29:85:59:8f:5d:3c:9c:
         5c:37:3b:34:58:a6:bd:ab:c0:07:23:fe:da:85:55:56:10:97:
         d4:23:9c:4b:d0:27:e8:ec:d2:ec:33:04:40:6d:12:fa:96:e9:
         e8:9d:6f:3a:96:03:af:dc:ac:22:34:d8:52:f5:86:99:25:7a:
         d5:5b:39:70:d1:3b:de:02:54:10:02:38:b3:5e:d3:23:ac:d0:
         fc:20:de:c7:aa:23:07:5a:6d:2a:d2:dd:11:7f:6b:c4:ea:a2:
         72:d1:25:ec:0b:1c:ce:65:07:e6:4c:89:1e:74:cf:69:05:85:
         ca:c3:c6:ad:7b:9e:d1:ca:b0:f7:0c:5b:d6:fd:9e:43:58:c3:
         23:93:77:5e:b1:92:f6:fb:a1:a3:47:e9:24:b7:4a:77:eb:7e:
         c0:3f:c9:99:8a:2f:67:de:92:d8:30:51:af:1e:31:8a:8f:4e:
         39:28:4c:f1:59:23:d4:bd:cc:04:1e:c0:2b:f1:84:ab:55:c2:
         41:01:62:b8:ae:27:12:c9:ba:f9:17:bc:66:49:e6:70:7c:a9:
         cc:02:69:52:56:cf:95:9e:bf:fa:6e:d3:a5:b9:3d:72:b7:50:
         7f:0c:2a:4b:ad:85:00:17:e6:ce:c0:0a:8f:79:4e:30:cf:ad:
         ec:5e:8b:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XQkdY2sDRLB3ibRAlozOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwMTAyMDYyMDA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWI3MjFkM2UyYzQyNmY3MWIzOWFlMmQ3ZTZkODFmMTc4NmFmZjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6WQvg50jSOxI8uUyUukhVUgkPUFI
4qo41QbfgzuJ/ClHEpB22aJNHM7OC+rYNPEdpqsfsXZqyee/t87hOqtZCJpy1xIW
3zrkFFW+1moPEr+upXkn+v3xbmprIQIQujoi/GPxwIGAxEALAIb4rw7aAhG13iWJ
7ghTv+HNyjze2UwMg4DYdsPCgT0xvShGgx2HZ+Nn9brDV/r67nG668d53FDt0Gnp
eX4VTiAiGzGQgotpNlR/VOkpR8qLR2WyQw1w42WQMxJv1FWF09do5XBwoRcUpk4O
EazbrukER1sPZnGhWDlr0EfjYmL0VEN4Lk2SN1W1USeRS1PKiKzZlGPyYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF63IdPixCb3GzmuLX5tgfF4av9mMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWHJjaDAtTEVKdmNiT2E0dGZtMkI4WGhxXzJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZR3MA0G
CSqGSIb3DQEBCwUAA4IBAQDCRutTgywFQjvbFymFWY9dPJxcNzs0WKa9q8AHI/7a
hVVWEJfUI5xL0Cfo7NLsMwRAbRL6lunonW86lgOv3KwiNNhS9YaZJXrVWzlw0Tve
AlQQAjizXtMjrND8IN7HqiMHWm0q0t0Rf2vE6qJy0SXsCxzOZQfmTIkedM9pBYXK
w8ate57RyrD3DFvW/Z5DWMMjk3desZL2+6GjR+kkt0p3637AP8mZii9n3pLYMFGv
HjGKj045KEzxWSPUvcwEHsAr8YSrVcJBAWK4ricSybr5F7xmSeZwfKnMAmlSVs+V
nr/6btOluT1yt1B/DCpLrYUAF+bOwAqPeU4wz63sXouA
-----END CERTIFICATE-----