This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/9291e1-57ca-4c29-9e93-bd75ef9b5798/1/xwHoXsaqChRsiVb50QE3J02tSTs.roa
File:                     xwHoXsaqChRsiVb50QE3J02tSTs.roa (raw, json)
Hash identifier:          3vkTwTSIkCsrZ1qD3qPtZAfnQFTRVxoOlMcE+MNVrg4=
Subject key identifier:   C7:01:E8:5E:C6:AA:0A:14:6C:89:56:F9:D1:01:37:27:4D:AD:49:3B
Certificate issuer:       /CN=80df0cbdd5571e580ea57e18a440ca2bea4806f8
Certificate serial:       019B7F856A452AAD6080DA482A7070C0C24F
Authority key identifier: 80:DF:0C:BD:D5:57:1E:58:0E:A5:7E:18:A4:40:CA:2B:EA:48:06:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gN8MvdVXHlgOpX4YpEDKK-pIBvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/9291e1-57ca-4c29-9e93-bd75ef9b5798/1/xwHoXsaqChRsiVb50QE3J02tSTs.roa
Signing time:             Fri 02 Jan 2026 16:23:28 +0000
ROA not before:           Fri 02 Jan 2026 16:23:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206674
IP address blocks:        185.179.56.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/9291e1-57ca-4c29-9e93-bd75ef9b5798/1/gN8MvdVXHlgOpX4YpEDKK-pIBvg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/9291e1-57ca-4c29-9e93-bd75ef9b5798/1/gN8MvdVXHlgOpX4YpEDKK-pIBvg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gN8MvdVXHlgOpX4YpEDKK-pIBvg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:6a:45:2a:ad:60:80:da:48:2a:70:70:c0:c2:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80df0cbdd5571e580ea57e18a440ca2bea4806f8
        Validity
            Not Before: Jan  2 16:23:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c701e85ec6aa0a146c8956f9d10137274dad493b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:27:9a:fc:49:5e:a1:fa:74:19:f8:82:94:83:
                    92:a2:e9:a0:97:95:f1:6b:1b:f9:b5:4f:95:de:8a:
                    48:78:3a:81:db:c4:b0:f1:e7:ab:5d:b4:b2:da:85:
                    94:7b:9b:b7:e4:c1:41:89:dd:10:73:dc:a4:04:9b:
                    59:bc:14:e7:d5:c0:af:37:c6:eb:15:80:b8:e1:90:
                    98:c7:a4:a6:3b:4e:4b:eb:d2:32:da:62:ee:13:ef:
                    fb:86:a2:49:68:e3:04:f8:9f:6e:16:5f:14:2f:28:
                    31:f3:70:60:64:3a:70:18:2b:75:21:c4:b4:bc:ce:
                    1b:33:dd:d9:bf:fc:f9:da:91:5a:55:fe:6c:d2:51:
                    44:94:7e:33:ef:ad:af:ea:d5:d4:cf:e5:db:56:08:
                    27:3b:fd:7b:b9:57:5f:76:47:c7:5a:9e:a5:f8:1d:
                    c3:30:1c:31:fb:f1:10:10:7c:f1:5a:b8:a7:47:44:
                    da:f7:f9:a0:dd:12:4a:a6:92:f0:a7:a1:b9:92:cf:
                    67:f9:ab:28:3f:39:48:d3:40:99:82:f0:91:5b:85:
                    db:c8:ac:eb:90:3c:93:93:27:d3:97:dc:0c:42:b2:
                    37:f7:85:45:a6:87:a2:2c:b9:03:c3:48:8a:8a:ee:
                    b7:3c:f4:6e:de:b6:55:50:94:4b:bf:fd:ae:6d:55:
                    b0:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:01:E8:5E:C6:AA:0A:14:6C:89:56:F9:D1:01:37:27:4D:AD:49:3B
            X509v3 Authority Key Identifier:
                keyid:80:DF:0C:BD:D5:57:1E:58:0E:A5:7E:18:A4:40:CA:2B:EA:48:06:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gN8MvdVXHlgOpX4YpEDKK-pIBvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/9291e1-57ca-4c29-9e93-bd75ef9b5798/1/xwHoXsaqChRsiVb50QE3J02tSTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/9291e1-57ca-4c29-9e93-bd75ef9b5798/1/gN8MvdVXHlgOpX4YpEDKK-pIBvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         43:52:61:d7:a0:9f:ae:4d:20:37:1a:4e:a4:0c:58:d9:df:7f:
         49:dc:da:93:85:58:a2:e3:52:c5:d8:b8:53:14:6b:c4:94:ad:
         d2:9c:ac:42:89:ef:0d:6c:8b:81:71:28:c0:cd:6e:6e:f9:71:
         77:e6:0f:b4:ba:df:51:65:30:0f:bb:37:b8:fe:cc:b2:c3:fc:
         ad:38:a9:29:ff:69:62:a3:40:4b:a9:8d:8b:11:1b:64:a6:6e:
         aa:47:d3:13:c5:58:0d:4f:73:69:56:07:6a:52:b1:7b:40:c6:
         3f:1c:69:82:c9:68:d3:ae:6b:e5:dc:71:22:04:02:bb:a5:f6:
         2b:55:9e:fe:c0:18:4b:62:21:89:4e:d7:20:ba:48:70:b1:62:
         f7:ca:6b:23:63:c3:58:94:7a:3b:79:bf:69:dc:3c:3b:e3:e8:
         af:da:39:a2:f6:ac:14:5d:ef:69:8b:61:be:23:20:89:21:40:
         86:bb:ed:89:77:6b:4b:77:42:b3:69:c5:f4:f0:a9:3f:77:ce:
         ef:3c:89:07:1d:0b:47:5a:d0:4b:0a:8a:49:c3:b6:bd:f8:70:
         ec:1c:00:0e:93:03:99:75:29:34:3d:de:6d:83:df:99:57:05:
         78:c7:c1:9a:3c:2e:fc:9c:99:8f:d0:57:2d:ff:ba:ce:03:0e:
         5c:70:09:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hWpFKq1ggNpIKnBwwMJPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZGYwY2JkZDU1NzFlNTgwZWE1N2UxOGE0NDBjYTJiZWE0
ODA2ZjgwHhcNMjYwMTAyMTYyMzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzAxZTg1ZWM2YWEwYTE0NmM4OTU2ZjlkMTAxMzcyNzRkYWQ0OTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiea/Eleofp0GfiClIOSoumgl5Xx
axv5tU+V3opIeDqB28Sw8eerXbSy2oWUe5u35MFBid0Qc9ykBJtZvBTn1cCvN8br
FYC44ZCYx6SmO05L69Iy2mLuE+/7hqJJaOME+J9uFl8ULygx83BgZDpwGCt1IcS0
vM4bM93Zv/z52pFaVf5s0lFElH4z762v6tXUz+XbVggnO/17uVdfdkfHWp6l+B3D
MBwx+/EQEHzxWrinR0Ta9/mg3RJKppLwp6G5ks9n+asoPzlI00CZgvCRW4XbyKzr
kDyTkyfTl9wMQrI394VFpoeiLLkDw0iKiu63PPRu3rZVUJRLv/2ubVWwXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMcB6F7GqgoUbIlW+dEBNydNrUk7MB8GA1UdIwQY
MBaAFIDfDL3VVx5YDqV+GKRAyivqSAb4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ044TXZkVlhIbGdPcFg0WXBFREtLLXBJQnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS85MjkxZTEtNTdjYS00YzI5LTllOTMt
YmQ3NWVmOWI1Nzk4LzEveHdIb1hzYXFDaFJzaVZiNTBRRTNKMDJ0U1RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS85MjkxZTEtNTdjYS00YzI5LTllOTMtYmQ3NWVmOWI1Nzk4
LzEvZ044TXZkVlhIbGdPcFg0WXBFREtLLXBJQnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubM4MA0G
CSqGSIb3DQEBCwUAA4IBAQBDUmHXoJ+uTSA3Gk6kDFjZ339J3NqThVii41LF2LhT
FGvElK3SnKxCie8NbIuBcSjAzW5u+XF35g+0ut9RZTAPuze4/syyw/ytOKkp/2li
o0BLqY2LERtkpm6qR9MTxVgNT3NpVgdqUrF7QMY/HGmCyWjTrmvl3HEiBAK7pfYr
VZ7+wBhLYiGJTtcgukhwsWL3ymsjY8NYlHo7eb9p3Dw74+iv2jmi9qwUXe9pi2G+
IyCJIUCGu+2Jd2tLd0KzacX08Kk/d87vPIkHHQtHWtBLCopJw7a9+HDsHAAOkwOZ
dSk0Pd5tg9+ZVwV4x8GaPC78nJmP0Fct/7rOAw5ccAlP
-----END CERTIFICATE-----