This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/5c92d1-41e5-443e-a250-01baf78ec73f/1/XiIDJMPchO2MVQJnr2v3LL6-fD0.roa
File:                     XiIDJMPchO2MVQJnr2v3LL6-fD0.roa (raw, json)
Hash identifier:          +0DK4fXLVL2er4TUt0Ah7Mip7BfbX2JKpUWdTlpILkM=
Subject key identifier:   5E:22:03:24:C3:DC:84:ED:8C:55:02:67:AF:6B:F7:2C:BE:BE:7C:3D
Certificate issuer:       /CN=b6321eebf4f95be9f81f0f233f89f3602d2f0074
Certificate serial:       019B7EA68DB58BB9B02B727310B8F72DEE0D
Authority key identifier: B6:32:1E:EB:F4:F9:5B:E9:F8:1F:0F:23:3F:89:F3:60:2D:2F:00:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tjIe6_T5W-n4Hw8jP4nzYC0vAHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/5c92d1-41e5-443e-a250-01baf78ec73f/1/XiIDJMPchO2MVQJnr2v3LL6-fD0.roa
Signing time:             Fri 02 Jan 2026 12:20:02 +0000
ROA not before:           Fri 02 Jan 2026 12:20:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39326
IP address blocks:        193.151.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/5c92d1-41e5-443e-a250-01baf78ec73f/1/tjIe6_T5W-n4Hw8jP4nzYC0vAHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/5c92d1-41e5-443e-a250-01baf78ec73f/1/tjIe6_T5W-n4Hw8jP4nzYC0vAHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tjIe6_T5W-n4Hw8jP4nzYC0vAHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:8d:b5:8b:b9:b0:2b:72:73:10:b8:f7:2d:ee:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6321eebf4f95be9f81f0f233f89f3602d2f0074
        Validity
            Not Before: Jan  2 12:20:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e220324c3dc84ed8c550267af6bf72cbebe7c3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:6a:d0:25:fa:03:e5:26:85:32:75:85:78:d7:
                    bc:23:10:f0:26:ae:81:6e:f4:4a:b5:28:56:61:13:
                    1b:46:e3:e5:db:06:15:07:91:4d:2b:a6:17:0f:a3:
                    38:10:d2:64:71:6c:49:d5:6f:a1:ac:42:2c:d5:3c:
                    aa:7f:58:60:6b:22:36:aa:6b:42:7e:e4:fc:7d:6d:
                    17:81:55:d8:80:19:c3:9f:75:e8:86:43:e7:da:ac:
                    be:21:00:58:4b:f7:20:7f:6d:44:7e:d0:2f:61:9b:
                    af:d8:89:57:9b:7b:38:f4:8c:dc:55:9c:1a:58:2b:
                    b6:82:2f:09:8b:ee:7d:ba:60:30:69:2c:c8:6d:54:
                    ec:da:5f:e4:33:72:df:88:95:e3:3a:a5:20:57:09:
                    e6:45:d5:0a:6c:2e:86:f1:4c:8c:24:d2:43:5f:8a:
                    52:a1:78:46:a5:cd:93:07:c0:bd:0e:53:81:1c:49:
                    c8:3d:ea:b2:b2:f4:a4:f7:5c:3e:cf:0e:77:4a:8b:
                    7c:ab:c9:e4:fd:e7:89:94:f8:99:a6:84:b6:c4:03:
                    69:58:e2:a8:77:b9:87:6b:3a:7a:a7:f1:f8:a1:06:
                    d5:63:39:22:b3:87:8a:33:83:85:07:4f:bc:af:f4:
                    cb:56:ef:e8:2a:d7:57:67:f8:36:c2:93:59:6c:12:
                    43:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:22:03:24:C3:DC:84:ED:8C:55:02:67:AF:6B:F7:2C:BE:BE:7C:3D
            X509v3 Authority Key Identifier:
                keyid:B6:32:1E:EB:F4:F9:5B:E9:F8:1F:0F:23:3F:89:F3:60:2D:2F:00:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tjIe6_T5W-n4Hw8jP4nzYC0vAHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5c92d1-41e5-443e-a250-01baf78ec73f/1/XiIDJMPchO2MVQJnr2v3LL6-fD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5c92d1-41e5-443e-a250-01baf78ec73f/1/tjIe6_T5W-n4Hw8jP4nzYC0vAHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:e3:12:27:d2:c6:1b:a8:d9:9c:70:12:b8:e9:59:4d:12:9e:
         66:e3:ba:fa:34:e5:fd:d9:25:62:00:52:65:6d:1c:17:cb:fd:
         10:f3:d7:c9:86:2e:e7:98:0c:a3:1a:48:6e:6f:ce:f3:a4:ac:
         d7:7c:ea:4e:12:fc:13:42:5d:de:80:a0:2b:b8:0e:d7:a1:67:
         dd:fc:25:f2:37:28:56:3f:f9:54:45:1a:3f:ea:33:7e:19:05:
         7f:b6:52:5b:67:9d:e4:e2:0a:76:c1:ac:2e:e5:82:83:f5:1b:
         6d:ce:86:25:b9:e1:5e:84:21:3f:49:9d:0f:0a:3f:15:05:f6:
         8c:84:00:14:35:d1:42:07:68:c2:e3:31:45:05:ac:a1:5c:10:
         c9:bd:89:cb:57:5f:12:70:fd:64:1d:5f:65:b7:07:e1:b3:d5:
         be:e3:14:c0:2e:d4:7c:db:4c:b8:24:7c:e4:44:71:6e:a2:65:
         26:ad:2c:b0:71:bf:cd:ee:73:59:0c:86:91:96:b5:9a:20:bc:
         a9:2c:bd:35:c1:d1:95:66:5c:87:5f:df:5b:d8:c3:9e:65:b0:
         c3:6a:9d:f0:9c:5d:c1:32:4d:58:7c:d9:10:58:c9:97:d5:eb:
         f2:ac:b8:63:79:2c:b4:e2:33:5f:dc:38:ed:5c:2a:f1:a4:91:
         a7:82:6a:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+po21i7mwK3JzELj3Le4NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MzIxZWViZjRmOTViZTlmODFmMGYyMzNmODlmMzYwMmQy
ZjAwNzQwHhcNMjYwMTAyMTIyMDAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTIyMDMyNGMzZGM4NGVkOGM1NTAyNjdhZjZiZjcyY2JlYmU3YzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8GrQJfoD5SaFMnWFeNe8IxDwJq6B
bvRKtShWYRMbRuPl2wYVB5FNK6YXD6M4ENJkcWxJ1W+hrEIs1Tyqf1hgayI2qmtC
fuT8fW0XgVXYgBnDn3XohkPn2qy+IQBYS/cgf21EftAvYZuv2IlXm3s49IzcVZwa
WCu2gi8Ji+59umAwaSzIbVTs2l/kM3LfiJXjOqUgVwnmRdUKbC6G8UyMJNJDX4pS
oXhGpc2TB8C9DlOBHEnIPeqysvSk91w+zw53Sot8q8nk/eeJlPiZpoS2xANpWOKo
d7mHazp6p/H4oQbVYzkis4eKM4OFB0+8r/TLVu/oKtdXZ/g2wpNZbBJD6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF4iAyTD3ITtjFUCZ69r9yy+vnw9MB8GA1UdIwQY
MBaAFLYyHuv0+Vvp+B8PIz+J82AtLwB0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGpJZTZfVDVXLW40SHc4alA0bnpZQzB2QUhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81YzkyZDEtNDFlNS00NDNlLWEyNTAt
MDFiYWY3OGVjNzNmLzEvWGlJREpNUGNoTzJNVlFKbnIydjNMTDYtZkQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi81YzkyZDEtNDFlNS00NDNlLWEyNTAtMDFiYWY3OGVjNzNm
LzEvdGpJZTZfVDVXLW40SHc4alA0bnpZQzB2QUhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZd8MA0G
CSqGSIb3DQEBCwUAA4IBAQAM4xIn0sYbqNmccBK46VlNEp5m47r6NOX92SViAFJl
bRwXy/0Q89fJhi7nmAyjGkhub87zpKzXfOpOEvwTQl3egKAruA7XoWfd/CXyNyhW
P/lURRo/6jN+GQV/tlJbZ53k4gp2wawu5YKD9RttzoYlueFehCE/SZ0PCj8VBfaM
hAAUNdFCB2jC4zFFBayhXBDJvYnLV18ScP1kHV9ltwfhs9W+4xTALtR820y4JHzk
RHFuomUmrSywcb/N7nNZDIaRlrWaILypLL01wdGVZlyHX99b2MOeZbDDap3wnF3B
Mk1YfNkQWMmX1evyrLhjeSy04jNf3DjtXCrxpJGngmqX
-----END CERTIFICATE-----