This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/1bac01-212c-4f4c-8d3a-65257b1fec6d/1/xCA0Tyr9gAJcBb_aRk9f4_-65Hw.roa
File:                     xCA0Tyr9gAJcBb_aRk9f4_-65Hw.roa (raw, json)
Hash identifier:          vLJiM8h1yXdHJ3CZa6/nqFa+H4CdzM6jrN7A815VTRI=
Subject key identifier:   C4:20:34:4F:2A:FD:80:02:5C:05:BF:DA:46:4F:5F:E3:FF:BA:E4:7C
Certificate issuer:       /CN=93077a997c95bd01a64d408afcf554d88b4db5e5
Certificate serial:       019B77591DE66CCCFC558938844449F6E131
Authority key identifier: 93:07:7A:99:7C:95:BD:01:A6:4D:40:8A:FC:F5:54:D8:8B:4D:B5:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kwd6mXyVvQGmTUCK_PVU2ItNteU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/1bac01-212c-4f4c-8d3a-65257b1fec6d/1/xCA0Tyr9gAJcBb_aRk9f4_-65Hw.roa
Signing time:             Thu 01 Jan 2026 02:18:07 +0000
ROA not before:           Thu 01 Jan 2026 02:18:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21100
IP address blocks:        193.161.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/1bac01-212c-4f4c-8d3a-65257b1fec6d/1/kwd6mXyVvQGmTUCK_PVU2ItNteU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/1bac01-212c-4f4c-8d3a-65257b1fec6d/1/kwd6mXyVvQGmTUCK_PVU2ItNteU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kwd6mXyVvQGmTUCK_PVU2ItNteU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 05:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:1d:e6:6c:cc:fc:55:89:38:84:44:49:f6:e1:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93077a997c95bd01a64d408afcf554d88b4db5e5
        Validity
            Not Before: Jan  1 02:18:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c420344f2afd80025c05bfda464f5fe3ffbae47c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:5b:c7:95:19:65:35:22:44:cd:41:59:bc:11:
                    34:1e:df:f4:0d:c9:6b:3a:61:07:72:21:7c:4e:9b:
                    bd:98:ac:29:7d:17:56:30:56:6c:a8:ea:d7:16:fa:
                    10:70:85:20:c3:93:ff:82:db:40:df:30:c2:c4:c6:
                    7e:56:47:68:9a:93:64:35:cc:52:a8:28:d9:e0:39:
                    ff:a8:c7:c8:85:67:ea:7b:74:19:fc:53:c9:24:98:
                    cb:9b:28:a5:8b:1b:a3:90:a7:25:3a:e9:02:69:43:
                    35:8f:06:24:4f:26:4c:c4:ca:ec:35:13:de:9e:3c:
                    f6:38:a9:aa:1d:22:5d:c5:30:ef:e3:47:87:3b:ee:
                    01:31:e6:c7:da:93:b7:68:e4:96:12:52:4b:c9:b0:
                    c6:6b:06:67:c6:b3:7d:f8:6f:4b:b3:50:58:ff:1b:
                    26:11:85:90:1a:a4:48:da:39:80:f3:80:05:57:98:
                    63:2c:07:c9:cb:e9:e1:a6:6b:e8:c1:5c:58:35:bf:
                    5f:32:e8:e4:d5:a9:1f:31:e0:73:3e:de:83:53:aa:
                    6b:e4:30:75:02:f3:0d:14:6d:4f:83:31:0f:5a:bd:
                    56:ef:a1:5f:02:8b:09:94:fb:e8:51:bd:9c:df:4a:
                    54:75:32:3e:69:ac:f2:07:5f:b9:24:9a:95:73:aa:
                    fc:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:20:34:4F:2A:FD:80:02:5C:05:BF:DA:46:4F:5F:E3:FF:BA:E4:7C
            X509v3 Authority Key Identifier:
                keyid:93:07:7A:99:7C:95:BD:01:A6:4D:40:8A:FC:F5:54:D8:8B:4D:B5:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kwd6mXyVvQGmTUCK_PVU2ItNteU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/1bac01-212c-4f4c-8d3a-65257b1fec6d/1/xCA0Tyr9gAJcBb_aRk9f4_-65Hw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/1bac01-212c-4f4c-8d3a-65257b1fec6d/1/kwd6mXyVvQGmTUCK_PVU2ItNteU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.161.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:cc:be:89:13:b0:e2:88:77:f0:03:3b:f8:2d:63:94:d9:a7:
         5c:a6:bb:d3:ca:c6:71:2f:c5:7b:00:fa:00:bc:73:b1:8a:2e:
         71:21:5b:e4:ae:99:d2:ab:cf:7f:b6:17:8e:82:90:9e:8e:8a:
         6d:25:7f:bb:e9:e5:c6:93:8d:b7:4d:3d:08:a2:2e:91:9a:ad:
         8c:0e:9e:89:87:f2:80:6d:ee:91:ea:09:ec:54:b7:09:b7:0d:
         55:69:a7:e1:25:4e:00:08:d4:f8:56:88:b4:de:0d:c3:37:bb:
         49:60:0f:5e:51:34:3c:88:49:20:13:64:46:30:0e:b4:b4:5a:
         3d:bb:cc:eb:d9:ae:ac:2a:cb:5b:53:96:39:d3:2b:60:d3:1a:
         d8:30:36:d8:de:45:8d:db:f8:ff:47:b8:01:db:b0:7f:4a:a2:
         5b:d8:10:b2:47:41:95:24:a8:de:71:f8:c5:d7:84:e9:43:58:
         7e:2b:bd:35:58:c4:8d:35:1a:0c:5a:9e:32:4a:e1:d3:3b:42:
         32:e7:c5:3e:b6:0a:0a:8a:d9:8a:b6:f6:03:65:ba:51:a3:84:
         87:ce:80:c2:c4:a8:cc:5a:15:9d:8b:f1:52:7a:29:e7:96:3a:
         13:ef:50:e4:4e:f1:f3:c7:eb:ba:6c:4d:0a:c6:e4:61:1c:e5:
         10:16:d6:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WR3mbMz8VYk4hERJ9uExMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMDc3YTk5N2M5NWJkMDFhNjRkNDA4YWZjZjU1NGQ4OGI0
ZGI1ZTUwHhcNMjYwMTAxMDIxODA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDIwMzQ0ZjJhZmQ4MDAyNWMwNWJmZGE0NjRmNWZlM2ZmYmFlNDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1vHlRllNSJEzUFZvBE0Ht/0Dclr
OmEHciF8Tpu9mKwpfRdWMFZsqOrXFvoQcIUgw5P/gttA3zDCxMZ+VkdompNkNcxS
qCjZ4Dn/qMfIhWfqe3QZ/FPJJJjLmyilixujkKclOukCaUM1jwYkTyZMxMrsNRPe
njz2OKmqHSJdxTDv40eHO+4BMebH2pO3aOSWElJLybDGawZnxrN9+G9Ls1BY/xsm
EYWQGqRI2jmA84AFV5hjLAfJy+nhpmvowVxYNb9fMujk1akfMeBzPt6DU6pr5DB1
AvMNFG1PgzEPWr1W76FfAosJlPvoUb2c30pUdTI+aazyB1+5JJqVc6r8RwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQgNE8q/YACXAW/2kZPX+P/uuR8MB8GA1UdIwQY
MBaAFJMHepl8lb0Bpk1Aivz1VNiLTbXlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3dkNm1YeVZ2UUdtVFVDS19QVlUySXROdGVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8xYmFjMDEtMjEyYy00ZjRjLThkM2Et
NjUyNTdiMWZlYzZkLzEveENBMFR5cjlnQUpjQmJfYVJrOWY0Xy02NUh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8xYmFjMDEtMjEyYy00ZjRjLThkM2EtNjUyNTdiMWZlYzZk
LzEva3dkNm1YeVZ2UUdtVFVDS19QVlUySXROdGVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaHKMA0G
CSqGSIb3DQEBCwUAA4IBAQB0zL6JE7DiiHfwAzv4LWOU2adcprvTysZxL8V7APoA
vHOxii5xIVvkrpnSq89/theOgpCejoptJX+76eXGk423TT0Ioi6Rmq2MDp6Jh/KA
be6R6gnsVLcJtw1VaafhJU4ACNT4Voi03g3DN7tJYA9eUTQ8iEkgE2RGMA60tFo9
u8zr2a6sKstbU5Y50ytg0xrYMDbY3kWN2/j/R7gB27B/SqJb2BCyR0GVJKjecfjF
14TpQ1h+K701WMSNNRoMWp4ySuHTO0Iy58U+tgoKitmKtvYDZbpRo4SHzoDCxKjM
WhWdi/FSeinnljoT71DkTvHzx+u6bE0KxuRhHOUQFtYo
-----END CERTIFICATE-----