This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/XjjwvZsrXx6sUtsiWwMw-1uwefI.roa
File:                     XjjwvZsrXx6sUtsiWwMw-1uwefI.roa (raw, json)
Hash identifier:          RD/89w2/8ZIshxnP3ME483+xP0ONXiXxPqHiP1Ie+hY=
Subject key identifier:   5E:38:F0:BD:9B:2B:5F:1E:AC:52:DB:22:5B:03:30:FB:5B:B0:79:F2
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       019B7DC8ACDF88890E8E6F9BDC15D79B8652
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/XjjwvZsrXx6sUtsiWwMw-1uwefI.roa
Signing time:             Fri 02 Jan 2026 08:17:42 +0000
ROA not before:           Fri 02 Jan 2026 08:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401838
IP address blocks:        141.226.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c8:ac:df:88:89:0e:8e:6f:9b:dc:15:d7:9b:86:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Jan  2 08:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e38f0bd9b2b5f1eac52db225b0330fb5bb079f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:1d:5e:b1:b1:a1:fa:4d:21:6f:9e:53:c2:66:
                    01:e6:73:a0:91:d2:d9:62:4a:49:50:4b:7c:97:09:
                    8b:1d:6f:87:c3:56:65:b3:f4:3a:ee:0c:8a:e8:87:
                    e4:f0:f4:86:b7:fa:33:e0:88:57:35:5b:e8:a3:70:
                    3b:ae:a9:2c:6f:4e:e6:e9:72:a5:eb:07:bc:90:9d:
                    70:af:74:72:66:4d:fa:b1:4e:93:c8:f3:8f:2b:c9:
                    79:6f:65:51:21:b8:c2:22:dc:4e:06:c2:2e:3a:9c:
                    ce:f9:cc:5d:a8:93:e9:a3:b3:36:f8:ed:1d:35:8d:
                    dd:78:ae:a9:3d:e3:d0:93:cb:5f:2e:08:84:a8:3a:
                    74:0b:ff:83:f3:56:89:2b:d2:8f:39:e8:08:49:59:
                    e8:dd:9a:fa:31:5b:aa:7c:ba:4a:92:c9:f6:48:fc:
                    50:3f:22:eb:45:c2:93:dc:e9:d3:fe:39:51:30:3a:
                    be:17:61:9b:20:05:34:55:49:10:1d:96:2f:e4:f9:
                    c4:5f:37:a1:a2:d1:ae:01:20:0a:11:dc:88:94:14:
                    f9:5a:86:a7:ba:c7:26:e8:16:e0:1b:6a:e9:ba:be:
                    cf:d6:e8:7c:6c:45:41:79:df:52:6b:52:81:a3:27:
                    8b:f1:13:34:c1:37:29:b2:74:82:95:d8:71:b3:69:
                    a5:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:38:F0:BD:9B:2B:5F:1E:AC:52:DB:22:5B:03:30:FB:5B:B0:79:F2
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/XjjwvZsrXx6sUtsiWwMw-1uwefI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.226.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:43:54:54:f9:f2:70:4e:6a:26:94:c9:62:1e:6c:0b:60:e0:
         16:5c:46:cc:77:45:1d:b8:0d:c4:43:e5:af:8c:85:e4:1c:5d:
         ce:76:6c:ab:de:5c:83:c8:fd:e5:71:4e:8f:53:9b:9e:31:ff:
         b4:d4:0d:c5:44:8b:91:99:94:62:b7:dd:d5:6b:51:05:57:67:
         23:c7:8e:78:de:92:52:55:66:40:f6:cf:22:ff:e6:73:20:4b:
         c5:7d:2e:5b:4b:4d:bf:09:b5:33:e1:8a:6f:48:c7:60:1f:ec:
         f0:b6:f9:c3:75:54:11:51:5f:b7:6b:ed:54:4e:ff:81:e3:5f:
         3d:24:f1:ac:cd:c8:e4:a1:4f:46:e1:40:7a:9b:b0:dc:9a:cd:
         b5:3d:5c:a9:8a:4b:d2:cf:6f:ad:aa:52:7a:90:b6:ec:7f:f2:
         45:bb:68:f5:60:2c:7e:71:d4:12:1c:3d:ac:bf:c0:f4:bf:fd:
         03:3f:8e:07:88:ad:4b:8e:38:9f:71:e3:c6:fa:11:8d:c0:6d:
         d7:9e:eb:26:5d:7f:11:a6:8d:55:96:d6:d5:3b:3b:06:3a:a6:
         3d:af:e5:1b:ee:22:76:1e:c5:52:32:d2:36:2e:47:6f:17:eb:
         64:af:33:ea:84:c6:0e:df:2c:14:ca:a9:50:f0:a9:dd:bb:e6:
         29:44:0c:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yKzfiIkOjm+b3BXXm4ZSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjYwMTAyMDgxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTM4ZjBiZDliMmI1ZjFlYWM1MmRiMjI1YjAzMzBmYjViYjA3OWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqx1esbGh+k0hb55TwmYB5nOgkdLZ
YkpJUEt8lwmLHW+Hw1Zls/Q67gyK6Ifk8PSGt/oz4IhXNVvoo3A7rqksb07m6XKl
6we8kJ1wr3RyZk36sU6TyPOPK8l5b2VRIbjCItxOBsIuOpzO+cxdqJPpo7M2+O0d
NY3deK6pPePQk8tfLgiEqDp0C/+D81aJK9KPOegISVno3Zr6MVuqfLpKksn2SPxQ
PyLrRcKT3OnT/jlRMDq+F2GbIAU0VUkQHZYv5PnEXzehotGuASAKEdyIlBT5Woan
uscm6BbgG2rpur7P1uh8bEVBed9Sa1KBoyeL8RM0wTcpsnSCldhxs2mlUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF448L2bK18erFLbIlsDMPtbsHnyMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvWGpqd3Zac3JYeDZzVXRzaVd3TXctMXV3ZWZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjeLzMA0G
CSqGSIb3DQEBCwUAA4IBAQB1Q1RU+fJwTmomlMliHmwLYOAWXEbMd0UduA3EQ+Wv
jIXkHF3Odmyr3lyDyP3lcU6PU5ueMf+01A3FRIuRmZRit93Va1EFV2cjx4543pJS
VWZA9s8i/+ZzIEvFfS5bS02/CbUz4YpvSMdgH+zwtvnDdVQRUV+3a+1UTv+B4189
JPGszcjkoU9G4UB6m7Dcms21PVypikvSz2+tqlJ6kLbsf/JFu2j1YCx+cdQSHD2s
v8D0v/0DP44HiK1LjjifcePG+hGNwG3XnusmXX8Rpo1VltbVOzsGOqY9r+Ub7iJ2
HsVSMtI2LkdvF+tkrzPqhMYO3ywUyqlQ8Kndu+YpRAw+
-----END CERTIFICATE-----