This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/xYOjGrtanKeGVZ1Pt7PD6O358Pk.roa
File:                     xYOjGrtanKeGVZ1Pt7PD6O358Pk.roa (raw, json)
Hash identifier:          x/lvRLnCd056xaDMO54C/xWo//QMs29fskT6KgX2F4k=
Subject key identifier:   C5:83:A3:1A:BB:5A:9C:A7:86:55:9D:4F:B7:B3:C3:E8:ED:F9:F0:F9
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       019B7EA697A5A47D6CFD597F99C372FB9792
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/xYOjGrtanKeGVZ1Pt7PD6O358Pk.roa
Signing time:             Fri 02 Jan 2026 12:20:05 +0000
ROA not before:           Fri 02 Jan 2026 12:20:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        46.20.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 07:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:97:a5:a4:7d:6c:fd:59:7f:99:c3:72:fb:97:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Jan  2 12:20:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c583a31abb5a9ca786559d4fb7b3c3e8edf9f0f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:cf:2e:b3:b4:2b:80:06:e0:d3:6b:02:b1:26:
                    b8:ce:7e:a4:7d:ad:c6:42:08:30:57:3b:dc:4c:9b:
                    f3:13:f3:64:bf:3b:05:a9:11:da:f0:2a:02:ca:d9:
                    64:e6:c4:f5:41:8d:83:11:63:b0:a8:c4:20:e4:69:
                    74:2f:c6:e2:ca:e7:63:ac:0e:13:88:6d:05:45:8b:
                    49:b9:ec:bf:a6:92:ae:8f:3f:fd:b4:ac:5d:2b:53:
                    27:7f:11:fe:4a:3c:06:e0:c0:8a:f5:20:b4:2e:c0:
                    bc:fd:ba:24:d0:13:c0:25:9c:bd:78:fb:9f:9e:07:
                    c2:c5:8a:35:d1:31:78:cd:37:89:91:d2:03:d8:01:
                    f4:c5:5a:62:43:ea:13:6f:93:f1:c0:73:df:8c:d3:
                    f6:a3:1b:f0:f5:de:d4:2b:5d:83:e9:60:94:a7:e9:
                    83:3b:9d:d9:e7:95:24:da:54:9b:ab:a8:c1:af:96:
                    bc:9d:76:0f:bd:2d:89:32:35:33:66:e8:ba:d6:89:
                    8f:59:e2:f5:bd:22:51:0f:4a:43:1d:86:70:03:dc:
                    7f:73:65:fa:01:d8:f7:23:d5:c9:af:73:56:ef:7c:
                    76:de:3c:7c:b9:53:c3:36:00:1f:b1:ba:24:06:fb:
                    b0:cc:7f:a4:4b:4d:27:5b:48:b6:bb:d1:de:3f:e3:
                    d6:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:83:A3:1A:BB:5A:9C:A7:86:55:9D:4F:B7:B3:C3:E8:ED:F9:F0:F9
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/xYOjGrtanKeGVZ1Pt7PD6O358Pk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:72:a8:a5:6e:d0:25:de:f9:c9:70:64:77:f9:bf:3c:5e:a3:
         36:f0:87:99:06:9b:54:57:39:62:a6:09:b1:fb:7e:d1:9c:87:
         c5:a2:9e:1f:51:38:2b:0d:9c:04:12:8c:f4:4a:04:ae:c1:56:
         35:ae:33:ff:7a:a7:00:c7:5a:e1:78:24:19:9d:fa:d3:ce:83:
         32:c0:a4:c8:72:f2:94:ea:a2:5c:2b:92:c9:a5:18:c0:84:55:
         27:26:7e:99:9c:d8:ee:b1:98:d5:73:bd:42:3d:ed:ac:92:76:
         b8:19:6c:1c:f0:0d:04:43:cf:69:7e:94:03:94:5d:7f:d1:96:
         f3:b4:00:31:cd:41:e5:8e:d5:be:97:ba:d8:23:59:90:71:9e:
         92:1e:52:ef:e9:dd:92:ac:83:58:5f:d0:43:b4:66:c4:21:54:
         52:ef:14:78:e0:ac:4e:ed:a0:94:17:97:24:63:07:8e:fb:30:
         e4:45:f3:89:80:d4:ef:68:32:4f:4d:14:8c:e8:fb:0d:42:4a:
         c8:28:72:a6:b6:e1:45:62:73:5c:4d:22:67:8e:f7:e8:a2:7e:
         69:17:95:22:d6:a0:8d:8b:81:57:7f:13:75:ca:69:77:50:f7:
         c9:b7:bd:75:a4:9c:12:ec:c0:df:5a:1f:ef:e6:cb:05:46:52:
         a8:64:b7:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+ppelpH1s/Vl/mcNy+5eSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjYwMTAyMTIyMDA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTgzYTMxYWJiNWE5Y2E3ODY1NTlkNGZiN2IzYzNlOGVkZjlmMGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5c8us7QrgAbg02sCsSa4zn6kfa3G
QggwVzvcTJvzE/NkvzsFqRHa8CoCytlk5sT1QY2DEWOwqMQg5Gl0L8biyudjrA4T
iG0FRYtJuey/ppKujz/9tKxdK1MnfxH+SjwG4MCK9SC0LsC8/bok0BPAJZy9ePuf
ngfCxYo10TF4zTeJkdID2AH0xVpiQ+oTb5PxwHPfjNP2oxvw9d7UK12D6WCUp+mD
O53Z55Uk2lSbq6jBr5a8nXYPvS2JMjUzZui61omPWeL1vSJRD0pDHYZwA9x/c2X6
Adj3I9XJr3NW73x23jx8uVPDNgAfsbokBvuwzH+kS00nW0i2u9HeP+PWzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWDoxq7WpynhlWdT7ezw+jt+fD5MB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEveFlPakdydGFuS2VHVloxUHQ3UEQ2TzM1OFBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhRhMA0G
CSqGSIb3DQEBCwUAA4IBAQCJcqilbtAl3vnJcGR3+b88XqM28IeZBptUVzlipgmx
+37RnIfFop4fUTgrDZwEEoz0SgSuwVY1rjP/eqcAx1rheCQZnfrTzoMywKTIcvKU
6qJcK5LJpRjAhFUnJn6ZnNjusZjVc71CPe2skna4GWwc8A0EQ89pfpQDlF1/0Zbz
tAAxzUHljtW+l7rYI1mQcZ6SHlLv6d2SrINYX9BDtGbEIVRS7xR44KxO7aCUF5ck
YweO+zDkRfOJgNTvaDJPTRSM6PsNQkrIKHKmtuFFYnNcTSJnjvfoon5pF5Ui1qCN
i4FXfxN1yml3UPfJt711pJwS7MDfWh/v5ssFRlKoZLcb
-----END CERTIFICATE-----