This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/8c9f19-a700-4832-be21-b0d5e8be853c/1/xu9m0hgW8GLJqqV5sAEGFCWL3iM.roa
File:                     xu9m0hgW8GLJqqV5sAEGFCWL3iM.roa (raw, json)
Hash identifier:          jbb1Ol93Bc4F6xDnWgQv6CKjC8B2J+BLxGOlCtqLSLk=
Subject key identifier:   C6:EF:66:D2:18:16:F0:62:C9:AA:A5:79:B0:01:06:14:25:8B:DE:23
Certificate issuer:       /CN=e4457636e5ad66e1f0fbb2c10df29095e63e992f
Certificate serial:       019B78A215C37CB4195C953E53E326F005B5
Authority key identifier: E4:45:76:36:E5:AD:66:E1:F0:FB:B2:C1:0D:F2:90:95:E6:3E:99:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5EV2NuWtZuHw-7LBDfKQleY-mS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/8c9f19-a700-4832-be21-b0d5e8be853c/1/xu9m0hgW8GLJqqV5sAEGFCWL3iM.roa
Signing time:             Thu 01 Jan 2026 08:17:26 +0000
ROA not before:           Thu 01 Jan 2026 08:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210780
IP address blocks:        185.252.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/8c9f19-a700-4832-be21-b0d5e8be853c/1/5EV2NuWtZuHw-7LBDfKQleY-mS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/8c9f19-a700-4832-be21-b0d5e8be853c/1/5EV2NuWtZuHw-7LBDfKQleY-mS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5EV2NuWtZuHw-7LBDfKQleY-mS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:15:c3:7c:b4:19:5c:95:3e:53:e3:26:f0:05:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4457636e5ad66e1f0fbb2c10df29095e63e992f
        Validity
            Not Before: Jan  1 08:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c6ef66d21816f062c9aaa579b0010614258bde23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:40:38:68:d1:da:04:70:87:fd:79:a6:69:93:
                    da:b3:02:9f:f9:4c:9f:7f:86:d8:a3:65:d2:76:44:
                    cf:73:2e:37:09:5e:ee:6f:47:b1:a5:f9:da:7e:58:
                    8a:dd:e2:31:3a:41:70:b1:b3:ab:04:0f:62:6e:dc:
                    0f:e0:1c:43:44:af:3e:c4:c6:3c:fa:0e:3a:e5:90:
                    bd:48:b8:03:8a:5e:dd:38:94:98:18:b8:47:6e:63:
                    1e:20:e9:c7:d8:63:c4:cc:0e:ae:89:74:3d:07:a1:
                    fa:22:64:4f:f9:b8:07:9b:3d:9f:ef:a2:0b:90:e5:
                    cb:81:05:9c:31:04:20:1f:82:6e:b1:37:ba:4d:7b:
                    7e:1e:a2:1b:14:22:0e:38:61:7b:a4:9f:69:0d:49:
                    cf:28:72:cd:ae:ed:eb:09:81:82:63:c0:a0:4e:c8:
                    7c:32:40:71:f4:86:a5:db:b4:5b:c8:68:fc:71:b1:
                    25:ae:09:8e:ef:8a:8c:9e:d1:d3:61:d8:2f:8c:9d:
                    b6:9b:10:8b:77:cd:ec:34:b2:5a:f1:1e:7a:bd:4f:
                    67:bd:c6:f8:6c:fa:6f:f8:a3:ad:42:09:54:71:d7:
                    c2:0d:83:a0:96:12:53:d1:a3:fc:20:37:50:eb:6b:
                    b5:06:f4:24:38:27:7b:b2:9d:03:ee:62:fd:87:44:
                    67:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:EF:66:D2:18:16:F0:62:C9:AA:A5:79:B0:01:06:14:25:8B:DE:23
            X509v3 Authority Key Identifier:
                keyid:E4:45:76:36:E5:AD:66:E1:F0:FB:B2:C1:0D:F2:90:95:E6:3E:99:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5EV2NuWtZuHw-7LBDfKQleY-mS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/8c9f19-a700-4832-be21-b0d5e8be853c/1/xu9m0hgW8GLJqqV5sAEGFCWL3iM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/8c9f19-a700-4832-be21-b0d5e8be853c/1/5EV2NuWtZuHw-7LBDfKQleY-mS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:67:03:96:d8:b8:e7:c1:55:3c:cc:50:b2:9e:ae:b4:09:6a:
         d1:8a:51:f7:24:8d:6e:03:a6:8a:84:cf:c5:6e:5e:27:a5:50:
         0c:42:0f:ff:6e:79:6b:3b:f5:74:f3:86:8d:b4:81:97:02:30:
         b0:af:d4:0c:de:67:30:d7:33:69:14:d3:8e:e3:de:f4:04:ae:
         46:64:dc:19:6d:52:c1:ca:10:45:54:e0:1b:35:e1:f9:da:8c:
         8f:98:05:e7:1e:b4:f4:10:1d:7e:a8:cd:1a:17:84:87:6f:04:
         bc:a1:1c:d1:ad:ca:bf:8b:69:63:c1:4c:01:1b:b3:57:8b:4c:
         6e:d7:c0:56:fc:89:01:30:b7:92:6e:ad:f3:80:84:59:d3:9c:
         fa:2e:08:bf:e1:56:52:e5:b5:89:4d:26:c1:d8:06:e4:ff:25:
         19:63:d8:32:9a:0f:d0:a9:5d:0d:a1:9c:fc:0c:d8:18:1b:a8:
         4c:66:c3:35:e9:08:f6:5a:a1:6c:3c:a2:62:9a:ce:c8:76:a6:
         1f:14:28:4f:c5:53:60:b5:a3:07:0b:52:27:d4:13:e6:3b:ea:
         41:61:8d:ab:1f:4b:8d:df:83:9a:83:20:ff:dc:73:69:b9:34:
         5c:f2:96:14:c8:1d:27:b5:a9:97:b5:18:cd:2c:fe:43:c8:13:
         6c:76:8a:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4ohXDfLQZXJU+U+Mm8AW1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0NDU3NjM2ZTVhZDY2ZTFmMGZiYjJjMTBkZjI5MDk1ZTYz
ZTk5MmYwHhcNMjYwMTAxMDgxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmVmNjZkMjE4MTZmMDYyYzlhYWE1NzliMDAxMDYxNDI1OGJkZTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0A4aNHaBHCH/XmmaZPaswKf+Uyf
f4bYo2XSdkTPcy43CV7ub0expfnafliK3eIxOkFwsbOrBA9ibtwP4BxDRK8+xMY8
+g465ZC9SLgDil7dOJSYGLhHbmMeIOnH2GPEzA6uiXQ9B6H6ImRP+bgHmz2f76IL
kOXLgQWcMQQgH4JusTe6TXt+HqIbFCIOOGF7pJ9pDUnPKHLNru3rCYGCY8CgTsh8
MkBx9Ial27RbyGj8cbElrgmO74qMntHTYdgvjJ22mxCLd83sNLJa8R56vU9nvcb4
bPpv+KOtQglUcdfCDYOglhJT0aP8IDdQ62u1BvQkOCd7sp0D7mL9h0Rn9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMbvZtIYFvBiyaqlebABBhQli94jMB8GA1UdIwQY
MBaAFORFdjblrWbh8PuywQ3ykJXmPpkvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUVWMk51V3RadUh3LTdMQkRmS1FsZVktbVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS84YzlmMTktYTcwMC00ODMyLWJlMjEt
YjBkNWU4YmU4NTNjLzEveHU5bTBoZ1c4R0xKcXFWNXNBRUdGQ1dMM2lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS84YzlmMTktYTcwMC00ODMyLWJlMjEtYjBkNWU4YmU4NTNj
LzEvNUVWMk51V3RadUh3LTdMQkRmS1FsZVktbVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufzWMA0G
CSqGSIb3DQEBCwUAA4IBAQB5ZwOW2LjnwVU8zFCynq60CWrRilH3JI1uA6aKhM/F
bl4npVAMQg//bnlrO/V084aNtIGXAjCwr9QM3mcw1zNpFNOO4970BK5GZNwZbVLB
yhBFVOAbNeH52oyPmAXnHrT0EB1+qM0aF4SHbwS8oRzRrcq/i2ljwUwBG7NXi0xu
18BW/IkBMLeSbq3zgIRZ05z6Lgi/4VZS5bWJTSbB2Abk/yUZY9gymg/QqV0NoZz8
DNgYG6hMZsM16Qj2WqFsPKJims7IdqYfFChPxVNgtaMHC1In1BPmO+pBYY2rH0uN
34OagyD/3HNpuTRc8pYUyB0ntamXtRjNLP5DyBNsdorJ
-----END CERTIFICATE-----