This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/2c53bd-4a19-4428-b550-1ea2a8ea1543/1/X6hEWLYEdEv1iSF-WMSAOFXzSHs.roa
File:                     X6hEWLYEdEv1iSF-WMSAOFXzSHs.roa (raw, json)
Hash identifier:          Nb+VgJ1DjsjNcMb5SIikOaRGsphDI/9jFMQHFL/7b9M=
Subject key identifier:   5F:A8:44:58:B6:04:74:4B:F5:89:21:7E:58:C4:80:38:55:F3:48:7B
Certificate issuer:       /CN=ae37cf4b1fd4ce56788ed80b7a2e11c61b456ab4
Certificate serial:       019B79EC355D68ED6559FA416CEAECF47D51
Authority key identifier: AE:37:CF:4B:1F:D4:CE:56:78:8E:D8:0B:7A:2E:11:C6:1B:45:6A:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rjfPSx_UzlZ4jtgLei4RxhtFarQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/2c53bd-4a19-4428-b550-1ea2a8ea1543/1/X6hEWLYEdEv1iSF-WMSAOFXzSHs.roa
Signing time:             Thu 01 Jan 2026 14:18:01 +0000
ROA not before:           Thu 01 Jan 2026 14:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29657
IP address blocks:        194.5.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/2c53bd-4a19-4428-b550-1ea2a8ea1543/1/rjfPSx_UzlZ4jtgLei4RxhtFarQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/2c53bd-4a19-4428-b550-1ea2a8ea1543/1/rjfPSx_UzlZ4jtgLei4RxhtFarQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rjfPSx_UzlZ4jtgLei4RxhtFarQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:35:5d:68:ed:65:59:fa:41:6c:ea:ec:f4:7d:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae37cf4b1fd4ce56788ed80b7a2e11c61b456ab4
        Validity
            Not Before: Jan  1 14:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5fa84458b604744bf589217e58c4803855f3487b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:05:59:4c:f0:0d:41:9d:b0:e1:cf:f6:bf:0a:
                    bf:2d:1d:e1:61:89:84:bd:b4:a5:ad:29:ba:79:1c:
                    f9:04:d5:97:a9:57:f6:07:eb:15:a5:71:0c:2b:0c:
                    a3:60:ed:ab:82:12:c0:a5:42:a7:ea:a6:fe:5c:27:
                    9d:d6:e9:70:b7:a1:b6:8a:0a:8c:b2:6e:e9:c0:ce:
                    92:df:4b:1c:75:9f:e3:ab:53:fb:f2:33:68:8f:bd:
                    8a:45:d1:c9:dd:2a:d8:50:fa:ed:ca:0a:db:ce:73:
                    73:77:c3:77:47:3d:4d:91:ad:b9:98:f0:06:9b:ed:
                    fc:1a:98:7f:ac:be:91:d7:04:b3:34:54:fb:70:04:
                    e5:53:75:39:bc:3f:7a:05:4a:9c:4f:84:47:56:66:
                    1e:91:10:dc:72:0e:5b:74:7e:a5:d2:1b:c2:7f:f5:
                    0f:4b:a1:e7:ae:ef:78:ae:b4:48:c4:79:10:07:0d:
                    7e:2f:88:b6:73:8a:20:2c:7d:c9:65:a6:f5:30:99:
                    89:39:cb:94:39:5d:6b:da:ee:f0:0e:30:f1:11:6e:
                    08:a6:6a:de:3f:a5:17:0d:c0:5a:38:47:64:c7:85:
                    8c:8d:4c:e4:c9:fb:30:12:32:dc:79:9e:97:b9:b4:
                    12:b4:6d:63:eb:d3:cf:76:05:44:a3:0a:1b:da:46:
                    20:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:A8:44:58:B6:04:74:4B:F5:89:21:7E:58:C4:80:38:55:F3:48:7B
            X509v3 Authority Key Identifier:
                keyid:AE:37:CF:4B:1F:D4:CE:56:78:8E:D8:0B:7A:2E:11:C6:1B:45:6A:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rjfPSx_UzlZ4jtgLei4RxhtFarQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/2c53bd-4a19-4428-b550-1ea2a8ea1543/1/X6hEWLYEdEv1iSF-WMSAOFXzSHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/2c53bd-4a19-4428-b550-1ea2a8ea1543/1/rjfPSx_UzlZ4jtgLei4RxhtFarQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:44:d5:f6:69:b8:f2:74:b5:4d:29:35:22:4b:dc:dc:21:ad:
         eb:c5:59:d5:76:07:e0:65:59:8e:fd:06:82:0b:f2:d5:e1:28:
         46:aa:0a:ab:a5:f0:2c:f9:f9:09:09:65:55:59:b4:29:e3:11:
         86:98:74:cb:af:dd:0e:6e:8c:b9:0b:fe:3a:49:0f:87:c1:16:
         7d:b3:8e:19:2e:56:22:b2:e8:57:86:65:f4:71:be:dc:a0:69:
         fa:dd:3a:48:c4:89:38:05:c9:3b:29:ee:2d:0d:fc:f5:d5:8e:
         59:f3:26:86:42:af:3b:f4:5c:3e:22:7f:46:16:5b:d4:75:fb:
         56:e9:ad:d9:20:aa:bb:7e:30:0e:bb:82:99:6c:20:15:a2:7b:
         5b:64:c8:cf:89:9b:df:a2:05:ae:db:a1:b6:8a:e2:96:c4:a6:
         6d:8a:3d:90:a7:72:9a:1f:e0:90:00:1b:98:46:3c:16:86:77:
         95:b7:d6:c8:4a:fa:07:d9:6e:88:54:dd:0d:20:00:86:75:74:
         47:94:cf:5d:06:14:00:a2:10:a6:84:56:54:aa:28:98:4e:3a:
         d9:e7:53:b2:6c:f8:b5:14:0e:e4:27:24:8c:ac:ba:26:81:52:
         e4:da:5f:34:f4:aa:45:45:b8:56:bd:4e:e4:c6:eb:49:78:10:
         d2:e8:4f:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57DVdaO1lWfpBbOrs9H1RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlMzdjZjRiMWZkNGNlNTY3ODhlZDgwYjdhMmUxMWM2MWI0
NTZhYjQwHhcNMjYwMTAxMTQxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmE4NDQ1OGI2MDQ3NDRiZjU4OTIxN2U1OGM0ODAzODU1ZjM0ODdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAVZTPANQZ2w4c/2vwq/LR3hYYmE
vbSlrSm6eRz5BNWXqVf2B+sVpXEMKwyjYO2rghLApUKn6qb+XCed1ulwt6G2igqM
sm7pwM6S30scdZ/jq1P78jNoj72KRdHJ3SrYUPrtygrbznNzd8N3Rz1Nka25mPAG
m+38Gph/rL6R1wSzNFT7cATlU3U5vD96BUqcT4RHVmYekRDccg5bdH6l0hvCf/UP
S6Hnru94rrRIxHkQBw1+L4i2c4ogLH3JZab1MJmJOcuUOV1r2u7wDjDxEW4Ipmre
P6UXDcBaOEdkx4WMjUzkyfswEjLceZ6XubQStG1j69PPdgVEowob2kYgCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+oRFi2BHRL9YkhfljEgDhV80h7MB8GA1UdIwQY
MBaAFK43z0sf1M5WeI7YC3ouEcYbRWq0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmpmUFN4X1V6bFo0anRnTGVpNFJ4aHRGYXJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8yYzUzYmQtNGExOS00NDI4LWI1NTAt
MWVhMmE4ZWExNTQzLzEvWDZoRVdMWUVkRXYxaVNGLVdNU0FPRlh6U0hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8yYzUzYmQtNGExOS00NDI4LWI1NTAtMWVhMmE4ZWExNTQz
LzEvcmpmUFN4X1V6bFo0anRnTGVpNFJ4aHRGYXJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgVaMA0G
CSqGSIb3DQEBCwUAA4IBAQAQRNX2abjydLVNKTUiS9zcIa3rxVnVdgfgZVmO/QaC
C/LV4ShGqgqrpfAs+fkJCWVVWbQp4xGGmHTLr90Oboy5C/46SQ+HwRZ9s44ZLlYi
suhXhmX0cb7coGn63TpIxIk4Bck7Ke4tDfz11Y5Z8yaGQq879Fw+In9GFlvUdftW
6a3ZIKq7fjAOu4KZbCAVontbZMjPiZvfogWu26G2iuKWxKZtij2Qp3KaH+CQABuY
RjwWhneVt9bISvoH2W6IVN0NIACGdXRHlM9dBhQAohCmhFZUqiiYTjrZ51OybPi1
FA7kJySMrLomgVLk2l809KpFRbhWvU7kxutJeBDS6E+8
-----END CERTIFICATE-----