This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/Xp1cuH5GckRebQbl04bBVOXl9c0.roa
File:                     Xp1cuH5GckRebQbl04bBVOXl9c0.roa (raw, json)
Hash identifier:          G9DoetqG3+uFPEjScRTeA6vdZfkVk+8JEJjCMtB7vJ4=
Subject key identifier:   5E:9D:5C:B8:7E:46:72:44:5E:6D:06:E5:D3:86:C1:54:E5:E5:F5:CD
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       019B7B362F2231B4819A14DFEB4FE0FE6E9C
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/Xp1cuH5GckRebQbl04bBVOXl9c0.roa
Signing time:             Thu 01 Jan 2026 20:18:27 +0000
ROA not before:           Thu 01 Jan 2026 20:18:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61317
IP address blocks:        91.103.124.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 05:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:2f:22:31:b4:81:9a:14:df:eb:4f:e0:fe:6e:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Jan  1 20:18:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e9d5cb87e4672445e6d06e5d386c154e5e5f5cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:0a:37:e7:3d:fe:e1:d9:5f:bd:8c:97:e0:b3:
                    a4:bc:b6:35:9a:fd:42:1a:6b:22:a4:8b:53:3b:ed:
                    ab:2c:f4:05:de:d7:59:48:c0:f0:d3:0e:48:99:be:
                    a2:54:9a:cc:2b:22:fe:1c:6b:91:70:7b:5a:9c:7a:
                    a9:7e:83:71:12:ca:61:e8:96:28:71:59:5a:e3:52:
                    a1:f1:72:59:a9:d8:15:9b:eb:b8:d5:14:9d:d1:c0:
                    0f:69:60:a3:4f:07:b3:10:e9:fb:98:ec:7b:86:39:
                    bd:89:95:21:c4:a5:40:a5:c6:63:aa:f3:48:e7:55:
                    de:21:8d:b1:5f:68:3c:a6:99:d6:1c:d2:e8:0a:50:
                    09:5d:7a:22:e7:93:b4:87:34:6b:b7:fc:5c:8f:3c:
                    89:2d:b6:85:cc:29:7a:52:6f:ea:fe:48:b3:ee:5b:
                    9a:56:d5:11:49:4a:e3:49:82:08:dd:43:c5:60:33:
                    3f:5d:1c:6e:df:66:62:6d:34:fe:2c:39:52:dd:23:
                    3f:71:52:20:fb:db:28:28:d4:94:34:a4:a5:31:05:
                    83:cb:07:7f:a2:83:55:a1:83:83:0b:08:67:c0:34:
                    d0:3e:a8:0c:87:75:01:be:b9:c2:3c:0b:de:24:2d:
                    d9:f6:75:ad:bf:a5:1c:6e:bb:44:0d:f5:f0:37:89:
                    9b:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:9D:5C:B8:7E:46:72:44:5E:6D:06:E5:D3:86:C1:54:E5:E5:F5:CD
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/Xp1cuH5GckRebQbl04bBVOXl9c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:f9:ea:36:89:b9:00:f3:61:22:15:8b:46:ed:88:a8:a6:dd:
         c9:ae:58:f9:fd:1a:15:a6:0e:ca:a5:91:de:75:0b:f1:80:1a:
         4b:ed:b3:ee:6c:eb:0a:5c:15:0f:b1:0e:0c:69:c1:4f:f5:dd:
         3f:07:b4:01:26:f5:32:0e:ce:12:fa:8d:3a:6c:61:28:67:d7:
         14:3e:95:93:bb:05:f7:10:97:1d:8c:66:ef:9a:a4:45:73:e2:
         47:c6:3e:d2:be:ad:b8:51:68:86:b1:66:88:8b:cd:1d:f8:26:
         0d:1d:8d:f3:16:5c:d4:d3:15:90:5a:88:fd:bb:f5:46:08:c1:
         ee:d6:f2:af:83:24:d3:f3:6f:d9:c7:48:d5:23:c7:a5:2a:7d:
         60:39:3c:5f:3e:6b:20:f1:91:24:a6:cf:6d:93:ee:e7:b2:f0:
         48:c1:74:49:9e:8a:80:b6:d9:66:1a:10:02:df:76:e9:59:f6:
         d9:37:fd:5c:12:91:2b:8b:43:2f:71:68:7d:40:ee:ed:a4:8b:
         f0:02:8b:e2:f1:00:9a:4a:af:d3:ad:97:e3:8d:44:a0:44:f1:
         80:cc:8c:43:fd:c2:ba:ef:71:d4:b5:04:bd:13:1a:c1:a3:e4:
         de:bb:9a:6e:5b:55:19:ff:e7:89:bd:0b:97:5c:90:f6:3b:9d:
         12:c9:13:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Ni8iMbSBmhTf60/g/m6cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjYwMTAxMjAxODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTlkNWNiODdlNDY3MjQ0NWU2ZDA2ZTVkMzg2YzE1NGU1ZTVmNWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAo35z3+4dlfvYyX4LOkvLY1mv1C
GmsipItTO+2rLPQF3tdZSMDw0w5Imb6iVJrMKyL+HGuRcHtanHqpfoNxEsph6JYo
cVla41Kh8XJZqdgVm+u41RSd0cAPaWCjTwezEOn7mOx7hjm9iZUhxKVApcZjqvNI
51XeIY2xX2g8ppnWHNLoClAJXXoi55O0hzRrt/xcjzyJLbaFzCl6Um/q/kiz7lua
VtURSUrjSYII3UPFYDM/XRxu32ZibTT+LDlS3SM/cVIg+9soKNSUNKSlMQWDywd/
ooNVoYODCwhnwDTQPqgMh3UBvrnCPAveJC3Z9nWtv6UcbrtEDfXwN4mbkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6dXLh+RnJEXm0G5dOGwVTl5fXNMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvWHAxY3VINUdja1JlYlFibDA0YkJWT1hsOWMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW2d8MA0G
CSqGSIb3DQEBCwUAA4IBAQCS+eo2ibkA82EiFYtG7Yiopt3Jrlj5/RoVpg7KpZHe
dQvxgBpL7bPubOsKXBUPsQ4MacFP9d0/B7QBJvUyDs4S+o06bGEoZ9cUPpWTuwX3
EJcdjGbvmqRFc+JHxj7Svq24UWiGsWaIi80d+CYNHY3zFlzU0xWQWoj9u/VGCMHu
1vKvgyTT82/Zx0jVI8elKn1gOTxfPmsg8ZEkps9tk+7nsvBIwXRJnoqAttlmGhAC
33bpWfbZN/1cEpEri0MvcWh9QO7tpIvwAovi8QCaSq/TrZfjjUSgRPGAzIxD/cK6
73HUtQS9ExrBo+Teu5puW1UZ/+eJvQuXXJD2O50SyRMk
-----END CERTIFICATE-----