This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/X-VexSHzfNurr099URu1YXpxyIk.roa
File:                     X-VexSHzfNurr099URu1YXpxyIk.roa (raw, json)
Hash identifier:          cdBQbZuZIzH7OAx7Pp49/dolgfwQyJXSH2XxWO2uSfI=
Subject key identifier:   5F:E5:5E:C5:21:F3:7C:DB:AB:AF:4F:7D:51:1B:B5:61:7A:71:C8:89
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       019B7F1596209F92172A0A0F96768ED26318
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/X-VexSHzfNurr099URu1YXpxyIk.roa
Signing time:             Fri 02 Jan 2026 14:21:19 +0000
ROA not before:           Fri 02 Jan 2026 14:21:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8697
IP address blocks:        2.17.24.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:96:20:9f:92:17:2a:0a:0f:96:76:8e:d2:63:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Jan  2 14:21:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5fe55ec521f37cdbabaf4f7d511bb5617a71c889
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b8:ca:3f:37:8f:4c:3b:0b:ba:c2:ac:6f:e4:
                    99:ba:f5:fe:49:e2:3e:e1:dc:71:e1:87:98:76:22:
                    85:73:ac:dd:07:8b:48:20:d5:0c:d9:94:a4:a2:15:
                    1b:6d:bf:0e:aa:b0:c1:c1:af:a2:52:3f:0e:50:5b:
                    c5:9c:6c:0e:be:3e:bc:f8:77:e3:11:68:8c:63:f7:
                    35:09:8c:97:e3:b4:9f:73:e2:38:73:28:b4:ea:84:
                    e1:e6:ad:32:79:da:e3:c1:80:5d:55:c8:7e:1d:db:
                    fb:cf:a0:39:72:34:e4:61:19:04:9f:07:b8:43:12:
                    f9:b9:63:22:94:c7:2d:92:7e:b6:3c:f5:21:82:d4:
                    65:8d:bb:e1:80:3a:52:5f:49:e0:76:07:71:01:7c:
                    93:ff:95:18:c2:8f:0c:6a:55:54:5e:13:81:39:a4:
                    0b:a1:60:1a:15:78:ff:fc:5f:21:13:44:80:71:89:
                    9e:b5:9e:82:c9:2b:14:8f:3b:dd:9c:32:1b:e6:05:
                    ae:bd:d3:74:5d:76:2a:cd:9c:b5:f5:69:e4:62:0f:
                    8d:96:70:19:8c:d2:69:4e:a1:d5:3c:38:99:a3:4a:
                    36:1e:26:da:66:89:f2:df:31:83:94:44:a9:87:19:
                    a2:e3:dc:fd:42:42:1b:5c:36:88:ca:f7:52:ca:86:
                    ef:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:E5:5E:C5:21:F3:7C:DB:AB:AF:4F:7D:51:1B:B5:61:7A:71:C8:89
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/X-VexSHzfNurr099URu1YXpxyIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.17.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:4d:a8:b1:4e:6b:5a:d3:25:a4:d2:5e:35:0c:7b:8c:f5:d0:
         6f:22:08:d2:1a:64:44:fd:9e:17:d5:6f:03:4c:33:6e:c7:d8:
         aa:53:30:ce:55:23:dc:ef:5a:00:26:ef:6b:3f:ad:a1:8b:ec:
         b1:78:ac:b0:8c:bd:37:b4:1f:70:80:8d:91:f6:4b:fb:32:41:
         e6:9e:24:2e:63:db:8a:63:c6:00:f0:83:f9:ce:97:9d:c0:00:
         30:e3:67:af:d5:d2:31:4c:5b:95:9d:a6:95:df:a6:80:33:fd:
         60:df:fc:03:fa:64:1b:2b:f5:aa:1e:af:c6:19:3f:27:c0:ed:
         14:a0:dc:4f:1a:52:53:c4:42:a2:a1:e1:00:b8:08:25:3f:fc:
         bd:92:00:ed:3c:ec:90:b1:c7:e5:f6:d1:b4:f8:9f:1f:e3:7a:
         91:28:bf:ea:00:58:c0:c4:7f:e5:f5:4c:80:a1:1d:55:10:e3:
         0d:e7:30:aa:43:73:ef:93:85:4a:d1:38:a2:9c:d7:4e:c6:93:
         6a:15:67:b1:2d:7e:6b:9d:41:05:35:36:77:92:f3:02:e0:79:
         58:39:11:fb:24:55:8f:bf:38:67:89:d7:98:ec:a3:24:46:04:
         f1:cf:ad:15:c9:98:ad:0f:de:d5:90:d3:6f:24:ce:96:2f:b8:
         99:d7:0f:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FZYgn5IXKgoPlnaO0mMYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjYwMTAyMTQyMTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmU1NWVjNTIxZjM3Y2RiYWJhZjRmN2Q1MTFiYjU2MTdhNzFjODg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLjKPzePTDsLusKsb+SZuvX+SeI+
4dxx4YeYdiKFc6zdB4tIINUM2ZSkohUbbb8OqrDBwa+iUj8OUFvFnGwOvj68+Hfj
EWiMY/c1CYyX47Sfc+I4cyi06oTh5q0yedrjwYBdVch+Hdv7z6A5cjTkYRkEnwe4
QxL5uWMilMctkn62PPUhgtRljbvhgDpSX0ngdgdxAXyT/5UYwo8MalVUXhOBOaQL
oWAaFXj//F8hE0SAcYmetZ6CySsUjzvdnDIb5gWuvdN0XXYqzZy19WnkYg+NlnAZ
jNJpTqHVPDiZo0o2HibaZony3zGDlESphxmi49z9QkIbXDaIyvdSyobvbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF/lXsUh83zbq69PfVEbtWF6cciJMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvWC1WZXhTSHpmTnVycjA5OVVSdTFZWHB4eUlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAhEYMA0G
CSqGSIb3DQEBCwUAA4IBAQAJTaixTmta0yWk0l41DHuM9dBvIgjSGmRE/Z4X1W8D
TDNux9iqUzDOVSPc71oAJu9rP62hi+yxeKywjL03tB9wgI2R9kv7MkHmniQuY9uK
Y8YA8IP5zpedwAAw42ev1dIxTFuVnaaV36aAM/1g3/wD+mQbK/WqHq/GGT8nwO0U
oNxPGlJTxEKioeEAuAglP/y9kgDtPOyQscfl9tG0+J8f43qRKL/qAFjAxH/l9UyA
oR1VEOMN5zCqQ3Pvk4VK0TiinNdOxpNqFWexLX5rnUEFNTZ3kvMC4HlYORH7JFWP
vzhnideY7KMkRgTxz60VyZitD97VkNNvJM6WL7iZ1w+n
-----END CERTIFICATE-----