This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/xKVx0q4Y31XvW900N7ErigbjO88.roa
File:                     xKVx0q4Y31XvW900N7ErigbjO88.roa (raw, json)
Hash identifier:          LvBJVAex0Q3Hvtlt+rJdDN9Cmb2SEkhUt/+8ch1WXto=
Subject key identifier:   C4:A5:71:D2:AE:18:DF:55:EF:5B:DD:34:37:B1:2B:8A:06:E3:3B:CF
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019B76EAF9EA3AD3AA4EABE973D282F66877
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/xKVx0q4Y31XvW900N7ErigbjO88.roa
Signing time:             Thu 01 Jan 2026 00:17:49 +0000
ROA not before:           Thu 01 Jan 2026 00:17:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153371
IP address blocks:        188.253.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:f9:ea:3a:d3:aa:4e:ab:e9:73:d2:82:f6:68:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  1 00:17:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c4a571d2ae18df55ef5bdd3437b12b8a06e33bcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b0:af:94:8a:30:62:6c:86:b5:1e:aa:7b:bd:
                    c5:b2:2e:4b:f0:ae:0f:eb:70:04:cd:a7:33:5c:59:
                    af:74:88:43:f2:e2:7f:d5:13:86:b4:72:f8:92:df:
                    49:30:19:5b:e4:6f:2f:e4:25:ea:a1:f3:ca:21:66:
                    29:21:7b:b4:b6:85:db:7c:1f:9c:d3:13:61:a9:09:
                    1f:d8:e6:0b:e2:4a:55:c3:24:94:46:c0:42:2f:7a:
                    dc:31:2d:ef:07:74:da:f9:09:00:09:33:61:34:31:
                    69:c0:49:34:84:cc:c9:10:7f:aa:eb:c6:50:9e:7c:
                    a1:66:30:7f:6b:c8:8c:d9:24:9c:3b:2c:d3:02:f6:
                    96:95:11:e5:cd:39:c8:e2:db:b4:61:1c:6c:70:cb:
                    60:40:d6:a9:7c:3e:7d:27:6d:e1:55:9a:9a:5b:41:
                    cf:05:4a:83:85:b5:49:9e:6f:45:95:2d:d3:b9:f9:
                    76:74:3c:22:a6:9a:ad:5c:fd:ec:73:c5:05:05:75:
                    0a:39:6d:cb:67:30:b0:3a:0d:07:9e:bb:6a:57:06:
                    c1:42:3a:a7:23:2a:ac:ed:8a:cf:a3:04:4f:fe:68:
                    f9:a1:18:55:61:ea:6c:96:78:74:42:90:f7:f9:d8:
                    03:72:f1:da:e5:9e:a5:a8:8b:d2:0f:90:63:69:54:
                    b7:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:A5:71:D2:AE:18:DF:55:EF:5B:DD:34:37:B1:2B:8A:06:E3:3B:CF
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/xKVx0q4Y31XvW900N7ErigbjO88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.253.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:5b:12:b8:48:24:a0:da:8d:b2:58:9b:67:91:07:a5:90:8e:
         04:9b:ae:ce:96:97:0f:58:db:6b:00:34:18:c2:69:ae:49:f7:
         7c:5a:2f:8a:7e:02:62:88:fe:83:3c:bf:9a:35:3c:5b:70:a3:
         6d:d5:26:95:6e:b2:b9:a6:68:5f:b6:37:ce:90:71:47:12:b9:
         69:8a:93:5a:1a:ac:de:3c:dd:20:e3:d0:25:88:c8:b7:c9:7f:
         dd:c7:aa:bf:51:55:3a:01:35:40:2a:20:9b:35:76:d8:28:fb:
         40:a3:93:29:49:e6:6c:94:f4:be:21:2a:82:77:4a:9f:59:15:
         a1:bc:34:bd:e2:58:5a:4d:24:2b:1b:e3:89:e0:bf:0f:1a:f6:
         12:8e:e0:00:c0:0d:d6:65:e9:6f:f0:a8:98:06:56:13:8c:1e:
         f3:2e:a2:05:d1:63:c5:b6:2b:77:24:3a:21:75:10:4e:ab:9b:
         85:bc:d0:86:24:f8:46:ab:d2:2f:cb:9a:ec:5b:a6:1c:a2:02:
         30:10:10:01:13:b5:b4:94:a0:2f:db:91:85:cf:cd:c0:ed:4f:
         ca:ec:98:60:ef:91:ca:4c:0c:e8:86:e4:f3:7d:65:41:bb:36:
         93:88:17:68:e0:eb:e0:34:72:b7:b0:1b:46:8c:9b:4a:83:f9:
         a7:ce:f9:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26vnqOtOqTqvpc9KC9mh3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjYwMTAxMDAxNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGE1NzFkMmFlMThkZjU1ZWY1YmRkMzQzN2IxMmI4YTA2ZTMzYmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbCvlIowYmyGtR6qe73Fsi5L8K4P
63AEzaczXFmvdIhD8uJ/1ROGtHL4kt9JMBlb5G8v5CXqofPKIWYpIXu0toXbfB+c
0xNhqQkf2OYL4kpVwySURsBCL3rcMS3vB3Ta+QkACTNhNDFpwEk0hMzJEH+q68ZQ
nnyhZjB/a8iM2SScOyzTAvaWlRHlzTnI4tu0YRxscMtgQNapfD59J23hVZqaW0HP
BUqDhbVJnm9FlS3Tufl2dDwippqtXP3sc8UFBXUKOW3LZzCwOg0HnrtqVwbBQjqn
Iyqs7YrPowRP/mj5oRhVYepslnh0QpD3+dgDcvHa5Z6lqIvSD5BjaVS3aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSlcdKuGN9V71vdNDexK4oG4zvPMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEveEtWeDBxNFkzMVh2VzkwME43RXJpZ2JqTzg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP0AMA0G
CSqGSIb3DQEBCwUAA4IBAQAUWxK4SCSg2o2yWJtnkQelkI4Em67OlpcPWNtrADQY
wmmuSfd8Wi+KfgJiiP6DPL+aNTxbcKNt1SaVbrK5pmhftjfOkHFHErlpipNaGqze
PN0g49AliMi3yX/dx6q/UVU6ATVAKiCbNXbYKPtAo5MpSeZslPS+ISqCd0qfWRWh
vDS94lhaTSQrG+OJ4L8PGvYSjuAAwA3WZelv8KiYBlYTjB7zLqIF0WPFtit3JDoh
dRBOq5uFvNCGJPhGq9Ivy5rsW6YcogIwEBABE7W0lKAv25GFz83A7U/K7Jhg75HK
TAzohuTzfWVBuzaTiBdo4OvgNHK3sBtGjJtKg/mnzvl5
-----END CERTIFICATE-----