This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/xdqZMIH3R0kq1OUzrCJ7_j5BrPk.roa
File:                     xdqZMIH3R0kq1OUzrCJ7_j5BrPk.roa (raw, json)
Hash identifier:          JI0nZYfinXynWc9Z+bVX76ENbeGi+A5V4Zl9wHWDiy4=
Subject key identifier:   C5:DA:99:30:81:F7:47:49:2A:D4:E5:33:AC:22:7B:FE:3E:41:AC:F9
Certificate issuer:       /CN=10fe683b1d7e47b7c7eda15501627b70920853a1
Certificate serial:       019B76EAFE06B56C043F59FDC0258FE2DFB6
Authority key identifier: 10:FE:68:3B:1D:7E:47:B7:C7:ED:A1:55:01:62:7B:70:92:08:53:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/xdqZMIH3R0kq1OUzrCJ7_j5BrPk.roa
Signing time:             Thu 01 Jan 2026 00:17:50 +0000
ROA not before:           Thu 01 Jan 2026 00:17:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5511
IP address blocks:        158.94.64.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:fe:06:b5:6c:04:3f:59:fd:c0:25:8f:e2:df:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10fe683b1d7e47b7c7eda15501627b70920853a1
        Validity
            Not Before: Jan  1 00:17:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c5da993081f747492ad4e533ac227bfe3e41acf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:81:99:4d:6f:6d:02:40:d5:0a:2c:01:06:57:
                    3f:6e:78:de:e4:3d:7f:ac:17:d3:c1:01:5d:23:57:
                    09:56:4c:34:d1:cd:9a:3b:2f:53:80:d6:af:0d:5f:
                    1e:bc:03:55:c9:4e:1e:b3:c3:6a:a6:52:fc:70:c8:
                    d0:1e:f0:07:e2:7e:c0:1b:51:ff:d6:b5:4d:22:45:
                    a0:28:54:3a:23:31:13:32:fc:72:86:a2:7c:4e:3f:
                    55:cf:e6:f8:18:e9:ef:95:25:89:5e:2a:91:77:58:
                    59:d3:82:77:9b:66:73:69:76:4c:b0:a1:90:bd:6c:
                    7a:69:d6:9a:7c:0b:4f:6e:a0:53:bd:16:44:b7:ea:
                    e3:b2:e9:6f:36:2e:1d:3d:db:65:cd:5a:3e:88:e7:
                    2a:57:cd:8e:44:e0:12:80:15:49:f5:65:08:92:40:
                    e0:cd:e7:65:df:c0:81:ff:ab:24:51:a7:f9:4c:83:
                    2d:08:1d:18:49:0f:ec:fd:87:a0:93:9b:f6:2b:c4:
                    4a:8c:f4:bd:81:2e:e0:b6:7a:42:97:39:5b:5a:8e:
                    e6:09:bf:66:6b:9b:dd:f9:45:bd:5d:f0:eb:57:1c:
                    cd:14:73:ef:e4:d4:3c:d8:4a:ad:3e:31:c1:08:5b:
                    68:c2:27:0d:3c:9e:88:ad:f7:34:17:5a:f6:51:8e:
                    3a:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:DA:99:30:81:F7:47:49:2A:D4:E5:33:AC:22:7B:FE:3E:41:AC:F9
            X509v3 Authority Key Identifier:
                keyid:10:FE:68:3B:1D:7E:47:B7:C7:ED:A1:55:01:62:7B:70:92:08:53:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/xdqZMIH3R0kq1OUzrCJ7_j5BrPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/de84a0-7b4b-445d-a212-c4befb25622c/1/EP5oOx1-R7fH7aFVAWJ7cJIIU6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.94.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         27:e2:c1:68:c0:2f:22:6c:a7:f7:cf:41:c7:15:74:7d:23:7e:
         18:b8:57:49:f5:1b:60:81:8a:73:86:7c:cb:ea:a3:58:64:f6:
         84:12:a2:bc:3c:b1:24:67:2b:89:07:50:4f:9f:4c:68:ef:1e:
         37:00:a2:31:a1:f2:c6:81:d4:81:59:d0:d4:49:97:26:de:03:
         a8:e9:63:ed:35:00:49:aa:96:de:e5:ae:e0:26:1a:8e:e0:ea:
         d5:77:14:42:00:41:44:d0:c9:8f:01:9a:a6:e1:67:79:3e:ee:
         d9:ad:35:6f:90:e7:86:43:e4:84:a9:08:07:a2:af:03:78:66:
         b8:20:c1:36:64:35:2a:c3:31:1e:d9:7b:91:c0:6d:39:75:62:
         07:e3:31:32:f3:98:77:72:39:62:99:0d:b6:a9:4b:f5:b5:4f:
         5d:2e:be:43:0b:f7:e6:8a:35:c4:a1:db:08:60:c1:59:e2:ef:
         72:72:9f:02:dd:21:16:fe:0d:5b:8e:71:57:c1:5a:6d:10:f2:
         20:c9:12:89:99:09:f7:b0:8d:f4:a6:53:86:7d:d8:a4:c7:1c:
         a2:b3:b3:77:5e:e9:7a:6e:d9:17:83:ac:6d:e9:f9:3b:2f:63:
         55:22:25:d7:73:89:a5:50:66:04:5c:28:ea:fc:45:a0:92:bd:
         dc:ae:d6:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26v4GtWwEP1n9wCWP4t+2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwZmU2ODNiMWQ3ZTQ3YjdjN2VkYTE1NTAxNjI3YjcwOTIw
ODUzYTEwHhcNMjYwMTAxMDAxNzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWRhOTkzMDgxZjc0NzQ5MmFkNGU1MzNhYzIyN2JmZTNlNDFhY2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIGZTW9tAkDVCiwBBlc/bnje5D1/
rBfTwQFdI1cJVkw00c2aOy9TgNavDV8evANVyU4es8NqplL8cMjQHvAH4n7AG1H/
1rVNIkWgKFQ6IzETMvxyhqJ8Tj9Vz+b4GOnvlSWJXiqRd1hZ04J3m2ZzaXZMsKGQ
vWx6adaafAtPbqBTvRZEt+rjsulvNi4dPdtlzVo+iOcqV82OROASgBVJ9WUIkkDg
zedl38CB/6skUaf5TIMtCB0YSQ/s/Yegk5v2K8RKjPS9gS7gtnpClzlbWo7mCb9m
a5vd+UW9XfDrVxzNFHPv5NQ82EqtPjHBCFtowicNPJ6Irfc0F1r2UY46qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXamTCB90dJKtTlM6wie/4+Qaz5MB8GA1UdIwQY
MBaAFBD+aDsdfke3x+2hVQFie3CSCFOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVA1b094MS1SN2ZIN2FGVkFXSjdjSklJVTZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9kZTg0YTAtN2I0Yi00NDVkLWEyMTIt
YzRiZWZiMjU2MjJjLzEveGRxWk1JSDNSMGtxMU9VenJDSjdfajVCclBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9kZTg0YTAtN2I0Yi00NDVkLWEyMTItYzRiZWZiMjU2MjJj
LzEvRVA1b094MS1SN2ZIN2FGVkFXSjdjSklJVTZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEnl5AMA0G
CSqGSIb3DQEBCwUAA4IBAQAn4sFowC8ibKf3z0HHFXR9I34YuFdJ9RtggYpzhnzL
6qNYZPaEEqK8PLEkZyuJB1BPn0xo7x43AKIxofLGgdSBWdDUSZcm3gOo6WPtNQBJ
qpbe5a7gJhqO4OrVdxRCAEFE0MmPAZqm4Wd5Pu7ZrTVvkOeGQ+SEqQgHoq8DeGa4
IME2ZDUqwzEe2XuRwG05dWIH4zEy85h3cjlimQ22qUv1tU9dLr5DC/fmijXEodsI
YMFZ4u9ycp8C3SEW/g1bjnFXwVptEPIgyRKJmQn3sI30plOGfdikxxyis7N3Xul6
btkXg6xt6fk7L2NVIiXXc4mlUGYEXCjq/EWgkr3crtaW
-----END CERTIFICATE-----