This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/xnbnTYEk6pxTHp3aCupMEEiEuBo.roa
File:                     xnbnTYEk6pxTHp3aCupMEEiEuBo.roa (raw, json)
Hash identifier:          PfXqwnVuJaXTHy1N+55NXgp7CewIcPccfbBMZ0YAVuQ=
Subject key identifier:   C6:76:E7:4D:81:24:EA:9C:53:1E:9D:DA:0A:EA:4C:10:48:84:B8:1A
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019ADF815E01B844AD938D1323CA4054C074
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/xnbnTYEk6pxTHp3aCupMEEiEuBo.roa
Signing time:             Tue 02 Dec 2025 14:39:48 +0000
ROA not before:           Tue 02 Dec 2025 14:39:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209946
IP address blocks:        46.151.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Dec 2025 00:50:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:df:81:5e:01:b8:44:ad:93:8d:13:23:ca:40:54:c0:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Dec  2 14:39:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c676e74d8124ea9c531e9dda0aea4c104884b81a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:cb:53:2d:82:49:fc:f4:25:64:70:63:32:b5:
                    b2:e9:6c:80:3b:e3:b2:08:4b:ff:6e:aa:52:5d:11:
                    f1:77:77:e8:20:d0:c1:d9:0d:89:ed:9f:9d:d0:63:
                    58:06:5c:38:08:d6:77:51:88:2f:14:69:92:9d:26:
                    c3:4f:3f:e6:32:b1:e2:51:eb:66:cf:54:1a:db:b3:
                    7d:26:cc:f6:c4:ff:59:90:8c:66:e3:7b:d1:cb:e1:
                    5f:fb:df:99:ec:79:ad:62:f6:20:a5:5c:de:ea:cf:
                    1e:65:33:7d:a3:4a:74:b6:65:79:4b:27:2a:da:fb:
                    64:55:15:b3:e9:27:98:3e:93:2e:96:d6:2d:17:bd:
                    25:47:71:91:6d:a6:ca:a7:de:2a:16:71:b3:ce:77:
                    ef:21:57:ab:61:31:0b:e1:e2:d9:bc:fe:4f:22:f1:
                    8b:2b:d7:3b:ee:0a:3f:c5:6b:e7:b4:45:ff:4a:2a:
                    be:7f:73:8a:32:f0:35:c4:02:ed:13:cd:71:52:0b:
                    14:7a:dc:1c:56:6c:0c:77:d5:a7:f3:f8:dd:ac:81:
                    8c:e0:c6:5d:2c:c0:31:ba:ae:91:f5:42:76:7f:95:
                    ae:45:f3:44:b4:f8:c0:9a:ab:67:23:a4:2a:86:1a:
                    aa:66:ff:11:04:84:9b:13:61:dd:10:c4:f1:c0:28:
                    d2:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:76:E7:4D:81:24:EA:9C:53:1E:9D:DA:0A:EA:4C:10:48:84:B8:1A
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/xnbnTYEk6pxTHp3aCupMEEiEuBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.151.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:4a:92:b8:fe:da:2e:9d:f1:24:87:28:e2:84:42:af:64:90:
         38:ca:c7:9d:4c:d5:af:2c:07:8c:c6:b3:cb:3f:63:a0:88:39:
         af:3a:46:c0:19:bb:46:fb:eb:7a:38:b9:33:0a:86:d9:bc:16:
         5d:cb:bf:ea:f4:a9:18:e6:81:d6:13:4a:43:08:4f:f0:ff:53:
         57:be:12:cb:95:45:ce:51:e0:af:6d:49:24:74:11:7d:f9:c0:
         cb:5b:a0:7f:67:d4:32:d0:71:64:94:df:b8:ea:15:72:f3:fb:
         d2:79:69:66:51:cd:98:c5:7b:7f:f9:db:66:29:61:3a:19:71:
         92:dd:1e:f5:90:0b:6f:0f:6f:e0:65:eb:55:ec:19:8a:88:b5:
         fb:6e:98:b7:15:86:3e:86:d0:ff:45:0a:3f:f3:2e:dc:15:f1:
         0f:c5:11:9a:de:d3:b6:80:53:98:85:4f:a6:16:02:8b:a7:cc:
         a1:f0:fc:24:f4:6e:55:aa:3f:18:6a:c9:a5:61:8e:d8:75:ab:
         df:64:f9:c3:4b:79:f3:57:47:ce:58:54:93:da:ba:56:93:aa:
         13:9d:85:d8:66:32:49:d7:0f:5f:67:1c:e3:63:2a:f3:2b:11:
         63:06:78:b7:10:32:fb:18:ba:6d:c1:71:21:b4:92:54:71:82:
         4c:bd:60:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrfgV4BuEStk40TI8pAVMB0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjUxMjAyMTQzOTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjc2ZTc0ZDgxMjRlYTljNTMxZTlkZGEwYWVhNGMxMDQ4ODRiODFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8tTLYJJ/PQlZHBjMrWy6WyAO+Oy
CEv/bqpSXRHxd3foINDB2Q2J7Z+d0GNYBlw4CNZ3UYgvFGmSnSbDTz/mMrHiUetm
z1Qa27N9Jsz2xP9ZkIxm43vRy+Ff+9+Z7HmtYvYgpVze6s8eZTN9o0p0tmV5Sycq
2vtkVRWz6SeYPpMultYtF70lR3GRbabKp94qFnGzznfvIVerYTEL4eLZvP5PIvGL
K9c77go/xWvntEX/Siq+f3OKMvA1xALtE81xUgsUetwcVmwMd9Wn8/jdrIGM4MZd
LMAxuq6R9UJ2f5WuRfNEtPjAmqtnI6QqhhqqZv8RBISbE2HdEMTxwCjSowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZ2502BJOqcUx6d2grqTBBIhLgaMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEveG5iblRZRWs2cHhUSHAzYUN1cE1FRWlFdUJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALpexMA0G
CSqGSIb3DQEBCwUAA4IBAQCjSpK4/tounfEkhyjihEKvZJA4ysedTNWvLAeMxrPL
P2OgiDmvOkbAGbtG++t6OLkzCobZvBZdy7/q9KkY5oHWE0pDCE/w/1NXvhLLlUXO
UeCvbUkkdBF9+cDLW6B/Z9Qy0HFklN+46hVy8/vSeWlmUc2YxXt/+dtmKWE6GXGS
3R71kAtvD2/gZetV7BmKiLX7bpi3FYY+htD/RQo/8y7cFfEPxRGa3tO2gFOYhU+m
FgKLp8yh8Pwk9G5Vqj8YasmlYY7YdavfZPnDS3nzV0fOWFST2rpWk6oTnYXYZjJJ
1w9fZxzjYyrzKxFjBni3EDL7GLptwXEhtJJUcYJMvWD5
-----END CERTIFICATE-----