This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/xnCjSj8cwOG8sjfJr8_Y6BlXt0I.roa
File:                     xnCjSj8cwOG8sjfJr8_Y6BlXt0I.roa (raw, json)
Hash identifier:          CSD65KQy0rhwcXUVAqtvLoXcHnYbl0w+ZOLg5KhLlPE=
Subject key identifier:   C6:70:A3:4A:3F:1C:C0:E1:BC:B2:37:C9:AF:CF:D8:E8:19:57:B7:42
Certificate issuer:       /CN=172537601a31697404922d957e74450f5a9cbe73
Certificate serial:       019B79102B300641B468AA2061DF11BD1E02
Authority key identifier: 17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/xnCjSj8cwOG8sjfJr8_Y6BlXt0I.roa
Signing time:             Thu 01 Jan 2026 10:17:41 +0000
ROA not before:           Thu 01 Jan 2026 10:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61185
IP address blocks:        185.146.18.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:2b:30:06:41:b4:68:aa:20:61:df:11:bd:1e:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=172537601a31697404922d957e74450f5a9cbe73
        Validity
            Not Before: Jan  1 10:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c670a34a3f1cc0e1bcb237c9afcfd8e81957b742
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:2b:8a:a7:a2:af:cd:5a:5d:97:7d:18:3f:2d:
                    da:4a:ca:f6:5c:59:a8:25:07:58:9e:a9:38:fd:0d:
                    6a:bd:c9:e8:ae:44:b5:d4:c8:20:7a:56:b0:6d:bb:
                    2b:2b:4d:71:89:01:d9:ea:ff:58:21:42:e9:85:e2:
                    e8:46:d4:4b:28:f5:49:c1:75:cf:80:be:59:6c:7e:
                    3a:bf:41:3d:14:ce:55:7a:00:a2:1b:51:a7:f1:51:
                    3c:42:02:cd:e1:65:0e:5a:1f:ff:e4:90:3b:87:85:
                    cd:1c:1f:62:40:a6:f4:9d:ba:f3:33:d1:81:f4:9d:
                    14:a4:f8:1f:3e:51:81:1f:d1:55:2c:03:7a:6e:3f:
                    88:1b:ea:5a:65:98:c1:23:e4:37:49:a2:7a:f6:05:
                    b3:84:36:b8:2f:e7:e6:b1:35:6f:73:15:d3:c4:b3:
                    f1:e8:22:64:23:03:e3:d7:03:72:f0:73:37:bc:9e:
                    ff:2c:34:25:22:4e:58:1a:6c:be:29:27:e5:b2:17:
                    4c:ec:83:41:dd:95:04:64:69:4f:7b:f4:ca:d7:b3:
                    0e:c3:b9:aa:f0:b4:a8:3e:bf:85:f3:5f:09:7c:74:
                    6f:e4:4d:06:c2:db:7b:2d:7e:42:7d:f6:84:21:db:
                    7c:d3:88:0b:8c:c5:99:fa:bc:f3:3b:9c:cf:1d:3e:
                    d2:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:70:A3:4A:3F:1C:C0:E1:BC:B2:37:C9:AF:CF:D8:E8:19:57:B7:42
            X509v3 Authority Key Identifier:
                keyid:17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/xnCjSj8cwOG8sjfJr8_Y6BlXt0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         87:e0:5e:6c:33:58:d5:66:b9:93:83:f4:16:c2:93:42:22:2f:
         38:ba:32:63:10:77:f6:95:ec:f1:64:2b:d4:82:8c:f9:13:f0:
         5c:7a:13:c3:aa:ee:16:0c:4e:a3:65:01:17:e8:a7:ad:e6:64:
         86:8e:74:de:0f:c4:13:70:63:47:ba:bf:df:2f:73:e5:b7:a1:
         c0:0e:ac:67:43:87:c4:1b:1d:d7:fc:bf:19:cb:f3:c7:14:0c:
         8f:ef:14:a8:4a:1e:be:12:47:c0:1b:0f:31:d4:08:72:35:ab:
         6c:7d:9c:dd:31:c6:5a:06:94:63:7f:1b:5a:55:23:c0:72:49:
         84:65:d4:2a:ac:4e:2c:c6:9f:1b:b2:5d:f3:a4:41:e7:2f:f1:
         e4:48:06:b3:1c:94:e1:18:b3:4e:17:0a:00:fa:4f:df:10:82:
         5d:2f:0b:01:c7:73:37:92:4f:a1:8f:33:e5:63:4b:e4:31:22:
         31:66:67:0b:08:ae:68:74:54:5d:19:a4:8b:ca:37:1a:78:59:
         2b:f0:a2:19:82:d1:1c:e7:e2:81:b1:ba:c8:ee:c8:ee:cd:5e:
         4c:f7:07:1f:b2:2b:6e:ad:d0:d7:82:81:ee:1e:a7:36:4a:bc:
         30:7d:9c:c6:e3:b5:54:ab:a7:82:43:b6:cc:e9:bd:ed:fd:87:
         72:e4:14:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ECswBkG0aKogYd8RvR4CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MjUzNzYwMWEzMTY5NzQwNDkyMmQ5NTdlNzQ0NTBmNWE5
Y2JlNzMwHhcNMjYwMTAxMTAxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjcwYTM0YTNmMWNjMGUxYmNiMjM3YzlhZmNmZDhlODE5NTdiNzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSuKp6KvzVpdl30YPy3aSsr2XFmo
JQdYnqk4/Q1qvcnorkS11MggelawbbsrK01xiQHZ6v9YIULpheLoRtRLKPVJwXXP
gL5ZbH46v0E9FM5VegCiG1Gn8VE8QgLN4WUOWh//5JA7h4XNHB9iQKb0nbrzM9GB
9J0UpPgfPlGBH9FVLAN6bj+IG+paZZjBI+Q3SaJ69gWzhDa4L+fmsTVvcxXTxLPx
6CJkIwPj1wNy8HM3vJ7/LDQlIk5YGmy+KSflshdM7INB3ZUEZGlPe/TK17MOw7mq
8LSoPr+F818JfHRv5E0Gwtt7LX5CffaEIdt804gLjMWZ+rzzO5zPHT7SSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZwo0o/HMDhvLI3ya/P2OgZV7dCMB8GA1UdIwQY
MBaAFBclN2AaMWl0BJItlX50RQ9anL5zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQt
ZTYwNGI2MWJlMGVhLzEveG5DalNqOGN3T0c4c2pmSnI4X1k2QmxYdDBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQtZTYwNGI2MWJlMGVh
LzEvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZISMA0G
CSqGSIb3DQEBCwUAA4IBAQCH4F5sM1jVZrmTg/QWwpNCIi84ujJjEHf2lezxZCvU
goz5E/BcehPDqu4WDE6jZQEX6Ket5mSGjnTeD8QTcGNHur/fL3Plt6HADqxnQ4fE
Gx3X/L8Zy/PHFAyP7xSoSh6+EkfAGw8x1AhyNatsfZzdMcZaBpRjfxtaVSPAckmE
ZdQqrE4sxp8bsl3zpEHnL/HkSAazHJThGLNOFwoA+k/fEIJdLwsBx3M3kk+hjzPl
Y0vkMSIxZmcLCK5odFRdGaSLyjcaeFkr8KIZgtEc5+KBsbrI7sjuzV5M9wcfsitu
rdDXgoHuHqc2SrwwfZzG47VUq6eCQ7bM6b3t/Ydy5BQU
-----END CERTIFICATE-----