This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/29b082-d6d1-4147-af1c-61b0c7ff2e4e/1/XpT5bToAk2yVkGsD2H8QH-1k_10.roa
File:                     XpT5bToAk2yVkGsD2H8QH-1k_10.roa (raw, json)
Hash identifier:          JI3NSWFN+FxQXfayrhjb6MsXxtHXX0TFrMIY+QodmCw=
Subject key identifier:   5E:94:F9:6D:3A:00:93:6C:95:90:6B:03:D8:7F:10:1F:ED:64:FF:5D
Certificate issuer:       /CN=c82206f506c826eb1057e5c269b3710e38ab696c
Certificate serial:       019B7D5CD6B19721D8DACCCE9131D451FFA4
Authority key identifier: C8:22:06:F5:06:C8:26:EB:10:57:E5:C2:69:B3:71:0E:38:AB:69:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yCIG9QbIJusQV-XCabNxDjiraWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/29b082-d6d1-4147-af1c-61b0c7ff2e4e/1/XpT5bToAk2yVkGsD2H8QH-1k_10.roa
Signing time:             Fri 02 Jan 2026 06:19:54 +0000
ROA not before:           Fri 02 Jan 2026 06:19:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15404
IP address blocks:        194.173.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/29b082-d6d1-4147-af1c-61b0c7ff2e4e/1/yCIG9QbIJusQV-XCabNxDjiraWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/29b082-d6d1-4147-af1c-61b0c7ff2e4e/1/yCIG9QbIJusQV-XCabNxDjiraWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yCIG9QbIJusQV-XCabNxDjiraWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:d6:b1:97:21:d8:da:cc:ce:91:31:d4:51:ff:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c82206f506c826eb1057e5c269b3710e38ab696c
        Validity
            Not Before: Jan  2 06:19:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e94f96d3a00936c95906b03d87f101fed64ff5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:31:f3:3a:e9:4f:4f:63:f5:32:a1:a5:40:dc:
                    12:eb:e5:a8:5b:83:96:68:eb:e0:f7:39:a4:5a:2f:
                    07:56:33:ff:db:1b:ba:ea:6a:8d:07:7d:e2:8c:da:
                    35:23:9b:f0:ca:95:c1:1b:46:47:3a:6c:63:e7:6a:
                    0d:a3:34:45:46:c4:e8:b8:b6:58:0f:51:49:7e:ff:
                    a7:aa:3a:ce:f3:f7:2e:be:3a:15:7d:66:98:d8:9e:
                    e0:de:83:3d:77:83:82:1d:8d:91:c4:b3:1d:c3:6a:
                    28:34:82:c9:9a:4b:05:52:db:0c:44:fb:25:60:48:
                    2f:30:74:57:44:cd:1f:8c:fa:5c:12:c8:b1:bd:d2:
                    02:ec:70:b7:f8:74:7f:3f:ba:78:51:14:d5:d8:ec:
                    09:6a:54:a3:03:0a:ef:f2:79:5d:36:80:78:3e:49:
                    6e:84:b1:1b:e6:5a:08:fe:16:6e:47:97:9c:57:b3:
                    cd:a8:7a:59:25:e7:93:b6:42:f9:fa:7d:6f:89:d2:
                    8b:97:32:34:ad:c7:2d:a2:9e:2e:dd:bc:ed:3a:75:
                    cb:7c:b9:71:36:2d:ec:37:40:c5:27:d4:bd:39:d5:
                    cc:83:15:7c:5e:e2:0b:d6:1f:0f:07:d6:af:ee:ed:
                    0c:56:57:ab:9d:87:8a:86:d7:48:c9:0a:00:3a:b3:
                    15:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:94:F9:6D:3A:00:93:6C:95:90:6B:03:D8:7F:10:1F:ED:64:FF:5D
            X509v3 Authority Key Identifier:
                keyid:C8:22:06:F5:06:C8:26:EB:10:57:E5:C2:69:B3:71:0E:38:AB:69:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yCIG9QbIJusQV-XCabNxDjiraWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/29b082-d6d1-4147-af1c-61b0c7ff2e4e/1/XpT5bToAk2yVkGsD2H8QH-1k_10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/29b082-d6d1-4147-af1c-61b0c7ff2e4e/1/yCIG9QbIJusQV-XCabNxDjiraWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.173.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:ae:56:01:d5:0a:97:b9:91:db:be:43:aa:c6:5b:e4:42:05:
         a5:13:a2:89:00:e1:2d:a1:bf:8e:f8:c1:c4:3b:6a:5b:2d:c9:
         57:15:78:df:03:ba:cb:70:31:03:54:e9:62:42:39:23:58:c7:
         72:68:c0:7c:c7:b1:aa:99:26:22:02:19:b5:58:ca:2e:a7:a5:
         18:e7:07:f3:66:2f:39:7b:9d:2f:b2:91:e2:f3:31:59:17:06:
         f1:b1:24:5f:89:cb:3f:96:04:1c:a4:6b:8b:04:fc:9b:80:61:
         da:a6:9e:13:ec:6d:ba:07:d2:08:b9:df:36:35:9c:58:6c:62:
         cb:f9:e0:df:22:48:51:8b:5f:d9:c6:2c:df:fe:f3:72:6b:5f:
         15:1c:45:a3:8a:1e:fd:42:04:83:10:32:61:ab:e2:2d:e8:7f:
         58:db:96:3b:f3:d9:c3:54:58:23:c4:a0:33:7b:94:48:09:a5:
         67:a5:cd:2e:9c:35:2e:09:36:2b:6c:f8:fc:e7:61:2c:34:85:
         10:49:bd:af:cf:5a:65:63:89:28:24:61:ed:55:66:d1:27:a5:
         dd:d9:5b:bf:e9:11:48:8c:4f:ec:5f:0d:82:5d:53:ef:81:41:
         b0:06:27:1c:d2:71:1d:b0:ab:aa:79:5f:04:88:3e:e6:74:22:
         e0:f1:b4:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XNaxlyHY2szOkTHUUf+kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4MjIwNmY1MDZjODI2ZWIxMDU3ZTVjMjY5YjM3MTBlMzhh
YjY5NmMwHhcNMjYwMTAyMDYxOTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTk0Zjk2ZDNhMDA5MzZjOTU5MDZiMDNkODdmMTAxZmVkNjRmZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6zHzOulPT2P1MqGlQNwS6+WoW4OW
aOvg9zmkWi8HVjP/2xu66mqNB33ijNo1I5vwypXBG0ZHOmxj52oNozRFRsTouLZY
D1FJfv+nqjrO8/cuvjoVfWaY2J7g3oM9d4OCHY2RxLMdw2ooNILJmksFUtsMRPsl
YEgvMHRXRM0fjPpcEsixvdIC7HC3+HR/P7p4URTV2OwJalSjAwrv8nldNoB4Pklu
hLEb5loI/hZuR5ecV7PNqHpZJeeTtkL5+n1vidKLlzI0rcctop4u3bztOnXLfLlx
Ni3sN0DFJ9S9OdXMgxV8XuIL1h8PB9av7u0MVlernYeKhtdIyQoAOrMVdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6U+W06AJNslZBrA9h/EB/tZP9dMB8GA1UdIwQY
MBaAFMgiBvUGyCbrEFflwmmzcQ44q2lsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUNJRzlRYklKdXNRVi1YQ2FiTnhEamlyYVd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yOWIwODItZDZkMS00MTQ3LWFmMWMt
NjFiMGM3ZmYyZTRlLzEvWHBUNWJUb0FrMnlWa0dzRDJIOFFILTFrXzEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yOWIwODItZDZkMS00MTQ3LWFmMWMtNjFiMGM3ZmYyZTRl
LzEveUNJRzlRYklKdXNRVi1YQ2FiTnhEamlyYVd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwq0vMA0G
CSqGSIb3DQEBCwUAA4IBAQCBrlYB1QqXuZHbvkOqxlvkQgWlE6KJAOEtob+O+MHE
O2pbLclXFXjfA7rLcDEDVOliQjkjWMdyaMB8x7GqmSYiAhm1WMoup6UY5wfzZi85
e50vspHi8zFZFwbxsSRfics/lgQcpGuLBPybgGHapp4T7G26B9IIud82NZxYbGLL
+eDfIkhRi1/Zxizf/vNya18VHEWjih79QgSDEDJhq+It6H9Y25Y789nDVFgjxKAz
e5RICaVnpc0unDUuCTYrbPj852EsNIUQSb2vz1plY4koJGHtVWbRJ6Xd2Vu/6RFI
jE/sXw2CXVPvgUGwBicc0nEdsKuqeV8EiD7mdCLg8bTk
-----END CERTIFICATE-----