This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/0e039a-be96-41fc-abcd-964b61bc319b/1/XXpcSIWvTG-ujhC6WFKAP7xbCew.roa
File:                     XXpcSIWvTG-ujhC6WFKAP7xbCew.roa (raw, json)
Hash identifier:          8DYns3VAIMoO5AUluTPjCUWoA3CUpaSLrzipyJ93fJQ=
Subject key identifier:   5D:7A:5C:48:85:AF:4C:6F:AE:8E:10:BA:58:52:80:3F:BC:5B:09:EC
Certificate issuer:       /CN=eaf96df31b3f404df5b77e399ce79371b4f44443
Certificate serial:       019B7CED2A8B8702D83B3FB7C1A44A52BF99
Authority key identifier: EA:F9:6D:F3:1B:3F:40:4D:F5:B7:7E:39:9C:E7:93:71:B4:F4:44:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6vlt8xs_QE31t345nOeTcbT0REM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/0e039a-be96-41fc-abcd-964b61bc319b/1/XXpcSIWvTG-ujhC6WFKAP7xbCew.roa
Signing time:             Fri 02 Jan 2026 04:17:56 +0000
ROA not before:           Fri 02 Jan 2026 04:17:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56886
IP address blocks:        91.229.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/0e039a-be96-41fc-abcd-964b61bc319b/1/6vlt8xs_QE31t345nOeTcbT0REM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/0e039a-be96-41fc-abcd-964b61bc319b/1/6vlt8xs_QE31t345nOeTcbT0REM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6vlt8xs_QE31t345nOeTcbT0REM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 10:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:2a:8b:87:02:d8:3b:3f:b7:c1:a4:4a:52:bf:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaf96df31b3f404df5b77e399ce79371b4f44443
        Validity
            Not Before: Jan  2 04:17:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d7a5c4885af4c6fae8e10ba5852803fbc5b09ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:15:14:e0:e6:87:68:52:c2:a8:da:fe:83:42:
                    5c:47:d5:e7:7b:de:a6:f5:47:51:ac:83:df:65:56:
                    71:37:bb:db:7e:65:4b:6c:82:e8:ed:06:04:40:64:
                    9d:b9:4f:1d:1b:9f:89:b4:36:66:8c:b1:3d:a2:d1:
                    2d:d4:91:be:89:27:5b:c7:bc:f0:e7:c3:fd:a0:5c:
                    ca:2a:c3:02:eb:0c:0c:2d:8e:9c:dc:0c:31:79:c8:
                    a7:bb:41:36:0b:19:33:a3:c4:65:4f:fb:4d:99:ee:
                    19:c8:1d:e8:4a:d4:f3:7c:74:43:a3:42:6c:f3:25:
                    b4:6a:5f:82:ef:8a:b5:0e:62:7e:23:08:66:3b:e6:
                    1e:70:3e:3d:12:3a:e2:1d:a8:7d:e8:94:9d:99:9c:
                    ba:bc:39:d3:13:3b:ae:a3:0c:e8:e8:67:02:1a:26:
                    d9:b8:48:25:db:89:f9:f6:93:3d:0d:da:2e:bc:1e:
                    d8:23:1f:15:70:95:a9:ac:03:b4:de:70:f1:df:96:
                    5c:d0:b1:17:d6:42:6b:8f:a6:89:3f:88:26:19:46:
                    cc:9f:f8:34:46:0c:ef:3e:35:ef:1f:13:44:f5:42:
                    6b:70:e9:83:37:c1:0f:69:8e:2b:b2:e8:dd:09:67:
                    f0:48:01:61:68:40:e9:fd:60:2f:74:b2:19:f0:0f:
                    4b:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:7A:5C:48:85:AF:4C:6F:AE:8E:10:BA:58:52:80:3F:BC:5B:09:EC
            X509v3 Authority Key Identifier:
                keyid:EA:F9:6D:F3:1B:3F:40:4D:F5:B7:7E:39:9C:E7:93:71:B4:F4:44:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6vlt8xs_QE31t345nOeTcbT0REM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/0e039a-be96-41fc-abcd-964b61bc319b/1/XXpcSIWvTG-ujhC6WFKAP7xbCew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/0e039a-be96-41fc-abcd-964b61bc319b/1/6vlt8xs_QE31t345nOeTcbT0REM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:2d:d6:73:99:a1:c7:0a:3b:c4:2e:24:d3:a8:1b:03:82:09:
         ae:13:be:79:0b:26:b9:42:13:17:ef:e1:96:0b:5b:78:5a:c3:
         56:e5:bf:f7:a0:4e:7b:25:72:5d:41:ce:f1:8d:ce:ad:ba:d1:
         53:a9:76:0f:a3:72:aa:92:51:9c:51:9b:35:32:98:5c:ea:c9:
         c0:85:ae:14:50:2f:e0:52:8f:51:d8:15:1e:c6:dd:bd:6c:f6:
         e3:6b:27:57:84:98:3d:9b:34:e7:4a:50:a6:e5:d6:0a:cf:cf:
         95:d4:c5:f9:b1:ca:cf:03:9f:66:a0:66:02:03:52:47:c0:9e:
         b6:83:c3:b1:75:62:90:4c:f3:de:2e:ce:d5:da:73:b4:ad:8d:
         59:9c:a5:10:22:85:be:7e:55:4e:c5:99:c1:a6:2c:20:de:40:
         1f:47:a5:c6:40:77:e1:c9:c5:e5:f3:91:5a:a9:36:86:95:f3:
         b9:d8:30:db:38:71:ac:7f:7d:c2:92:b7:6d:f7:9a:ff:0f:c9:
         68:ee:0b:ec:1d:9c:38:43:26:53:db:a6:fa:0d:75:3b:dc:db:
         4a:27:cc:8c:bd:8f:e3:40:fe:0a:d5:bb:7d:a4:82:20:8e:5c:
         92:c7:7a:03:3c:32:4c:7e:16:fd:31:25:d0:11:6c:14:2d:fa:
         45:9b:31:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87SqLhwLYOz+3waRKUr+ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhZjk2ZGYzMWIzZjQwNGRmNWI3N2UzOTljZTc5MzcxYjRm
NDQ0NDMwHhcNMjYwMTAyMDQxNzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDdhNWM0ODg1YWY0YzZmYWU4ZTEwYmE1ODUyODAzZmJjNWIwOWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8hUU4OaHaFLCqNr+g0JcR9Xne96m
9UdRrIPfZVZxN7vbfmVLbILo7QYEQGSduU8dG5+JtDZmjLE9otEt1JG+iSdbx7zw
58P9oFzKKsMC6wwMLY6c3Awxecinu0E2Cxkzo8RlT/tNme4ZyB3oStTzfHRDo0Js
8yW0al+C74q1DmJ+IwhmO+YecD49EjriHah96JSdmZy6vDnTEzuuowzo6GcCGibZ
uEgl24n59pM9DdouvB7YIx8VcJWprAO03nDx35Zc0LEX1kJrj6aJP4gmGUbMn/g0
RgzvPjXvHxNE9UJrcOmDN8EPaY4rsujdCWfwSAFhaEDp/WAvdLIZ8A9LkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF16XEiFr0xvro4QulhSgD+8WwnsMB8GA1UdIwQY
MBaAFOr5bfMbP0BN9bd+OZznk3G09ERDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnZsdDh4c19RRTMxdDM0NW5PZVRjYlQwUkVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8wZTAzOWEtYmU5Ni00MWZjLWFiY2Qt
OTY0YjYxYmMzMTliLzEvWFhwY1NJV3ZURy11amhDNldGS0FQN3hiQ2V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8wZTAzOWEtYmU5Ni00MWZjLWFiY2QtOTY0YjYxYmMzMTli
LzEvNnZsdDh4c19RRTMxdDM0NW5PZVRjYlQwUkVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+XpMA0G
CSqGSIb3DQEBCwUAA4IBAQAwLdZzmaHHCjvELiTTqBsDggmuE755Cya5QhMX7+GW
C1t4WsNW5b/3oE57JXJdQc7xjc6tutFTqXYPo3KqklGcUZs1Mphc6snAha4UUC/g
Uo9R2BUext29bPbjaydXhJg9mzTnSlCm5dYKz8+V1MX5scrPA59moGYCA1JHwJ62
g8OxdWKQTPPeLs7V2nO0rY1ZnKUQIoW+flVOxZnBpiwg3kAfR6XGQHfhycXl85Fa
qTaGlfO52DDbOHGsf33Ckrdt95r/D8lo7gvsHZw4QyZT26b6DXU73NtKJ8yMvY/j
QP4K1bt9pIIgjlySx3oDPDJMfhb9MSXQEWwULfpFmzG7
-----END CERTIFICATE-----