This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/f89685-1174-45d5-a5dc-09db57469bb8/1/Xo1iMQ3Ij7PUWeAGoOzLhIVZke8.roa
File:                     Xo1iMQ3Ij7PUWeAGoOzLhIVZke8.roa (raw, json)
Hash identifier:          hvxy9UVnq6BjnNCsQhrvZPVQxyWtXfd0lX9H8Cmba5E=
Subject key identifier:   5E:8D:62:31:0D:C8:8F:B3:D4:59:E0:06:A0:EC:CB:84:85:59:91:EF
Certificate issuer:       /CN=4e5caf5e5495f54b039f1d0f2471112467c9791c
Certificate serial:       019B7FF2BD479527992A0B5F52F61D4A8AD6
Authority key identifier: 4E:5C:AF:5E:54:95:F5:4B:03:9F:1D:0F:24:71:11:24:67:C9:79:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TlyvXlSV9UsDnx0PJHERJGfJeRw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/f89685-1174-45d5-a5dc-09db57469bb8/1/Xo1iMQ3Ij7PUWeAGoOzLhIVZke8.roa
Signing time:             Fri 02 Jan 2026 18:22:53 +0000
ROA not before:           Fri 02 Jan 2026 18:22:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58231
IP address blocks:        194.33.92.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/f89685-1174-45d5-a5dc-09db57469bb8/1/TlyvXlSV9UsDnx0PJHERJGfJeRw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/f89685-1174-45d5-a5dc-09db57469bb8/1/TlyvXlSV9UsDnx0PJHERJGfJeRw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TlyvXlSV9UsDnx0PJHERJGfJeRw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:bd:47:95:27:99:2a:0b:5f:52:f6:1d:4a:8a:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e5caf5e5495f54b039f1d0f2471112467c9791c
        Validity
            Not Before: Jan  2 18:22:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e8d62310dc88fb3d459e006a0eccb84855991ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e0:5a:a9:d0:60:a8:c1:5f:45:c5:ed:59:4a:
                    f3:92:77:23:38:3b:d0:59:7f:83:73:c0:42:be:ac:
                    db:75:1c:56:8a:be:5d:6e:b1:f5:4e:e7:d9:f9:ef:
                    cd:99:c7:aa:fa:7f:00:40:c3:cb:18:e6:9e:6d:a2:
                    b4:7d:96:ea:47:eb:d7:fa:52:c4:f5:2f:6d:07:b5:
                    bc:a4:59:bb:16:a7:81:b9:04:bf:89:2f:64:2c:7b:
                    d7:17:1d:db:b4:57:cb:fe:9f:76:5f:f9:86:62:0b:
                    a9:bb:4a:e7:04:33:8d:5f:10:78:06:b7:65:e8:9c:
                    53:08:52:63:a3:21:35:36:c8:19:ec:2d:fb:66:3c:
                    87:26:b2:3b:52:c2:bd:cf:76:36:c8:37:6f:9e:55:
                    a1:d7:36:9d:bc:e5:fb:a3:da:ad:90:3b:1e:48:42:
                    52:90:2f:be:50:df:bd:a8:82:47:04:d8:0e:2e:c3:
                    1c:ef:e2:a3:a5:60:35:ec:e4:f5:bd:b6:95:eb:57:
                    30:b1:bf:79:c6:b0:5e:87:68:32:68:d7:af:1c:49:
                    2d:69:d4:3c:b3:89:e9:81:fc:6c:fd:84:f3:2d:90:
                    f5:9a:2e:81:8c:bd:a6:cd:5d:e3:d4:54:b1:e0:7b:
                    97:23:0b:dc:2b:58:92:90:2b:54:52:97:26:67:ce:
                    bb:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:8D:62:31:0D:C8:8F:B3:D4:59:E0:06:A0:EC:CB:84:85:59:91:EF
            X509v3 Authority Key Identifier:
                keyid:4E:5C:AF:5E:54:95:F5:4B:03:9F:1D:0F:24:71:11:24:67:C9:79:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TlyvXlSV9UsDnx0PJHERJGfJeRw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/f89685-1174-45d5-a5dc-09db57469bb8/1/Xo1iMQ3Ij7PUWeAGoOzLhIVZke8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/f89685-1174-45d5-a5dc-09db57469bb8/1/TlyvXlSV9UsDnx0PJHERJGfJeRw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a9:9d:33:58:14:7c:f3:e2:cf:42:8e:a5:e6:b5:cd:c5:5c:04:
         ee:b0:ea:ee:7c:92:59:99:8e:03:1a:ca:52:d9:c3:ea:ed:18:
         c3:1d:39:04:b9:4f:3a:04:06:02:59:a9:93:76:7c:de:bf:48:
         22:8b:5e:1a:09:45:1f:16:5c:fd:04:a2:25:63:d7:44:44:b6:
         66:71:41:fe:05:82:45:e0:e2:0e:41:c6:a8:24:6a:35:f2:5d:
         b3:9a:2f:e7:ae:ec:ff:b0:5f:6f:1e:2d:5f:cf:04:35:5f:9e:
         7f:20:e6:e2:77:fa:9f:43:d9:42:74:68:d5:e9:d6:1d:00:80:
         e7:5c:01:c9:9a:43:27:b0:6d:9d:8a:64:73:16:a0:d2:2b:f1:
         65:dc:f8:9a:d1:81:75:ee:58:c1:f4:e6:8a:42:a6:92:61:ce:
         43:8e:10:b5:ef:bf:41:de:d3:3d:6f:af:e9:7a:c3:49:78:4d:
         ce:32:95:b9:9f:6a:ca:8c:a6:de:4f:a3:6c:48:28:56:58:52:
         6b:19:49:18:fe:1f:b7:f7:49:f4:f6:8e:03:01:22:b7:c4:0b:
         ec:91:fa:7d:2b:7b:77:aa:51:71:5a:ce:ea:51:cd:85:40:89:
         a8:e9:e7:ea:2f:55:f0:be:b7:89:af:7c:62:f7:1b:8a:e7:15:
         44:bb:41:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8r1HlSeZKgtfUvYdSorWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNWNhZjVlNTQ5NWY1NGIwMzlmMWQwZjI0NzExMTI0Njdj
OTc5MWMwHhcNMjYwMTAyMTgyMjUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZThkNjIzMTBkYzg4ZmIzZDQ1OWUwMDZhMGVjY2I4NDg1NTk5MWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuBaqdBgqMFfRcXtWUrzkncjODvQ
WX+Dc8BCvqzbdRxWir5dbrH1TufZ+e/Nmceq+n8AQMPLGOaebaK0fZbqR+vX+lLE
9S9tB7W8pFm7FqeBuQS/iS9kLHvXFx3btFfL/p92X/mGYgupu0rnBDONXxB4Brdl
6JxTCFJjoyE1NsgZ7C37ZjyHJrI7UsK9z3Y2yDdvnlWh1zadvOX7o9qtkDseSEJS
kC++UN+9qIJHBNgOLsMc7+KjpWA17OT1vbaV61cwsb95xrBeh2gyaNevHEktadQ8
s4npgfxs/YTzLZD1mi6BjL2mzV3j1FSx4HuXIwvcK1iSkCtUUpcmZ8677QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6NYjENyI+z1FngBqDsy4SFWZHvMB8GA1UdIwQY
MBaAFE5cr15UlfVLA58dDyRxESRnyXkcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGx5dlhsU1Y5VXNEbngwUEpIRVJKR2ZKZVJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9mODk2ODUtMTE3NC00NWQ1LWE1ZGMt
MDlkYjU3NDY5YmI4LzEvWG8xaU1RM0lqN1BVV2VBR29PekxoSVZaa2U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9mODk2ODUtMTE3NC00NWQ1LWE1ZGMtMDlkYjU3NDY5YmI4
LzEvVGx5dlhsU1Y5VXNEbngwUEpIRVJKR2ZKZVJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiFcMA0G
CSqGSIb3DQEBCwUAA4IBAQCpnTNYFHzz4s9CjqXmtc3FXATusOrufJJZmY4DGspS
2cPq7RjDHTkEuU86BAYCWamTdnzev0gii14aCUUfFlz9BKIlY9dERLZmcUH+BYJF
4OIOQcaoJGo18l2zmi/nruz/sF9vHi1fzwQ1X55/IObid/qfQ9lCdGjV6dYdAIDn
XAHJmkMnsG2dimRzFqDSK/Fl3Pia0YF17ljB9OaKQqaSYc5DjhC1779B3tM9b6/p
esNJeE3OMpW5n2rKjKbeT6NsSChWWFJrGUkY/h+390n09o4DASK3xAvskfp9K3t3
qlFxWs7qUc2FQImo6efqL1XwvreJr3xi9xuK5xVEu0Gm
-----END CERTIFICATE-----