This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/360a9d-b121-45ae-830d-066b63237d85/1/StxoWp_RJ1797k0oHsjoVvZHf10.roa
File:                     StxoWp_RJ1797k0oHsjoVvZHf10.roa (raw, json)
Hash identifier:          nD5a2Jb4fZiufTRyTRxdHS8BCxtbGh40rJHL37nPIac=
Subject key identifier:   4A:DC:68:5A:9F:D1:27:5E:FD:EE:4D:28:1E:C8:E8:56:F6:47:7F:5D
Certificate issuer:       /CN=73189d26bae7f85cb4e06ab5ab536de5a80c16a1
Certificate serial:       019B78A281CAF2790A4D9E876AE23BE33A09
Authority key identifier: 73:18:9D:26:BA:E7:F8:5C:B4:E0:6A:B5:AB:53:6D:E5:A8:0C:16:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cxidJrrn-Fy04Gq1q1Nt5agMFqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/360a9d-b121-45ae-830d-066b63237d85/1/StxoWp_RJ1797k0oHsjoVvZHf10.roa
Signing time:             Thu 01 Jan 2026 08:17:54 +0000
ROA not before:           Thu 01 Jan 2026 08:17:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60876
IP address blocks:        185.166.120.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/360a9d-b121-45ae-830d-066b63237d85/1/cxidJrrn-Fy04Gq1q1Nt5agMFqE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/360a9d-b121-45ae-830d-066b63237d85/1/cxidJrrn-Fy04Gq1q1Nt5agMFqE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cxidJrrn-Fy04Gq1q1Nt5agMFqE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:81:ca:f2:79:0a:4d:9e:87:6a:e2:3b:e3:3a:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73189d26bae7f85cb4e06ab5ab536de5a80c16a1
        Validity
            Not Before: Jan  1 08:17:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4adc685a9fd1275efdee4d281ec8e856f6477f5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:71:ec:d3:87:e9:4c:db:fb:84:ee:16:e2:b1:
                    a7:5e:21:8e:f3:89:03:53:e4:e6:da:59:d3:58:be:
                    c4:c7:99:1b:76:6c:75:8e:21:8c:27:0b:a1:c2:c1:
                    49:13:ac:e5:de:20:95:64:b8:89:ad:25:81:bb:b5:
                    08:f4:79:9c:ff:ee:be:2f:35:bb:25:5a:b2:03:62:
                    27:68:f1:e0:72:94:35:21:77:b3:ad:a0:a2:ee:85:
                    43:bc:ba:cd:f7:92:8d:b0:2b:50:08:3b:a9:06:e3:
                    6e:a1:7b:f4:90:c9:d2:22:b9:bf:de:b4:22:fc:76:
                    c0:28:c9:1e:55:d7:ed:93:35:4d:a4:c9:a6:66:07:
                    f8:8c:ea:b2:f4:33:95:72:4f:c1:44:1e:b4:01:09:
                    98:07:0f:ee:88:d5:88:c0:f0:e1:ac:e2:43:8e:a7:
                    80:dc:ab:e9:37:1f:ab:15:15:de:73:6a:6f:cc:67:
                    c5:5c:17:7b:6b:2d:c3:af:b4:a8:23:8c:57:a9:d6:
                    d2:f7:e8:83:c5:c9:de:84:cf:4f:4f:71:40:ed:b1:
                    bc:6d:dc:21:5b:9d:34:ef:e3:f8:03:48:d4:e6:2c:
                    51:7c:67:8e:8b:e1:aa:29:b6:72:01:d8:37:e5:c1:
                    d5:3e:44:f4:5d:4a:81:f5:ac:8f:99:05:85:2f:ac:
                    bf:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:DC:68:5A:9F:D1:27:5E:FD:EE:4D:28:1E:C8:E8:56:F6:47:7F:5D
            X509v3 Authority Key Identifier:
                keyid:73:18:9D:26:BA:E7:F8:5C:B4:E0:6A:B5:AB:53:6D:E5:A8:0C:16:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cxidJrrn-Fy04Gq1q1Nt5agMFqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/360a9d-b121-45ae-830d-066b63237d85/1/StxoWp_RJ1797k0oHsjoVvZHf10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/360a9d-b121-45ae-830d-066b63237d85/1/cxidJrrn-Fy04Gq1q1Nt5agMFqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:82:57:7a:b5:f4:fc:b9:7f:cc:dd:5d:d3:b7:83:5f:3c:09:
         89:3a:fc:e6:9b:55:7d:66:6d:a7:94:3a:e5:69:de:63:4d:4b:
         88:61:7f:2b:ae:45:a5:d2:5d:5a:8a:f0:94:2f:bc:46:c9:5a:
         ea:8c:89:b6:7f:1b:cc:0b:6a:b5:a0:43:bd:13:b1:84:9c:d9:
         bb:fb:8c:4e:28:76:b7:b4:a3:4d:a4:b8:d5:a9:32:06:ad:45:
         b2:25:d7:f3:fc:d1:66:8f:b3:f1:58:e4:59:34:96:47:f6:fd:
         ce:42:3d:11:2b:c3:44:60:21:a2:3f:8f:27:cb:82:c1:72:9e:
         df:fd:d7:e6:86:dc:b2:6d:f2:9a:6b:bb:77:22:51:dd:d3:10:
         cd:00:c6:c7:b1:ae:17:0e:7f:d2:2e:80:36:f0:e2:da:a9:66:
         6f:af:26:b0:f6:f6:99:b9:88:93:42:7e:c5:47:ea:c3:24:78:
         5d:f7:e8:dd:5a:da:ed:26:b9:05:cd:d2:b7:9e:78:22:65:fc:
         54:4b:31:18:db:87:4c:27:25:3a:49:d2:91:1e:5f:1e:d1:70:
         30:5e:c8:e9:25:10:a3:48:af:19:03:b8:57:66:80:f1:e3:9c:
         81:a6:d7:4c:25:1b:aa:55:9b:df:1e:30:97:de:2b:d6:55:99:
         35:93:90:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4ooHK8nkKTZ6HauI74zoJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczMTg5ZDI2YmFlN2Y4NWNiNGUwNmFiNWFiNTM2ZGU1YTgw
YzE2YTEwHhcNMjYwMTAxMDgxNzU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWRjNjg1YTlmZDEyNzVlZmRlZTRkMjgxZWM4ZTg1NmY2NDc3ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHHs04fpTNv7hO4W4rGnXiGO84kD
U+Tm2lnTWL7Ex5kbdmx1jiGMJwuhwsFJE6zl3iCVZLiJrSWBu7UI9Hmc/+6+LzW7
JVqyA2InaPHgcpQ1IXezraCi7oVDvLrN95KNsCtQCDupBuNuoXv0kMnSIrm/3rQi
/HbAKMkeVdftkzVNpMmmZgf4jOqy9DOVck/BRB60AQmYBw/uiNWIwPDhrOJDjqeA
3KvpNx+rFRXec2pvzGfFXBd7ay3Dr7SoI4xXqdbS9+iDxcnehM9PT3FA7bG8bdwh
W5007+P4A0jU5ixRfGeOi+GqKbZyAdg35cHVPkT0XUqB9ayPmQWFL6y/FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFErcaFqf0Sde/e5NKB7I6Fb2R39dMB8GA1UdIwQY
MBaAFHMYnSa65/hctOBqtatTbeWoDBahMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3hpZEpycm4tRnkwNEdxMXExTnQ1YWdNRnFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8zNjBhOWQtYjEyMS00NWFlLTgzMGQt
MDY2YjYzMjM3ZDg1LzEvU3R4b1dwX1JKMTc5N2swb0hzam9WdlpIZjEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8zNjBhOWQtYjEyMS00NWFlLTgzMGQtMDY2YjYzMjM3ZDg1
LzEvY3hpZEpycm4tRnkwNEdxMXExTnQ1YWdNRnFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaZ4MA0G
CSqGSIb3DQEBCwUAA4IBAQAggld6tfT8uX/M3V3Tt4NfPAmJOvzmm1V9Zm2nlDrl
ad5jTUuIYX8rrkWl0l1aivCUL7xGyVrqjIm2fxvMC2q1oEO9E7GEnNm7+4xOKHa3
tKNNpLjVqTIGrUWyJdfz/NFmj7PxWORZNJZH9v3OQj0RK8NEYCGiP48ny4LBcp7f
/dfmhtyybfKaa7t3IlHd0xDNAMbHsa4XDn/SLoA28OLaqWZvryaw9vaZuYiTQn7F
R+rDJHhd9+jdWtrtJrkFzdK3nngiZfxUSzEY24dMJyU6SdKRHl8e0XAwXsjpJRCj
SK8ZA7hXZoDx45yBptdMJRuqVZvfHjCX3ivWVZk1k5Bj
-----END CERTIFICATE-----