This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/xuDTDMEslqKPlZ2emXhAqCHpZwk.roa
File:                     xuDTDMEslqKPlZ2emXhAqCHpZwk.roa (raw, json)
Hash identifier:          jcyM9LWTAAxEKRGaAJaeFS8iGlw9gblRVA2IJcUw/E0=
Subject key identifier:   C6:E0:D3:0C:C1:2C:96:A2:8F:95:9D:9E:99:78:40:A8:21:E9:67:09
Certificate issuer:       /CN=5cf31afc36cb6955007fe97ed4a5e3185d2271ba
Certificate serial:       019A9B90033198A68EBB462CCD31824D14E4
Authority key identifier: 5C:F3:1A:FC:36:CB:69:55:00:7F:E9:7E:D4:A5:E3:18:5D:22:71:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XPMa_DbLaVUAf-l-1KXjGF0icbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/xuDTDMEslqKPlZ2emXhAqCHpZwk.roa
Signing time:             Wed 19 Nov 2025 10:01:37 +0000
ROA not before:           Wed 19 Nov 2025 10:01:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4766
IP address blocks:        45.92.104.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/XPMa_DbLaVUAf-l-1KXjGF0icbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/XPMa_DbLaVUAf-l-1KXjGF0icbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XPMa_DbLaVUAf-l-1KXjGF0icbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Dec 2025 16:30:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:9b:90:03:31:98:a6:8e:bb:46:2c:cd:31:82:4d:14:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cf31afc36cb6955007fe97ed4a5e3185d2271ba
        Validity
            Not Before: Nov 19 10:01:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c6e0d30cc12c96a28f959d9e997840a821e96709
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:52:fc:ef:11:c2:56:48:77:fe:6f:ee:df:8b:
                    66:77:28:2d:dc:2b:36:97:ef:9f:60:6b:c1:97:e6:
                    fd:48:4e:4d:1a:6b:ec:5c:88:13:a5:73:74:62:0c:
                    bb:c6:e4:58:c7:44:28:70:b7:bd:1a:f2:ff:4a:d0:
                    c7:1d:d3:81:df:b3:c3:f0:ff:32:84:b1:e3:b3:3a:
                    03:64:9f:69:86:87:31:95:0a:57:4a:d2:c7:cf:38:
                    94:52:49:04:db:40:17:e0:8f:ca:ff:42:95:87:f6:
                    32:86:0c:71:f1:d8:d7:d7:98:4f:c8:1a:5d:e9:e3:
                    9f:55:7a:0e:9b:69:5d:31:89:77:e4:fb:f8:a1:0d:
                    dc:af:e2:cb:f9:04:a6:2b:89:5d:f6:e1:58:04:17:
                    2b:29:54:2b:35:91:2e:2d:8c:a3:98:13:a8:68:d1:
                    e9:62:57:66:2f:f2:36:80:7b:a9:ce:89:aa:5f:1e:
                    fb:03:44:29:40:b1:c5:4a:70:59:96:7e:13:cd:03:
                    c1:9d:8b:bf:3d:c3:e7:6a:8c:91:ab:8f:f6:c3:1e:
                    0b:50:92:03:0c:f4:fe:a6:d6:fd:0b:bf:d5:d0:f2:
                    1f:c1:09:63:57:00:bc:82:08:08:b1:42:8d:d2:dd:
                    df:f1:1b:e6:75:2c:8e:ec:0b:4b:af:e1:21:9a:56:
                    83:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:E0:D3:0C:C1:2C:96:A2:8F:95:9D:9E:99:78:40:A8:21:E9:67:09
            X509v3 Authority Key Identifier:
                keyid:5C:F3:1A:FC:36:CB:69:55:00:7F:E9:7E:D4:A5:E3:18:5D:22:71:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XPMa_DbLaVUAf-l-1KXjGF0icbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/xuDTDMEslqKPlZ2emXhAqCHpZwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/XPMa_DbLaVUAf-l-1KXjGF0icbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:9d:0a:1a:01:99:4c:c4:8c:f0:27:e0:eb:1c:d9:f3:29:0a:
         c2:dc:f0:f5:e8:e4:5b:34:cc:9f:ea:06:d0:d5:4a:e6:fe:83:
         4c:e0:b7:12:2c:82:11:d9:e0:3b:a3:95:39:df:22:94:1f:bb:
         f4:2b:2c:e9:b9:a2:7d:55:7b:92:db:22:24:5c:5d:2c:09:99:
         73:de:77:22:ce:df:b3:86:76:aa:d9:29:6c:4f:c4:a8:5b:8c:
         bc:c3:f1:08:04:3c:98:6b:57:3c:43:b9:85:90:0b:e7:a5:55:
         d8:b8:6e:62:21:08:65:97:41:71:29:97:97:30:c3:fd:26:9b:
         f4:fe:1e:78:2e:60:f9:38:08:b3:28:fc:43:4f:92:8d:30:d0:
         33:0e:d8:a9:85:a1:81:10:e2:7a:b2:15:35:fc:62:01:46:68:
         a2:1e:84:1e:72:cf:cc:82:cd:f3:5e:1c:b5:e0:ce:3b:0c:e6:
         67:e3:4d:00:19:74:b6:27:37:58:c3:a2:75:28:75:76:af:3b:
         f5:c7:c8:c7:69:2f:4b:82:04:97:e3:f7:6f:a7:4a:41:00:5b:
         39:e6:c2:15:e1:71:d9:d4:43:7e:25:26:3f:f1:15:44:fd:b1:
         8f:d5:f2:d4:3a:6e:24:21:71:52:9c:50:2e:54:17:cb:7b:2c:
         a3:38:6d:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqbkAMxmKaOu0YszTGCTRTkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZjMxYWZjMzZjYjY5NTUwMDdmZTk3ZWQ0YTVlMzE4NWQy
MjcxYmEwHhcNMjUxMTE5MTAwMTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmUwZDMwY2MxMmM5NmEyOGY5NTlkOWU5OTc4NDBhODIxZTk2NzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVL87xHCVkh3/m/u34tmdygt3Cs2
l++fYGvBl+b9SE5NGmvsXIgTpXN0Ygy7xuRYx0QocLe9GvL/StDHHdOB37PD8P8y
hLHjszoDZJ9phocxlQpXStLHzziUUkkE20AX4I/K/0KVh/Yyhgxx8djX15hPyBpd
6eOfVXoOm2ldMYl35Pv4oQ3cr+LL+QSmK4ld9uFYBBcrKVQrNZEuLYyjmBOoaNHp
YldmL/I2gHupzomqXx77A0QpQLHFSnBZln4TzQPBnYu/PcPnaoyRq4/2wx4LUJID
DPT+ptb9C7/V0PIfwQljVwC8gggIsUKN0t3f8RvmdSyO7AtLr+EhmlaDvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMbg0wzBLJaij5Wdnpl4QKgh6WcJMB8GA1UdIwQY
MBaAFFzzGvw2y2lVAH/pftSl4xhdInG6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFBNYV9EYkxhVlVBZi1sLTFLWGpHRjBpY2JvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy80NThlYzMtMDQ1MS00ZTQxLTlhMzQt
NzM2ZDEyODg4Y2E4LzEveHVEVERNRXNscUtQbFoyZW1YaEFxQ0hwWndrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy80NThlYzMtMDQ1MS00ZTQxLTlhMzQtNzM2ZDEyODg4Y2E4
LzEvWFBNYV9EYkxhVlVBZi1sLTFLWGpHRjBpY2JvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVxoMA0G
CSqGSIb3DQEBCwUAA4IBAQBHnQoaAZlMxIzwJ+DrHNnzKQrC3PD16ORbNMyf6gbQ
1Urm/oNM4LcSLIIR2eA7o5U53yKUH7v0KyzpuaJ9VXuS2yIkXF0sCZlz3ncizt+z
hnaq2SlsT8SoW4y8w/EIBDyYa1c8Q7mFkAvnpVXYuG5iIQhll0FxKZeXMMP9Jpv0
/h54LmD5OAizKPxDT5KNMNAzDtiphaGBEOJ6shU1/GIBRmiiHoQecs/Mgs3zXhy1
4M47DOZn400AGXS2JzdYw6J1KHV2rzv1x8jHaS9LggSX4/dvp0pBAFs55sIV4XHZ
1EN+JSY/8RVE/bGP1fLUOm4kIXFSnFAuVBfLeyyjOG1x
-----END CERTIFICATE-----