This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/XXAYfqUHP9nZBwlGSXcDJmZr7gM.roa
File:                     XXAYfqUHP9nZBwlGSXcDJmZr7gM.roa (raw, json)
Hash identifier:          lTHokh5dlYVtVzphYfMaxHP19CTq5FCkid0Lic2Aukw=
Subject key identifier:   5D:70:18:7E:A5:07:3F:D9:D9:07:09:46:49:77:03:26:66:6B:EE:03
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       019A9797C662C8B373490D184A56A3DB6577
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/XXAYfqUHP9nZBwlGSXcDJmZr7gM.roa
Signing time:             Tue 18 Nov 2025 15:31:37 +0000
ROA not before:           Tue 18 Nov 2025 15:31:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        193.168.186.0/24 maxlen: 24
                          193.168.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Dec 2025 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:97:97:c6:62:c8:b3:73:49:0d:18:4a:56:a3:db:65:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Nov 18 15:31:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d70187ea5073fd9d907094649770326666bee03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:92:9a:95:c3:44:b3:f4:0f:4b:e3:6b:54:63:
                    06:b5:c7:62:f9:fe:ee:e7:bd:7b:bd:2d:31:93:f3:
                    a1:3f:42:e8:a9:3b:f2:e8:19:da:a1:28:f2:5d:89:
                    33:e2:ba:f1:5e:07:8f:a6:b1:2f:2c:ed:20:1a:29:
                    ce:34:fb:aa:84:fc:10:c9:02:5d:c7:3f:bb:2b:93:
                    18:94:73:92:44:72:50:bb:2a:af:d9:33:a3:26:46:
                    1a:c5:5a:9c:08:9e:68:34:a5:67:01:de:ab:6a:9a:
                    79:cc:e3:70:02:cf:d8:57:26:22:3c:f6:b4:ed:fb:
                    d1:5d:40:4d:e3:78:fb:b2:c7:03:8f:5f:ef:45:dc:
                    6f:be:35:4b:6c:1e:c5:32:7a:c5:3c:56:b4:f9:56:
                    48:b8:8e:8c:f3:68:59:90:26:56:f3:2c:0b:2c:c6:
                    61:5c:be:e4:d3:a7:e6:b9:b7:4b:a6:bd:f5:95:85:
                    6f:bd:4f:ea:8c:93:06:88:3b:dc:2a:ed:9b:d2:97:
                    e9:d9:a3:4a:48:84:b3:a9:83:a9:7b:3e:b4:3f:4b:
                    8f:dc:1b:5a:9e:7a:65:de:53:95:68:64:84:37:c2:
                    6c:21:f9:84:af:41:45:32:2d:92:5a:d2:24:df:2b:
                    49:9d:28:27:d7:8c:7e:88:6a:e2:35:89:d5:fa:ed:
                    32:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:70:18:7E:A5:07:3F:D9:D9:07:09:46:49:77:03:26:66:6B:EE:03
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/XXAYfqUHP9nZBwlGSXcDJmZr7gM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.168.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:f8:d9:1a:bd:29:37:b6:ca:09:60:94:09:53:fc:3c:e8:29:
         a6:e0:20:31:2d:14:de:dd:f4:82:09:fd:18:73:5f:e1:cf:dc:
         3d:e1:32:e0:8c:ec:67:d5:ac:5d:3b:0b:12:16:b1:55:db:91:
         11:30:67:69:3a:80:56:55:88:d9:7b:79:8a:4f:aa:fe:40:7d:
         f8:82:69:0c:a0:71:a4:86:de:1d:63:c1:e1:c6:68:ce:3e:d2:
         fa:3f:56:f6:b6:b9:72:2c:9e:13:a3:9f:db:fa:1e:41:ad:fd:
         ee:22:d4:d8:6d:ad:fc:eb:ef:ed:c6:ae:85:5b:86:1a:09:06:
         39:0d:eb:13:aa:e9:20:18:1c:d1:9a:bf:64:56:88:0a:2f:74:
         15:24:3f:b5:fb:68:7a:40:08:a4:75:72:37:b1:d1:22:c9:ef:
         6c:11:87:78:ab:5b:9c:4e:29:7d:67:55:88:0e:a1:b9:b0:0f:
         ea:fd:1b:fb:c3:6b:d1:7a:47:31:09:d9:43:10:7f:b8:b0:c1:
         78:71:01:12:2d:2e:65:02:5d:d1:88:06:ea:38:31:83:c4:68:
         0c:30:2c:62:07:0b:61:7f:a2:13:5a:e2:21:cb:f5:75:ec:ae:
         86:03:83:f3:5d:ad:7a:73:4f:a0:4c:a2:78:2c:a5:45:f5:63:
         70:58:1a:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqXl8ZiyLNzSQ0YSlaj22V3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjUxMTE4MTUzMTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDcwMTg3ZWE1MDczZmQ5ZDkwNzA5NDY0OTc3MDMyNjY2NmJlZTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6pKalcNEs/QPS+NrVGMGtcdi+f7u
5717vS0xk/OhP0LoqTvy6BnaoSjyXYkz4rrxXgePprEvLO0gGinONPuqhPwQyQJd
xz+7K5MYlHOSRHJQuyqv2TOjJkYaxVqcCJ5oNKVnAd6rapp5zONwAs/YVyYiPPa0
7fvRXUBN43j7sscDj1/vRdxvvjVLbB7FMnrFPFa0+VZIuI6M82hZkCZW8ywLLMZh
XL7k06fmubdLpr31lYVvvU/qjJMGiDvcKu2b0pfp2aNKSISzqYOpez60P0uP3Bta
nnpl3lOVaGSEN8JsIfmEr0FFMi2SWtIk3ytJnSgn14x+iGriNYnV+u0yCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF1wGH6lBz/Z2QcJRkl3AyZma+4DMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvWFhBWWZxVUhQOW5aQndsR1NYY0RKbVpyN2dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwai6MA0G
CSqGSIb3DQEBCwUAA4IBAQA0+NkavSk3tsoJYJQJU/w86Cmm4CAxLRTe3fSCCf0Y
c1/hz9w94TLgjOxn1axdOwsSFrFV25ERMGdpOoBWVYjZe3mKT6r+QH34gmkMoHGk
ht4dY8HhxmjOPtL6P1b2trlyLJ4To5/b+h5Brf3uItTYba386+/txq6FW4YaCQY5
DesTqukgGBzRmr9kVogKL3QVJD+1+2h6QAikdXI3sdEiye9sEYd4q1ucTil9Z1WI
DqG5sA/q/Rv7w2vRekcxCdlDEH+4sMF4cQESLS5lAl3RiAbqODGDxGgMMCxiBwth
f6ITWuIhy/V17K6GA4PzXa16c0+gTKJ4LKVF9WNwWBq0
-----END CERTIFICATE-----