This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/XWrjWShl8ZOcp09LK2_ONhgHsKY.roa
File:                     XWrjWShl8ZOcp09LK2_ONhgHsKY.roa (raw, json)
Hash identifier:          AC5IcqCMeXfvwYRIiyyOeZ/CwhWtUU1oEh3vKTXLGOA=
Subject key identifier:   5D:6A:E3:59:28:65:F1:93:9C:A7:4F:4B:2B:6F:CE:36:18:07:B0:A6
Certificate issuer:       /CN=c41c7221ede3af5ee92e3206af2f18bd010d5dd9
Certificate serial:       019B76EB09C3CF4395EAF2DD2628C4EFAFF7
Authority key identifier: C4:1C:72:21:ED:E3:AF:5E:E9:2E:32:06:AF:2F:18:BD:01:0D:5D:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xBxyIe3jr17pLjIGry8YvQENXdk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/XWrjWShl8ZOcp09LK2_ONhgHsKY.roa
Signing time:             Thu 01 Jan 2026 00:17:53 +0000
ROA not before:           Thu 01 Jan 2026 00:17:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     28785
IP address blocks:        46.20.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/xBxyIe3jr17pLjIGry8YvQENXdk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/xBxyIe3jr17pLjIGry8YvQENXdk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xBxyIe3jr17pLjIGry8YvQENXdk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 12:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:09:c3:cf:43:95:ea:f2:dd:26:28:c4:ef:af:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c41c7221ede3af5ee92e3206af2f18bd010d5dd9
        Validity
            Not Before: Jan  1 00:17:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d6ae3592865f1939ca74f4b2b6fce361807b0a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:5f:6c:9b:71:23:12:59:85:2c:7b:fc:df:ee:
                    79:03:02:00:93:f1:df:7a:f7:92:ee:2c:d2:d4:04:
                    cc:35:be:8d:3f:9f:cd:b3:00:4a:c1:d9:d3:25:b2:
                    ee:cf:70:34:ca:1e:84:0d:c0:f0:1e:ae:f5:2c:29:
                    6f:38:93:2b:72:79:11:e2:e9:68:28:e4:8d:62:37:
                    66:46:a1:5c:fe:cd:c4:cc:95:73:52:4f:34:47:92:
                    c0:25:84:e3:07:dd:81:92:7b:65:57:7f:f3:9d:da:
                    e0:4c:72:81:c6:a4:6c:da:2f:bc:7e:95:fc:cb:33:
                    54:93:17:6e:2e:04:72:ba:dc:9b:96:50:c4:3a:51:
                    d0:9f:18:84:a6:c1:ae:d6:50:a7:4d:46:6d:0f:31:
                    8f:61:62:8c:bb:6e:41:10:2c:12:94:2a:44:db:ed:
                    f5:33:49:2e:74:5a:f5:53:47:83:9a:f5:f6:ce:ed:
                    bb:17:a0:d8:27:25:72:c6:d6:d9:37:7c:88:b9:a7:
                    d9:06:d4:4e:bb:3b:ff:26:8e:c3:c5:76:3a:fe:45:
                    46:5a:12:92:cb:fe:4b:96:2b:97:4f:22:f1:71:60:
                    42:46:3c:a4:61:87:c5:de:ee:7e:9e:c3:6e:34:f0:
                    72:a8:7c:d4:b9:27:19:78:23:73:4a:74:23:45:7a:
                    c5:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:6A:E3:59:28:65:F1:93:9C:A7:4F:4B:2B:6F:CE:36:18:07:B0:A6
            X509v3 Authority Key Identifier:
                keyid:C4:1C:72:21:ED:E3:AF:5E:E9:2E:32:06:AF:2F:18:BD:01:0D:5D:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xBxyIe3jr17pLjIGry8YvQENXdk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/XWrjWShl8ZOcp09LK2_ONhgHsKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/xBxyIe3jr17pLjIGry8YvQENXdk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:aa:67:8d:19:89:12:e9:73:43:45:5e:f2:d3:28:8f:7b:49:
         c9:ca:d1:67:e4:e6:1a:e4:21:cd:a1:d4:78:8a:e1:0a:0d:e5:
         bd:54:d7:b6:6b:24:58:37:88:4a:cf:66:2d:cd:d0:cc:c8:8a:
         14:11:dc:ea:de:de:87:d2:bb:b6:89:3f:4e:57:f1:7e:9f:8a:
         2e:2c:b7:17:bc:48:46:4b:c2:d3:78:6c:22:3e:92:f2:2c:63:
         c6:2d:c8:02:bb:f6:ac:55:78:e0:17:92:a9:6e:e5:ec:8c:d6:
         f2:36:be:75:6e:20:ce:85:7d:9d:57:1d:12:01:48:ee:87:4f:
         96:2f:5a:42:cd:df:95:cd:84:a7:2a:18:4f:02:c9:42:75:a4:
         c0:7c:1f:18:55:09:0d:51:d1:50:5a:b0:8d:bb:7c:7c:3e:76:
         1e:17:68:7a:30:68:ed:2c:be:11:d5:26:ac:e8:10:51:15:f5:
         04:01:8c:de:23:97:1f:f4:22:53:00:8d:2e:2e:f7:da:43:7a:
         74:e7:2a:60:19:26:d9:9b:cb:28:06:29:6f:22:61:20:e5:60:
         61:8a:dd:37:81:35:36:89:e9:66:8e:d7:f2:c7:f1:75:93:81:
         22:bc:5c:ca:5a:b8:4f:84:bf:84:0e:1a:6c:b5:97:f9:a9:67:
         01:09:c8:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26wnDz0OV6vLdJijE76/3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MWM3MjIxZWRlM2FmNWVlOTJlMzIwNmFmMmYxOGJkMDEw
ZDVkZDkwHhcNMjYwMTAxMDAxNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDZhZTM1OTI4NjVmMTkzOWNhNzRmNGIyYjZmY2UzNjE4MDdiMGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlV9sm3EjElmFLHv83+55AwIAk/Hf
eveS7izS1ATMNb6NP5/NswBKwdnTJbLuz3A0yh6EDcDwHq71LClvOJMrcnkR4ulo
KOSNYjdmRqFc/s3EzJVzUk80R5LAJYTjB92BkntlV3/zndrgTHKBxqRs2i+8fpX8
yzNUkxduLgRyutybllDEOlHQnxiEpsGu1lCnTUZtDzGPYWKMu25BECwSlCpE2+31
M0kudFr1U0eDmvX2zu27F6DYJyVyxtbZN3yIuafZBtROuzv/Jo7DxXY6/kVGWhKS
y/5LliuXTyLxcWBCRjykYYfF3u5+nsNuNPByqHzUuScZeCNzSnQjRXrFIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF1q41koZfGTnKdPSytvzjYYB7CmMB8GA1UdIwQY
MBaAFMQcciHt469e6S4yBq8vGL0BDV3ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEJ4eUllM2pyMTdwTGpJR3J5OFl2UUVOWGRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9lOTliMzUtOGNmNi00OTM0LWE1OTEt
OTkzMGYyMTk0YTBlLzEvWFdyaldTaGw4Wk9jcDA5TEsyX09OaGdIc0tZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9lOTliMzUtOGNmNi00OTM0LWE1OTEtOTkzMGYyMTk0YTBl
LzEveEJ4eUllM2pyMTdwTGpJR3J5OFl2UUVOWGRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhQxMA0G
CSqGSIb3DQEBCwUAA4IBAQBYqmeNGYkS6XNDRV7y0yiPe0nJytFn5OYa5CHNodR4
iuEKDeW9VNe2ayRYN4hKz2YtzdDMyIoUEdzq3t6H0ru2iT9OV/F+n4ouLLcXvEhG
S8LTeGwiPpLyLGPGLcgCu/asVXjgF5KpbuXsjNbyNr51biDOhX2dVx0SAUjuh0+W
L1pCzd+VzYSnKhhPAslCdaTAfB8YVQkNUdFQWrCNu3x8PnYeF2h6MGjtLL4R1Sas
6BBRFfUEAYzeI5cf9CJTAI0uLvfaQ3p05ypgGSbZm8soBilvImEg5WBhit03gTU2
ielmjtfyx/F1k4EivFzKWrhPhL+EDhpstZf5qWcBCci4
-----END CERTIFICATE-----