This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XQfTjHdXqu1MxEiBzxseQaerwqU.roa
File:                     XQfTjHdXqu1MxEiBzxseQaerwqU.roa (raw, json)
Hash identifier:          IVdIJqWA/giKOreUscgg9iZNJTZaqFNdXGinkCQuGZY=
Subject key identifier:   5D:07:D3:8C:77:57:AA:ED:4C:C4:48:81:CF:1B:1E:41:A7:AB:C2:A5
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019B7D5D2E8980AAE36316BE0655FD98132C
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XQfTjHdXqu1MxEiBzxseQaerwqU.roa
Signing time:             Fri 02 Jan 2026 06:20:17 +0000
ROA not before:           Fri 02 Jan 2026 06:20:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15557
IP address blocks:        185.228.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 11:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:2e:89:80:aa:e3:63:16:be:06:55:fd:98:13:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  2 06:20:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d07d38c7757aaed4cc44881cf1b1e41a7abc2a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6a:4f:bf:7b:93:77:76:f6:60:d5:d0:5f:37:
                    c6:41:4d:14:2a:7e:45:d3:56:78:d1:f1:d3:c0:07:
                    8a:89:a6:4b:72:d1:49:22:6b:a7:1e:e9:65:4a:df:
                    37:e5:12:1b:b9:cc:85:2b:5e:e9:9a:87:24:23:63:
                    bd:c0:b9:f2:eb:5f:aa:c1:6f:cd:46:56:e8:1d:ce:
                    43:00:36:d8:2e:7d:c0:86:ce:d2:10:7d:c9:90:ba:
                    11:b9:bb:19:c6:30:71:c5:9a:89:34:6d:6e:06:8a:
                    69:c7:3f:96:3f:58:21:fc:c5:bc:30:b5:ad:e1:a8:
                    e9:29:cc:63:7c:53:69:04:bb:b8:67:8d:59:1c:0e:
                    40:0c:2d:27:2c:d5:c1:9c:09:26:63:71:d4:a9:66:
                    60:2f:cf:32:2a:da:4e:69:be:ef:4b:4e:ba:87:14:
                    30:b3:fe:50:55:83:d6:c5:ed:dd:a9:66:df:c5:1f:
                    cc:b5:4a:00:f8:c9:bb:72:20:35:e5:64:4f:89:94:
                    aa:72:b4:a1:89:57:9e:9a:32:e4:e7:32:bf:32:93:
                    33:b7:c4:bf:60:f5:3d:5c:5a:e6:6e:0b:b9:fc:70:
                    24:56:52:23:18:71:27:4c:20:f1:dc:a9:ca:dd:ed:
                    29:70:41:99:58:ca:51:84:1e:81:49:47:95:b4:b8:
                    95:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:07:D3:8C:77:57:AA:ED:4C:C4:48:81:CF:1B:1E:41:A7:AB:C2:A5
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XQfTjHdXqu1MxEiBzxseQaerwqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:3f:71:4c:aa:cc:0c:db:c4:53:7b:18:4e:22:dd:b2:9b:d9:
         0f:36:b6:bc:6e:4a:32:da:17:e9:9d:03:3d:a5:75:8b:32:9d:
         81:53:06:52:a1:8d:aa:60:90:bf:cb:bf:44:57:0c:c3:4d:55:
         27:99:89:d4:b8:ba:42:fa:f8:64:8c:31:a1:a4:4a:5b:93:0b:
         0d:71:8d:cd:8e:ba:d2:2e:0f:8b:4f:ed:e1:0e:63:af:85:98:
         11:68:33:44:90:0e:93:a7:dd:d4:f9:4b:8c:3b:82:de:4f:4b:
         5f:4a:66:ea:9f:12:51:96:17:78:84:ac:d1:04:58:5d:32:fa:
         dd:d5:3b:22:b9:bf:b3:d2:9b:c7:e3:02:f6:33:2e:fa:6e:f7:
         04:27:eb:fd:36:bb:1d:7c:62:d2:43:c7:eb:5e:07:16:62:5e:
         8b:c5:39:f7:51:66:58:0a:eb:a0:8b:ad:f2:bb:9e:ca:ec:ec:
         09:13:19:2e:d6:42:fd:3d:bc:25:eb:2b:7e:02:1f:97:a2:a1:
         1c:4f:23:7a:13:2d:52:46:a7:a6:f8:58:8a:67:e5:c6:b2:5c:
         3f:f1:03:93:4e:63:e3:de:54:17:3f:64:13:39:0e:e0:04:41:
         cf:95:0c:d3:fd:6f:38:76:6c:83:f2:af:4c:89:b7:f1:84:b9:
         ac:fc:34:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XS6JgKrjYxa+BlX9mBMsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMTAyMDYyMDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDA3ZDM4Yzc3NTdhYWVkNGNjNDQ4ODFjZjFiMWU0MWE3YWJjMmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGpPv3uTd3b2YNXQXzfGQU0UKn5F
01Z40fHTwAeKiaZLctFJImunHullSt835RIbucyFK17pmockI2O9wLny61+qwW/N
RlboHc5DADbYLn3Ahs7SEH3JkLoRubsZxjBxxZqJNG1uBoppxz+WP1gh/MW8MLWt
4ajpKcxjfFNpBLu4Z41ZHA5ADC0nLNXBnAkmY3HUqWZgL88yKtpOab7vS066hxQw
s/5QVYPWxe3dqWbfxR/MtUoA+Mm7ciA15WRPiZSqcrShiVeemjLk5zK/MpMzt8S/
YPU9XFrmbgu5/HAkVlIjGHEnTCDx3KnK3e0pcEGZWMpRhB6BSUeVtLiVvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF0H04x3V6rtTMRIgc8bHkGnq8KlMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvWFFmVGpIZFhxdTFNeEVpQnp4c2VRYWVyd3FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueTiMA0G
CSqGSIb3DQEBCwUAA4IBAQBEP3FMqswM28RTexhOIt2ym9kPNra8bkoy2hfpnQM9
pXWLMp2BUwZSoY2qYJC/y79EVwzDTVUnmYnUuLpC+vhkjDGhpEpbkwsNcY3NjrrS
Lg+LT+3hDmOvhZgRaDNEkA6Tp93U+UuMO4LeT0tfSmbqnxJRlhd4hKzRBFhdMvrd
1Tsiub+z0pvH4wL2My76bvcEJ+v9NrsdfGLSQ8frXgcWYl6LxTn3UWZYCuugi63y
u57K7OwJExku1kL9Pbwl6yt+Ah+XoqEcTyN6Ey1SRqem+FiKZ+XGslw/8QOTTmPj
3lQXP2QTOQ7gBEHPlQzT/W84dmyD8q9MibfxhLms/DSn
-----END CERTIFICATE-----