This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/Xrue8_3iZIf-q2iZjaX1I5eh5v4.roa
File:                     Xrue8_3iZIf-q2iZjaX1I5eh5v4.roa (raw, json)
Hash identifier:          GCW1dLjeWZhLx2VOYd6Yk9RjDyKldIOTznHcOf+v7tI=
Subject key identifier:   5E:BB:9E:F3:FD:E2:64:87:FE:AB:68:99:8D:A5:F5:23:97:A1:E6:FE
Certificate issuer:       /CN=60ebd4f7ac3d24920de1c1ff1185d9507e9ad078
Certificate serial:       019B78A364C34A267D092756EC206910C03A
Authority key identifier: 60:EB:D4:F7:AC:3D:24:92:0D:E1:C1:FF:11:85:D9:50:7E:9A:D0:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YOvU96w9JJIN4cH_EYXZUH6a0Hg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/Xrue8_3iZIf-q2iZjaX1I5eh5v4.roa
Signing time:             Thu 01 Jan 2026 08:18:52 +0000
ROA not before:           Thu 01 Jan 2026 08:18:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34078
IP address blocks:        109.95.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YOvU96w9JJIN4cH_EYXZUH6a0Hg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YOvU96w9JJIN4cH_EYXZUH6a0Hg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YOvU96w9JJIN4cH_EYXZUH6a0Hg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 20:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:64:c3:4a:26:7d:09:27:56:ec:20:69:10:c0:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60ebd4f7ac3d24920de1c1ff1185d9507e9ad078
        Validity
            Not Before: Jan  1 08:18:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ebb9ef3fde26487feab68998da5f52397a1e6fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:60:41:43:95:a2:fa:c4:97:4a:31:e1:e4:ad:
                    ef:db:44:a5:7d:9e:43:03:0c:e3:0c:c8:78:66:82:
                    d1:56:e6:40:bd:44:5d:f8:31:ae:9b:3f:51:aa:f1:
                    7a:a0:29:ce:15:42:29:fa:25:a3:68:c3:34:e9:d7:
                    32:e7:bc:61:b4:a9:34:bd:0d:90:50:17:2a:a5:cf:
                    57:52:03:4c:b0:af:af:04:3d:18:b5:47:35:9f:62:
                    cd:ae:51:cd:37:49:b0:93:95:9e:4a:22:5e:dc:ea:
                    69:3d:96:90:a3:32:99:1e:de:44:ec:ef:57:f3:9b:
                    0e:cb:f7:b2:32:3d:0c:6d:d9:3a:fb:b5:53:41:ac:
                    ed:c4:dc:a7:d6:f4:dc:c7:1f:9b:5c:4a:e0:c2:e7:
                    b2:8d:2d:8b:0a:34:6a:34:46:36:e4:20:6b:d4:12:
                    16:78:c8:9e:bf:56:d7:c2:78:a0:18:46:e1:39:a9:
                    ee:aa:77:94:f7:61:03:6f:f5:44:e7:2a:1d:d7:d9:
                    45:a5:c4:ca:45:e8:a3:1f:79:ef:8e:69:ae:88:d0:
                    85:c1:61:32:96:8d:55:5a:e5:63:8f:15:be:96:a8:
                    47:fc:85:4f:0a:b7:1d:1c:e1:62:95:1f:1f:7e:a5:
                    22:97:50:0f:29:86:a7:55:ae:8d:49:a0:98:08:ea:
                    82:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:BB:9E:F3:FD:E2:64:87:FE:AB:68:99:8D:A5:F5:23:97:A1:E6:FE
            X509v3 Authority Key Identifier:
                keyid:60:EB:D4:F7:AC:3D:24:92:0D:E1:C1:FF:11:85:D9:50:7E:9A:D0:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YOvU96w9JJIN4cH_EYXZUH6a0Hg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/Xrue8_3iZIf-q2iZjaX1I5eh5v4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/905378-228a-41b4-bce8-87d3b023d919/1/YOvU96w9JJIN4cH_EYXZUH6a0Hg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.95.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:6f:50:16:ac:de:7d:f2:b0:5d:1d:e7:dc:99:d4:79:09:d0:
         9b:94:08:f4:b2:d1:c7:9e:8e:9e:12:72:61:b5:48:37:fc:de:
         86:9b:5e:3e:28:f3:51:3a:ed:30:2a:94:a5:ef:4c:76:dc:59:
         68:49:8b:50:6f:60:d5:20:4f:8f:53:3d:62:3a:3e:5f:eb:94:
         74:33:4d:f9:73:69:cb:98:80:44:ee:4a:4d:77:60:38:49:82:
         24:b6:7a:19:e4:a2:55:e5:e3:85:a4:fb:93:8c:9d:db:31:c5:
         eb:a8:ee:ff:d3:35:19:61:4b:d3:d0:fd:ce:78:f8:b1:0b:1f:
         0b:93:74:da:94:1a:24:12:a7:0b:97:b7:f9:c5:32:4d:d8:12:
         43:a0:ea:bc:95:c9:8d:3d:79:6e:63:f0:94:3a:90:4b:62:4f:
         01:5a:d3:e0:8e:62:f0:31:a7:41:15:08:94:1b:6d:7d:46:28:
         d4:7a:00:8a:bf:46:24:33:a1:b3:ae:16:d1:d5:ab:8a:07:da:
         cf:de:f1:5f:66:69:ca:c0:e2:b4:c3:16:f1:60:5d:6c:d1:67:
         2e:80:b5:46:7a:b0:d6:de:e3:85:ef:35:78:da:9a:f1:9e:40:
         05:c9:89:43:66:fb:38:32:38:1f:90:17:bd:8e:dc:9f:55:7b:
         2d:03:f7:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4o2TDSiZ9CSdW7CBpEMA6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZWJkNGY3YWMzZDI0OTIwZGUxYzFmZjExODVkOTUwN2U5
YWQwNzgwHhcNMjYwMTAxMDgxODUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWJiOWVmM2ZkZTI2NDg3ZmVhYjY4OTk4ZGE1ZjUyMzk3YTFlNmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWBBQ5Wi+sSXSjHh5K3v20SlfZ5D
AwzjDMh4ZoLRVuZAvURd+DGumz9RqvF6oCnOFUIp+iWjaMM06dcy57xhtKk0vQ2Q
UBcqpc9XUgNMsK+vBD0YtUc1n2LNrlHNN0mwk5WeSiJe3OppPZaQozKZHt5E7O9X
85sOy/eyMj0Mbdk6+7VTQaztxNyn1vTcxx+bXErgwueyjS2LCjRqNEY25CBr1BIW
eMiev1bXwnigGEbhOanuqneU92EDb/VE5yod19lFpcTKReijH3nvjmmuiNCFwWEy
lo1VWuVjjxW+lqhH/IVPCrcdHOFilR8ffqUil1APKYanVa6NSaCYCOqC4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF67nvP94mSH/qtomY2l9SOXoeb+MB8GA1UdIwQY
MBaAFGDr1PesPSSSDeHB/xGF2VB+mtB4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU92VTk2dzlKSklONGNIX0VZWFpVSDZhMEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi85MDUzNzgtMjI4YS00MWI0LWJjZTgt
ODdkM2IwMjNkOTE5LzEvWHJ1ZThfM2laSWYtcTJpWmphWDFJNWVoNXY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi85MDUzNzgtMjI4YS00MWI0LWJjZTgtODdkM2IwMjNkOTE5
LzEvWU92VTk2dzlKSklONGNIX0VZWFpVSDZhMEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbV9CMA0G
CSqGSIb3DQEBCwUAA4IBAQDNb1AWrN598rBdHefcmdR5CdCblAj0stHHno6eEnJh
tUg3/N6Gm14+KPNROu0wKpSl70x23FloSYtQb2DVIE+PUz1iOj5f65R0M035c2nL
mIBE7kpNd2A4SYIktnoZ5KJV5eOFpPuTjJ3bMcXrqO7/0zUZYUvT0P3OePixCx8L
k3TalBokEqcLl7f5xTJN2BJDoOq8lcmNPXluY/CUOpBLYk8BWtPgjmLwMadBFQiU
G219RijUegCKv0YkM6GzrhbR1auKB9rP3vFfZmnKwOK0wxbxYF1s0WcugLVGerDW
3uOF7zV42prxnkAFyYlDZvs4MjgfkBe9jtyfVXstA/db
-----END CERTIFICATE-----