This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/XrmmbPIgnA61rh6z_5Wfj4vJ374.roa
File:                     XrmmbPIgnA61rh6z_5Wfj4vJ374.roa (raw, json)
Hash identifier:          DtOM3AG98xq9adArrqetx0s2cyFgsSbYyCzOOvAoXqc=
Subject key identifier:   5E:B9:A6:6C:F2:20:9C:0E:B5:AE:1E:B3:FF:95:9F:8F:8B:C9:DF:BE
Certificate issuer:       /CN=cd4065967dec092b5fc90152e4a95339ba1d2289
Certificate serial:       019B7DC9FDEEA9D71E6FEC65FEDC4705D397
Authority key identifier: CD:40:65:96:7D:EC:09:2B:5F:C9:01:52:E4:A9:53:39:BA:1D:22:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zUBlln3sCStfyQFS5KlTObodIok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/XrmmbPIgnA61rh6z_5Wfj4vJ374.roa
Signing time:             Fri 02 Jan 2026 08:19:08 +0000
ROA not before:           Fri 02 Jan 2026 08:19:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61317
IP address blocks:        185.144.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/zUBlln3sCStfyQFS5KlTObodIok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/zUBlln3sCStfyQFS5KlTObodIok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zUBlln3sCStfyQFS5KlTObodIok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 08:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:fd:ee:a9:d7:1e:6f:ec:65:fe:dc:47:05:d3:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd4065967dec092b5fc90152e4a95339ba1d2289
        Validity
            Not Before: Jan  2 08:19:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5eb9a66cf2209c0eb5ae1eb3ff959f8f8bc9dfbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:5a:d2:90:bf:c4:5d:bf:81:c0:d3:94:95:be:
                    c6:23:70:de:a1:0f:48:9e:96:ef:fd:64:f1:ed:9d:
                    29:e9:ff:d7:b9:50:dc:35:ac:52:8f:1c:03:2b:6c:
                    bd:8e:bf:d9:b4:76:6f:18:e5:53:d7:cd:7e:6b:dc:
                    99:36:d4:08:08:66:a4:b2:ec:bd:a9:d3:2e:16:42:
                    61:76:d9:24:15:ce:10:71:e2:23:d9:f0:06:1f:b6:
                    9c:02:10:b1:f0:8f:67:ac:08:e7:b4:82:99:a0:6f:
                    ca:c9:8c:4c:56:93:e3:a7:2b:e0:7f:cc:62:21:59:
                    ba:ba:9a:ea:4b:6e:47:f0:c5:7d:38:25:de:af:68:
                    59:38:73:85:19:4b:d5:ed:cb:88:2d:d9:c3:2a:bf:
                    1b:4a:00:f7:c5:4d:8a:a2:d8:81:0b:d1:43:51:37:
                    81:fd:9b:01:b9:bd:29:70:33:05:ce:64:21:38:56:
                    f8:d8:36:9d:2c:51:ae:e2:db:09:d8:de:82:fc:b4:
                    59:f4:bb:a6:5c:39:f3:16:19:4e:35:d6:41:ef:4b:
                    59:96:a9:94:d4:1c:77:80:6a:05:ac:7e:1b:8f:3a:
                    80:e5:80:aa:5e:0f:f6:86:17:f4:54:39:e1:19:4f:
                    f1:76:af:db:88:f4:1b:23:e8:53:20:24:e4:20:ad:
                    01:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:B9:A6:6C:F2:20:9C:0E:B5:AE:1E:B3:FF:95:9F:8F:8B:C9:DF:BE
            X509v3 Authority Key Identifier:
                keyid:CD:40:65:96:7D:EC:09:2B:5F:C9:01:52:E4:A9:53:39:BA:1D:22:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zUBlln3sCStfyQFS5KlTObodIok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/XrmmbPIgnA61rh6z_5Wfj4vJ374.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/zUBlln3sCStfyQFS5KlTObodIok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:ec:cc:29:64:1b:5d:69:5e:83:27:6d:fe:90:18:91:15:2c:
         bc:d6:25:41:2e:7d:1b:5a:78:d4:2e:42:b8:c3:bd:7d:f6:a3:
         10:f3:e6:b7:85:ea:2e:2d:ba:f4:67:c8:72:4a:5e:61:b6:64:
         24:73:e2:a6:24:bc:8f:e3:6c:62:d0:5d:e8:8e:5a:c0:a5:d0:
         e3:3a:64:aa:ff:24:0e:4d:41:d4:93:18:ad:ef:24:04:48:62:
         30:dd:92:9e:04:fc:d2:c2:92:da:82:28:4f:8a:68:36:38:0b:
         08:7e:ed:1b:52:f4:32:81:6d:00:9b:20:b4:16:4c:da:63:07:
         3e:dd:09:9f:84:8b:68:ec:f5:73:c4:9f:aa:25:3d:50:b2:38:
         11:69:50:01:78:31:0b:72:cb:87:99:03:78:9f:54:e4:08:61:
         62:3a:8d:07:ed:f0:30:e1:ef:b5:a6:e1:84:80:d1:31:54:ca:
         81:83:7d:b7:75:d3:7c:c2:8b:0f:16:7a:5f:c9:b7:f0:66:51:
         f2:5b:7d:cf:26:ac:40:10:53:e9:8d:03:a8:1a:ac:3f:59:0a:
         dc:43:33:4d:d0:2f:7f:48:bd:92:4d:d7:ae:33:e2:c4:b6:46:
         7e:5a:fc:47:f0:ef:2e:ae:62:1f:27:e1:3c:5f:f2:5d:85:fe:
         88:76:d5:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yf3uqdceb+xl/txHBdOXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNDA2NTk2N2RlYzA5MmI1ZmM5MDE1MmU0YTk1MzM5YmEx
ZDIyODkwHhcNMjYwMTAyMDgxOTA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWI5YTY2Y2YyMjA5YzBlYjVhZTFlYjNmZjk1OWY4ZjhiYzlkZmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8VrSkL/EXb+BwNOUlb7GI3DeoQ9I
npbv/WTx7Z0p6f/XuVDcNaxSjxwDK2y9jr/ZtHZvGOVT181+a9yZNtQICGaksuy9
qdMuFkJhdtkkFc4QceIj2fAGH7acAhCx8I9nrAjntIKZoG/KyYxMVpPjpyvgf8xi
IVm6uprqS25H8MV9OCXer2hZOHOFGUvV7cuILdnDKr8bSgD3xU2KotiBC9FDUTeB
/ZsBub0pcDMFzmQhOFb42DadLFGu4tsJ2N6C/LRZ9LumXDnzFhlONdZB70tZlqmU
1Bx3gGoFrH4bjzqA5YCqXg/2hhf0VDnhGU/xdq/biPQbI+hTICTkIK0B/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF65pmzyIJwOta4es/+Vn4+Lyd++MB8GA1UdIwQY
MBaAFM1AZZZ97AkrX8kBUuSpUzm6HSKJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelVCbGxuM3NDU3RmeVFGUzVLbFRPYm9kSW9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85NDRmMmEtZjY3My00MmJmLTllM2Qt
ZWRjZWY3NDUxZWY0LzEvWHJtbWJQSWduQTYxcmg2el81V2ZqNHZKMzc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85NDRmMmEtZjY3My00MmJmLTllM2QtZWRjZWY3NDUxZWY0
LzEvelVCbGxuM3NDU3RmeVFGUzVLbFRPYm9kSW9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZAMMA0G
CSqGSIb3DQEBCwUAA4IBAQC+7MwpZBtdaV6DJ23+kBiRFSy81iVBLn0bWnjULkK4
w7199qMQ8+a3heouLbr0Z8hySl5htmQkc+KmJLyP42xi0F3ojlrApdDjOmSq/yQO
TUHUkxit7yQESGIw3ZKeBPzSwpLagihPimg2OAsIfu0bUvQygW0AmyC0FkzaYwc+
3QmfhIto7PVzxJ+qJT1QsjgRaVABeDELcsuHmQN4n1TkCGFiOo0H7fAw4e+1puGE
gNExVMqBg323ddN8wosPFnpfybfwZlHyW33PJqxAEFPpjQOoGqw/WQrcQzNN0C9/
SL2STdeuM+LEtkZ+WvxH8O8urmIfJ+E8X/Jdhf6IdtWS
-----END CERTIFICATE-----