This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/Xmq8MIM69xXoWligTZrXp8zQx-M.roa
File:                     Xmq8MIM69xXoWligTZrXp8zQx-M.roa (raw, json)
Hash identifier:          sh10Lg5SlBRX3w4ghwkyy6NSMKoG5SxsAcT+uI3ou6c=
Subject key identifier:   5E:6A:BC:30:83:3A:F7:15:E8:5A:58:A0:4D:9A:D7:A7:CC:D0:C7:E3
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       019B7758EDF89231FE93D4B962CB3AA9B50D
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/Xmq8MIM69xXoWligTZrXp8zQx-M.roa
Signing time:             Thu 01 Jan 2026 02:17:55 +0000
ROA not before:           Thu 01 Jan 2026 02:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200615
IP address blocks:        5.1.70.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 14:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:ed:f8:92:31:fe:93:d4:b9:62:cb:3a:a9:b5:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 02:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e6abc30833af715e85a58a04d9ad7a7ccd0c7e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:71:71:db:f0:73:97:fd:1f:0b:52:8b:0c:57:
                    42:c1:1d:11:c3:2f:88:87:28:96:7c:6c:78:83:53:
                    bd:f2:2b:b3:c9:77:8d:10:16:8e:05:44:dd:9f:ac:
                    8a:62:8f:40:9d:77:24:d8:ff:5c:96:fe:c1:46:40:
                    15:a9:d2:1b:4a:40:94:c4:ff:cd:c0:3b:05:9e:ad:
                    43:9a:f8:c5:56:29:f0:6a:5f:02:fe:02:5c:65:6b:
                    2f:82:b2:2e:42:0a:f5:7f:1f:71:7c:44:89:0c:ba:
                    9b:59:d6:6b:23:33:88:22:98:08:f0:5b:9b:4e:02:
                    e9:8a:ab:05:6e:62:87:7e:59:6b:2b:14:25:10:6c:
                    72:2b:2b:1c:5b:5b:2c:0a:96:c5:a8:86:6a:9a:53:
                    a6:b9:5a:17:3a:b8:4e:b2:f0:4e:0c:be:70:68:67:
                    9b:d8:dc:85:b3:18:d0:8e:31:2b:dd:d1:b1:22:7e:
                    ad:4d:15:be:3e:bd:91:28:ee:a0:1c:54:7a:4b:e4:
                    c8:d1:08:3a:f6:09:55:24:04:74:ec:b9:d8:79:55:
                    98:82:49:a3:63:fb:15:75:23:e7:77:a6:46:76:51:
                    9c:d3:5d:3f:27:aa:2e:c1:e2:cb:30:5c:4a:b7:9f:
                    68:60:8d:c6:15:a6:79:c8:56:55:d4:c7:7e:1b:d2:
                    ec:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:6A:BC:30:83:3A:F7:15:E8:5A:58:A0:4D:9A:D7:A7:CC:D0:C7:E3
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/Xmq8MIM69xXoWligTZrXp8zQx-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:6b:bc:5e:3d:37:7f:33:e5:13:be:62:bf:89:34:42:75:7a:
         d0:71:31:0c:62:8d:26:38:45:65:63:7c:13:3e:a4:cc:c4:77:
         a2:19:c4:6c:f7:f6:22:ad:dc:e6:cb:cb:ee:a8:25:02:d9:38:
         65:f8:03:a4:53:68:8a:85:cf:81:f3:41:ec:e1:78:09:bc:6b:
         0e:95:c8:a8:a5:86:58:51:13:89:66:cb:2e:de:ba:b3:16:c8:
         83:de:a4:c7:55:0d:df:1c:7b:f8:7e:ae:9b:67:92:1e:0d:b2:
         cf:6f:4d:6a:41:94:26:76:a1:f5:f8:4e:7a:c5:9e:39:67:d5:
         1d:11:d9:6a:86:b5:41:fe:60:9a:3a:ee:96:80:4c:72:9a:66:
         10:d5:15:04:7b:6f:87:40:4e:7c:d8:c2:b4:25:c2:b7:48:62:
         4c:37:07:4f:17:43:d3:65:e5:24:2e:59:4e:49:be:d1:cc:01:
         49:1a:03:8a:ee:1d:14:73:4b:cd:83:9b:fc:31:b5:a8:0b:10:
         c0:8e:96:e8:1a:09:04:6f:16:35:c3:99:72:84:5c:05:2a:1a:
         c1:ab:f8:60:1a:f7:da:57:78:b8:bb:1b:f9:08:f9:86:ad:ca:
         6f:3f:13:9d:fd:0b:14:56:fa:de:94:84:6a:9a:fc:39:d2:16:
         9b:7b:90:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WO34kjH+k9S5Yss6qbUNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjYwMTAxMDIxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTZhYmMzMDgzM2FmNzE1ZTg1YTU4YTA0ZDlhZDdhN2NjZDBjN2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnFx2/Bzl/0fC1KLDFdCwR0Rwy+I
hyiWfGx4g1O98iuzyXeNEBaOBUTdn6yKYo9AnXck2P9clv7BRkAVqdIbSkCUxP/N
wDsFnq1DmvjFVinwal8C/gJcZWsvgrIuQgr1fx9xfESJDLqbWdZrIzOIIpgI8Fub
TgLpiqsFbmKHfllrKxQlEGxyKyscW1ssCpbFqIZqmlOmuVoXOrhOsvBODL5waGeb
2NyFsxjQjjEr3dGxIn6tTRW+Pr2RKO6gHFR6S+TI0Qg69glVJAR07LnYeVWYgkmj
Y/sVdSPnd6ZGdlGc010/J6ouweLLMFxKt59oYI3GFaZ5yFZV1Md+G9Ls5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5qvDCDOvcV6FpYoE2a16fM0MfjMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvWG1xOE1JTTY5eFhvV2xpZ1RaclhwOHpReC1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQFGMA0G
CSqGSIb3DQEBCwUAA4IBAQC2a7xePTd/M+UTvmK/iTRCdXrQcTEMYo0mOEVlY3wT
PqTMxHeiGcRs9/Yirdzmy8vuqCUC2Thl+AOkU2iKhc+B80Hs4XgJvGsOlciopYZY
UROJZssu3rqzFsiD3qTHVQ3fHHv4fq6bZ5IeDbLPb01qQZQmdqH1+E56xZ45Z9Ud
EdlqhrVB/mCaOu6WgExymmYQ1RUEe2+HQE582MK0JcK3SGJMNwdPF0PTZeUkLllO
Sb7RzAFJGgOK7h0Uc0vNg5v8MbWoCxDAjpboGgkEbxY1w5lyhFwFKhrBq/hgGvfa
V3i4uxv5CPmGrcpvPxOd/QsUVvrelIRqmvw50habe5Cn
-----END CERTIFICATE-----