This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/XtYBo7scN26cbmzcEVBSKA0js4k.roa
File:                     XtYBo7scN26cbmzcEVBSKA0js4k.roa (raw, json)
Hash identifier:          V1uChYYVpkx2xi1qTYcQbi6Z/gGYxugEuQ9a8AaoEE4=
Subject key identifier:   5E:D6:01:A3:BB:1C:37:6E:9C:6E:6C:DC:11:50:52:28:0D:23:B3:89
Certificate issuer:       /CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
Certificate serial:       019B7EA546FA91D47C5DE112DA0066B731F6
Authority key identifier: 6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/XtYBo7scN26cbmzcEVBSKA0js4k.roa
Signing time:             Fri 02 Jan 2026 12:18:39 +0000
ROA not before:           Fri 02 Jan 2026 12:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200017
IP address blocks:        45.140.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:46:fa:91:d4:7c:5d:e1:12:da:00:66:b7:31:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
        Validity
            Not Before: Jan  2 12:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ed601a3bb1c376e9c6e6cdc115052280d23b389
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:03:32:64:20:22:73:61:99:5d:99:c1:f4:11:
                    3c:46:49:e7:f2:3a:25:5a:39:46:69:ce:6b:72:3f:
                    b0:3a:bd:d9:97:44:f7:32:a5:ff:bd:bf:10:53:39:
                    26:0d:e7:2a:64:36:b8:c6:60:a5:03:f1:96:e7:33:
                    bf:1f:06:bf:d1:be:e1:cf:aa:10:38:ac:b0:78:9d:
                    80:74:fb:6e:e1:c1:24:81:78:06:81:42:3d:11:33:
                    a2:4c:24:85:48:8c:65:83:e0:e5:93:14:30:ae:6c:
                    97:43:e8:63:74:07:1e:31:45:13:d5:8d:3b:bc:47:
                    7d:0f:0f:dc:16:b0:fb:90:d7:60:db:b4:83:75:f5:
                    81:34:dd:f6:d9:42:7c:23:26:54:80:9d:c3:3c:80:
                    06:00:1f:c5:37:5b:80:29:62:1b:b3:21:01:80:8b:
                    95:e4:25:ac:2e:a1:43:d2:ab:47:f7:b5:3e:7f:f3:
                    db:56:5a:f7:85:64:6d:ad:3a:ff:a3:84:bd:4f:90:
                    2b:7b:f2:b8:f6:2f:0f:f4:d2:77:32:22:8a:37:80:
                    40:94:bb:44:5c:0c:87:a7:02:41:9e:cc:b9:b8:c6:
                    5e:6b:5a:9f:51:de:9c:ac:75:12:00:78:ad:6b:f1:
                    00:04:af:6a:13:be:d6:37:c0:90:19:2d:f7:55:ef:
                    43:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:D6:01:A3:BB:1C:37:6E:9C:6E:6C:DC:11:50:52:28:0D:23:B3:89
            X509v3 Authority Key Identifier:
                keyid:6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/XtYBo7scN26cbmzcEVBSKA0js4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:67:84:f2:c3:9a:ff:94:a9:92:ef:87:93:96:06:a7:44:0f:
         9f:bd:98:aa:36:7b:05:dc:8c:4c:0a:35:b4:07:e7:0a:2b:30:
         30:0e:84:41:aa:84:86:1e:a7:6e:a3:12:a1:8a:16:f0:be:3c:
         98:77:79:0b:bd:9a:5e:9a:de:38:85:23:70:6a:f7:80:5f:71:
         89:96:24:6f:60:9e:37:45:56:3d:cc:ca:1b:2a:3d:f5:08:c0:
         50:87:82:21:cc:78:46:da:0d:ad:5b:d1:b9:5f:06:89:b8:03:
         70:fc:a2:75:61:d3:cd:00:05:6a:48:c6:85:7d:89:34:62:ce:
         bd:20:1e:56:d9:e0:08:47:35:89:5d:9f:cb:84:ae:6f:01:b8:
         3e:70:69:a1:64:b1:e1:e3:95:cd:24:32:18:3f:d2:d1:f9:3d:
         80:7d:a6:b5:62:33:2b:5c:25:06:e0:73:5c:98:65:ce:42:60:
         a5:57:fd:df:11:2b:00:cd:a0:21:13:84:4e:27:91:6a:d6:c7:
         fb:87:80:bf:d4:63:1d:5e:c1:15:37:4a:ae:7f:f0:6d:1c:db:
         2a:9d:aa:36:ee:d5:68:85:17:17:97:81:01:9b:3d:5d:b2:24:
         56:3f:24:79:6d:9f:59:b9:d2:a0:c2:ac:d5:b6:9f:fd:88:52:
         e4:12:2a:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pUb6kdR8XeES2gBmtzH2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZDk4YzJjNTRiMGNiZWExMzRlMjdhOTgxY2ZkZGU3MzIz
NmUwNTUwHhcNMjYwMTAyMTIxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWQ2MDFhM2JiMWMzNzZlOWM2ZTZjZGMxMTUwNTIyODBkMjNiMzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowMyZCAic2GZXZnB9BE8Rknn8jol
WjlGac5rcj+wOr3Zl0T3MqX/vb8QUzkmDecqZDa4xmClA/GW5zO/Hwa/0b7hz6oQ
OKyweJ2AdPtu4cEkgXgGgUI9ETOiTCSFSIxlg+DlkxQwrmyXQ+hjdAceMUUT1Y07
vEd9Dw/cFrD7kNdg27SDdfWBNN322UJ8IyZUgJ3DPIAGAB/FN1uAKWIbsyEBgIuV
5CWsLqFD0qtH97U+f/PbVlr3hWRtrTr/o4S9T5Are/K49i8P9NJ3MiKKN4BAlLtE
XAyHpwJBnsy5uMZea1qfUd6crHUSAHita/EABK9qE77WN8CQGS33Ve9DGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF7WAaO7HDdunG5s3BFQUigNI7OJMB8GA1UdIwQY
MBaAFGzZjCxUsMvqE04nqYHP3ecyNuBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWIt
ZDM3ZGY2MzRhOTI5LzEvWHRZQm83c2NOMjZjYm16Y0VWQlNLQTBqczRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWItZDM3ZGY2MzRhOTI5
LzEvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYzDMA0G
CSqGSIb3DQEBCwUAA4IBAQDOZ4Tyw5r/lKmS74eTlganRA+fvZiqNnsF3IxMCjW0
B+cKKzAwDoRBqoSGHqduoxKhihbwvjyYd3kLvZpemt44hSNwaveAX3GJliRvYJ43
RVY9zMobKj31CMBQh4IhzHhG2g2tW9G5XwaJuANw/KJ1YdPNAAVqSMaFfYk0Ys69
IB5W2eAIRzWJXZ/LhK5vAbg+cGmhZLHh45XNJDIYP9LR+T2Afaa1YjMrXCUG4HNc
mGXOQmClV/3fESsAzaAhE4ROJ5Fq1sf7h4C/1GMdXsEVN0quf/BtHNsqnao27tVo
hRcXl4EBmz1dsiRWPyR5bZ9ZudKgwqzVtp/9iFLkEirN
-----END CERTIFICATE-----