This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/56a02a-c5fd-4119-8c5f-f48502d13948/1/AXgiXKGJ_GI28CfbDTbrhhKV71A.roa
File:                     AXgiXKGJ_GI28CfbDTbrhhKV71A.roa (raw, json)
Hash identifier:          Nt0Y8chc5qRx7gXH46hyD0eSELR+V1CAAH5JbXj+q9k=
Subject key identifier:   01:78:22:5C:A1:89:FC:62:36:F0:27:DB:0D:36:EB:86:12:95:EF:50
Certificate issuer:       /CN=cccd583c8d71a2427e0060e3cc924f32dc1a820b
Certificate serial:       019B7CEE2547970270E433BF1FD8F93EE9D8
Authority key identifier: CC:CD:58:3C:8D:71:A2:42:7E:00:60:E3:CC:92:4F:32:DC:1A:82:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zM1YPI1xokJ-AGDjzJJPMtwaggs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/56a02a-c5fd-4119-8c5f-f48502d13948/1/AXgiXKGJ_GI28CfbDTbrhhKV71A.roa
Signing time:             Fri 02 Jan 2026 04:19:00 +0000
ROA not before:           Fri 02 Jan 2026 04:19:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216246
IP address blocks:        176.124.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/56a02a-c5fd-4119-8c5f-f48502d13948/1/zM1YPI1xokJ-AGDjzJJPMtwaggs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/56a02a-c5fd-4119-8c5f-f48502d13948/1/zM1YPI1xokJ-AGDjzJJPMtwaggs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zM1YPI1xokJ-AGDjzJJPMtwaggs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 04:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:25:47:97:02:70:e4:33:bf:1f:d8:f9:3e:e9:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cccd583c8d71a2427e0060e3cc924f32dc1a820b
        Validity
            Not Before: Jan  2 04:19:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0178225ca189fc6236f027db0d36eb861295ef50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:59:d0:b6:77:df:16:06:8e:a4:19:fe:41:e5:
                    f2:cb:f9:38:ee:f9:db:6c:9f:01:95:c4:e3:12:fd:
                    d3:f4:23:a2:04:43:0c:f3:94:8f:62:9b:e5:42:33:
                    c1:1b:05:65:c3:26:6b:ba:4f:c5:18:18:3e:c4:f8:
                    00:b3:33:ad:e5:55:c2:84:f9:cb:44:06:18:68:32:
                    e8:2d:24:7c:93:46:65:87:fe:b1:f5:2f:45:00:d6:
                    e4:ff:5b:fd:81:47:e4:c4:de:66:df:59:bb:ee:9b:
                    06:7b:d3:e7:09:ac:09:d7:18:80:6a:10:e1:73:87:
                    8e:19:dd:a3:b7:1a:ac:92:a3:6f:28:f3:7f:13:b6:
                    e1:ea:48:00:c6:36:cc:46:45:f0:5a:36:d7:fa:e9:
                    22:8f:d6:d1:95:4a:59:d0:90:fc:16:b3:e1:b6:c2:
                    c7:2c:39:63:6a:a4:52:4d:44:90:c3:0a:ae:75:d5:
                    85:df:68:32:02:83:17:1d:dd:7b:50:c0:ac:ef:fc:
                    29:96:fa:a8:81:1f:80:6d:9a:d3:46:a6:68:ca:ae:
                    e7:17:e7:35:50:be:bc:a8:4f:ba:ca:78:99:27:56:
                    61:bc:64:ba:c8:77:f4:5b:25:eb:a7:9c:62:87:9d:
                    7b:f8:9b:07:10:64:5d:e4:1f:d5:7a:79:c6:9e:bc:
                    c3:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:78:22:5C:A1:89:FC:62:36:F0:27:DB:0D:36:EB:86:12:95:EF:50
            X509v3 Authority Key Identifier:
                keyid:CC:CD:58:3C:8D:71:A2:42:7E:00:60:E3:CC:92:4F:32:DC:1A:82:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zM1YPI1xokJ-AGDjzJJPMtwaggs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/56a02a-c5fd-4119-8c5f-f48502d13948/1/AXgiXKGJ_GI28CfbDTbrhhKV71A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/56a02a-c5fd-4119-8c5f-f48502d13948/1/zM1YPI1xokJ-AGDjzJJPMtwaggs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.124.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:ea:8f:68:1d:27:b6:9f:d2:4e:28:d8:35:a1:38:3a:c7:d0:
         16:0f:5a:60:ba:e0:d6:fc:84:8a:60:24:a5:c9:d6:49:d0:b0:
         8c:0c:cf:9b:b7:57:58:fd:bc:ae:64:f1:84:81:00:7c:d1:21:
         fa:33:ba:a0:fe:35:2a:f9:1a:24:4f:18:c4:70:6a:de:bb:fd:
         75:97:94:fe:6d:0d:27:f8:cd:9c:fd:9e:d1:bd:88:1e:7d:6a:
         6f:c3:f3:7f:2f:0d:a1:d3:63:54:d0:d8:eb:87:2a:61:09:3a:
         09:9b:85:53:d9:04:bd:e6:d6:59:cd:12:32:62:3e:68:99:6d:
         df:b8:e1:f4:e9:e1:97:a3:94:fc:6a:2f:40:b5:10:f1:1a:d2:
         74:7c:48:d5:c2:19:35:0c:ee:21:02:f5:87:28:84:a0:86:51:
         8d:1e:47:e2:79:dd:2d:c0:93:2c:bb:4e:4b:06:31:7d:c0:31:
         e3:be:8e:03:08:97:8d:63:a5:ee:fe:f1:52:d3:a4:e7:3e:56:
         00:30:de:0e:54:c6:f1:3e:cb:7c:db:10:b9:e4:de:40:1e:88:
         5f:d8:ba:44:b0:39:d7:5d:b4:7a:87:3c:69:1c:76:f0:35:36:
         2b:a1:98:75:cf:17:a3:12:50:00:63:44:19:c2:39:b8:21:82:
         5f:2a:a7:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87iVHlwJw5DO/H9j5PunYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjY2Q1ODNjOGQ3MWEyNDI3ZTAwNjBlM2NjOTI0ZjMyZGMx
YTgyMGIwHhcNMjYwMTAyMDQxOTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTc4MjI1Y2ExODlmYzYyMzZmMDI3ZGIwZDM2ZWI4NjEyOTVlZjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlnQtnffFgaOpBn+QeXyy/k47vnb
bJ8BlcTjEv3T9COiBEMM85SPYpvlQjPBGwVlwyZruk/FGBg+xPgAszOt5VXChPnL
RAYYaDLoLSR8k0Zlh/6x9S9FANbk/1v9gUfkxN5m31m77psGe9PnCawJ1xiAahDh
c4eOGd2jtxqskqNvKPN/E7bh6kgAxjbMRkXwWjbX+ukij9bRlUpZ0JD8FrPhtsLH
LDljaqRSTUSQwwquddWF32gyAoMXHd17UMCs7/wplvqogR+AbZrTRqZoyq7nF+c1
UL68qE+6yniZJ1ZhvGS6yHf0WyXrp5xih517+JsHEGRd5B/VennGnrzDSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAF4IlyhifxiNvAn2w0264YSle9QMB8GA1UdIwQY
MBaAFMzNWDyNcaJCfgBg48ySTzLcGoILMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek0xWVBJMXhva0otQUdEanpKSlBNdHdhZ2dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi81NmEwMmEtYzVmZC00MTE5LThjNWYt
ZjQ4NTAyZDEzOTQ4LzEvQVhnaVhLR0pfR0kyOENmYkRUYnJoaEtWNzFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi81NmEwMmEtYzVmZC00MTE5LThjNWYtZjQ4NTAyZDEzOTQ4
LzEvek0xWVBJMXhva0otQUdEanpKSlBNdHdhZ2dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHzeMA0G
CSqGSIb3DQEBCwUAA4IBAQA26o9oHSe2n9JOKNg1oTg6x9AWD1pguuDW/ISKYCSl
ydZJ0LCMDM+bt1dY/byuZPGEgQB80SH6M7qg/jUq+RokTxjEcGreu/11l5T+bQ0n
+M2c/Z7RvYgefWpvw/N/Lw2h02NU0NjrhyphCToJm4VT2QS95tZZzRIyYj5omW3f
uOH06eGXo5T8ai9AtRDxGtJ0fEjVwhk1DO4hAvWHKISghlGNHkfied0twJMsu05L
BjF9wDHjvo4DCJeNY6Xu/vFS06TnPlYAMN4OVMbxPst82xC55N5AHohf2LpEsDnX
XbR6hzxpHHbwNTYroZh1zxejElAAY0QZwjm4IYJfKqfS
-----END CERTIFICATE-----