This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/09bd91-5e18-4213-8053-1b03fdba0a24/1/X2kxHzFf9SkgMnpmfkJZYLt9vk0.roa
File:                     X2kxHzFf9SkgMnpmfkJZYLt9vk0.roa (raw, json)
Hash identifier:          sNneS9lKJ0Lh8P/blujhVvydwSLEvO0xfwmrcUBYvIU=
Subject key identifier:   5F:69:31:1F:31:5F:F5:29:20:32:7A:66:7E:42:59:60:BB:7D:BE:4D
Certificate issuer:       /CN=d92cad11f12d86d18951cbd751ee5124f718951f
Certificate serial:       019B775918721D3EA1F66137E54D5DF21DE7
Authority key identifier: D9:2C:AD:11:F1:2D:86:D1:89:51:CB:D7:51:EE:51:24:F7:18:95:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2SytEfEthtGJUcvXUe5RJPcYlR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/09bd91-5e18-4213-8053-1b03fdba0a24/1/X2kxHzFf9SkgMnpmfkJZYLt9vk0.roa
Signing time:             Thu 01 Jan 2026 02:18:06 +0000
ROA not before:           Thu 01 Jan 2026 02:18:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50629
IP address blocks:        193.3.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/09bd91-5e18-4213-8053-1b03fdba0a24/1/2SytEfEthtGJUcvXUe5RJPcYlR8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/09bd91-5e18-4213-8053-1b03fdba0a24/1/2SytEfEthtGJUcvXUe5RJPcYlR8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2SytEfEthtGJUcvXUe5RJPcYlR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 05:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:18:72:1d:3e:a1:f6:61:37:e5:4d:5d:f2:1d:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d92cad11f12d86d18951cbd751ee5124f718951f
        Validity
            Not Before: Jan  1 02:18:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5f69311f315ff52920327a667e425960bb7dbe4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:49:91:3f:1c:52:64:25:06:0e:4d:5e:25:b9:
                    5e:d5:20:74:88:18:2a:83:38:59:8e:12:1a:ff:ac:
                    31:fc:44:17:5f:c4:a6:59:55:87:8b:f2:e9:22:41:
                    f2:7d:d8:50:c5:9a:16:f8:f6:fb:e5:07:fb:b1:2f:
                    e5:42:da:ec:30:5a:e2:0d:22:e1:9d:e1:3c:e9:af:
                    77:1e:d9:7b:d5:9e:27:f5:26:e4:37:8a:cb:f1:81:
                    cb:e3:77:eb:3e:77:60:c0:ee:45:fe:ac:13:7f:74:
                    93:38:61:a7:d0:f4:13:23:2c:d6:79:c9:e7:5c:49:
                    be:c5:55:f5:59:0d:a5:2a:b3:f5:7b:41:42:00:79:
                    35:70:d7:de:b5:c5:ce:1b:af:9f:b7:65:df:34:ce:
                    27:9a:95:b8:f0:19:43:46:bd:14:43:a3:58:27:ed:
                    52:d0:29:5a:d6:d3:3d:74:18:69:49:f9:1c:57:9c:
                    da:88:ec:71:70:9a:17:a0:75:05:e1:e3:c0:45:90:
                    e0:a1:2c:54:08:40:1b:3f:64:1a:e2:77:b8:bc:d9:
                    99:a8:04:e1:fb:8c:7d:f3:3a:4b:68:af:50:7b:78:
                    32:75:ad:46:1d:bc:8e:d4:9a:06:88:b0:5d:56:13:
                    b1:da:fd:71:6b:b6:9f:2c:87:3c:7e:cf:29:52:88:
                    6f:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:69:31:1F:31:5F:F5:29:20:32:7A:66:7E:42:59:60:BB:7D:BE:4D
            X509v3 Authority Key Identifier:
                keyid:D9:2C:AD:11:F1:2D:86:D1:89:51:CB:D7:51:EE:51:24:F7:18:95:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2SytEfEthtGJUcvXUe5RJPcYlR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/09bd91-5e18-4213-8053-1b03fdba0a24/1/X2kxHzFf9SkgMnpmfkJZYLt9vk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/09bd91-5e18-4213-8053-1b03fdba0a24/1/2SytEfEthtGJUcvXUe5RJPcYlR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:69:d9:33:a5:64:35:1d:d6:67:0d:3f:08:cb:18:3c:10:60:
         e8:1a:48:10:12:5f:07:43:a7:f5:ac:4c:48:a6:fd:86:4b:91:
         38:5b:99:64:1f:07:c4:e6:fa:3c:fc:ae:a7:d0:08:71:6d:09:
         fe:52:c3:fc:f2:59:ed:2b:83:80:fe:de:e6:21:fb:93:0b:51:
         f2:e0:2d:8a:d6:69:cd:a0:5d:8f:c8:03:0d:be:db:1d:3f:2a:
         4e:a7:15:2d:e9:46:89:fd:a6:63:43:aa:60:8c:7b:1f:78:85:
         65:ef:99:44:46:a2:5d:c6:72:75:3c:1c:92:45:8f:ca:66:70:
         a8:bd:cd:ca:0f:d9:57:dd:9a:31:b1:82:64:56:d4:31:cf:f6:
         a7:d9:14:c8:ad:54:b1:a0:53:83:07:ee:ba:a8:47:bb:cf:40:
         ec:c9:35:7b:17:2e:ed:3b:3f:d9:ae:b1:33:44:19:8f:73:1a:
         d9:96:65:e2:b0:6c:be:d1:ef:b0:48:51:77:fd:15:88:59:99:
         a8:df:4f:65:9b:52:30:36:de:fa:9d:0f:70:db:3e:fe:9d:66:
         89:c3:47:5d:31:6c:8e:4f:fa:14:55:dc:67:7d:dc:09:46:b3:
         e6:5a:68:42:ec:23:28:8a:5d:3b:8e:0f:59:44:cf:f3:b3:de:
         bd:92:31:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WRhyHT6h9mE35U1d8h3nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5MmNhZDExZjEyZDg2ZDE4OTUxY2JkNzUxZWU1MTI0Zjcx
ODk1MWYwHhcNMjYwMTAxMDIxODA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjY5MzExZjMxNWZmNTI5MjAzMjdhNjY3ZTQyNTk2MGJiN2RiZTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUmRPxxSZCUGDk1eJble1SB0iBgq
gzhZjhIa/6wx/EQXX8SmWVWHi/LpIkHyfdhQxZoW+Pb75Qf7sS/lQtrsMFriDSLh
neE86a93Htl71Z4n9SbkN4rL8YHL43frPndgwO5F/qwTf3STOGGn0PQTIyzWecnn
XEm+xVX1WQ2lKrP1e0FCAHk1cNfetcXOG6+ft2XfNM4nmpW48BlDRr0UQ6NYJ+1S
0Cla1tM9dBhpSfkcV5zaiOxxcJoXoHUF4ePARZDgoSxUCEAbP2Qa4ne4vNmZqATh
+4x98zpLaK9Qe3gyda1GHbyO1JoGiLBdVhOx2v1xa7afLIc8fs8pUohvXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF9pMR8xX/UpIDJ6Zn5CWWC7fb5NMB8GA1UdIwQY
MBaAFNksrRHxLYbRiVHL11HuUST3GJUfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlN5dEVmRXRodEdKVWN2WFVlNVJKUGNZbFI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy8wOWJkOTEtNWUxOC00MjEzLTgwNTMt
MWIwM2ZkYmEwYTI0LzEvWDJreEh6RmY5U2tnTW5wbWZrSlpZTHQ5dmswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy8wOWJkOTEtNWUxOC00MjEzLTgwNTMtMWIwM2ZkYmEwYTI0
LzEvMlN5dEVmRXRodEdKVWN2WFVlNVJKUGNZbFI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQOAMA0G
CSqGSIb3DQEBCwUAA4IBAQBKadkzpWQ1HdZnDT8Iyxg8EGDoGkgQEl8HQ6f1rExI
pv2GS5E4W5lkHwfE5vo8/K6n0AhxbQn+UsP88lntK4OA/t7mIfuTC1Hy4C2K1mnN
oF2PyAMNvtsdPypOpxUt6UaJ/aZjQ6pgjHsfeIVl75lERqJdxnJ1PBySRY/KZnCo
vc3KD9lX3ZoxsYJkVtQxz/an2RTIrVSxoFODB+66qEe7z0DsyTV7Fy7tOz/ZrrEz
RBmPcxrZlmXisGy+0e+wSFF3/RWIWZmo309lm1IwNt76nQ9w2z7+nWaJw0ddMWyO
T/oUVdxnfdwJRrPmWmhC7CMoil07jg9ZRM/zs969kjGn
-----END CERTIFICATE-----