This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/157ba9-5ae7-4460-887b-782b82ebcaae/1/xkBGMTnH9dIUv5aeR6a2PC8pSMI.roa
File:                     xkBGMTnH9dIUv5aeR6a2PC8pSMI.roa (raw, json)
Hash identifier:          n4jn6g+/sKr9SjKht58rDpi14/4dvnS/2o8klkQ9iBo=
Subject key identifier:   C6:40:46:31:39:C7:F5:D2:14:BF:96:9E:47:A6:B6:3C:2F:29:48:C2
Certificate issuer:       /CN=83e5d90301d3cf67b88fee42dd545afcf14ea561
Certificate serial:       019B77589EF33C6A5CF8B56B7476A7FE166D
Authority key identifier: 83:E5:D9:03:01:D3:CF:67:B8:8F:EE:42:DD:54:5A:FC:F1:4E:A5:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g-XZAwHTz2e4j-5C3VRa_PFOpWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/157ba9-5ae7-4460-887b-782b82ebcaae/1/xkBGMTnH9dIUv5aeR6a2PC8pSMI.roa
Signing time:             Thu 01 Jan 2026 02:17:35 +0000
ROA not before:           Thu 01 Jan 2026 02:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        194.29.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/157ba9-5ae7-4460-887b-782b82ebcaae/1/g-XZAwHTz2e4j-5C3VRa_PFOpWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/157ba9-5ae7-4460-887b-782b82ebcaae/1/g-XZAwHTz2e4j-5C3VRa_PFOpWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g-XZAwHTz2e4j-5C3VRa_PFOpWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:9e:f3:3c:6a:5c:f8:b5:6b:74:76:a7:fe:16:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83e5d90301d3cf67b88fee42dd545afcf14ea561
        Validity
            Not Before: Jan  1 02:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c640463139c7f5d214bf969e47a6b63c2f2948c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:c5:37:23:59:6c:ba:c9:c8:64:4a:fa:99:59:
                    2b:a9:49:e4:ad:b4:9a:c4:5a:4b:3b:a0:98:0e:f4:
                    0b:2b:db:bb:4e:fc:4e:76:a2:b1:0c:57:9b:18:9e:
                    d6:49:d1:a1:48:ab:a3:a8:66:1b:ef:e4:e6:3e:64:
                    84:c4:5e:dd:90:a6:3e:1c:3b:33:51:85:28:71:30:
                    d7:a2:b9:8e:21:62:c4:88:2a:bb:e7:11:03:1e:c0:
                    ac:76:5f:75:d2:7d:b0:af:7b:bb:10:ec:8c:35:c5:
                    06:be:2e:a4:69:9a:c9:8f:07:b1:7f:19:36:61:58:
                    eb:8a:19:63:2b:25:fc:fc:e3:97:f3:8d:c1:5c:b5:
                    96:a0:80:80:8e:cb:6a:2f:3b:dc:b3:04:26:69:22:
                    e2:83:ad:a6:48:f3:d2:66:2b:1f:2f:2e:f7:f6:0b:
                    fd:4a:f1:63:e9:6a:7a:3c:42:a7:36:93:a4:12:19:
                    84:3d:01:82:58:5d:75:7f:4f:eb:08:c6:9d:35:b5:
                    a6:57:bc:b9:1c:8b:95:66:93:16:c6:ce:81:a7:ef:
                    e4:d0:7d:bb:26:a0:08:c0:5a:8d:99:59:19:7f:50:
                    16:f4:b2:f9:0f:f8:b7:81:8c:81:c5:26:f0:95:41:
                    67:44:2a:d3:65:04:26:bd:85:0a:85:d5:be:35:59:
                    42:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:40:46:31:39:C7:F5:D2:14:BF:96:9E:47:A6:B6:3C:2F:29:48:C2
            X509v3 Authority Key Identifier:
                keyid:83:E5:D9:03:01:D3:CF:67:B8:8F:EE:42:DD:54:5A:FC:F1:4E:A5:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g-XZAwHTz2e4j-5C3VRa_PFOpWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/157ba9-5ae7-4460-887b-782b82ebcaae/1/xkBGMTnH9dIUv5aeR6a2PC8pSMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/157ba9-5ae7-4460-887b-782b82ebcaae/1/g-XZAwHTz2e4j-5C3VRa_PFOpWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.29.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:d6:82:cd:3b:e0:90:f1:c0:92:dd:95:8c:a6:05:46:61:4c:
         0c:89:03:25:24:27:d3:82:0c:a0:c6:95:57:ad:3e:7f:99:e8:
         cc:0e:e7:3d:80:a0:af:35:4b:df:c3:99:8f:d6:04:3f:07:e6:
         82:13:fa:88:7c:be:76:db:ce:62:77:2f:73:da:ae:22:b1:04:
         e7:7a:24:32:4d:66:1c:80:26:ef:6b:c4:fe:49:5e:08:16:e0:
         ec:12:5e:3f:82:0b:1e:8d:11:b4:a4:77:25:71:0b:a2:04:e4:
         fe:fe:d9:5c:4b:08:a7:72:b6:cf:76:b4:6c:33:57:cc:7a:ad:
         9a:58:64:63:22:ff:77:59:58:47:92:98:82:11:7c:e5:70:fa:
         b3:87:c6:c1:47:db:b4:70:c2:61:a9:8e:63:53:10:5e:84:be:
         4a:9f:cb:6c:fe:80:80:6a:de:84:84:8e:b9:ef:f3:e7:09:fe:
         6d:74:df:d5:2f:1c:b0:78:9a:46:60:57:4b:8a:3e:00:0f:65:
         fb:41:04:ce:2c:3a:90:d4:41:de:29:05:cc:53:11:60:75:07:
         af:f1:7d:96:7f:9e:8c:e0:ee:b8:59:5a:da:c7:22:79:86:fb:
         6b:5d:83:11:79:f8:d1:3a:38:07:46:93:ad:8b:d1:a6:16:93:
         bb:99:a3:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WJ7zPGpc+LVrdHan/hZtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzZTVkOTAzMDFkM2NmNjdiODhmZWU0MmRkNTQ1YWZjZjE0
ZWE1NjEwHhcNMjYwMTAxMDIxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjQwNDYzMTM5YzdmNWQyMTRiZjk2OWU0N2E2YjYzYzJmMjk0OGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6sU3I1lsusnIZEr6mVkrqUnkrbSa
xFpLO6CYDvQLK9u7TvxOdqKxDFebGJ7WSdGhSKujqGYb7+TmPmSExF7dkKY+HDsz
UYUocTDXormOIWLEiCq75xEDHsCsdl910n2wr3u7EOyMNcUGvi6kaZrJjwexfxk2
YVjrihljKyX8/OOX843BXLWWoICAjstqLzvcswQmaSLig62mSPPSZisfLy739gv9
SvFj6Wp6PEKnNpOkEhmEPQGCWF11f0/rCMadNbWmV7y5HIuVZpMWxs6Bp+/k0H27
JqAIwFqNmVkZf1AW9LL5D/i3gYyBxSbwlUFnRCrTZQQmvYUKhdW+NVlCTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZARjE5x/XSFL+WnkemtjwvKUjCMB8GA1UdIwQY
MBaAFIPl2QMB089nuI/uQt1UWvzxTqVhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZy1YWkF3SFR6MmU0ai01QzNWUmFfUEZPcFdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xNTdiYTktNWFlNy00NDYwLTg4N2It
NzgyYjgyZWJjYWFlLzEveGtCR01Ubkg5ZElVdjVhZVI2YTJQQzhwU01JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xNTdiYTktNWFlNy00NDYwLTg4N2ItNzgyYjgyZWJjYWFl
LzEvZy1YWkF3SFR6MmU0ai01QzNWUmFfUEZPcFdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh02MA0G
CSqGSIb3DQEBCwUAA4IBAQCQ1oLNO+CQ8cCS3ZWMpgVGYUwMiQMlJCfTggygxpVX
rT5/mejMDuc9gKCvNUvfw5mP1gQ/B+aCE/qIfL52285idy9z2q4isQTneiQyTWYc
gCbva8T+SV4IFuDsEl4/ggsejRG0pHclcQuiBOT+/tlcSwincrbPdrRsM1fMeq2a
WGRjIv93WVhHkpiCEXzlcPqzh8bBR9u0cMJhqY5jUxBehL5Kn8ts/oCAat6EhI65
7/PnCf5tdN/VLxyweJpGYFdLij4AD2X7QQTOLDqQ1EHeKQXMUxFgdQev8X2Wf56M
4O64WVraxyJ5hvtrXYMRefjROjgHRpOti9GmFpO7maM2
-----END CERTIFICATE-----