This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/Urq4lcycVWIKLaNn45V1NeLCyy0.roa
File:                     Urq4lcycVWIKLaNn45V1NeLCyy0.roa (raw, json)
Hash identifier:          HZbjp+4QSo6sI0SFI/WlujxWaBNVqSA8sXC1QOrQVus=
Subject key identifier:   52:BA:B8:95:CC:9C:55:62:0A:2D:A3:67:E3:95:75:35:E2:C2:CB:2D
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       019B78351FFE2041EB7A54C99ED7F78CB031
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/Urq4lcycVWIKLaNn45V1NeLCyy0.roa
Signing time:             Thu 01 Jan 2026 06:18:25 +0000
ROA not before:           Thu 01 Jan 2026 06:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4648
IP address blocks:        80.83.92.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:1f:fe:20:41:eb:7a:54:c9:9e:d7:f7:8c:b0:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jan  1 06:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=52bab895cc9c55620a2da367e3957535e2c2cb2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:1f:fc:1f:34:90:f7:71:7e:03:fb:4f:c3:92:
                    a1:59:4c:38:7f:5c:33:f4:2c:94:61:f7:6f:9f:f8:
                    f7:d7:d3:d3:9a:ad:08:40:8e:0a:57:77:db:a4:1c:
                    ac:24:5b:4a:7a:68:09:97:f6:bc:1b:b9:2f:b2:cb:
                    2f:b9:f5:43:e2:a3:d0:82:f0:ad:35:c7:64:aa:6b:
                    70:ff:1f:29:b9:8a:72:e5:dd:7a:6b:5b:4d:aa:f8:
                    c9:ec:c4:42:8d:34:9e:86:eb:63:86:e1:14:61:c8:
                    da:b4:13:99:ca:52:f4:b1:a6:af:02:a6:9c:ac:1f:
                    81:ad:a3:b8:d9:c2:32:bb:f2:b4:d2:bc:3a:b7:a1:
                    64:7b:a3:b0:6e:08:fb:28:ab:5f:f8:9e:f7:44:48:
                    11:90:44:b7:ee:38:1b:42:22:c4:ba:7a:a6:bf:66:
                    e6:e0:e3:a3:00:c6:3e:ce:a8:ea:08:ed:85:d1:88:
                    ae:e0:94:57:67:3a:d0:88:34:ec:fa:50:50:4b:9f:
                    0f:8e:14:0e:a7:d7:fc:15:7f:51:31:9c:f9:54:7d:
                    48:ec:67:42:20:b2:01:ed:c9:5b:34:65:b9:23:28:
                    1d:13:3d:d2:76:fe:e4:f4:af:e6:90:8c:cc:3e:53:
                    9e:21:76:b6:48:ec:ee:aa:18:b5:31:7b:38:c6:f5:
                    ae:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:BA:B8:95:CC:9C:55:62:0A:2D:A3:67:E3:95:75:35:E2:C2:CB:2D
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/Urq4lcycVWIKLaNn45V1NeLCyy0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.83.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:7f:8f:20:2d:98:e4:2b:7d:1f:5f:9d:80:96:51:2a:f3:35:
         7a:fa:e4:29:98:93:c1:26:3c:10:07:0e:0c:b2:57:48:0c:9e:
         e7:07:da:f7:cf:41:0b:86:ab:7a:d0:48:e6:bb:ed:d3:f9:75:
         00:26:65:15:3e:e8:55:43:ee:78:a5:52:74:de:40:6d:bf:37:
         fd:47:5d:82:dd:3f:53:c4:8c:4a:9b:98:63:56:1a:dd:45:60:
         4c:f9:64:57:fc:b4:c3:e8:48:d1:f7:4b:48:8b:cf:4f:aa:5b:
         35:ff:8b:5d:b7:ba:da:22:ea:4d:4e:99:c2:22:69:56:89:fe:
         c3:b4:e6:81:94:4d:fe:cd:66:0f:57:f1:6a:9c:72:22:0b:e1:
         b5:b9:4a:30:9d:84:f2:f9:ee:dd:d9:d7:c2:58:30:3b:8d:3d:
         dc:ad:51:03:e2:e6:75:d9:a9:1c:83:c2:a4:ea:00:c2:93:df:
         44:c0:df:72:ea:67:df:c0:10:1f:8c:7f:e5:c3:d7:a2:7c:e4:
         a7:03:48:b4:59:84:ed:39:2a:f3:4a:df:64:4a:3a:4f:91:6a:
         13:09:97:b3:11:6e:f6:8a:63:2e:1d:4a:d3:b0:15:91:c9:54:
         a9:7a:41:5b:1a:42:04:d6:33:32:b0:12:03:61:f0:cb:e7:0f:
         3a:2c:e7:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NR/+IEHrelTJntf3jLAxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjYwMTAxMDYxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmJhYjg5NWNjOWM1NTYyMGEyZGEzNjdlMzk1NzUzNWUyYzJjYjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAux/8HzSQ93F+A/tPw5KhWUw4f1wz
9CyUYfdvn/j319PTmq0IQI4KV3fbpBysJFtKemgJl/a8G7kvsssvufVD4qPQgvCt
Ncdkqmtw/x8puYpy5d16a1tNqvjJ7MRCjTSehutjhuEUYcjatBOZylL0saavAqac
rB+BraO42cIyu/K00rw6t6Fke6Owbgj7KKtf+J73REgRkES37jgbQiLEunqmv2bm
4OOjAMY+zqjqCO2F0Yiu4JRXZzrQiDTs+lBQS58PjhQOp9f8FX9RMZz5VH1I7GdC
ILIB7clbNGW5IygdEz3Sdv7k9K/mkIzMPlOeIXa2SOzuqhi1MXs4xvWufQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFK6uJXMnFViCi2jZ+OVdTXiwsstMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvVXJxNGxjeWNWV0lLTGFObjQ1VjFOZUxDeXkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUFNcMA0G
CSqGSIb3DQEBCwUAA4IBAQCGf48gLZjkK30fX52AllEq8zV6+uQpmJPBJjwQBw4M
sldIDJ7nB9r3z0ELhqt60Ejmu+3T+XUAJmUVPuhVQ+54pVJ03kBtvzf9R12C3T9T
xIxKm5hjVhrdRWBM+WRX/LTD6EjR90tIi89Pqls1/4tdt7raIupNTpnCImlWif7D
tOaBlE3+zWYPV/FqnHIiC+G1uUownYTy+e7d2dfCWDA7jT3crVED4uZ12akcg8Kk
6gDCk99EwN9y6mffwBAfjH/lw9eifOSnA0i0WYTtOSrzSt9kSjpPkWoTCZezEW72
imMuHUrTsBWRyVSpekFbGkIE1jMysBIDYfDL5w86LOcx
-----END CERTIFICATE-----