This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/UEMbnQSg-CqPCCOUzMzNhJH12lA.roa
File:                     UEMbnQSg-CqPCCOUzMzNhJH12lA.roa (raw, json)
Hash identifier:          Zoo54h/jLJxtqfZ2SMs//OnOjukQq18e+WiJr5qy/5U=
Subject key identifier:   50:43:1B:9D:04:A0:F8:2A:8F:08:23:94:CC:CC:CD:84:91:F5:DA:50
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019B7FF2A90C0FB4B87114E395A8F8FC1CA1
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/UEMbnQSg-CqPCCOUzMzNhJH12lA.roa
Signing time:             Fri 02 Jan 2026 18:22:47 +0000
ROA not before:           Fri 02 Jan 2026 18:22:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     174
IP address blocks:        193.25.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:a9:0c:0f:b4:b8:71:14:e3:95:a8:f8:fc:1c:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jan  2 18:22:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50431b9d04a0f82a8f082394cccccd8491f5da50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:7d:fc:89:a6:f2:1e:88:6e:81:ba:37:bb:3c:
                    88:2d:8d:98:bd:ed:4e:46:8a:b3:c4:e9:70:33:d0:
                    9a:12:e6:87:bf:ed:38:5a:3d:44:a1:75:54:12:c1:
                    07:cd:16:d1:7f:86:4a:60:5a:73:8f:b5:55:2f:83:
                    b2:9f:1f:c2:98:a9:52:f6:7f:a9:b0:16:35:d1:6d:
                    ac:a6:5f:38:5a:c9:9b:62:79:ce:65:dd:44:1c:50:
                    39:bd:8c:53:ff:2d:89:de:cf:cf:d5:21:f1:29:0c:
                    3d:76:b4:a5:a5:5d:ce:4c:da:1d:53:7e:1b:eb:67:
                    cd:50:64:b4:e6:07:cd:d3:87:7c:bd:90:d1:4f:7c:
                    92:59:eb:26:c7:1a:02:e4:f3:d8:80:93:b3:4e:5d:
                    8e:57:8e:2b:85:41:bf:0d:56:30:07:37:bb:68:91:
                    30:d4:59:a9:5c:56:57:0e:8a:ec:09:b9:6f:c6:57:
                    cc:b8:45:5c:0e:f9:37:34:06:0a:87:8b:ea:f6:51:
                    d5:3e:0e:a3:42:ab:f8:41:48:e8:e7:13:17:68:4c:
                    a0:6e:ae:a3:77:02:d9:2a:8a:79:07:bc:85:51:f2:
                    14:52:ab:87:a6:62:87:70:80:f1:ed:f0:d9:6e:5e:
                    e7:88:97:ec:6d:67:ce:db:61:99:b0:15:77:68:c7:
                    e3:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:43:1B:9D:04:A0:F8:2A:8F:08:23:94:CC:CC:CD:84:91:F5:DA:50
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/UEMbnQSg-CqPCCOUzMzNhJH12lA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:53:d2:cc:d3:0f:b2:91:ce:bf:24:63:be:58:a8:98:e0:1d:
         e6:91:43:c9:3b:ef:8d:ac:1c:e5:90:28:32:98:32:5c:8e:9f:
         44:7c:c7:dc:cf:db:44:05:51:1a:d3:76:94:4e:4f:9d:b5:14:
         2c:9b:b4:2f:37:66:47:d0:76:66:90:fe:e3:d4:62:c6:91:cb:
         f3:67:0a:8a:98:c7:d9:4c:bc:46:09:fa:1f:72:9c:f5:83:49:
         b2:19:5c:ca:0e:82:2f:64:4b:38:2f:98:93:d8:a4:c6:80:f6:
         62:c6:03:c5:df:e2:bd:f6:f1:80:ff:0e:31:a2:7d:04:43:22:
         e7:30:c7:cb:cd:4a:6c:e1:5e:e3:77:67:26:1d:00:73:5d:73:
         21:ff:79:8d:43:c7:3b:b8:bb:19:66:a6:d3:2a:3c:0d:03:80:
         aa:78:5b:1d:94:9f:2e:bd:4b:2b:8a:12:c8:26:fb:f0:6c:13:
         c8:36:e0:18:ae:78:66:6d:bd:7f:48:67:41:e3:7d:0f:cc:90:
         f1:e8:36:3a:47:fa:a5:19:a8:b8:eb:28:91:b5:b0:33:90:8e:
         7c:49:bb:12:87:db:d8:45:4f:c8:7a:03:a8:33:61:49:4b:fa:
         80:9b:ba:92:72:5e:1f:bb:34:2d:09:41:06:58:83:80:6d:80:
         13:36:b1:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8qkMD7S4cRTjlaj4/ByhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjYwMTAyMTgyMjQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDQzMWI5ZDA0YTBmODJhOGYwODIzOTRjY2NjY2Q4NDkxZjVkYTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0X38iabyHohugbo3uzyILY2Yve1O
RoqzxOlwM9CaEuaHv+04Wj1EoXVUEsEHzRbRf4ZKYFpzj7VVL4Oynx/CmKlS9n+p
sBY10W2spl84WsmbYnnOZd1EHFA5vYxT/y2J3s/P1SHxKQw9drSlpV3OTNodU34b
62fNUGS05gfN04d8vZDRT3ySWesmxxoC5PPYgJOzTl2OV44rhUG/DVYwBze7aJEw
1FmpXFZXDorsCblvxlfMuEVcDvk3NAYKh4vq9lHVPg6jQqv4QUjo5xMXaEygbq6j
dwLZKop5B7yFUfIUUquHpmKHcIDx7fDZbl7niJfsbWfO22GZsBV3aMfjOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFBDG50EoPgqjwgjlMzMzYSR9dpQMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvVUVNYm5RU2ctQ3FQQ0NPVXpNek5oSkgxMmxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRmmMA0G
CSqGSIb3DQEBCwUAA4IBAQCcU9LM0w+ykc6/JGO+WKiY4B3mkUPJO++NrBzlkCgy
mDJcjp9EfMfcz9tEBVEa03aUTk+dtRQsm7QvN2ZH0HZmkP7j1GLGkcvzZwqKmMfZ
TLxGCfofcpz1g0myGVzKDoIvZEs4L5iT2KTGgPZixgPF3+K99vGA/w4xon0EQyLn
MMfLzUps4V7jd2cmHQBzXXMh/3mNQ8c7uLsZZqbTKjwNA4CqeFsdlJ8uvUsrihLI
JvvwbBPINuAYrnhmbb1/SGdB430PzJDx6DY6R/qlGai46yiRtbAzkI58SbsSh9vY
RU/IegOoM2FJS/qAm7qScl4fuzQtCUEGWIOAbYATNrHC
-----END CERTIFICATE-----