This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/uS5GUtBfCP2diogIt4khR6ymRks.roa
File:                     uS5GUtBfCP2diogIt4khR6ymRks.roa (raw, json)
Hash identifier:          HC/WWS4pBVF0S4kE7XZmoKp3+N05K9lDVl+9y+O1VV0=
Subject key identifier:   B9:2E:46:52:D0:5F:08:FD:9D:8A:88:08:B7:89:21:47:AC:A6:46:4B
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       019B7D5B1C20A0E64D34D2DF4A755A5683F6
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/uS5GUtBfCP2diogIt4khR6ymRks.roa
Signing time:             Fri 02 Jan 2026 06:18:01 +0000
ROA not before:           Fri 02 Jan 2026 06:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202543
IP address blocks:        91.148.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:1c:20:a0:e6:4d:34:d2:df:4a:75:5a:56:83:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  2 06:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b92e4652d05f08fd9d8a8808b7892147aca6464b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:48:a2:ec:98:18:43:1b:82:88:1c:63:f1:26:
                    f7:35:bb:25:4f:e2:ff:55:dd:7b:b5:23:df:52:a6:
                    a4:af:62:82:b7:1b:92:9b:35:7e:b4:bd:62:75:d6:
                    53:2d:e2:f4:d7:db:17:c8:6b:50:a0:80:17:ec:aa:
                    15:d2:49:c0:60:d6:bb:95:65:bd:66:b9:d2:82:02:
                    6e:88:2a:0e:f0:c6:c6:cf:da:6b:a2:9f:dd:17:b3:
                    98:84:bf:b3:77:b7:4d:58:36:3a:b8:b9:bc:c2:55:
                    3f:99:93:fc:f5:a2:68:e7:d2:26:21:87:6a:94:c6:
                    7f:24:77:bf:85:6a:45:27:80:a5:0d:00:10:0a:24:
                    51:86:f6:8e:07:1b:f1:e9:c6:c0:f7:c7:6a:1a:d1:
                    de:8a:99:0e:b2:1a:7f:69:86:9c:6c:50:c3:c8:74:
                    c6:67:dd:9f:87:3b:1a:e9:af:2c:c5:2d:21:a7:0d:
                    6b:de:68:a2:6d:72:a4:92:bf:dc:dc:2c:df:6c:09:
                    42:6d:b4:d0:c4:62:63:93:be:98:89:3c:50:13:ab:
                    36:2c:ec:0f:b3:01:0e:0f:43:0c:69:df:7d:db:55:
                    6f:d3:c7:24:0b:d0:ad:b3:f3:d9:80:81:a4:79:b2:
                    80:a5:27:7c:ab:54:91:29:0d:61:b2:d2:ab:d5:af:
                    19:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:2E:46:52:D0:5F:08:FD:9D:8A:88:08:B7:89:21:47:AC:A6:46:4B
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/uS5GUtBfCP2diogIt4khR6ymRks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.148.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:b8:66:f9:8f:aa:96:70:e8:9d:e8:97:fb:81:11:22:49:3a:
         7d:41:44:f0:15:c1:96:23:f5:6a:b2:8d:f4:84:ce:4b:d6:b6:
         a0:60:74:58:ae:fc:34:cb:09:81:e2:75:7c:e0:d5:96:8e:70:
         5d:7b:d7:ba:fd:dc:a8:5b:0f:67:18:6d:15:93:44:88:d0:ef:
         75:cc:d4:fe:7e:fe:18:f7:76:17:64:00:f2:39:8d:46:61:81:
         9a:97:1c:b6:5b:f3:f4:e7:41:f5:0a:62:16:10:d4:f3:34:e8:
         f9:77:e6:e0:8f:19:3f:b9:79:ba:d4:dc:52:1a:20:63:1e:35:
         5e:83:11:f0:fc:d8:e7:c6:d1:8c:f2:37:5f:f6:27:b6:62:3c:
         79:24:65:71:59:3f:62:b8:a3:4b:a8:5e:26:81:0c:d1:52:32:
         90:ed:9e:54:5e:27:74:52:98:18:10:4e:f6:af:b6:98:09:e1:
         52:a3:b3:67:b7:c4:41:aa:d5:17:85:5f:14:38:af:aa:2c:76:
         ae:14:cb:ec:6d:2d:66:94:61:88:69:2b:9a:db:a7:a2:87:f9:
         b6:9b:b2:9f:8b:a8:2d:f5:4d:a6:b6:dd:61:51:a0:92:ee:ec:
         1c:2b:99:d0:83:2a:4c:e0:81:b7:a0:6a:1a:cf:72:6e:f6:5f:
         cc:5f:0b:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WxwgoOZNNNLfSnVaVoP2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjYwMTAyMDYxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTJlNDY1MmQwNWYwOGZkOWQ4YTg4MDhiNzg5MjE0N2FjYTY0NjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUii7JgYQxuCiBxj8Sb3NbslT+L/
Vd17tSPfUqakr2KCtxuSmzV+tL1iddZTLeL019sXyGtQoIAX7KoV0knAYNa7lWW9
ZrnSggJuiCoO8MbGz9prop/dF7OYhL+zd7dNWDY6uLm8wlU/mZP89aJo59ImIYdq
lMZ/JHe/hWpFJ4ClDQAQCiRRhvaOBxvx6cbA98dqGtHeipkOshp/aYacbFDDyHTG
Z92fhzsa6a8sxS0hpw1r3miibXKkkr/c3CzfbAlCbbTQxGJjk76YiTxQE6s2LOwP
swEOD0MMad9921Vv08ckC9Cts/PZgIGkebKApSd8q1SRKQ1hstKr1a8ZtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLkuRlLQXwj9nYqICLeJIUespkZLMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvdVM1R1V0QmZDUDJkaW9nSXQ0a2hSNnltUmtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5S5MA0G
CSqGSIb3DQEBCwUAA4IBAQCIuGb5j6qWcOid6Jf7gREiSTp9QUTwFcGWI/Vqso30
hM5L1ragYHRYrvw0ywmB4nV84NWWjnBde9e6/dyoWw9nGG0Vk0SI0O91zNT+fv4Y
93YXZADyOY1GYYGalxy2W/P050H1CmIWENTzNOj5d+bgjxk/uXm61NxSGiBjHjVe
gxHw/NjnxtGM8jdf9ie2Yjx5JGVxWT9iuKNLqF4mgQzRUjKQ7Z5UXid0UpgYEE72
r7aYCeFSo7Nnt8RBqtUXhV8UOK+qLHauFMvsbS1mlGGIaSua26eih/m2m7Kfi6gt
9U2mtt1hUaCS7uwcK5nQgypM4IG3oGoaz3Ju9l/MXwsZ
-----END CERTIFICATE-----