This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/UO2QnnjSvQipGSNVD6Yo4Ceqp-g.roa
File:                     UO2QnnjSvQipGSNVD6Yo4Ceqp-g.roa (raw, json)
Hash identifier:          MOM35AzipdN4H3i+5rszMg7XFIcuLyvsdUA52+H+VJE=
Subject key identifier:   50:ED:90:9E:78:D2:BD:08:A9:19:23:55:0F:A6:28:E0:27:AA:A7:E8
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       019B791084089D8111922C9F02C97DAE84D5
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/UO2QnnjSvQipGSNVD6Yo4Ceqp-g.roa
Signing time:             Thu 01 Jan 2026 10:18:04 +0000
ROA not before:           Thu 01 Jan 2026 10:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44568
IP address blocks:        83.217.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 Jan 2026 03:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:84:08:9d:81:11:92:2c:9f:02:c9:7d:ae:84:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  1 10:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50ed909e78d2bd08a91923550fa628e027aaa7e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:43:b2:02:de:5f:7a:f7:50:3f:1d:6c:3f:78:
                    8c:dc:85:4c:c2:6a:c0:72:3e:0a:77:b6:03:18:a6:
                    8e:01:72:85:d6:83:76:e8:fd:b8:3e:62:e6:95:e7:
                    21:38:10:59:b7:17:ee:2f:ba:91:98:91:ce:72:a3:
                    e2:51:08:a9:31:8f:70:0b:06:a7:ea:5c:c6:8d:37:
                    8e:b0:d1:88:12:67:95:5e:16:44:0e:52:80:03:d9:
                    17:c6:8e:12:45:4e:60:b4:6a:30:cf:78:45:f4:b5:
                    a5:cb:cc:06:20:9f:d0:f6:65:c6:e0:9e:c3:5f:f4:
                    2b:78:ae:c8:9c:8d:d2:3a:b2:b2:ec:bb:6f:1d:d2:
                    42:6d:3d:d0:a0:e5:91:2e:10:da:10:90:57:3a:fd:
                    81:2d:9e:ca:bb:8e:22:42:99:8e:8a:c8:a9:83:e4:
                    c9:c4:68:94:60:db:94:4d:c5:02:9e:0f:d7:bf:8a:
                    5c:07:06:4a:97:ad:e0:73:c7:0c:8d:55:3f:c9:a8:
                    79:56:12:c7:39:77:3b:b2:93:02:16:6d:b0:7d:9f:
                    0f:92:40:d6:c5:33:d1:ba:41:82:3e:dc:fd:5c:9d:
                    01:e0:a9:52:87:1d:79:e4:f3:96:de:55:08:b7:08:
                    f9:4e:2f:3c:57:c5:76:a9:7d:17:c7:cb:89:98:01:
                    d1:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:ED:90:9E:78:D2:BD:08:A9:19:23:55:0F:A6:28:E0:27:AA:A7:E8
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/UO2QnnjSvQipGSNVD6Yo4Ceqp-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.217.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:5e:84:a8:e7:20:15:99:1d:bb:f7:ce:7f:44:cb:3b:a2:39:
         04:b4:9f:dc:e3:67:da:6e:92:c0:9a:9b:35:51:4e:c8:31:5a:
         23:37:3c:3d:fb:03:94:ae:1e:aa:71:e6:87:50:2d:b7:7f:2c:
         6c:5b:fa:26:e1:67:2e:07:d3:9b:42:56:91:b0:4a:7c:4e:ca:
         b0:8a:01:0e:4d:c2:24:f2:40:bb:ae:2f:68:33:2d:00:44:71:
         84:5d:ef:e4:77:0e:48:88:2f:36:7c:c4:a3:ea:12:d7:90:d9:
         ef:c7:b2:cc:62:91:8f:5e:85:d1:b3:ba:a8:fe:99:fa:64:20:
         8f:86:4b:2a:18:07:93:7c:2e:c0:3a:2f:5d:f1:8f:11:0f:b5:
         40:fe:0c:88:b4:19:11:d3:7f:e2:34:a5:f3:58:71:89:c5:be:
         5d:18:1e:f2:56:f9:9d:5f:0a:f8:43:eb:3f:7b:2a:fc:22:4d:
         19:82:af:22:a9:66:26:3f:9d:1c:bf:b5:cd:5b:45:9f:59:7f:
         ee:c3:b2:84:a4:0b:2f:60:55:37:fd:2b:dd:48:76:82:e8:ac:
         76:a3:05:ff:40:d0:e9:b1:41:07:f6:c2:10:77:9f:94:fe:b4:
         1c:fc:0e:2b:c6:1c:e8:22:77:f2:6d:26:d2:c2:42:35:e9:c8:
         9c:d8:15:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EIQInYERkiyfAsl9roTVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjYwMTAxMTAxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGVkOTA5ZTc4ZDJiZDA4YTkxOTIzNTUwZmE2MjhlMDI3YWFhN2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUOyAt5fevdQPx1sP3iM3IVMwmrA
cj4Kd7YDGKaOAXKF1oN26P24PmLmlechOBBZtxfuL7qRmJHOcqPiUQipMY9wCwan
6lzGjTeOsNGIEmeVXhZEDlKAA9kXxo4SRU5gtGowz3hF9LWly8wGIJ/Q9mXG4J7D
X/QreK7InI3SOrKy7LtvHdJCbT3QoOWRLhDaEJBXOv2BLZ7Ku44iQpmOisipg+TJ
xGiUYNuUTcUCng/Xv4pcBwZKl63gc8cMjVU/yah5VhLHOXc7spMCFm2wfZ8PkkDW
xTPRukGCPtz9XJ0B4KlShx155POW3lUItwj5Ti88V8V2qX0Xx8uJmAHRQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDtkJ540r0IqRkjVQ+mKOAnqqfoMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvVU8yUW5ualN2UWlwR1NOVkQ2WW80Q2VxcC1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU9n8MA0G
CSqGSIb3DQEBCwUAA4IBAQA3XoSo5yAVmR27985/RMs7ojkEtJ/c42fabpLAmps1
UU7IMVojNzw9+wOUrh6qceaHUC23fyxsW/om4WcuB9ObQlaRsEp8TsqwigEOTcIk
8kC7ri9oMy0ARHGEXe/kdw5IiC82fMSj6hLXkNnvx7LMYpGPXoXRs7qo/pn6ZCCP
hksqGAeTfC7AOi9d8Y8RD7VA/gyItBkR03/iNKXzWHGJxb5dGB7yVvmdXwr4Q+s/
eyr8Ik0Zgq8iqWYmP50cv7XNW0WfWX/uw7KEpAsvYFU3/SvdSHaC6Kx2owX/QNDp
sUEH9sIQd5+U/rQc/A4rxhzoInfybSbSwkI16cic2BXK
-----END CERTIFICATE-----