This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/UEN99-aFsNrHNzcB_YEzrSzJ6fQ.roa
File:                     UEN99-aFsNrHNzcB_YEzrSzJ6fQ.roa (raw, json)
Hash identifier:          FTttJp0xZQkkLX5lfAl2v/r0WVHKZZqyfFDSiWjNuZY=
Subject key identifier:   50:43:7D:F7:E6:85:B0:DA:C7:37:37:01:FD:81:33:AD:2C:C9:E9:F4
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019B78A327092E4CE06A3FA747DB143C7C6F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/UEN99-aFsNrHNzcB_YEzrSzJ6fQ.roa
Signing time:             Thu 01 Jan 2026 08:18:36 +0000
ROA not before:           Thu 01 Jan 2026 08:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200400
IP address blocks:        85.208.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 02:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:27:09:2e:4c:e0:6a:3f:a7:47:db:14:3c:7c:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  1 08:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50437df7e685b0dac7373701fd8133ad2cc9e9f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:83:3c:eb:e3:26:e1:c6:28:2f:9a:f8:5d:c0:
                    46:94:23:3f:6e:69:f7:d7:d6:d4:30:cc:49:52:24:
                    03:09:c4:f6:e9:f3:60:aa:dc:84:e3:a5:f6:1d:58:
                    ec:78:bf:32:e6:1e:28:02:ca:7a:03:74:e6:90:45:
                    ca:7f:f7:75:ef:18:9a:31:f9:21:2f:69:dc:bc:35:
                    38:c2:d5:5d:d2:20:2e:27:a6:55:f6:a4:9f:b3:df:
                    6b:b7:18:18:78:37:b5:d6:da:4e:77:d7:ff:63:f5:
                    10:5a:8a:d4:ad:35:99:ed:5d:ce:c5:78:56:08:b7:
                    cb:dd:03:2e:cd:5c:2d:ad:9e:b7:a1:b1:ca:35:21:
                    db:7a:ac:0f:2d:c5:05:93:8f:e3:a3:96:8c:50:62:
                    91:1f:b6:2f:14:4a:df:43:e1:16:b2:7f:d4:b4:02:
                    74:3c:45:39:89:4f:0f:30:fd:d5:af:7b:a2:a9:2f:
                    78:15:68:67:bb:97:3e:b1:37:e7:e6:c7:94:44:76:
                    8e:2e:65:13:ae:e8:bd:67:46:bc:9f:bc:5e:10:fd:
                    d9:42:90:5a:e8:14:0c:51:3a:83:ea:f2:62:09:ed:
                    b1:20:d0:be:f8:2e:5d:5a:52:11:aa:cf:d3:b6:9a:
                    bd:38:d6:5d:5c:64:11:16:4c:e4:09:08:11:f7:4c:
                    52:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:43:7D:F7:E6:85:B0:DA:C7:37:37:01:FD:81:33:AD:2C:C9:E9:F4
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/UEN99-aFsNrHNzcB_YEzrSzJ6fQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:22:da:bf:eb:a0:b9:8a:a4:bb:9a:10:95:cf:ce:4e:46:7f:
         03:8e:fa:53:b2:88:40:91:da:c2:f4:a2:7e:86:b6:3d:d4:89:
         29:6b:41:cb:4a:95:f6:f7:35:47:46:db:ab:43:59:98:0e:4d:
         e6:a1:dc:3d:67:eb:70:e1:c1:05:21:04:96:1c:0d:8c:99:ad:
         fc:29:be:65:4a:49:b2:e6:0e:cc:22:d4:ff:1b:20:45:f5:c4:
         45:be:09:bd:d5:15:02:11:69:7a:f2:c4:67:ad:46:1b:ad:38:
         87:a5:d8:de:22:83:4f:63:bc:fa:51:36:04:03:13:ca:de:10:
         9a:55:90:51:ac:f3:36:e1:30:2b:1d:4a:80:95:b2:64:88:f8:
         4b:4c:11:10:86:0f:ff:06:44:51:37:8f:c0:63:72:b2:3f:6c:
         da:0d:e8:56:d1:a0:5e:eb:bc:fa:f0:8c:d8:40:cb:7c:dd:cb:
         56:a4:a2:ff:6e:39:6d:54:e7:5e:72:4b:9a:ff:6d:fc:1f:68:
         17:9b:4c:ff:7b:f1:cc:9e:75:26:02:ac:ec:fa:4b:09:9d:8c:
         14:6b:62:34:34:39:b7:00:bc:36:5a:3f:4c:36:c9:70:0d:f2:
         75:fa:ed:f6:62:f9:a2:95:96:7a:2d:a5:30:b4:01:fa:44:05:
         be:44:35:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4oycJLkzgaj+nR9sUPHxvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwMTAxMDgxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDQzN2RmN2U2ODViMGRhYzczNzM3MDFmZDgxMzNhZDJjYzllOWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YM86+Mm4cYoL5r4XcBGlCM/bmn3
19bUMMxJUiQDCcT26fNgqtyE46X2HVjseL8y5h4oAsp6A3TmkEXKf/d17xiaMfkh
L2ncvDU4wtVd0iAuJ6ZV9qSfs99rtxgYeDe11tpOd9f/Y/UQWorUrTWZ7V3OxXhW
CLfL3QMuzVwtrZ63obHKNSHbeqwPLcUFk4/jo5aMUGKRH7YvFErfQ+EWsn/UtAJ0
PEU5iU8PMP3Vr3uiqS94FWhnu5c+sTfn5seURHaOLmUTrui9Z0a8n7xeEP3ZQpBa
6BQMUTqD6vJiCe2xINC++C5dWlIRqs/Ttpq9ONZdXGQRFkzkCQgR90xSxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFBDfffmhbDaxzc3Af2BM60syen0MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVUVOOTktYUZzTnJITnpjQl9ZRXpyU3pKNmZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdCKMA0G
CSqGSIb3DQEBCwUAA4IBAQATItq/66C5iqS7mhCVz85ORn8DjvpTsohAkdrC9KJ+
hrY91Ikpa0HLSpX29zVHRturQ1mYDk3modw9Z+tw4cEFIQSWHA2Mma38Kb5lSkmy
5g7MItT/GyBF9cRFvgm91RUCEWl68sRnrUYbrTiHpdjeIoNPY7z6UTYEAxPK3hCa
VZBRrPM24TArHUqAlbJkiPhLTBEQhg//BkRRN4/AY3KyP2zaDehW0aBe67z68IzY
QMt83ctWpKL/bjltVOdeckua/238H2gXm0z/e/HMnnUmAqzs+ksJnYwUa2I0NDm3
ALw2Wj9MNslwDfJ1+u32YvmilZZ6LaUwtAH6RAW+RDX0
-----END CERTIFICATE-----