This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/uhah3H52mSF0CgjGor0DaA0NInU.roa
File:                     uhah3H52mSF0CgjGor0DaA0NInU.roa (raw, json)
Hash identifier:          +tt+nxCSkY8KMKzMhzyXg1Qq2UHNxO8Q0r7m1sPPc+s=
Subject key identifier:   BA:16:A1:DC:7E:76:99:21:74:0A:08:C6:A2:BD:03:68:0D:0D:22:75
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019B7B35A5C312A8FAB0A36B493E087DD49F
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/uhah3H52mSF0CgjGor0DaA0NInU.roa
Signing time:             Thu 01 Jan 2026 20:17:51 +0000
ROA not before:           Thu 01 Jan 2026 20:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396982
IP address blocks:        85.120.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 21:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:a5:c3:12:a8:fa:b0:a3:6b:49:3e:08:7d:d4:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 20:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ba16a1dc7e769921740a08c6a2bd03680d0d2275
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:93:e8:48:01:72:ee:bd:fd:4f:98:c4:a3:3b:
                    ac:12:14:ac:58:11:d4:e6:c3:12:2e:ec:3b:6d:f2:
                    f0:1b:6e:4e:ec:da:13:08:fd:2b:a2:d3:e6:bc:4e:
                    13:1a:09:fb:d6:7b:c9:93:5c:78:91:b9:8c:d5:9a:
                    eb:7c:62:9f:b7:d5:48:88:f2:be:3d:51:8b:ba:90:
                    d2:b6:60:40:45:75:c3:6f:e5:ae:5c:35:fb:a4:fb:
                    7d:94:2e:25:8e:8f:95:18:f7:79:9d:64:9a:74:63:
                    92:92:b6:53:44:5b:3c:85:da:8c:bb:29:b5:3c:b0:
                    b0:02:7d:96:28:01:8f:0d:f1:3a:b6:67:dc:46:0a:
                    82:17:44:c4:88:e9:2a:19:07:36:ec:31:81:47:09:
                    d5:6c:fb:41:fa:27:3a:5d:20:d6:93:7d:c6:ba:9a:
                    1a:cf:9e:5c:64:b0:52:3a:38:07:55:83:70:65:c1:
                    29:31:02:35:20:60:e4:93:ea:e4:38:87:f2:1d:b2:
                    98:4b:9e:ca:ee:dd:9c:a1:31:78:0b:df:6f:99:65:
                    14:af:2b:d0:a4:67:d1:52:6d:27:ed:90:04:dc:17:
                    bb:2f:32:cb:8f:59:59:70:72:fc:02:98:71:df:37:
                    ee:5c:b4:9d:4f:52:42:c6:77:25:ad:04:26:93:88:
                    9d:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:16:A1:DC:7E:76:99:21:74:0A:08:C6:A2:BD:03:68:0D:0D:22:75
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/uhah3H52mSF0CgjGor0DaA0NInU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:c1:a1:fb:bf:d9:cf:d7:9f:bf:e0:40:8c:b6:10:4a:59:62:
         c3:f0:97:88:10:cf:fa:ce:2a:87:d3:6d:4e:aa:97:26:0b:61:
         ac:d7:98:10:45:21:eb:28:1d:07:0b:9c:49:3f:35:66:01:23:
         1a:9b:27:d2:d1:a1:12:a0:19:3a:2a:00:b2:2f:25:6b:7e:78:
         2e:46:13:f9:eb:d3:7b:bb:01:1e:f8:58:99:2f:96:62:28:6c:
         60:63:9a:1e:a1:25:03:0c:55:54:a9:80:04:4e:0c:9a:87:57:
         9f:cb:b9:93:fc:3a:06:10:eb:5c:f9:e8:02:2b:ec:4b:b4:a7:
         2a:c0:18:29:f5:80:32:b4:b2:17:52:7b:14:cc:cf:12:a6:36:
         1b:c5:4e:c9:2e:1c:f9:ac:c9:8a:e2:bc:62:22:7b:d0:4f:4d:
         17:15:39:e7:e1:28:33:86:49:71:64:82:32:28:77:81:79:7a:
         0c:f0:b3:3b:bc:68:63:3f:34:28:9d:28:d9:bc:24:d8:98:16:
         11:af:9b:c1:35:27:08:36:f0:bc:3d:b7:69:c8:3b:27:6f:16:
         bc:1b:ef:29:76:2d:0a:38:4d:a3:ba:63:8e:28:6e:87:2b:fe:
         5d:70:df:67:25:c2:4b:32:cc:8b:94:f9:59:95:b7:22:8a:28:
         ed:ac:fe:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NaXDEqj6sKNrST4IfdSfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMTAxMjAxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTE2YTFkYzdlNzY5OTIxNzQwYTA4YzZhMmJkMDM2ODBkMGQyMjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZPoSAFy7r39T5jEozusEhSsWBHU
5sMSLuw7bfLwG25O7NoTCP0rotPmvE4TGgn71nvJk1x4kbmM1ZrrfGKft9VIiPK+
PVGLupDStmBARXXDb+WuXDX7pPt9lC4ljo+VGPd5nWSadGOSkrZTRFs8hdqMuym1
PLCwAn2WKAGPDfE6tmfcRgqCF0TEiOkqGQc27DGBRwnVbPtB+ic6XSDWk33Gupoa
z55cZLBSOjgHVYNwZcEpMQI1IGDkk+rkOIfyHbKYS57K7t2coTF4C99vmWUUryvQ
pGfRUm0n7ZAE3Be7LzLLj1lZcHL8Aphx3zfuXLSdT1JCxnclrQQmk4idcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLoWodx+dpkhdAoIxqK9A2gNDSJ1MB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvdWhhaDNINTJtU0YwQ2dqR29yMERhQTBOSW5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXhKMA0G
CSqGSIb3DQEBCwUAA4IBAQCRwaH7v9nP15+/4ECMthBKWWLD8JeIEM/6ziqH021O
qpcmC2Gs15gQRSHrKB0HC5xJPzVmASMamyfS0aESoBk6KgCyLyVrfnguRhP569N7
uwEe+FiZL5ZiKGxgY5oeoSUDDFVUqYAETgyah1efy7mT/DoGEOtc+egCK+xLtKcq
wBgp9YAytLIXUnsUzM8SpjYbxU7JLhz5rMmK4rxiInvQT00XFTnn4SgzhklxZIIy
KHeBeXoM8LM7vGhjPzQonSjZvCTYmBYRr5vBNScINvC8PbdpyDsnbxa8G+8pdi0K
OE2jumOOKG6HK/5dcN9nJcJLMsyLlPlZlbciiijtrP4Z
-----END CERTIFICATE-----