This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/U_IVMG7bQBnJVGDLyXYBpWOHB2A.roa
File:                     U_IVMG7bQBnJVGDLyXYBpWOHB2A.roa (raw, json)
Hash identifier:          q/ZezPb+HqhfJjhS/MThIaBJugpttbjehqzX0ZM2VRQ=
Subject key identifier:   53:F2:15:30:6E:DB:40:19:C9:54:60:CB:C9:76:01:A5:63:87:07:60
Certificate issuer:       /CN=070483d3d62f19c0835746dcb721c8832c3b7926
Certificate serial:       019B7D5C1CE49E696F8D0FA43B6105B6B300
Authority key identifier: 07:04:83:D3:D6:2F:19:C0:83:57:46:DC:B7:21:C8:83:2C:3B:79:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/U_IVMG7bQBnJVGDLyXYBpWOHB2A.roa
Signing time:             Fri 02 Jan 2026 06:19:07 +0000
ROA not before:           Fri 02 Jan 2026 06:19:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2914
IP address blocks:        45.85.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:1c:e4:9e:69:6f:8d:0f:a4:3b:61:05:b6:b3:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=070483d3d62f19c0835746dcb721c8832c3b7926
        Validity
            Not Before: Jan  2 06:19:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=53f215306edb4019c95460cbc97601a563870760
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7e:21:3d:03:ca:24:16:77:14:7b:6b:37:dc:
                    61:76:90:23:19:a5:78:5e:4c:af:8f:45:2b:82:c9:
                    3f:1d:a6:04:29:71:3e:c7:19:59:f6:f5:27:6a:c6:
                    6e:f2:03:c7:6d:86:6e:22:a6:47:bc:f0:9f:f9:47:
                    1d:42:83:96:14:0d:40:38:9d:f6:10:50:8d:ff:2d:
                    3a:72:64:ac:7f:94:6a:9f:31:d5:0d:cf:4b:ee:f8:
                    9b:f6:cf:9e:46:d4:37:90:fe:6d:8a:3b:9b:53:18:
                    33:c2:e8:1f:a3:2b:a8:16:f8:f5:40:dc:af:cd:a3:
                    ef:de:06:cb:82:78:29:c0:68:34:9c:6d:d4:37:77:
                    49:16:29:72:d8:f8:d9:d5:2f:80:2e:97:08:63:70:
                    0e:8a:51:c1:9c:35:2c:5b:a0:a2:58:b4:96:f2:a7:
                    1a:e1:0c:fa:f8:43:db:8b:d7:99:92:5d:f6:4b:b7:
                    8b:08:f4:e4:f5:8c:e2:81:cc:87:21:af:b3:b7:59:
                    a8:f7:b9:08:eb:b2:79:40:26:b1:f9:3a:ce:fb:b2:
                    db:98:97:ab:27:5f:6e:53:cd:32:71:a2:4b:ff:11:
                    0c:94:1c:9f:f4:42:db:b7:41:37:13:6b:65:e3:a4:
                    05:62:ba:36:97:fe:ad:c0:7e:39:e1:22:bf:70:61:
                    59:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:F2:15:30:6E:DB:40:19:C9:54:60:CB:C9:76:01:A5:63:87:07:60
            X509v3 Authority Key Identifier:
                keyid:07:04:83:D3:D6:2F:19:C0:83:57:46:DC:B7:21:C8:83:2C:3B:79:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/U_IVMG7bQBnJVGDLyXYBpWOHB2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:42:d1:89:68:20:44:32:05:31:d3:a2:ad:4e:82:2b:7e:ea:
         c0:d8:21:2f:7b:f0:c4:8d:91:fe:90:41:58:5a:ca:48:53:97:
         66:57:f5:a2:4f:52:a4:e3:e3:1b:27:09:64:2a:c5:65:d3:37:
         49:30:01:37:c0:d3:b7:4c:b5:d2:28:84:d1:3b:36:7c:85:ac:
         fa:ac:c4:ae:95:66:04:cb:78:cb:9f:75:5a:46:ab:e0:57:5c:
         73:e2:c8:a2:be:78:6f:b7:86:a1:f5:da:d8:81:94:93:ca:0c:
         54:be:65:69:17:94:88:60:a3:52:4b:ac:6e:9e:78:9c:de:0a:
         05:b5:44:80:17:81:7f:d5:85:ea:6e:bc:28:cf:1e:5d:cf:7d:
         93:44:90:77:52:b3:69:1c:c1:86:50:53:58:15:7b:81:6d:eb:
         b8:0e:34:8c:73:c3:c5:30:c8:55:b2:0d:d3:9f:0f:b1:8b:48:
         e8:a7:86:b9:4e:ac:d8:36:1a:34:fc:a3:00:77:89:d8:8d:b2:
         f6:b2:92:a5:67:d6:8a:68:9d:e1:ba:99:42:27:a5:e2:39:79:
         c7:39:f8:bf:cd:02:ab:80:97:24:f6:9f:9a:8d:a3:f1:85:ca:
         49:c8:75:bb:3a:03:0e:28:9a:2b:74:17:c7:43:fa:bd:28:06:
         ea:ac:bf:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XBzknmlvjQ+kO2EFtrMAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MDQ4M2QzZDYyZjE5YzA4MzU3NDZkY2I3MjFjODgzMmMz
Yjc5MjYwHhcNMjYwMTAyMDYxOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2YyMTUzMDZlZGI0MDE5Yzk1NDYwY2JjOTc2MDFhNTYzODcwNzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH4hPQPKJBZ3FHtrN9xhdpAjGaV4
Xkyvj0Urgsk/HaYEKXE+xxlZ9vUnasZu8gPHbYZuIqZHvPCf+UcdQoOWFA1AOJ32
EFCN/y06cmSsf5RqnzHVDc9L7vib9s+eRtQ3kP5tijubUxgzwugfoyuoFvj1QNyv
zaPv3gbLgngpwGg0nG3UN3dJFily2PjZ1S+ALpcIY3AOilHBnDUsW6CiWLSW8qca
4Qz6+EPbi9eZkl32S7eLCPTk9YzigcyHIa+zt1mo97kI67J5QCax+TrO+7LbmJer
J19uU80ycaJL/xEMlByf9ELbt0E3E2tl46QFYro2l/6twH454SK/cGFZUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPyFTBu20AZyVRgy8l2AaVjhwdgMB8GA1UdIwQY
MBaAFAcEg9PWLxnAg1dG3LchyIMsO3kmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQndTRDA5WXZHY0NEVjBiY3R5SElneXc3ZVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS82NDUxYzEtMmJjZC00NDYzLWE3MDAt
ZDQ0MmM0ZjllOWJkLzEvVV9JVk1HN2JRQm5KVkdETHlYWUJwV09IQjJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS82NDUxYzEtMmJjZC00NDYzLWE3MDAtZDQ0MmM0ZjllOWJk
LzEvQndTRDA5WXZHY0NEVjBiY3R5SElneXc3ZVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVXMMA0G
CSqGSIb3DQEBCwUAA4IBAQAwQtGJaCBEMgUx06KtToIrfurA2CEve/DEjZH+kEFY
WspIU5dmV/WiT1Kk4+MbJwlkKsVl0zdJMAE3wNO3TLXSKITROzZ8haz6rMSulWYE
y3jLn3VaRqvgV1xz4siivnhvt4ah9drYgZSTygxUvmVpF5SIYKNSS6xunnic3goF
tUSAF4F/1YXqbrwozx5dz32TRJB3UrNpHMGGUFNYFXuBbeu4DjSMc8PFMMhVsg3T
nw+xi0jop4a5TqzYNho0/KMAd4nYjbL2spKlZ9aKaJ3huplCJ6XiOXnHOfi/zQKr
gJck9p+ajaPxhcpJyHW7OgMOKJordBfHQ/q9KAbqrL9L
-----END CERTIFICATE-----