This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/bfda12-76b3-43b2-88e8-1f1dc52bbb98/1/UQtxD39HgTwCJsw7WuZPliVb6kM.roa
File:                     UQtxD39HgTwCJsw7WuZPliVb6kM.roa (raw, json)
Hash identifier:          IcgnZ/5C7YQ9lKupVnJEvIWHWfxL8KqAvTe7EONdw78=
Subject key identifier:   51:0B:71:0F:7F:47:81:3C:02:26:CC:3B:5A:E6:4F:96:25:5B:EA:43
Certificate issuer:       /CN=bc1d20936626b55743c6594512de42ef9f8e905f
Certificate serial:       019B7B3659A194D3F5CE480FA53E667EDD81
Authority key identifier: BC:1D:20:93:66:26:B5:57:43:C6:59:45:12:DE:42:EF:9F:8E:90:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vB0gk2YmtVdDxllFEt5C75-OkF8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/bfda12-76b3-43b2-88e8-1f1dc52bbb98/1/UQtxD39HgTwCJsw7WuZPliVb6kM.roa
Signing time:             Thu 01 Jan 2026 20:18:38 +0000
ROA not before:           Thu 01 Jan 2026 20:18:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206610
IP address blocks:        2.56.104.0/22 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/bfda12-76b3-43b2-88e8-1f1dc52bbb98/1/vB0gk2YmtVdDxllFEt5C75-OkF8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/bfda12-76b3-43b2-88e8-1f1dc52bbb98/1/vB0gk2YmtVdDxllFEt5C75-OkF8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vB0gk2YmtVdDxllFEt5C75-OkF8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:59:a1:94:d3:f5:ce:48:0f:a5:3e:66:7e:dd:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc1d20936626b55743c6594512de42ef9f8e905f
        Validity
            Not Before: Jan  1 20:18:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=510b710f7f47813c0226cc3b5ae64f96255bea43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e1:82:0e:d8:d4:a4:9d:0b:cd:b9:6d:7a:29:
                    c3:f9:0c:98:8a:ce:63:d1:75:21:4c:9d:dd:7e:86:
                    21:c0:ef:f6:fa:f7:9a:83:1c:2b:df:77:49:84:af:
                    de:0f:f0:8c:ef:dd:23:32:f2:d5:16:7f:2d:45:5f:
                    29:6c:e2:90:27:f0:5f:fd:ee:5c:09:3a:00:1c:ea:
                    79:bd:4d:d2:37:1a:d8:a3:99:f4:4e:29:51:9a:c6:
                    db:94:4f:e7:b3:f4:47:20:22:55:14:c9:2d:d1:4c:
                    8b:2a:3e:83:f3:90:e0:35:73:9f:59:c0:3f:16:01:
                    da:54:3c:24:6b:4a:e5:f2:a5:5c:49:36:10:25:30:
                    dc:b8:52:e3:94:99:ed:7d:0a:0e:db:ca:0c:24:04:
                    68:94:65:e8:79:f1:54:48:bf:26:fa:a6:81:9a:50:
                    d5:f5:23:42:95:df:bc:fe:0e:15:46:98:1c:21:5c:
                    e7:c2:c9:df:91:f6:03:64:e9:47:6a:c1:ff:13:5a:
                    c5:67:ed:bf:fa:92:80:3e:26:f4:cf:85:d1:36:6d:
                    60:b6:e9:3f:0d:1a:b5:7f:24:79:be:fc:15:ba:03:
                    37:39:c5:e6:4f:9c:c6:c8:39:d5:54:6b:1a:15:38:
                    4a:60:7b:2c:45:38:78:a2:0f:d5:93:8c:dd:93:e7:
                    2d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:0B:71:0F:7F:47:81:3C:02:26:CC:3B:5A:E6:4F:96:25:5B:EA:43
            X509v3 Authority Key Identifier:
                keyid:BC:1D:20:93:66:26:B5:57:43:C6:59:45:12:DE:42:EF:9F:8E:90:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vB0gk2YmtVdDxllFEt5C75-OkF8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/bfda12-76b3-43b2-88e8-1f1dc52bbb98/1/UQtxD39HgTwCJsw7WuZPliVb6kM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/bfda12-76b3-43b2-88e8-1f1dc52bbb98/1/vB0gk2YmtVdDxllFEt5C75-OkF8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:95:e6:9a:03:53:f6:42:1e:f9:5d:c5:42:22:4b:7a:03:f8:
         e5:ee:c6:c3:13:22:18:b2:b2:5e:20:8f:8c:da:ad:da:bc:43:
         0c:7b:2e:b7:14:f1:9d:5f:b3:21:3d:49:93:c7:4f:d8:fe:80:
         fc:73:71:92:7e:d5:c1:fd:10:f6:e4:2b:4a:21:60:8a:fb:9e:
         68:0f:0c:fd:8d:73:9e:2e:d9:58:3f:1f:55:c9:b2:60:5f:98:
         f0:c1:fc:46:e8:fb:7e:32:86:29:e8:bb:b3:d8:d5:36:2d:77:
         da:d6:bd:5e:b5:a2:d6:b0:32:bb:0d:14:f3:f1:7a:fc:4e:e4:
         f5:9f:ba:60:53:eb:3e:5b:af:23:13:a6:e6:e8:2f:9c:0f:0d:
         1b:83:b8:64:04:ed:c2:83:be:20:4c:e1:19:5e:13:8d:89:c6:
         e6:12:13:39:09:63:87:29:3f:fc:43:01:e8:1c:13:e1:8c:a9:
         ea:f7:be:2c:e7:60:b9:00:8d:81:e4:f6:a3:c4:a8:55:cc:68:
         20:16:93:a2:21:1f:64:87:c9:2b:36:12:f0:51:9e:17:45:be:
         b1:7f:e3:f0:f7:14:68:fb:15:2c:b2:06:ad:f2:b4:a9:c2:f9:
         bc:c1:ac:a5:50:81:f4:0f:5b:d9:ea:d6:0e:f1:bb:35:b4:1d:
         55:7a:57:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NlmhlNP1zkgPpT5mft2BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjMWQyMDkzNjYyNmI1NTc0M2M2NTk0NTEyZGU0MmVmOWY4
ZTkwNWYwHhcNMjYwMTAxMjAxODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTBiNzEwZjdmNDc4MTNjMDIyNmNjM2I1YWU2NGY5NjI1NWJlYTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAneGCDtjUpJ0LzblteinD+QyYis5j
0XUhTJ3dfoYhwO/2+veagxwr33dJhK/eD/CM790jMvLVFn8tRV8pbOKQJ/Bf/e5c
CToAHOp5vU3SNxrYo5n0TilRmsbblE/ns/RHICJVFMkt0UyLKj6D85DgNXOfWcA/
FgHaVDwka0rl8qVcSTYQJTDcuFLjlJntfQoO28oMJARolGXoefFUSL8m+qaBmlDV
9SNCld+8/g4VRpgcIVznwsnfkfYDZOlHasH/E1rFZ+2/+pKAPib0z4XRNm1gtuk/
DRq1fyR5vvwVugM3OcXmT5zGyDnVVGsaFThKYHssRTh4og/Vk4zdk+ct6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFELcQ9/R4E8AibMO1rmT5YlW+pDMB8GA1UdIwQY
MBaAFLwdIJNmJrVXQ8ZZRRLeQu+fjpBfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkIwZ2syWW10VmREeGxsRkV0NUM3NS1Pa0Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9iZmRhMTItNzZiMy00M2IyLTg4ZTgt
MWYxZGM1MmJiYjk4LzEvVVF0eEQzOUhnVHdDSnN3N1d1WlBsaVZiNmtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9iZmRhMTItNzZiMy00M2IyLTg4ZTgtMWYxZGM1MmJiYjk4
LzEvdkIwZ2syWW10VmREeGxsRkV0NUM3NS1Pa0Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjhoMA0G
CSqGSIb3DQEBCwUAA4IBAQAsleaaA1P2Qh75XcVCIkt6A/jl7sbDEyIYsrJeII+M
2q3avEMMey63FPGdX7MhPUmTx0/Y/oD8c3GSftXB/RD25CtKIWCK+55oDwz9jXOe
LtlYPx9VybJgX5jwwfxG6Pt+MoYp6Luz2NU2LXfa1r1etaLWsDK7DRTz8Xr8TuT1
n7pgU+s+W68jE6bm6C+cDw0bg7hkBO3Cg74gTOEZXhONicbmEhM5CWOHKT/8QwHo
HBPhjKnq974s52C5AI2B5PajxKhVzGggFpOiIR9kh8krNhLwUZ4XRb6xf+Pw9xRo
+xUssgat8rSpwvm8waylUIH0D1vZ6tYO8bs1tB1VeleW
-----END CERTIFICATE-----