This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/UrU5ss9vFQ-l3nVhn8gdysZ1cTk.roa
File:                     UrU5ss9vFQ-l3nVhn8gdysZ1cTk.roa (raw, json)
Hash identifier:          gGl8YAHcy3GZ1HEr+LWvhANtkJ104eAl3nZP0vFLmzY=
Subject key identifier:   52:B5:39:B2:CF:6F:15:0F:A5:DE:75:61:9F:C8:1D:CA:C6:75:71:39
Certificate issuer:       /CN=086438e9889389829fa5f51b6a210731082eac22
Certificate serial:       019B7CECB794D8FBE4E5281BB522AD88661A
Authority key identifier: 08:64:38:E9:88:93:89:82:9F:A5:F5:1B:6A:21:07:31:08:2E:AC:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/UrU5ss9vFQ-l3nVhn8gdysZ1cTk.roa
Signing time:             Fri 02 Jan 2026 04:17:26 +0000
ROA not before:           Fri 02 Jan 2026 04:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        194.165.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ec:b7:94:d8:fb:e4:e5:28:1b:b5:22:ad:88:66:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=086438e9889389829fa5f51b6a210731082eac22
        Validity
            Not Before: Jan  2 04:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=52b539b2cf6f150fa5de75619fc81dcac6757139
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:62:a5:a8:a9:5e:68:a2:64:62:0b:79:dc:0c:
                    25:37:e7:dd:e7:d9:43:f7:ca:4d:77:33:5a:12:14:
                    56:6e:51:16:25:4e:98:c0:dd:6f:c4:71:7a:f4:6e:
                    68:4e:55:57:0e:45:c9:e8:85:e7:61:bb:72:41:b9:
                    2a:09:17:a7:a1:d4:aa:77:2b:83:53:f8:f6:d6:6c:
                    29:08:55:dd:3a:b9:b8:f4:53:c1:e7:f9:bd:6d:14:
                    99:26:fe:70:f0:3f:30:af:0e:f7:9d:72:b2:e7:8d:
                    3f:f7:ee:2e:39:98:81:0a:9f:35:04:94:bf:2c:4c:
                    af:43:04:57:3a:c3:60:5d:42:29:3a:38:fc:61:34:
                    04:a9:53:5a:cc:02:e0:24:6e:92:a4:e0:e2:5c:d2:
                    78:ad:85:87:b7:d8:88:3c:48:31:6e:cc:fd:08:9e:
                    4d:e6:6f:94:91:36:2e:88:95:f5:c1:f5:f2:4b:43:
                    57:f0:52:67:46:6c:11:20:52:ba:63:25:06:54:7c:
                    e3:a3:7e:c4:07:9b:76:18:b4:6b:a4:f5:a0:9f:b8:
                    ed:12:6c:0b:fe:2c:c8:57:c7:51:f1:30:e8:0c:6a:
                    66:df:43:39:dd:08:e4:91:e0:b2:9a:ed:51:af:40:
                    3c:e6:09:2a:bd:da:bd:25:2d:5c:c7:e3:6d:b7:3c:
                    78:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:B5:39:B2:CF:6F:15:0F:A5:DE:75:61:9F:C8:1D:CA:C6:75:71:39
            X509v3 Authority Key Identifier:
                keyid:08:64:38:E9:88:93:89:82:9F:A5:F5:1B:6A:21:07:31:08:2E:AC:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/UrU5ss9vFQ-l3nVhn8gdysZ1cTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.165.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:79:5f:b4:bf:a8:c5:ba:86:4f:c9:0f:9d:1c:15:98:38:f0:
         04:3c:c0:9b:b2:6a:21:70:22:22:f0:9a:0d:f0:0f:01:4c:97:
         5a:ee:2c:a4:d1:66:53:98:38:13:9d:a7:a0:2f:09:46:1a:d0:
         b6:d5:29:c6:43:c5:25:d4:0e:a9:b7:fd:57:67:bc:87:9f:14:
         33:22:e0:d5:3e:67:5b:2b:73:78:be:3f:bc:d1:bc:38:b5:65:
         b7:af:1a:1d:49:9b:7b:ac:8a:0c:7e:1d:7c:7a:e3:ef:da:be:
         cd:d9:be:89:db:31:5a:5d:cb:8a:e3:03:90:df:58:88:32:86:
         ff:3d:ed:93:2a:b0:b5:fd:39:85:ac:f5:93:7b:2c:b9:11:4a:
         0c:8a:3d:b2:0c:20:4e:8a:b2:fa:16:19:b0:3d:e5:8b:cf:d7:
         87:65:c8:97:e0:73:36:25:86:cc:27:61:72:04:66:0e:c0:36:
         7d:6f:3f:60:ae:e7:f6:d5:53:83:05:1e:a3:de:12:a1:db:b4:
         f8:a5:c4:37:40:33:7d:5e:67:b2:7c:b4:43:d5:f7:06:81:d0:
         6c:77:5b:09:b4:fd:7c:fd:6f:e5:ab:ec:43:65:31:47:34:aa:
         73:30:7e:77:34:a9:97:9d:de:29:8e:db:f5:f9:05:8e:71:31:
         1c:ae:04:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87LeU2Pvk5SgbtSKtiGYaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NjQzOGU5ODg5Mzg5ODI5ZmE1ZjUxYjZhMjEwNzMxMDgy
ZWFjMjIwHhcNMjYwMTAyMDQxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmI1MzliMmNmNmYxNTBmYTVkZTc1NjE5ZmM4MWRjYWM2NzU3MTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkmKlqKleaKJkYgt53AwlN+fd59lD
98pNdzNaEhRWblEWJU6YwN1vxHF69G5oTlVXDkXJ6IXnYbtyQbkqCRenodSqdyuD
U/j21mwpCFXdOrm49FPB5/m9bRSZJv5w8D8wrw73nXKy540/9+4uOZiBCp81BJS/
LEyvQwRXOsNgXUIpOjj8YTQEqVNazALgJG6SpODiXNJ4rYWHt9iIPEgxbsz9CJ5N
5m+UkTYuiJX1wfXyS0NX8FJnRmwRIFK6YyUGVHzjo37EB5t2GLRrpPWgn7jtEmwL
/izIV8dR8TDoDGpm30M53QjkkeCymu1Rr0A85gkqvdq9JS1cx+Nttzx4fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFK1ObLPbxUPpd51YZ/IHcrGdXE5MB8GA1UdIwQY
MBaAFAhkOOmIk4mCn6X1G2ohBzEILqwiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0dRNDZZaVRpWUtmcGZVYmFpRUhNUWd1ckNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lNDlhZTctYTUxYS00NzY0LTg1Yzgt
YTc4MTBlM2ExYmViLzEvVXJVNXNzOXZGUS1sM25WaG44Z2R5c1oxY1RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lNDlhZTctYTUxYS00NzY0LTg1YzgtYTc4MTBlM2ExYmVi
LzEvQ0dRNDZZaVRpWUtmcGZVYmFpRUhNUWd1ckNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqUlMA0G
CSqGSIb3DQEBCwUAA4IBAQA5eV+0v6jFuoZPyQ+dHBWYOPAEPMCbsmohcCIi8JoN
8A8BTJda7iyk0WZTmDgTnaegLwlGGtC21SnGQ8Ul1A6pt/1XZ7yHnxQzIuDVPmdb
K3N4vj+80bw4tWW3rxodSZt7rIoMfh18euPv2r7N2b6J2zFaXcuK4wOQ31iIMob/
Pe2TKrC1/TmFrPWTeyy5EUoMij2yDCBOirL6FhmwPeWLz9eHZciX4HM2JYbMJ2Fy
BGYOwDZ9bz9gruf21VODBR6j3hKh27T4pcQ3QDN9XmeyfLRD1fcGgdBsd1sJtP18
/W/lq+xDZTFHNKpzMH53NKmXnd4pjtv1+QWOcTEcrgQW
-----END CERTIFICATE-----