This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/UPCwAtXT9Zn2ErQnjJBOYAworVY.roa
File:                     UPCwAtXT9Zn2ErQnjJBOYAworVY.roa (raw, json)
Hash identifier:          Z8MQj+Yngyy8mb3ANZnBNt2qW7SjZ/r9FOwxOSo3wto=
Subject key identifier:   50:F0:B0:02:D5:D3:F5:99:F6:12:B4:27:8C:90:4E:60:0C:28:AD:56
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019B7B360A5EE606A7257EE84372A862E2B7
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/UPCwAtXT9Zn2ErQnjJBOYAworVY.roa
Signing time:             Thu 01 Jan 2026 20:18:17 +0000
ROA not before:           Thu 01 Jan 2026 20:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57529
IP address blocks:        45.132.36.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 Jan 2026 04:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:0a:5e:e6:06:a7:25:7e:e8:43:72:a8:62:e2:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan  1 20:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50f0b002d5d3f599f612b4278c904e600c28ad56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e6:79:1f:d8:6e:15:bd:05:b5:56:6f:ec:79:
                    bb:b6:86:8f:c3:27:3b:57:7f:81:e6:4b:22:1d:9a:
                    20:c3:f0:e2:f1:11:b8:67:f1:11:e5:50:2a:40:97:
                    b2:48:8d:e1:c6:27:0b:fd:e3:aa:d8:88:14:09:0f:
                    52:5d:76:41:a4:5f:e1:dc:2a:f8:9a:90:b7:75:f7:
                    5a:47:88:8e:ad:59:dd:f4:92:b6:2c:a9:dc:55:e2:
                    ee:4e:29:d5:b7:29:43:fd:81:37:c0:a0:3a:ab:fd:
                    5b:18:6e:42:71:63:f9:85:94:bb:eb:03:6b:50:bb:
                    83:22:9a:e9:c5:14:ca:bc:c1:0c:aa:9c:0e:74:12:
                    69:16:ca:c1:55:31:be:27:f2:ca:66:43:67:c7:a8:
                    95:00:9d:81:40:d5:5e:25:48:02:f2:de:b9:2d:a2:
                    3f:d7:6d:bc:95:e6:7b:40:98:89:87:af:63:83:9a:
                    9f:de:a7:bf:a8:3e:3a:1c:11:bd:61:d8:ab:7c:66:
                    f3:c3:64:33:4a:54:12:7f:e7:31:17:55:50:e4:a2:
                    6b:74:f2:76:00:88:c1:87:34:92:29:2d:db:d6:d4:
                    23:ac:a1:d4:a8:42:66:24:94:3c:9d:53:9a:36:a6:
                    6d:60:9f:16:cc:cb:df:f7:3a:69:0d:5c:71:1d:50:
                    b3:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:F0:B0:02:D5:D3:F5:99:F6:12:B4:27:8C:90:4E:60:0C:28:AD:56
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/UPCwAtXT9Zn2ErQnjJBOYAworVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a4:dd:0a:04:ea:cb:81:e0:74:bd:d6:77:97:5d:4e:38:3d:08:
         90:9f:f9:02:0b:10:3e:29:e7:60:d1:69:b7:fa:2d:a5:1d:f7:
         12:07:c2:62:f6:94:7b:15:79:f7:09:3a:4a:80:47:c8:fa:49:
         8a:14:c9:62:1d:c4:8d:72:cb:fa:9f:3e:de:01:a3:00:f6:cf:
         12:56:c4:74:f0:cb:8f:b8:bf:09:a4:46:17:79:96:92:3d:bc:
         b5:d4:68:ae:83:df:d1:4c:28:4d:e0:ab:d4:5c:54:40:63:fc:
         4f:ce:82:c0:37:1d:f9:5f:60:24:a7:12:2c:91:7d:96:10:81:
         ee:68:04:76:f5:ef:15:57:63:6b:d6:4c:db:84:96:41:89:3d:
         3e:75:26:72:b6:9a:70:c6:74:97:86:51:c5:d0:31:1a:dd:34:
         47:91:dd:0c:d2:19:4d:19:bf:d7:da:f1:e6:d3:2e:eb:43:89:
         de:d2:e5:58:41:74:7b:f0:e8:b6:ef:49:dc:fa:37:2c:bf:98:
         f8:a2:61:c8:49:44:0f:0b:4e:26:0f:fd:a2:37:25:c9:8b:3c:
         b8:4e:fc:6a:91:e7:05:8a:b2:ca:37:a1:3d:92:91:06:35:a7:
         ea:e5:e4:79:fb:e7:ef:2b:bc:03:ed:c9:78:19:7a:be:d2:01:
         f6:25:32:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Ngpe5ganJX7oQ3KoYuK3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwMTAxMjAxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGYwYjAwMmQ1ZDNmNTk5ZjYxMmI0Mjc4YzkwNGU2MDBjMjhhZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuZ5H9huFb0FtVZv7Hm7toaPwyc7
V3+B5ksiHZogw/Di8RG4Z/ER5VAqQJeySI3hxicL/eOq2IgUCQ9SXXZBpF/h3Cr4
mpC3dfdaR4iOrVnd9JK2LKncVeLuTinVtylD/YE3wKA6q/1bGG5CcWP5hZS76wNr
ULuDIprpxRTKvMEMqpwOdBJpFsrBVTG+J/LKZkNnx6iVAJ2BQNVeJUgC8t65LaI/
1228leZ7QJiJh69jg5qf3qe/qD46HBG9YdirfGbzw2QzSlQSf+cxF1VQ5KJrdPJ2
AIjBhzSSKS3b1tQjrKHUqEJmJJQ8nVOaNqZtYJ8WzMvf9zppDVxxHVCzjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDwsALV0/WZ9hK0J4yQTmAMKK1WMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvVVBDd0F0WFQ5Wm4yRXJRbmpKQk9ZQXdvclZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYQkMA0G
CSqGSIb3DQEBCwUAA4IBAQCk3QoE6suB4HS91neXXU44PQiQn/kCCxA+Kedg0Wm3
+i2lHfcSB8Ji9pR7FXn3CTpKgEfI+kmKFMliHcSNcsv6nz7eAaMA9s8SVsR08MuP
uL8JpEYXeZaSPby11Giug9/RTChN4KvUXFRAY/xPzoLANx35X2AkpxIskX2WEIHu
aAR29e8VV2Nr1kzbhJZBiT0+dSZytppwxnSXhlHF0DEa3TRHkd0M0hlNGb/X2vHm
0y7rQ4ne0uVYQXR78Oi270nc+jcsv5j4omHISUQPC04mD/2iNyXJizy4TvxqkecF
irLKN6E9kpEGNafq5eR5++fvK7wD7cl4GXq+0gH2JTLC
-----END CERTIFICATE-----