This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/cLDYz_9Zwwk3zoYCWc3vL36p2Vo.roa
File:                     cLDYz_9Zwwk3zoYCWc3vL36p2Vo.roa (raw, json)
Hash identifier:          uPEOYCvzSynMBRgZqpFSHcFo4Rr8aojoGV6YDin4A8w=
Subject key identifier:   70:B0:D8:CF:FF:59:C3:09:37:CE:86:02:59:CD:EF:2F:7E:A9:D9:5A
Certificate issuer:       /CN=7c673daad6d9317f0101d41a042a61e57689453a
Certificate serial:       019B7D5B18B3854BADDA57A155AA18AFD09A
Authority key identifier: 7C:67:3D:AA:D6:D9:31:7F:01:01:D4:1A:04:2A:61:E5:76:89:45:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fGc9qtbZMX8BAdQaBCph5XaJRTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/cLDYz_9Zwwk3zoYCWc3vL36p2Vo.roa
Signing time:             Fri 02 Jan 2026 06:18:00 +0000
ROA not before:           Fri 02 Jan 2026 06:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396982
IP address blocks:        64.52.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/fGc9qtbZMX8BAdQaBCph5XaJRTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/fGc9qtbZMX8BAdQaBCph5XaJRTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fGc9qtbZMX8BAdQaBCph5XaJRTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 21:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:18:b3:85:4b:ad:da:57:a1:55:aa:18:af:d0:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c673daad6d9317f0101d41a042a61e57689453a
        Validity
            Not Before: Jan  2 06:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70b0d8cfff59c30937ce860259cdef2f7ea9d95a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:aa:fb:7a:f1:dd:44:f4:92:14:9d:80:1c:38:
                    e5:61:e0:a5:e1:09:d7:dc:15:32:a3:83:e3:5d:87:
                    30:72:c9:8a:65:62:c0:a0:b4:fc:a5:9f:ab:51:3c:
                    d3:90:d4:fa:cd:bf:f9:f0:c1:4f:1d:81:bf:b2:08:
                    09:d8:11:3e:0d:79:0b:a6:c2:6a:a5:ca:da:2b:33:
                    12:eb:ad:24:60:73:e3:41:e2:5e:a3:21:5b:7a:90:
                    c0:9b:94:c5:48:c1:09:91:09:cf:2c:b6:a1:78:aa:
                    21:52:93:a7:99:11:34:c2:a8:7b:ac:b3:8f:cf:40:
                    95:c0:05:bb:7d:d8:6f:93:4a:94:ef:78:7c:6a:70:
                    a1:f3:e2:93:80:52:94:0e:9c:33:3d:c2:ca:00:17:
                    95:f0:45:84:91:fe:63:27:a2:ad:d1:9f:80:38:a7:
                    49:d0:5b:33:5f:56:c5:0f:1a:f7:4d:a0:c9:cb:c6:
                    a6:fd:4c:44:ab:32:fc:94:c4:f7:b2:c3:9e:86:c6:
                    a6:95:8e:fe:ea:35:40:d9:33:5c:4c:45:a2:02:78:
                    0b:26:5c:a7:0e:2b:0f:c4:fc:ce:01:bd:01:ae:ce:
                    b3:52:33:50:96:f9:af:93:9b:15:b1:82:13:14:34:
                    c7:4b:29:85:8f:8a:53:6e:b0:7e:2b:16:b9:1e:22:
                    f5:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:B0:D8:CF:FF:59:C3:09:37:CE:86:02:59:CD:EF:2F:7E:A9:D9:5A
            X509v3 Authority Key Identifier:
                keyid:7C:67:3D:AA:D6:D9:31:7F:01:01:D4:1A:04:2A:61:E5:76:89:45:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fGc9qtbZMX8BAdQaBCph5XaJRTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/cLDYz_9Zwwk3zoYCWc3vL36p2Vo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f037db-7592-4b62-bdaa-04e46ef0cd21/1/fGc9qtbZMX8BAdQaBCph5XaJRTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.52.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:81:f1:9e:ce:05:08:4d:98:ac:ef:02:11:6b:a9:44:a0:4d:
         2a:b6:6d:9f:80:1d:8c:c6:d0:40:40:81:d6:00:49:72:52:2b:
         ab:1d:b1:50:c3:aa:43:c8:9f:79:fe:f0:90:96:18:f5:b6:5c:
         89:6c:b5:88:50:87:76:2c:94:49:13:cd:31:79:e2:fe:b2:10:
         67:ab:04:a3:25:dc:96:ed:d7:2e:2a:b7:08:6e:bb:6e:01:57:
         52:15:ad:76:95:e9:d3:42:ab:34:39:bb:f9:7e:f6:c5:ed:03:
         8e:70:50:e2:c8:82:a1:38:8d:c3:c7:23:15:55:18:8b:3c:9a:
         b6:46:0d:85:97:7d:ad:13:16:01:8e:6f:1a:d8:e5:ff:9c:7d:
         ea:97:0c:ca:88:39:f6:9d:28:92:9c:3a:f7:72:33:e7:56:a5:
         5e:be:19:c3:79:cb:54:46:8d:f3:38:c3:7f:95:33:64:a4:ac:
         c3:0c:0b:5f:c8:45:f5:b8:d1:29:fa:be:71:1b:9c:44:c2:d7:
         60:a8:fa:64:7a:ad:2b:d0:b0:34:fb:21:19:60:af:56:45:7c:
         50:ed:90:0d:e8:5b:bb:36:66:c0:4b:06:05:ed:df:82:5b:ce:
         39:3b:c8:85:b7:60:17:24:ed:88:3d:05:13:4d:b9:44:4c:cd:
         23:44:45:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WxizhUut2lehVaoYr9CaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjNjczZGFhZDZkOTMxN2YwMTAxZDQxYTA0MmE2MWU1NzY4
OTQ1M2EwHhcNMjYwMTAyMDYxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGIwZDhjZmZmNTljMzA5MzdjZTg2MDI1OWNkZWYyZjdlYTlkOTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy6r7evHdRPSSFJ2AHDjlYeCl4QnX
3BUyo4PjXYcwcsmKZWLAoLT8pZ+rUTzTkNT6zb/58MFPHYG/sggJ2BE+DXkLpsJq
pcraKzMS660kYHPjQeJeoyFbepDAm5TFSMEJkQnPLLaheKohUpOnmRE0wqh7rLOP
z0CVwAW7fdhvk0qU73h8anCh8+KTgFKUDpwzPcLKABeV8EWEkf5jJ6Kt0Z+AOKdJ
0FszX1bFDxr3TaDJy8am/UxEqzL8lMT3ssOehsamlY7+6jVA2TNcTEWiAngLJlyn
DisPxPzOAb0Brs6zUjNQlvmvk5sVsYITFDTHSymFj4pTbrB+Kxa5HiL19QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCw2M//WcMJN86GAlnN7y9+qdlaMB8GA1UdIwQY
MBaAFHxnParW2TF/AQHUGgQqYeV2iUU6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkdjOXF0YlpNWDhCQWRRYUJDcGg1WGFKUlRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMDM3ZGItNzU5Mi00YjYyLWJkYWEt
MDRlNDZlZjBjZDIxLzEvY0xEWXpfOVp3d2szem9ZQ1djM3ZMMzZwMlZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMDM3ZGItNzU5Mi00YjYyLWJkYWEtMDRlNDZlZjBjZDIx
LzEvZkdjOXF0YlpNWDhCQWRRYUJDcGg1WGFKUlRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAQDQTMA0G
CSqGSIb3DQEBCwUAA4IBAQBfgfGezgUITZis7wIRa6lEoE0qtm2fgB2MxtBAQIHW
AElyUiurHbFQw6pDyJ95/vCQlhj1tlyJbLWIUId2LJRJE80xeeL+shBnqwSjJdyW
7dcuKrcIbrtuAVdSFa12lenTQqs0Obv5fvbF7QOOcFDiyIKhOI3DxyMVVRiLPJq2
Rg2Fl32tExYBjm8a2OX/nH3qlwzKiDn2nSiSnDr3cjPnVqVevhnDectURo3zOMN/
lTNkpKzDDAtfyEX1uNEp+r5xG5xEwtdgqPpkeq0r0LA0+yEZYK9WRXxQ7ZAN6Fu7
NmbASwYF7d+CW845O8iFt2AXJO2IPQUTTblETM0jREU9
-----END CERTIFICATE-----