This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/UUqnfAVDQa6lg6vG893HM0lVJYc.roa
File:                     UUqnfAVDQa6lg6vG893HM0lVJYc.roa (raw, json)
Hash identifier:          36To8a4pjZ0Y2Qs8m/H0gopLfHuBJ5FyCcUXnUo0w+Q=
Subject key identifier:   51:4A:A7:7C:05:43:41:AE:A5:83:AB:C6:F3:DD:C7:33:49:55:25:87
Certificate issuer:       /CN=8b47aa09f2c610f6f44b4e75c1cd9dcd3884e55d
Certificate serial:       019B78A21FCC1A98D600467F806138DD0C05
Authority key identifier: 8B:47:AA:09:F2:C6:10:F6:F4:4B:4E:75:C1:CD:9D:CD:38:84:E5:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/UUqnfAVDQa6lg6vG893HM0lVJYc.roa
Signing time:             Thu 01 Jan 2026 08:17:29 +0000
ROA not before:           Thu 01 Jan 2026 08:17:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42337
IP address blocks:        193.27.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:1f:cc:1a:98:d6:00:46:7f:80:61:38:dd:0c:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b47aa09f2c610f6f44b4e75c1cd9dcd3884e55d
        Validity
            Not Before: Jan  1 08:17:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=514aa77c054341aea583abc6f3ddc73349552587
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b8:48:55:a6:14:3b:44:9c:de:41:4d:07:6c:
                    48:0f:4c:8f:ae:32:e1:ae:bf:0f:64:dd:12:f4:a8:
                    c3:d2:1a:34:4e:f4:0a:e7:da:b4:b6:de:6b:f3:b1:
                    be:4f:76:49:4f:ff:7d:6f:02:3a:02:c7:b3:ed:95:
                    a4:16:68:31:4d:17:59:bb:53:a4:91:a5:8e:ea:8a:
                    5e:b6:cb:3f:44:47:ab:bd:3e:89:65:94:83:4b:fb:
                    e0:02:a5:50:79:d4:37:64:53:78:a9:0a:c5:e1:e4:
                    18:9b:69:3f:b7:54:59:66:59:8f:ac:c3:50:2b:fe:
                    74:da:3a:3b:70:79:7e:43:56:61:77:11:0a:92:ea:
                    8e:57:9d:e9:db:0d:9f:a8:da:a5:b7:b2:4e:da:e2:
                    ca:3e:28:1e:b5:87:13:5d:93:b9:fb:16:df:59:a0:
                    d9:16:b6:c1:b8:e6:fc:1b:f4:a2:5c:51:f3:06:52:
                    60:5f:f4:c8:84:55:95:72:c1:2b:1e:44:b1:ae:bd:
                    d1:55:bb:7b:90:4b:fd:4d:dd:bb:c6:61:f0:fd:5c:
                    6e:f0:a9:5a:a9:37:8c:da:4d:18:9c:e5:d7:f5:1e:
                    65:35:41:3e:a8:54:7f:60:0e:b5:8e:8d:45:cf:f6:
                    8a:04:4c:69:e2:3d:ff:f3:df:85:ab:28:f4:b2:69:
                    d2:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:4A:A7:7C:05:43:41:AE:A5:83:AB:C6:F3:DD:C7:33:49:55:25:87
            X509v3 Authority Key Identifier:
                keyid:8B:47:AA:09:F2:C6:10:F6:F4:4B:4E:75:C1:CD:9D:CD:38:84:E5:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/UUqnfAVDQa6lg6vG893HM0lVJYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.27.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:3b:a9:0e:3c:1e:f2:43:fd:0a:7c:7d:cd:24:7d:57:ab:e7:
         9d:b1:ac:06:16:3e:97:68:aa:ba:7d:72:14:d1:76:20:bc:cc:
         17:d2:1b:5d:58:68:64:79:3e:52:97:77:80:61:09:64:0e:0d:
         c5:28:d0:8a:12:ee:3d:89:31:9c:b6:bc:2f:d0:14:fa:8d:76:
         ad:cb:49:c1:bb:4f:21:2d:20:95:d7:dc:df:94:a3:18:bf:f8:
         b8:8c:f5:83:60:34:d9:97:4d:0b:64:b1:e9:86:8b:2b:88:ac:
         f7:32:0f:ef:b3:bd:e7:ff:6f:38:73:38:fc:45:37:2f:4b:e0:
         10:70:2b:9e:b6:4a:35:46:f6:b6:f2:9a:45:91:d7:f1:48:41:
         a0:47:a3:22:86:bf:cb:6e:e9:05:60:93:38:cc:30:d1:83:a4:
         b2:0e:da:df:ba:a6:c6:45:44:0f:4e:05:30:27:49:09:99:31:
         17:a7:1e:1e:6e:e4:35:0e:ec:2a:41:25:8c:9f:5b:79:b5:48:
         f2:b5:ba:65:90:08:15:1c:ef:6c:a6:77:92:1b:73:d5:b8:78:
         59:c6:6c:ca:b2:64:a2:ab:19:5f:4b:34:22:a6:3e:11:d2:f6:
         be:de:d5:e1:53:c2:66:4c:96:7a:3b:c8:f0:3b:28:a9:cf:74:
         57:ee:41:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4oh/MGpjWAEZ/gGE43QwFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNDdhYTA5ZjJjNjEwZjZmNDRiNGU3NWMxY2Q5ZGNkMzg4
NGU1NWQwHhcNMjYwMTAxMDgxNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTRhYTc3YzA1NDM0MWFlYTU4M2FiYzZmM2RkYzczMzQ5NTUyNTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbhIVaYUO0Sc3kFNB2xID0yPrjLh
rr8PZN0S9KjD0ho0TvQK59q0tt5r87G+T3ZJT/99bwI6Asez7ZWkFmgxTRdZu1Ok
kaWO6opetss/REervT6JZZSDS/vgAqVQedQ3ZFN4qQrF4eQYm2k/t1RZZlmPrMNQ
K/502jo7cHl+Q1ZhdxEKkuqOV53p2w2fqNqlt7JO2uLKPigetYcTXZO5+xbfWaDZ
FrbBuOb8G/SiXFHzBlJgX/TIhFWVcsErHkSxrr3RVbt7kEv9Td27xmHw/Vxu8Kla
qTeM2k0YnOXX9R5lNUE+qFR/YA61jo1Fz/aKBExp4j3/89+Fqyj0smnSqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFFKp3wFQ0GupYOrxvPdxzNJVSWHMB8GA1UdIwQY
MBaAFItHqgnyxhD29EtOdcHNnc04hOVdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTBlcUNmTEdFUGIwUzA1MXdjMmR6VGlFNVYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9mNTYwZTEtNzg0MC00OTUxLWFiNzgt
NTAwMTUzOWQ3MTg1LzEvVVVxbmZBVkRRYTZsZzZ2Rzg5M0hNMGxWSlljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9mNTYwZTEtNzg0MC00OTUxLWFiNzgtNTAwMTUzOWQ3MTg1
LzEvaTBlcUNmTEdFUGIwUzA1MXdjMmR6VGlFNVYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRsJMA0G
CSqGSIb3DQEBCwUAA4IBAQANO6kOPB7yQ/0KfH3NJH1Xq+edsawGFj6XaKq6fXIU
0XYgvMwX0htdWGhkeT5Sl3eAYQlkDg3FKNCKEu49iTGctrwv0BT6jXaty0nBu08h
LSCV19zflKMYv/i4jPWDYDTZl00LZLHphosriKz3Mg/vs73n/284czj8RTcvS+AQ
cCuetko1Rva28ppFkdfxSEGgR6Mihr/LbukFYJM4zDDRg6SyDtrfuqbGRUQPTgUw
J0kJmTEXpx4ebuQ1DuwqQSWMn1t5tUjytbplkAgVHO9spneSG3PVuHhZxmzKsmSi
qxlfSzQipj4R0va+3tXhU8JmTJZ6O8jwOyipz3RX7kGo
-----END CERTIFICATE-----