This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/AuuFpGckEdWDmpSli6J4EvnBEFA.roa
File:                     AuuFpGckEdWDmpSli6J4EvnBEFA.roa (raw, json)
Hash identifier:          UWwZYirMViLQ4FhWk6naRNb3lf/S07gxbtcPGiaea3M=
Subject key identifier:   02:EB:85:A4:67:24:11:D5:83:9A:94:A5:8B:A2:78:12:F9:C1:10:50
Certificate issuer:       /CN=d82cb43ca3c0c57816cee360478d0cf882207fd2
Certificate serial:       019B78349F9998CF802B5E7E9CFFFDAC83DA
Authority key identifier: D8:2C:B4:3C:A3:C0:C5:78:16:CE:E3:60:47:8D:0C:F8:82:20:7F:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Cy0PKPAxXgWzuNgR40M-IIgf9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/AuuFpGckEdWDmpSli6J4EvnBEFA.roa
Signing time:             Thu 01 Jan 2026 06:17:53 +0000
ROA not before:           Thu 01 Jan 2026 06:17:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     64267
IP address blocks:        104.160.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/2Cy0PKPAxXgWzuNgR40M-IIgf9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/2Cy0PKPAxXgWzuNgR40M-IIgf9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2Cy0PKPAxXgWzuNgR40M-IIgf9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 01:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:9f:99:98:cf:80:2b:5e:7e:9c:ff:fd:ac:83:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d82cb43ca3c0c57816cee360478d0cf882207fd2
        Validity
            Not Before: Jan  1 06:17:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=02eb85a4672411d5839a94a58ba27812f9c11050
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:1f:9c:66:f4:ac:6c:8b:89:5a:67:ea:ba:65:
                    98:3d:c0:31:74:1e:dd:99:7e:a8:3f:fd:0b:c5:d0:
                    55:0d:30:4b:26:21:e8:eb:e7:cc:a7:b9:7b:57:98:
                    df:51:5c:42:0b:1e:98:46:ee:2f:94:fa:af:36:ea:
                    39:0d:17:cb:84:0c:67:b5:63:3e:37:b8:f1:e3:d5:
                    72:2b:36:b3:1a:fc:9a:a1:1c:2d:5d:98:46:1a:ac:
                    80:81:2d:83:8a:62:76:15:f5:87:b3:16:fb:53:02:
                    88:57:5e:90:1b:04:35:26:98:09:53:55:de:47:30:
                    41:78:1d:2f:9e:f9:92:8a:ac:b0:8d:ed:ec:77:55:
                    7d:4e:3d:99:f0:43:0f:3d:95:87:74:7f:fd:83:20:
                    c5:2a:42:53:b0:c7:79:76:24:13:d1:9b:4d:b3:21:
                    9e:18:1c:35:67:26:61:28:97:fc:39:c1:71:bb:ac:
                    1b:a0:e6:b5:46:12:fc:a3:a2:b7:29:6a:ca:17:90:
                    43:b4:ea:45:3a:22:86:4d:60:2b:c8:b2:ab:7c:dd:
                    5f:fc:1f:a0:a4:59:4c:6f:72:fa:55:6d:2f:f2:ca:
                    a9:e7:11:28:9e:c8:7b:75:4c:b6:cd:02:bb:a0:9a:
                    75:34:06:c4:3d:02:be:05:42:fd:33:97:7c:ff:91:
                    c1:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:EB:85:A4:67:24:11:D5:83:9A:94:A5:8B:A2:78:12:F9:C1:10:50
            X509v3 Authority Key Identifier:
                keyid:D8:2C:B4:3C:A3:C0:C5:78:16:CE:E3:60:47:8D:0C:F8:82:20:7F:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Cy0PKPAxXgWzuNgR40M-IIgf9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/AuuFpGckEdWDmpSli6J4EvnBEFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/2Cy0PKPAxXgWzuNgR40M-IIgf9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.160.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:80:ed:85:a5:c0:f6:61:02:c8:6b:b0:cf:e0:57:d9:e2:66:
         2c:6a:25:e5:f7:50:9a:83:0a:b4:e7:10:b7:22:5a:28:bf:f0:
         01:27:58:b8:c3:e1:2b:16:81:66:6c:d5:de:3f:46:50:13:ed:
         c9:42:7a:e5:a4:2d:b5:95:d5:07:e3:56:d5:66:9e:28:b4:fc:
         9f:04:d6:fa:b6:25:9a:a3:09:80:74:84:94:6a:50:ad:4f:9e:
         73:2b:ae:7c:57:ed:c9:f1:27:f8:d1:f4:f3:a9:3c:26:6e:5b:
         b9:16:56:16:5b:f3:c8:31:fc:8a:0a:9d:d2:58:ea:01:8f:61:
         e0:17:5c:30:32:28:79:6f:f4:83:db:47:a4:8d:b1:aa:2c:4e:
         7e:5f:20:e1:9e:3a:22:d1:ca:92:62:e7:41:ad:9e:40:ca:b7:
         63:e4:f4:a5:ce:c0:ec:4f:ee:a0:b1:f6:67:c5:37:c4:ab:30:
         e1:fe:e3:54:63:76:d8:d8:d1:e1:31:40:23:67:2d:2a:7d:e6:
         93:f8:e5:05:ca:9f:31:23:53:0e:07:5f:7a:25:32:b2:c6:be:
         e8:2e:54:62:2c:47:06:08:1e:86:24:1f:37:87:92:1d:b4:1f:
         e8:1a:42:1e:45:5a:4d:e9:98:7a:75:d7:d7:78:a1:c4:cc:a7:
         eb:b3:ef:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NJ+ZmM+AK15+nP/9rIPaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MmNiNDNjYTNjMGM1NzgxNmNlZTM2MDQ3OGQwY2Y4ODIy
MDdmZDIwHhcNMjYwMTAxMDYxNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmViODVhNDY3MjQxMWQ1ODM5YTk0YTU4YmEyNzgxMmY5YzExMDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArx+cZvSsbIuJWmfqumWYPcAxdB7d
mX6oP/0LxdBVDTBLJiHo6+fMp7l7V5jfUVxCCx6YRu4vlPqvNuo5DRfLhAxntWM+
N7jx49VyKzazGvyaoRwtXZhGGqyAgS2DimJ2FfWHsxb7UwKIV16QGwQ1JpgJU1Xe
RzBBeB0vnvmSiqywje3sd1V9Tj2Z8EMPPZWHdH/9gyDFKkJTsMd5diQT0ZtNsyGe
GBw1ZyZhKJf8OcFxu6wboOa1RhL8o6K3KWrKF5BDtOpFOiKGTWAryLKrfN1f/B+g
pFlMb3L6VW0v8sqp5xEonsh7dUy2zQK7oJp1NAbEPQK+BUL9M5d8/5HBPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFALrhaRnJBHVg5qUpYuieBL5wRBQMB8GA1UdIwQY
MBaAFNgstDyjwMV4Fs7jYEeNDPiCIH/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkN5MFBLUEF4WGdXenVOZ1I0ME0tSUlnZjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8zYjUxYjgtMTBjNi00MzhiLWExMjAt
MTVmMTNlM2Y3ZDg1LzEvQXV1RnBHY2tFZFdEbXBTbGk2SjRFdm5CRUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8zYjUxYjgtMTBjNi00MzhiLWExMjAtMTVmMTNlM2Y3ZDg1
LzEvMkN5MFBLUEF4WGdXenVOZ1I0ME0tSUlnZjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaKADMA0G
CSqGSIb3DQEBCwUAA4IBAQAYgO2FpcD2YQLIa7DP4FfZ4mYsaiXl91Cagwq05xC3
Iloov/ABJ1i4w+ErFoFmbNXeP0ZQE+3JQnrlpC21ldUH41bVZp4otPyfBNb6tiWa
owmAdISUalCtT55zK658V+3J8Sf40fTzqTwmblu5FlYWW/PIMfyKCp3SWOoBj2Hg
F1wwMih5b/SD20ekjbGqLE5+XyDhnjoi0cqSYudBrZ5Ayrdj5PSlzsDsT+6gsfZn
xTfEqzDh/uNUY3bY2NHhMUAjZy0qfeaT+OUFyp8xI1MOB196JTKyxr7oLlRiLEcG
CB6GJB83h5IdtB/oGkIeRVpN6Zh6ddfXeKHEzKfrs+9F
-----END CERTIFICATE-----