This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/c766fa-515e-4bb7-a6a5-e1ef14274630/1/Rw2WB5rXZCgpkSlsT60GJ_Uubzs.roa
File:                     Rw2WB5rXZCgpkSlsT60GJ_Uubzs.roa (raw, json)
Hash identifier:          yuF4HukrTFZ72XZMCbxutNeFUS+TivxiXIqbgMaC5Nc=
Subject key identifier:   47:0D:96:07:9A:D7:64:28:29:91:29:6C:4F:AD:06:27:F5:2E:6F:3B
Certificate issuer:       /CN=1a59e9a3fc3fb5b0d582056a3b24553c56bd27f0
Certificate serial:       019B7E37798F6743C7BA848E088097B8FACE
Authority key identifier: 1A:59:E9:A3:FC:3F:B5:B0:D5:82:05:6A:3B:24:55:3C:56:BD:27:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Glnpo_w_tbDVggVqOyRVPFa9J_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/c766fa-515e-4bb7-a6a5-e1ef14274630/1/Rw2WB5rXZCgpkSlsT60GJ_Uubzs.roa
Signing time:             Fri 02 Jan 2026 10:18:43 +0000
ROA not before:           Fri 02 Jan 2026 10:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199631
IP address blocks:        94.46.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/c766fa-515e-4bb7-a6a5-e1ef14274630/1/Glnpo_w_tbDVggVqOyRVPFa9J_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/c766fa-515e-4bb7-a6a5-e1ef14274630/1/Glnpo_w_tbDVggVqOyRVPFa9J_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Glnpo_w_tbDVggVqOyRVPFa9J_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:79:8f:67:43:c7:ba:84:8e:08:80:97:b8:fa:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a59e9a3fc3fb5b0d582056a3b24553c56bd27f0
        Validity
            Not Before: Jan  2 10:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=470d96079ad764282991296c4fad0627f52e6f3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ad:a4:4e:e1:d5:b9:65:e3:b1:77:ed:b9:bd:
                    0c:78:be:2f:ab:3e:98:6f:3f:73:55:cf:ed:35:a7:
                    9b:ba:82:f8:c8:d5:5d:0f:17:39:a1:23:45:99:d2:
                    8e:25:bc:ae:c3:fb:c4:ba:cd:21:ba:c3:75:a5:b5:
                    e0:1f:7b:ca:70:c1:52:69:94:19:5f:37:cd:b1:7a:
                    bc:ec:01:52:f5:25:09:3b:59:e0:b7:a4:66:3b:33:
                    ae:c8:cd:d2:f4:2c:11:0e:c6:ad:06:8b:d6:ee:53:
                    59:39:b7:7c:ad:a7:6b:96:9b:b3:a2:ab:10:f0:13:
                    c6:a5:cc:84:b7:65:88:a0:52:bd:66:7d:39:54:ad:
                    d5:4b:76:a7:57:3f:50:ca:81:3f:b2:f4:1d:5d:f0:
                    7c:f8:2a:de:c0:27:43:f9:0d:8d:63:6b:c5:85:80:
                    a6:55:69:92:6a:3f:6e:46:b5:05:c2:1f:9c:de:9b:
                    e7:35:aa:23:e1:ec:97:c2:21:d6:6e:ae:70:f5:f3:
                    3c:87:92:5b:1a:31:22:8c:a0:c5:62:3c:7c:5e:e7:
                    63:ff:3b:67:c3:a9:99:e6:7b:fc:83:72:f8:7a:5a:
                    67:f3:4c:0e:2e:c9:7a:ec:df:cb:66:ed:b0:d8:e2:
                    92:06:8e:67:53:ce:f7:c2:48:0c:92:03:48:b4:0d:
                    b2:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:0D:96:07:9A:D7:64:28:29:91:29:6C:4F:AD:06:27:F5:2E:6F:3B
            X509v3 Authority Key Identifier:
                keyid:1A:59:E9:A3:FC:3F:B5:B0:D5:82:05:6A:3B:24:55:3C:56:BD:27:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Glnpo_w_tbDVggVqOyRVPFa9J_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c766fa-515e-4bb7-a6a5-e1ef14274630/1/Rw2WB5rXZCgpkSlsT60GJ_Uubzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c766fa-515e-4bb7-a6a5-e1ef14274630/1/Glnpo_w_tbDVggVqOyRVPFa9J_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.46.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:36:b5:3e:c5:3e:c1:be:1c:04:75:b2:db:c0:8b:38:60:3f:
         d3:95:69:95:26:e6:a9:66:7c:8d:8b:bd:2e:0a:0b:16:64:a5:
         bb:c7:52:7e:01:d9:16:d9:b3:41:56:d9:d1:f8:43:30:2d:0f:
         24:bf:9e:5d:f0:3f:b5:9a:ea:0e:f2:7a:c7:00:01:0d:31:57:
         b9:c0:34:4c:c5:97:9f:0c:9b:ec:fc:bb:c6:09:97:5a:1c:86:
         e5:25:ef:9e:5f:32:4e:fc:a8:27:5b:af:da:4d:85:ce:b0:8c:
         e4:d8:2d:4f:b0:27:f1:e6:af:cc:b5:68:9b:09:ba:17:0e:91:
         f1:e3:0f:2e:2e:90:58:5d:6b:5c:fc:34:63:91:9d:41:63:60:
         2e:6b:48:36:e8:18:d4:44:b2:44:ba:f1:d1:00:b0:a7:e5:46:
         22:35:17:7d:cd:5a:f8:82:35:69:0e:7f:52:54:7f:0e:ae:a1:
         54:70:f2:2b:49:d4:5b:dc:87:6e:14:8e:cb:cc:56:8d:f1:e3:
         38:3c:68:43:de:f6:68:2e:3c:8f:89:4f:4d:4a:96:06:05:ff:
         5a:f3:ac:55:c9:0b:04:1c:e6:58:9b:86:72:0e:da:d6:80:a5:
         d0:f4:78:8c:6b:19:aa:26:8d:18:d5:73:70:d1:27:4c:75:5b:
         f8:10:06:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N3mPZ0PHuoSOCICXuPrOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNTllOWEzZmMzZmI1YjBkNTgyMDU2YTNiMjQ1NTNjNTZi
ZDI3ZjAwHhcNMjYwMTAyMTAxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzBkOTYwNzlhZDc2NDI4Mjk5MTI5NmM0ZmFkMDYyN2Y1MmU2ZjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAna2kTuHVuWXjsXftub0MeL4vqz6Y
bz9zVc/tNaebuoL4yNVdDxc5oSNFmdKOJbyuw/vEus0husN1pbXgH3vKcMFSaZQZ
XzfNsXq87AFS9SUJO1ngt6RmOzOuyM3S9CwRDsatBovW7lNZObd8radrlpuzoqsQ
8BPGpcyEt2WIoFK9Zn05VK3VS3anVz9QyoE/svQdXfB8+CrewCdD+Q2NY2vFhYCm
VWmSaj9uRrUFwh+c3pvnNaoj4eyXwiHWbq5w9fM8h5JbGjEijKDFYjx8Xudj/ztn
w6mZ5nv8g3L4elpn80wOLsl67N/LZu2w2OKSBo5nU873wkgMkgNItA2ykwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEcNlgea12QoKZEpbE+tBif1Lm87MB8GA1UdIwQY
MBaAFBpZ6aP8P7Ww1YIFajskVTxWvSfwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2xucG9fd190YkRWZ2dWcU95UlZQRmE5Sl9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9jNzY2ZmEtNTE1ZS00YmI3LWE2YTUt
ZTFlZjE0Mjc0NjMwLzEvUncyV0I1clhaQ2dwa1Nsc1Q2MEdKX1V1YnpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9jNzY2ZmEtNTE1ZS00YmI3LWE2YTUtZTFlZjE0Mjc0NjMw
LzEvR2xucG9fd190YkRWZ2dWcU95UlZQRmE5Sl9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXi7uMA0G
CSqGSIb3DQEBCwUAA4IBAQCiNrU+xT7BvhwEdbLbwIs4YD/TlWmVJuapZnyNi70u
CgsWZKW7x1J+AdkW2bNBVtnR+EMwLQ8kv55d8D+1muoO8nrHAAENMVe5wDRMxZef
DJvs/LvGCZdaHIblJe+eXzJO/KgnW6/aTYXOsIzk2C1PsCfx5q/MtWibCboXDpHx
4w8uLpBYXWtc/DRjkZ1BY2Aua0g26BjURLJEuvHRALCn5UYiNRd9zVr4gjVpDn9S
VH8OrqFUcPIrSdRb3IduFI7LzFaN8eM4PGhD3vZoLjyPiU9NSpYGBf9a86xVyQsE
HOZYm4ZyDtrWgKXQ9HiMaxmqJo0Y1XNw0SdMdVv4EAa0
-----END CERTIFICATE-----