This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/UjaNg7KY73WGT9JfaoinXeJ4po0.roa
File:                     UjaNg7KY73WGT9JfaoinXeJ4po0.roa (raw, json)
Hash identifier:          Hf6UtAb9DoFPsaK8X/s263j/NWrtm1qAF0PD7b5NyLA=
Subject key identifier:   52:36:8D:83:B2:98:EF:75:86:4F:D2:5F:6A:88:A7:5D:E2:78:A6:8D
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019B79114E26C9DE307D400B21557E8C18EF
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/UjaNg7KY73WGT9JfaoinXeJ4po0.roa
Signing time:             Thu 01 Jan 2026 10:18:55 +0000
ROA not before:           Thu 01 Jan 2026 10:18:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205634
IP address blocks:        64.137.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 Jan 2026 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:4e:26:c9:de:30:7d:40:0b:21:55:7e:8c:18:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  1 10:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=52368d83b298ef75864fd25f6a88a75de278a68d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:66:64:1e:35:e4:90:4d:08:e4:dd:a0:8a:ac:
                    e1:78:b5:26:61:7c:c2:a9:b4:0b:6e:10:27:53:76:
                    6b:03:2d:7e:d0:5f:27:1a:fb:5a:ec:b4:e1:c3:78:
                    5e:88:ef:7e:53:9d:e8:82:96:83:ce:3d:77:e7:af:
                    74:dd:63:06:f3:2c:a7:9f:55:21:7a:fa:34:67:97:
                    42:2d:dc:af:7b:09:7c:04:61:47:6c:0a:8a:bb:92:
                    ec:7a:f4:7f:13:b5:36:c9:54:da:70:47:2d:54:c6:
                    c7:ac:23:4e:e1:40:e4:e8:1f:c6:dc:25:b9:22:20:
                    76:dd:d5:76:92:9e:d6:66:38:f3:49:52:92:4e:f1:
                    10:22:3a:1a:6b:a2:7a:63:60:42:44:67:10:4c:c2:
                    8b:d5:ee:76:fe:17:f1:9b:3b:3d:4a:7c:04:e9:bf:
                    13:bb:30:22:7c:33:4c:5f:cc:b4:cb:22:a9:7d:c6:
                    21:22:1a:b4:d5:93:db:c6:b5:d4:fb:d9:fc:29:69:
                    9b:30:d3:2f:54:87:fd:6d:ff:d1:55:15:66:00:0e:
                    c3:7d:04:7e:d1:be:02:93:7d:eb:2e:b7:63:46:ca:
                    72:98:c2:64:65:fd:90:96:f0:6f:f4:c8:90:4a:9a:
                    d4:9f:39:bb:df:9a:ba:0e:a9:e3:ae:f7:9c:bc:ef:
                    d4:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:36:8D:83:B2:98:EF:75:86:4F:D2:5F:6A:88:A7:5D:E2:78:A6:8D
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/UjaNg7KY73WGT9JfaoinXeJ4po0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.137.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:6f:7f:4f:f9:cd:6c:6c:4c:95:a3:4f:35:68:ea:0b:61:a4:
         e1:fa:3f:5d:55:bb:54:43:7b:1c:d2:c4:aa:17:29:1d:70:38:
         bf:9a:b4:f7:89:22:6a:db:73:31:d7:55:21:6a:ea:91:06:01:
         47:2c:c5:f3:e8:9b:c9:7a:61:ed:87:ac:77:18:8a:88:33:aa:
         a6:72:47:5b:3e:ce:58:58:01:e2:d7:dc:85:c5:0c:85:bb:6a:
         eb:6d:4d:ae:83:20:6d:db:4f:f3:36:64:95:fa:c5:63:62:86:
         96:de:4f:4d:82:e9:92:46:93:a7:a6:17:a8:43:d8:96:c1:a6:
         55:63:83:25:57:8f:21:41:a5:c6:0f:cf:06:23:01:f3:e5:69:
         fe:ff:69:db:d7:eb:c4:89:e4:65:82:b7:09:a8:7a:53:8f:4d:
         af:70:ee:c9:6d:6b:0f:44:ed:70:f8:67:01:35:bf:ff:af:d2:
         b2:7e:28:b6:cc:62:90:89:2c:6d:b5:cd:45:15:37:70:0a:ea:
         f2:73:41:d8:2c:3f:81:d1:f4:90:d0:f7:1f:61:70:76:0f:8b:
         7a:ae:e5:4c:f3:92:37:34:9e:1a:07:08:f1:07:8d:c4:65:60:
         d0:b9:f7:f4:04:d9:4c:26:54:55:03:de:fc:5c:36:86:03:35:
         af:29:e2:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EU4myd4wfUALIVV+jBjvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwMTAxMTAxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjM2OGQ4M2IyOThlZjc1ODY0ZmQyNWY2YTg4YTc1ZGUyNzhhNjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2ZkHjXkkE0I5N2giqzheLUmYXzC
qbQLbhAnU3ZrAy1+0F8nGvta7LThw3heiO9+U53ogpaDzj1356903WMG8yynn1Uh
evo0Z5dCLdyvewl8BGFHbAqKu5LsevR/E7U2yVTacEctVMbHrCNO4UDk6B/G3CW5
IiB23dV2kp7WZjjzSVKSTvEQIjoaa6J6Y2BCRGcQTMKL1e52/hfxmzs9SnwE6b8T
uzAifDNMX8y0yyKpfcYhIhq01ZPbxrXU+9n8KWmbMNMvVIf9bf/RVRVmAA7DfQR+
0b4Ck33rLrdjRspymMJkZf2QlvBv9MiQSprUnzm735q6DqnjrvecvO/UMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFI2jYOymO91hk/SX2qIp13ieKaNMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvVWphTmc3S1k3M1dHVDlKZmFvaW5YZUo0cG8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAQIlvMA0G
CSqGSIb3DQEBCwUAA4IBAQCTb39P+c1sbEyVo081aOoLYaTh+j9dVbtUQ3sc0sSq
FykdcDi/mrT3iSJq23Mx11UhauqRBgFHLMXz6JvJemHth6x3GIqIM6qmckdbPs5Y
WAHi19yFxQyFu2rrbU2ugyBt20/zNmSV+sVjYoaW3k9NgumSRpOnpheoQ9iWwaZV
Y4MlV48hQaXGD88GIwHz5Wn+/2nb1+vEieRlgrcJqHpTj02vcO7JbWsPRO1w+GcB
Nb//r9Kyfii2zGKQiSxttc1FFTdwCuryc0HYLD+B0fSQ0PcfYXB2D4t6ruVM85I3
NJ4aBwjxB43EZWDQuff0BNlMJlRVA978XDaGAzWvKeLy
-----END CERTIFICATE-----