This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/9952c8-2d40-41e2-ba70-61bc7ecc485c/1/rU_aup43-JcvplAJDdsQtTE8z3s.roa
File:                     rU_aup43-JcvplAJDdsQtTE8z3s.roa (raw, json)
Hash identifier:          8xZqax6dDOxidmRdOp80eUZcDr3nHq4tvorScngCUzU=
Subject key identifier:   AD:4F:DA:BA:9E:37:F8:97:2F:A6:50:09:0D:DB:10:B5:31:3C:CF:7B
Certificate issuer:       /CN=84abf0c981701aba97e4fcd0bed4e4cdb8692047
Certificate serial:       019B7C7FDD17821BC0A3C81C94B2CEB2EBF6
Authority key identifier: 84:AB:F0:C9:81:70:1A:BA:97:E4:FC:D0:BE:D4:E4:CD:B8:69:20:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hKvwyYFwGrqX5PzQvtTkzbhpIEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/9952c8-2d40-41e2-ba70-61bc7ecc485c/1/rU_aup43-JcvplAJDdsQtTE8z3s.roa
Signing time:             Fri 02 Jan 2026 02:18:33 +0000
ROA not before:           Fri 02 Jan 2026 02:18:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12130
IP address blocks:        109.71.152.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/9952c8-2d40-41e2-ba70-61bc7ecc485c/1/hKvwyYFwGrqX5PzQvtTkzbhpIEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/9952c8-2d40-41e2-ba70-61bc7ecc485c/1/hKvwyYFwGrqX5PzQvtTkzbhpIEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hKvwyYFwGrqX5PzQvtTkzbhpIEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:dd:17:82:1b:c0:a3:c8:1c:94:b2:ce:b2:eb:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84abf0c981701aba97e4fcd0bed4e4cdb8692047
        Validity
            Not Before: Jan  2 02:18:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ad4fdaba9e37f8972fa650090ddb10b5313ccf7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:94:82:b9:25:e3:fd:8b:1f:15:03:5b:a7:04:
                    62:c0:c9:09:f4:68:65:fe:61:13:ae:e8:30:c2:21:
                    7a:4b:b7:c5:87:d2:f5:3d:a0:77:b4:fb:44:77:10:
                    1f:4f:e6:61:cd:d6:1c:f1:64:43:bd:59:3e:3e:4a:
                    f3:ef:59:51:c8:a1:9b:a3:d2:3c:36:5a:af:74:77:
                    54:be:c9:7c:2d:8c:51:fa:39:3e:43:1e:ff:bd:58:
                    71:be:2c:6c:78:28:d2:01:37:3c:04:df:59:52:3a:
                    ed:76:71:59:06:b3:32:ac:0e:3a:45:2f:7b:cb:f0:
                    a1:31:ef:98:59:b0:66:31:8f:56:91:3b:f8:20:5d:
                    1f:eb:c2:d7:8f:b0:2d:ae:18:83:61:82:f9:cf:11:
                    34:ae:8a:fb:f7:86:28:3b:15:c1:8e:9e:4b:8e:cc:
                    66:59:99:70:26:f1:a4:06:a6:2b:29:da:46:4e:1e:
                    e1:63:13:a6:ce:8e:af:0f:d1:a4:0d:6c:e9:d2:2e:
                    3e:b1:96:b7:be:97:10:b4:00:48:d1:23:48:8e:3c:
                    5e:a3:33:92:4e:93:3d:3e:69:30:9c:f7:97:6e:fc:
                    33:ca:92:01:6d:7b:a3:4f:a7:85:8c:8b:81:b1:c6:
                    33:cd:77:c4:2e:e3:96:92:47:f1:bc:90:02:af:d1:
                    c8:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:4F:DA:BA:9E:37:F8:97:2F:A6:50:09:0D:DB:10:B5:31:3C:CF:7B
            X509v3 Authority Key Identifier:
                keyid:84:AB:F0:C9:81:70:1A:BA:97:E4:FC:D0:BE:D4:E4:CD:B8:69:20:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hKvwyYFwGrqX5PzQvtTkzbhpIEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/9952c8-2d40-41e2-ba70-61bc7ecc485c/1/rU_aup43-JcvplAJDdsQtTE8z3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/9952c8-2d40-41e2-ba70-61bc7ecc485c/1/hKvwyYFwGrqX5PzQvtTkzbhpIEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.71.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ac:e3:ef:8f:74:40:55:4d:22:09:45:86:2d:e6:08:f9:b5:ca:
         e0:e1:55:c1:57:51:86:7e:d7:f8:4c:a2:42:80:fd:4f:6e:5e:
         10:ff:fe:8a:a5:7d:1e:5b:a6:3d:19:c7:e8:c7:90:bf:d7:68:
         c2:cc:69:63:b1:8f:a0:90:02:9c:27:a8:9b:39:0f:36:79:bf:
         7a:0a:0e:26:51:25:77:de:0e:46:43:ab:87:8a:e6:24:9f:e7:
         a1:6e:b8:52:45:80:55:21:94:9b:b0:37:b2:74:f1:ef:8a:16:
         7e:ad:63:77:c2:e7:c6:7f:8c:9a:29:db:81:05:3e:0f:4d:79:
         a0:8f:ff:c0:67:10:cb:18:cd:c3:06:65:9d:fc:c7:ec:7b:d4:
         e0:d4:72:92:2f:f9:78:ac:b0:4c:ee:e0:b5:5c:a6:cc:91:1e:
         bc:47:9d:a2:6c:72:35:48:dc:db:44:f9:5a:be:0c:d4:f9:59:
         7a:7c:ca:b4:45:4a:0d:08:93:2d:74:82:c0:e4:bf:58:e3:e0:
         75:55:b1:09:03:83:67:6b:5a:d6:80:12:15:08:90:02:33:15:
         c3:c0:db:2e:f4:9e:fe:78:25:ce:59:c6:00:dc:b2:90:24:ae:
         53:31:49:75:09:b7:d6:67:df:ac:aa:3d:32:e6:14:b7:d8:84:
         0d:53:70:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f90XghvAo8gclLLOsuv2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YWJmMGM5ODE3MDFhYmE5N2U0ZmNkMGJlZDRlNGNkYjg2
OTIwNDcwHhcNMjYwMTAyMDIxODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDRmZGFiYTllMzdmODk3MmZhNjUwMDkwZGRiMTBiNTMxM2NjZjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJSCuSXj/YsfFQNbpwRiwMkJ9Ghl
/mETrugwwiF6S7fFh9L1PaB3tPtEdxAfT+ZhzdYc8WRDvVk+Pkrz71lRyKGbo9I8
NlqvdHdUvsl8LYxR+jk+Qx7/vVhxvixseCjSATc8BN9ZUjrtdnFZBrMyrA46RS97
y/ChMe+YWbBmMY9WkTv4IF0f68LXj7AtrhiDYYL5zxE0ror794YoOxXBjp5Ljsxm
WZlwJvGkBqYrKdpGTh7hYxOmzo6vD9GkDWzp0i4+sZa3vpcQtABI0SNIjjxeozOS
TpM9PmkwnPeXbvwzypIBbXujT6eFjIuBscYzzXfELuOWkkfxvJACr9HI+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK1P2rqeN/iXL6ZQCQ3bELUxPM97MB8GA1UdIwQY
MBaAFISr8MmBcBq6l+T80L7U5M24aSBHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEt2d3lZRndHcnFYNVB6UXZ0VGt6YmhwSUVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC85OTUyYzgtMmQ0MC00MWUyLWJhNzAt
NjFiYzdlY2M0ODVjLzEvclVfYXVwNDMtSmN2cGxBSkRkc1F0VEU4ejNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC85OTUyYzgtMmQ0MC00MWUyLWJhNzAtNjFiYzdlY2M0ODVj
LzEvaEt2d3lZRndHcnFYNVB6UXZ0VGt6YmhwSUVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbUeYMA0G
CSqGSIb3DQEBCwUAA4IBAQCs4++PdEBVTSIJRYYt5gj5tcrg4VXBV1GGftf4TKJC
gP1Pbl4Q//6KpX0eW6Y9Gcfox5C/12jCzGljsY+gkAKcJ6ibOQ82eb96Cg4mUSV3
3g5GQ6uHiuYkn+ehbrhSRYBVIZSbsDeydPHvihZ+rWN3wufGf4yaKduBBT4PTXmg
j//AZxDLGM3DBmWd/Mfse9Tg1HKSL/l4rLBM7uC1XKbMkR68R52ibHI1SNzbRPla
vgzU+Vl6fMq0RUoNCJMtdILA5L9Y4+B1VbEJA4Nna1rWgBIVCJACMxXDwNsu9J7+
eCXOWcYA3LKQJK5TMUl1CbfWZ9+sqj0y5hS32IQNU3Cb
-----END CERTIFICATE-----