This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/U0Zw7nxZcY6li2EowQpo7GWvwRw.roa
File:                     U0Zw7nxZcY6li2EowQpo7GWvwRw.roa (raw, json)
Hash identifier:          W83oCNCWNdwCZPqO8EuYCWEQ9TVK20LIVtEgGqY7xpE=
Subject key identifier:   53:46:70:EE:7C:59:71:8E:A5:8B:61:28:C1:0A:68:EC:65:AF:C1:1C
Certificate issuer:       /CN=962bd76a5cac283ece0a0f8eab2c97021401fb89
Certificate serial:       019B7B36A1188120BE4A017813F88A756AEB
Authority key identifier: 96:2B:D7:6A:5C:AC:28:3E:CE:0A:0F:8E:AB:2C:97:02:14:01:FB:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/U0Zw7nxZcY6li2EowQpo7GWvwRw.roa
Signing time:             Thu 01 Jan 2026 20:18:56 +0000
ROA not before:           Thu 01 Jan 2026 20:18:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211043
IP address blocks:        85.203.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 23:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:a1:18:81:20:be:4a:01:78:13:f8:8a:75:6a:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=962bd76a5cac283ece0a0f8eab2c97021401fb89
        Validity
            Not Before: Jan  1 20:18:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=534670ee7c59718ea58b6128c10a68ec65afc11c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:4a:8f:47:00:14:9a:2c:43:c1:af:0f:51:a4:
                    96:39:d2:c9:da:7d:cd:bd:4f:8f:3c:5b:d5:b5:52:
                    fa:7a:cd:1f:53:22:ef:93:c5:98:ce:d2:8e:94:5c:
                    25:ce:f0:3a:98:16:b3:f2:0f:1f:16:14:7e:ef:e6:
                    a2:a1:1f:27:4f:fe:e5:cf:0c:f9:33:b8:0f:9a:48:
                    d4:41:f0:cf:5b:ba:bd:40:c9:cb:19:c3:09:9f:32:
                    43:35:10:86:8a:f9:04:69:dd:9d:2d:eb:2c:2e:7a:
                    47:d1:77:f1:05:29:fc:cd:c0:61:b4:cb:20:59:48:
                    05:13:9e:48:aa:78:45:2b:c3:3c:b3:e0:e6:6b:26:
                    a3:f3:95:cd:b1:01:31:82:72:50:03:37:24:12:41:
                    b4:21:57:f7:d5:70:a6:8a:4a:78:02:5c:9b:1a:91:
                    31:87:d4:0c:18:01:55:92:08:79:a9:6b:b2:6e:35:
                    39:3b:c5:8b:8b:80:eb:8b:65:5f:9e:12:57:49:6a:
                    a0:46:90:bf:0b:be:b0:85:53:14:28:6c:39:91:0d:
                    99:73:d4:ca:fa:8d:28:f0:ca:22:56:60:8b:57:fe:
                    a2:63:b4:b5:e1:12:75:7c:b0:74:86:54:78:bd:f9:
                    c2:a6:df:d2:3a:ea:f3:a8:5c:70:bc:d3:61:ff:63:
                    2c:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:46:70:EE:7C:59:71:8E:A5:8B:61:28:C1:0A:68:EC:65:AF:C1:1C
            X509v3 Authority Key Identifier:
                keyid:96:2B:D7:6A:5C:AC:28:3E:CE:0A:0F:8E:AB:2C:97:02:14:01:FB:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/livXalysKD7OCg-OqyyXAhQB-4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/U0Zw7nxZcY6li2EowQpo7GWvwRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/046460-102c-4930-842c-6ab11155f6fb/1/livXalysKD7OCg-OqyyXAhQB-4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:30:fb:c9:12:2b:a0:62:56:97:bc:7d:46:7c:12:f8:16:fe:
         e3:50:25:d9:0e:51:d1:72:ba:8a:1c:6b:c3:0c:05:77:ff:3e:
         8b:f9:57:a4:86:4a:70:c3:93:2d:59:15:df:32:08:60:fb:85:
         f0:dd:e6:c7:9f:47:b8:e0:95:29:67:72:a2:9a:1d:1a:2e:fb:
         57:76:76:9f:a0:d1:6e:7c:44:c2:9c:a8:09:f7:4e:56:e1:7c:
         ba:12:2a:0f:43:b0:5c:ad:4b:a1:e2:3f:90:d8:4e:b5:50:a8:
         77:3b:f9:76:69:5e:8a:40:83:d5:b5:1c:a0:e9:ff:69:f4:cd:
         7e:29:99:29:72:8a:67:51:1b:42:52:14:fa:56:3c:5e:ef:a5:
         10:48:25:39:1c:2a:b1:36:15:5b:88:bc:71:e3:4e:94:d6:24:
         ec:f5:23:68:ba:e5:21:d1:bd:88:6d:b3:1c:48:e2:aa:32:a6:
         de:40:4d:83:de:6c:a5:4f:d6:ba:e9:46:ba:16:e2:93:19:9e:
         91:2a:87:33:70:11:cd:0b:8d:4b:3d:c3:35:5a:70:77:82:b8:
         32:88:d7:33:60:e5:5c:2f:7f:08:12:a7:67:78:44:3c:f1:fa:
         97:fd:52:82:b6:14:02:3f:38:f4:54:ce:41:38:07:1a:22:fa:
         78:54:74:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NqEYgSC+SgF4E/iKdWrrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MmJkNzZhNWNhYzI4M2VjZTBhMGY4ZWFiMmM5NzAyMTQw
MWZiODkwHhcNMjYwMTAxMjAxODU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzQ2NzBlZTdjNTk3MThlYTU4YjYxMjhjMTBhNjhlYzY1YWZjMTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEqPRwAUmixDwa8PUaSWOdLJ2n3N
vU+PPFvVtVL6es0fUyLvk8WYztKOlFwlzvA6mBaz8g8fFhR+7+aioR8nT/7lzwz5
M7gPmkjUQfDPW7q9QMnLGcMJnzJDNRCGivkEad2dLessLnpH0XfxBSn8zcBhtMsg
WUgFE55IqnhFK8M8s+Dmayaj85XNsQExgnJQAzckEkG0IVf31XCmikp4AlybGpEx
h9QMGAFVkgh5qWuybjU5O8WLi4Dri2VfnhJXSWqgRpC/C76whVMUKGw5kQ2Zc9TK
+o0o8MoiVmCLV/6iY7S14RJ1fLB0hlR4vfnCpt/SOurzqFxwvNNh/2MsvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFNGcO58WXGOpYthKMEKaOxlr8EcMB8GA1UdIwQY
MBaAFJYr12pcrCg+zgoPjqsslwIUAfuJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGl2WGFseXNLRDdPQ2ctT3F5eVhBaFFCLTRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8wNDY0NjAtMTAyYy00OTMwLTg0MmMt
NmFiMTExNTVmNmZiLzEvVTBadzdueFpjWTZsaTJFb3dRcG83R1d2d1J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8wNDY0NjAtMTAyYy00OTMwLTg0MmMtNmFiMTExNTVmNmZi
LzEvbGl2WGFseXNLRDdPQ2ctT3F5eVhBaFFCLTRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcs0MA0G
CSqGSIb3DQEBCwUAA4IBAQBgMPvJEiugYlaXvH1GfBL4Fv7jUCXZDlHRcrqKHGvD
DAV3/z6L+Vekhkpww5MtWRXfMghg+4Xw3ebHn0e44JUpZ3Kimh0aLvtXdnafoNFu
fETCnKgJ905W4Xy6EioPQ7BcrUuh4j+Q2E61UKh3O/l2aV6KQIPVtRyg6f9p9M1+
KZkpcopnURtCUhT6Vjxe76UQSCU5HCqxNhVbiLxx406U1iTs9SNouuUh0b2IbbMc
SOKqMqbeQE2D3mylT9a66Ua6FuKTGZ6RKoczcBHNC41LPcM1WnB3grgyiNczYOVc
L38IEqdneEQ88fqX/VKCthQCPzj0VM5BOAcaIvp4VHQ/
-----END CERTIFICATE-----
Generated at Wed Jan 21 02:50:06 2026 by rpki-client