This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/mVUhdqE7hcA0le_d6ymd2CID8DY.roa
File:                     mVUhdqE7hcA0le_d6ymd2CID8DY.roa (raw, json)
Hash identifier:          97G9zAk7tXQNE9rzt6hjEV/ptWRz2qHWqcT99lqKzA8=
Subject key identifier:   99:55:21:76:A1:3B:85:C0:34:95:EF:DD:EB:29:9D:D8:22:03:F0:36
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       019B7CEE018C4DA1044E3F8ACC897E026F0D
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/mVUhdqE7hcA0le_d6ymd2CID8DY.roa
Signing time:             Fri 02 Jan 2026 04:18:51 +0000
ROA not before:           Fri 02 Jan 2026 04:18:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        81.29.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:01:8c:4d:a1:04:4e:3f:8a:cc:89:7e:02:6f:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Jan  2 04:18:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=99552176a13b85c03495efddeb299dd82203f036
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:43:e3:bd:7b:b4:6b:a0:04:3e:b5:21:67:5f:
                    2e:7e:c6:20:32:81:31:07:87:1b:50:07:67:d9:94:
                    f1:a0:6f:aa:3c:bb:bb:64:68:e8:31:40:df:a9:d6:
                    70:65:73:57:d6:d3:f3:ae:f5:9a:4a:0c:45:6e:44:
                    20:48:73:c7:66:fb:e1:94:1a:84:c5:59:af:5a:41:
                    6b:65:a2:55:c2:e0:dd:eb:59:31:cb:05:4f:d8:68:
                    aa:a8:47:73:58:4c:58:68:22:40:f8:73:dc:ee:25:
                    dc:7a:04:79:75:b4:9c:69:40:a2:8a:5b:a4:cb:6c:
                    ad:9c:06:74:37:26:ef:55:8e:ab:5b:2c:25:9f:74:
                    46:3e:0a:80:39:22:4d:f2:a9:96:31:c1:60:bd:2c:
                    70:2f:c2:2a:46:bd:c9:1c:ec:bc:0a:39:ca:2b:97:
                    65:41:58:ac:8f:64:3f:a9:c8:a8:24:08:d1:31:1e:
                    38:5d:96:99:07:10:f2:88:a7:e8:97:fc:cf:0a:4a:
                    ea:63:f7:e5:fe:76:2e:bf:a9:fb:5f:20:88:ec:ab:
                    d6:e1:82:82:d0:5d:df:17:86:42:1d:2a:7d:fc:91:
                    77:ee:98:79:4b:ac:38:da:7d:24:e8:21:7a:ae:73:
                    ba:e5:27:a1:7a:4b:4c:e3:d0:c7:5f:1d:53:87:fb:
                    2c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:55:21:76:A1:3B:85:C0:34:95:EF:DD:EB:29:9D:D8:22:03:F0:36
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/mVUhdqE7hcA0le_d6ymd2CID8DY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.29.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:28:ce:89:90:54:76:72:f9:02:00:c0:79:e7:f8:1c:72:1a:
         13:c0:b2:9c:f3:43:a4:31:6e:31:68:e1:9d:50:3a:0b:55:78:
         0d:81:60:7a:76:56:4f:a2:74:c2:71:44:82:e2:fc:be:56:cb:
         5f:50:64:72:1f:86:71:d9:79:80:a1:27:0c:f0:64:9c:20:07:
         c0:3d:32:db:1d:98:b8:00:43:4c:10:91:d6:44:4a:90:51:b8:
         cc:7c:9c:10:1d:3f:e1:1e:e4:85:62:02:3f:9e:7b:32:82:cc:
         4d:fd:83:c8:44:58:7c:23:48:5f:39:0a:bc:9f:23:68:b8:72:
         7d:67:8e:67:f8:99:60:3a:86:de:56:35:fb:58:cd:8b:28:e1:
         a8:2f:73:e2:1a:97:ac:37:6b:f5:6c:14:6f:a6:c3:f9:54:43:
         d7:ed:27:b5:39:04:5a:58:0c:ca:f3:21:a3:6a:1c:20:59:16:
         15:24:67:d4:af:43:e5:e6:be:8f:91:bf:45:d5:61:70:85:16:
         c1:16:06:1a:b2:f8:c1:ca:74:2a:21:24:39:97:33:d0:99:c0:
         10:d1:12:3f:85:6e:37:60:66:1a:df:74:49:a9:50:05:f0:03:
         28:07:7b:6d:04:b7:06:44:f6:85:e1:32:bd:69:2c:cd:7b:c8:
         18:00:b3:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87gGMTaEETj+KzIl+Am8NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjYwMTAyMDQxODUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTU1MjE3NmExM2I4NWMwMzQ5NWVmZGRlYjI5OWRkODIyMDNmMDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUPjvXu0a6AEPrUhZ18ufsYgMoEx
B4cbUAdn2ZTxoG+qPLu7ZGjoMUDfqdZwZXNX1tPzrvWaSgxFbkQgSHPHZvvhlBqE
xVmvWkFrZaJVwuDd61kxywVP2GiqqEdzWExYaCJA+HPc7iXcegR5dbScaUCiiluk
y2ytnAZ0NybvVY6rWywln3RGPgqAOSJN8qmWMcFgvSxwL8IqRr3JHOy8CjnKK5dl
QVisj2Q/qcioJAjRMR44XZaZBxDyiKfol/zPCkrqY/fl/nYuv6n7XyCI7KvW4YKC
0F3fF4ZCHSp9/JF37ph5S6w42n0k6CF6rnO65SehektM49DHXx1Th/ssOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJlVIXahO4XANJXv3espndgiA/A2MB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvbVZVaGRxRTdoY0EwbGVfZDZ5bWQyQ0lEOERZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR2YMA0G
CSqGSIb3DQEBCwUAA4IBAQBMKM6JkFR2cvkCAMB55/gcchoTwLKc80OkMW4xaOGd
UDoLVXgNgWB6dlZPonTCcUSC4vy+VstfUGRyH4Zx2XmAoScM8GScIAfAPTLbHZi4
AENMEJHWREqQUbjMfJwQHT/hHuSFYgI/nnsygsxN/YPIRFh8I0hfOQq8nyNouHJ9
Z45n+JlgOobeVjX7WM2LKOGoL3PiGpesN2v1bBRvpsP5VEPX7Se1OQRaWAzK8yGj
ahwgWRYVJGfUr0Pl5r6Pkb9F1WFwhRbBFgYasvjBynQqISQ5lzPQmcAQ0RI/hW43
YGYa33RJqVAF8AMoB3ttBLcGRPaF4TK9aSzNe8gYALNg
-----END CERTIFICATE-----