This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/a5fc11-72b4-4f9d-aa45-a2a5a8d99db8/1/cBMWof3fzl2WvO-9iPNkwKq65UE.roa
File:                     cBMWof3fzl2WvO-9iPNkwKq65UE.roa (raw, json)
Hash identifier:          l4uhlHM36IRywwsHUvPgf8xitbWlb3IF/+WuiPml4uE=
Subject key identifier:   70:13:16:A1:FD:DF:CE:5D:96:BC:EF:BD:88:F3:64:C0:AA:BA:E5:41
Certificate issuer:       /CN=baf79127ee34a3aee9079c8e9799c40f0dc8dca2
Certificate serial:       019B76EB496158FB4DE6F533714E2F547CC2
Authority key identifier: BA:F7:91:27:EE:34:A3:AE:E9:07:9C:8E:97:99:C4:0F:0D:C8:DC:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uveRJ-40o67pB5yOl5nEDw3I3KI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/a5fc11-72b4-4f9d-aa45-a2a5a8d99db8/1/cBMWof3fzl2WvO-9iPNkwKq65UE.roa
Signing time:             Thu 01 Jan 2026 00:18:09 +0000
ROA not before:           Thu 01 Jan 2026 00:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30873
IP address blocks:        185.71.132.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/a5fc11-72b4-4f9d-aa45-a2a5a8d99db8/1/uveRJ-40o67pB5yOl5nEDw3I3KI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/a5fc11-72b4-4f9d-aa45-a2a5a8d99db8/1/uveRJ-40o67pB5yOl5nEDw3I3KI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uveRJ-40o67pB5yOl5nEDw3I3KI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:49:61:58:fb:4d:e6:f5:33:71:4e:2f:54:7c:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=baf79127ee34a3aee9079c8e9799c40f0dc8dca2
        Validity
            Not Before: Jan  1 00:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=701316a1fddfce5d96bcefbd88f364c0aabae541
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:1a:bf:6f:44:b5:2a:82:07:43:6c:30:df:45:
                    5d:b9:51:b0:4a:ba:0f:c6:94:6c:36:01:dd:1f:b2:
                    88:42:e1:27:3a:ab:71:3e:d1:94:cc:ab:ad:90:eb:
                    05:bf:58:9c:65:b6:e4:1d:a5:6f:44:e7:f8:86:54:
                    04:10:64:fc:28:02:bb:69:19:3b:43:4c:f5:93:27:
                    6d:d9:0b:2f:88:07:43:03:84:39:b6:3d:44:e9:87:
                    9f:a4:d5:a5:5c:88:6f:50:56:cd:b6:13:cf:8d:48:
                    ec:de:60:ee:71:d5:b8:bf:4b:6e:89:65:7b:9f:5d:
                    9d:a0:16:ce:7b:4f:4c:d8:17:a8:be:dc:ad:f9:3f:
                    ab:ed:d8:45:53:b0:19:61:92:01:f3:db:b6:81:b3:
                    f7:f2:bd:4f:02:2f:de:4f:e9:51:16:0a:d7:28:1d:
                    a3:61:d3:cf:18:7d:f4:54:4b:56:38:c5:5b:05:0c:
                    8e:eb:d7:5e:c9:ab:ed:16:35:12:8b:08:26:aa:87:
                    11:74:12:45:23:59:68:4c:04:28:a0:7b:64:fc:42:
                    1d:ad:76:4e:f1:ac:8b:60:7c:e9:84:0f:6d:cc:3f:
                    52:24:32:36:03:92:98:22:74:1c:70:59:a5:40:95:
                    c7:65:65:29:e2:b2:0e:95:8a:02:e9:d2:05:14:83:
                    94:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:13:16:A1:FD:DF:CE:5D:96:BC:EF:BD:88:F3:64:C0:AA:BA:E5:41
            X509v3 Authority Key Identifier:
                keyid:BA:F7:91:27:EE:34:A3:AE:E9:07:9C:8E:97:99:C4:0F:0D:C8:DC:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uveRJ-40o67pB5yOl5nEDw3I3KI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/a5fc11-72b4-4f9d-aa45-a2a5a8d99db8/1/cBMWof3fzl2WvO-9iPNkwKq65UE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/a5fc11-72b4-4f9d-aa45-a2a5a8d99db8/1/uveRJ-40o67pB5yOl5nEDw3I3KI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4a:a0:b0:30:81:72:c3:50:cf:df:15:79:53:a8:11:b3:2c:96:
         ce:9b:d6:ec:d0:c0:2c:6b:d3:9a:c2:1e:53:4f:50:f7:90:8b:
         69:f5:f4:3b:49:7b:88:41:9c:7a:6a:87:d6:7a:1c:49:7b:91:
         65:5e:d6:be:71:ac:b9:0c:da:b7:b3:73:f9:bf:e0:82:f1:eb:
         f3:5a:2c:d6:b5:d5:db:70:3f:d0:95:da:47:f5:41:4b:82:ff:
         7b:8e:73:cd:35:df:b6:69:24:cd:42:fe:27:a4:2c:cd:ed:42:
         e0:0c:28:9c:96:d3:4d:06:1f:b1:54:e8:44:38:1a:36:0d:7a:
         16:b3:07:b2:20:ea:76:73:08:72:63:1a:94:82:01:aa:f4:8f:
         7d:09:f8:18:8c:c2:be:51:3c:97:8a:01:4e:87:2c:70:c8:ae:
         1a:e3:df:ff:ff:b9:65:ab:7e:ae:34:ca:e7:b9:40:e1:bf:29:
         2e:b1:fb:c2:3a:2a:8c:ea:33:74:6d:d2:5e:b9:52:c6:e3:03:
         74:cd:c8:84:bb:47:fe:66:90:89:42:11:f6:ea:cc:ae:3c:c5:
         8e:92:27:8e:4e:f0:61:02:5c:e5:15:59:ee:2b:76:26:93:f7:
         a8:74:85:9b:8b:48:57:51:5d:88:f5:54:21:1b:71:38:11:cd:
         ab:d3:ab:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt260lhWPtN5vUzcU4vVHzCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhZjc5MTI3ZWUzNGEzYWVlOTA3OWM4ZTk3OTljNDBmMGRj
OGRjYTIwHhcNMjYwMTAxMDAxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDEzMTZhMWZkZGZjZTVkOTZiY2VmYmQ4OGYzNjRjMGFhYmFlNTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBq/b0S1KoIHQ2ww30VduVGwSroP
xpRsNgHdH7KIQuEnOqtxPtGUzKutkOsFv1icZbbkHaVvROf4hlQEEGT8KAK7aRk7
Q0z1kydt2QsviAdDA4Q5tj1E6YefpNWlXIhvUFbNthPPjUjs3mDucdW4v0tuiWV7
n12doBbOe09M2Beovtyt+T+r7dhFU7AZYZIB89u2gbP38r1PAi/eT+lRFgrXKB2j
YdPPGH30VEtWOMVbBQyO69deyavtFjUSiwgmqocRdBJFI1loTAQooHtk/EIdrXZO
8ayLYHzphA9tzD9SJDI2A5KYInQccFmlQJXHZWUp4rIOlYoC6dIFFIOUBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHATFqH9385dlrzvvYjzZMCquuVBMB8GA1UdIwQY
MBaAFLr3kSfuNKOu6QecjpeZxA8NyNyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXZlUkotNDBvNjdwQjV5T2w1bkVEdzNJM0tJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9hNWZjMTEtNzJiNC00ZjlkLWFhNDUt
YTJhNWE4ZDk5ZGI4LzEvY0JNV29mM2Z6bDJXdk8tOWlQTmt3S3E2NVVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9hNWZjMTEtNzJiNC00ZjlkLWFhNDUtYTJhNWE4ZDk5ZGI4
LzEvdXZlUkotNDBvNjdwQjV5T2w1bkVEdzNJM0tJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUeEMA0G
CSqGSIb3DQEBCwUAA4IBAQBKoLAwgXLDUM/fFXlTqBGzLJbOm9bs0MAsa9Oawh5T
T1D3kItp9fQ7SXuIQZx6aofWehxJe5FlXta+cay5DNq3s3P5v+CC8evzWizWtdXb
cD/QldpH9UFLgv97jnPNNd+2aSTNQv4npCzN7ULgDCicltNNBh+xVOhEOBo2DXoW
sweyIOp2cwhyYxqUggGq9I99CfgYjMK+UTyXigFOhyxwyK4a49///7llq36uNMrn
uUDhvykusfvCOiqM6jN0bdJeuVLG4wN0zciEu0f+ZpCJQhH26syuPMWOkieOTvBh
AlzlFVnuK3Ymk/eodIWbi0hXUV2I9VQhG3E4Ec2r06tG
-----END CERTIFICATE-----