This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/UR6uwREL5KobWoJmnbUSRPPtEIE.roa
File:                     UR6uwREL5KobWoJmnbUSRPPtEIE.roa (raw, json)
Hash identifier:          BxODRoCX/f5maRcRhExvAwmriU7GMQVyefmdmr+20HI=
Subject key identifier:   51:1E:AE:C1:11:0B:E4:AA:1B:5A:82:66:9D:B5:12:44:F3:ED:10:81
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       019B7BA54F67FE3ABDADBE4768E51D122B41
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/UR6uwREL5KobWoJmnbUSRPPtEIE.roa
Signing time:             Thu 01 Jan 2026 22:19:49 +0000
ROA not before:           Thu 01 Jan 2026 22:19:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207826
IP address blocks:        94.236.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:4f:67:fe:3a:bd:ad:be:47:68:e5:1d:12:2b:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 22:19:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=511eaec1110be4aa1b5a82669db51244f3ed1081
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:b3:0d:76:be:ab:b8:4e:2d:d8:3a:91:73:f7:
                    3c:18:31:1a:39:d5:6c:1c:03:a3:a8:d0:42:6b:a8:
                    4a:9d:84:26:2c:3c:a0:85:11:32:3c:31:11:bf:23:
                    b6:44:c8:cd:f9:50:99:36:fd:50:fd:00:40:6b:0f:
                    b8:be:0b:bf:7b:bf:b2:f6:5f:f7:e4:52:42:80:f5:
                    a6:ba:ff:df:8f:e2:4f:66:b7:39:a0:6b:25:4c:da:
                    eb:84:62:76:10:af:20:98:a1:80:66:fc:67:fe:98:
                    85:31:a4:7f:ef:30:2a:a5:b5:9d:2d:92:fa:22:d7:
                    e6:2e:74:42:f0:b5:1b:99:f6:30:74:22:1d:ef:da:
                    3d:21:91:5d:8c:fd:ce:de:1e:e4:ed:9a:34:cd:b8:
                    46:29:55:53:1f:95:5a:81:7b:48:a1:4c:b0:16:5c:
                    05:d6:e9:ff:1c:c0:0f:c4:da:32:3c:13:b9:3c:c8:
                    1d:04:56:17:3b:7a:94:a0:19:33:f7:dc:24:b4:a6:
                    bc:c0:55:20:05:64:35:5e:4e:52:b1:4e:33:e5:eb:
                    fc:4a:d6:46:49:9d:07:48:79:f6:ae:4a:2e:47:f9:
                    a2:f6:2f:7d:3d:48:37:1e:74:a0:b6:c7:6c:43:bc:
                    2a:fa:a9:fd:58:ea:84:15:ff:4b:31:8f:9c:1f:61:
                    23:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:1E:AE:C1:11:0B:E4:AA:1B:5A:82:66:9D:B5:12:44:F3:ED:10:81
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/UR6uwREL5KobWoJmnbUSRPPtEIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.236.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:1b:74:44:01:7f:ae:58:7e:b1:41:12:c0:71:52:f3:b0:80:
         b7:4a:00:7f:32:e1:e6:2a:ad:31:87:14:65:e0:50:32:ef:7d:
         64:41:f6:71:db:07:19:eb:13:f3:e4:49:4d:3b:9f:2c:0b:0c:
         4f:1e:8c:0a:b3:ae:7e:5f:61:8f:60:36:19:1b:12:c4:43:8d:
         8a:02:c3:18:9a:10:4d:ff:f0:d8:d1:62:52:73:7d:76:b8:a7:
         92:13:3c:68:d7:fa:0e:98:14:fe:b0:cd:bc:b8:79:eb:d7:6b:
         0c:10:e2:c7:f0:90:6b:47:62:ea:4b:49:49:f2:f2:1f:a6:12:
         36:7f:4d:54:8b:66:07:cc:dd:00:be:ed:2f:4b:78:53:dd:d9:
         66:b1:6d:c2:4b:b2:99:ae:3b:64:78:14:df:1c:35:b0:ce:0f:
         8e:30:0f:8c:71:c1:49:92:ae:eb:07:8d:df:10:91:b5:3c:db:
         5e:28:83:2d:c1:26:0a:57:d9:ec:88:c1:34:c5:7c:aa:9f:f1:
         17:f4:ad:e2:f2:1b:06:32:71:79:ce:38:49:f0:1e:7a:03:58:
         17:ce:85:c3:fc:04:5f:d4:03:81:33:a5:67:25:f1:47:93:c8:
         dd:d4:a0:c3:49:98:8a:6b:37:de:10:25:fd:cb:0d:ac:73:aa:
         80:6b:a3:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pU9n/jq9rb5HaOUdEitBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjYwMTAxMjIxOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTFlYWVjMTExMGJlNGFhMWI1YTgyNjY5ZGI1MTI0NGYzZWQxMDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLMNdr6ruE4t2DqRc/c8GDEaOdVs
HAOjqNBCa6hKnYQmLDyghREyPDERvyO2RMjN+VCZNv1Q/QBAaw+4vgu/e7+y9l/3
5FJCgPWmuv/fj+JPZrc5oGslTNrrhGJ2EK8gmKGAZvxn/piFMaR/7zAqpbWdLZL6
ItfmLnRC8LUbmfYwdCId79o9IZFdjP3O3h7k7Zo0zbhGKVVTH5VagXtIoUywFlwF
1un/HMAPxNoyPBO5PMgdBFYXO3qUoBkz99wktKa8wFUgBWQ1Xk5SsU4z5ev8StZG
SZ0HSHn2rkouR/mi9i99PUg3HnSgtsdsQ7wq+qn9WOqEFf9LMY+cH2EjqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEersERC+SqG1qCZp21EkTz7RCBMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvVVI2dXdSRUw1S29iV29KbW5iVVNSUFB0RUlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXuypMA0G
CSqGSIb3DQEBCwUAA4IBAQB8G3REAX+uWH6xQRLAcVLzsIC3SgB/MuHmKq0xhxRl
4FAy731kQfZx2wcZ6xPz5ElNO58sCwxPHowKs65+X2GPYDYZGxLEQ42KAsMYmhBN
//DY0WJSc312uKeSEzxo1/oOmBT+sM28uHnr12sMEOLH8JBrR2LqS0lJ8vIfphI2
f01Ui2YHzN0Avu0vS3hT3dlmsW3CS7KZrjtkeBTfHDWwzg+OMA+MccFJkq7rB43f
EJG1PNteKIMtwSYKV9nsiME0xXyqn/EX9K3i8hsGMnF5zjhJ8B56A1gXzoXD/ARf
1AOBM6VnJfFHk8jd1KDDSZiKazfeECX9yw2sc6qAa6Nk
-----END CERTIFICATE-----