This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/070032-0bb3-4352-89eb-4913a0ca7409/1/68UPM5ZsmGXwMBAVn_8jUY1Fadg.roa
File:                     68UPM5ZsmGXwMBAVn_8jUY1Fadg.roa (raw, json)
Hash identifier:          qNT09TFbUdpw52OzRnw8hL/bLyTOL8P2XrG/BC2dS1I=
Subject key identifier:   EB:C5:0F:33:96:6C:98:65:F0:30:10:15:9F:FF:23:51:8D:45:69:D8
Certificate issuer:       /CN=a5c106023c495904b040acb9978f4fa3b0c5e2dc
Certificate serial:       019B7FF159338CBC11C2C5C1B00589686F92
Authority key identifier: A5:C1:06:02:3C:49:59:04:B0:40:AC:B9:97:8F:4F:A3:B0:C5:E2:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pcEGAjxJWQSwQKy5l49Po7DF4tw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/070032-0bb3-4352-89eb-4913a0ca7409/1/68UPM5ZsmGXwMBAVn_8jUY1Fadg.roa
Signing time:             Fri 02 Jan 2026 18:21:21 +0000
ROA not before:           Fri 02 Jan 2026 18:21:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41345
IP address blocks:        193.37.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/070032-0bb3-4352-89eb-4913a0ca7409/1/pcEGAjxJWQSwQKy5l49Po7DF4tw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/070032-0bb3-4352-89eb-4913a0ca7409/1/pcEGAjxJWQSwQKy5l49Po7DF4tw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pcEGAjxJWQSwQKy5l49Po7DF4tw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:59:33:8c:bc:11:c2:c5:c1:b0:05:89:68:6f:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5c106023c495904b040acb9978f4fa3b0c5e2dc
        Validity
            Not Before: Jan  2 18:21:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ebc50f33966c9865f03010159fff23518d4569d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f0:54:ef:b7:b3:72:3c:51:87:d9:0a:c4:ec:
                    2f:ab:5c:7b:06:9a:96:3e:e3:b5:b6:fd:36:a7:3c:
                    38:8d:e8:e3:3d:c9:e6:14:34:58:bb:e4:bb:9c:af:
                    7e:37:0b:d1:7e:e8:31:86:3f:9c:11:67:04:25:c0:
                    ad:dd:00:15:e1:e1:42:54:44:46:b9:95:0c:57:37:
                    20:93:ce:dc:df:9e:0e:38:14:fd:43:61:f0:e8:92:
                    b2:de:61:01:b9:ce:a6:f9:48:8a:94:cd:78:79:93:
                    e8:db:68:b6:0f:53:82:8d:34:98:18:82:e2:89:26:
                    95:2e:a2:1c:8b:fd:89:25:e0:c9:81:e2:73:a9:36:
                    29:e7:47:3a:10:6a:af:e1:49:31:85:23:b5:1e:00:
                    13:ca:7f:e7:fb:a4:95:f3:aa:28:a2:6e:43:d2:2d:
                    08:2a:9c:48:4d:f6:26:07:06:b6:c3:d2:17:25:cf:
                    37:12:9e:59:70:49:1b:16:96:29:73:3d:64:35:38:
                    b7:04:07:cf:66:da:c8:a0:1c:67:a0:d8:6b:f3:e0:
                    d2:ab:d0:fc:01:70:d2:70:f4:20:f6:84:29:2e:46:
                    68:49:cd:5f:3d:a7:60:f6:da:f6:ae:03:c8:47:d5:
                    53:68:42:e5:97:38:1d:5b:09:90:dc:3a:bd:fd:a2:
                    ac:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:C5:0F:33:96:6C:98:65:F0:30:10:15:9F:FF:23:51:8D:45:69:D8
            X509v3 Authority Key Identifier:
                keyid:A5:C1:06:02:3C:49:59:04:B0:40:AC:B9:97:8F:4F:A3:B0:C5:E2:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pcEGAjxJWQSwQKy5l49Po7DF4tw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/070032-0bb3-4352-89eb-4913a0ca7409/1/68UPM5ZsmGXwMBAVn_8jUY1Fadg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/070032-0bb3-4352-89eb-4913a0ca7409/1/pcEGAjxJWQSwQKy5l49Po7DF4tw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:66:c3:e6:27:d1:62:d3:de:b9:8f:47:af:90:f1:a0:e6:bb:
         c3:4f:f3:41:6f:c9:3a:ac:e3:6f:27:56:20:45:31:10:41:f5:
         b6:d8:37:fd:e4:76:ce:42:9e:e4:ec:51:51:7d:a5:c0:69:9b:
         f6:e7:11:f3:f4:3e:80:19:40:5e:33:65:6a:4c:2b:b7:dc:51:
         3f:82:f1:52:d3:70:23:e6:80:46:4a:27:29:66:5d:f7:33:8f:
         17:28:ca:3e:cc:ca:37:3e:48:c3:d1:e7:af:97:4f:08:3a:58:
         a7:a3:af:1c:4f:33:01:38:db:fe:1f:e7:ec:2b:9c:65:7e:9e:
         79:4c:6f:a3:04:e5:3d:0b:9b:52:a4:45:19:de:8e:77:e9:dd:
         86:af:5e:5a:ab:4f:57:22:70:e4:27:11:80:7f:f7:75:d7:cb:
         fa:2c:4f:9d:25:49:ab:92:7f:43:bd:85:ec:17:c8:48:a0:6a:
         ce:49:b0:bc:02:c2:75:60:38:c1:2a:e1:d4:f6:e9:8b:76:60:
         85:c7:e3:28:36:27:cb:7a:0e:31:df:e1:63:e2:22:36:e8:66:
         47:67:5e:bd:8a:54:6d:f9:5f:c4:f6:4b:5a:50:2f:fb:e9:d6:
         77:c3:25:d8:12:c5:59:8e:e7:bc:c1:65:60:53:d0:aa:8c:c2:
         df:8f:20:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8VkzjLwRwsXBsAWJaG+SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YzEwNjAyM2M0OTU5MDRiMDQwYWNiOTk3OGY0ZmEzYjBj
NWUyZGMwHhcNMjYwMTAyMTgyMTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmM1MGYzMzk2NmM5ODY1ZjAzMDEwMTU5ZmZmMjM1MThkNDU2OWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfBU77ezcjxRh9kKxOwvq1x7BpqW
PuO1tv02pzw4jejjPcnmFDRYu+S7nK9+NwvRfugxhj+cEWcEJcCt3QAV4eFCVERG
uZUMVzcgk87c354OOBT9Q2Hw6JKy3mEBuc6m+UiKlM14eZPo22i2D1OCjTSYGILi
iSaVLqIci/2JJeDJgeJzqTYp50c6EGqv4UkxhSO1HgATyn/n+6SV86ooom5D0i0I
KpxITfYmBwa2w9IXJc83Ep5ZcEkbFpYpcz1kNTi3BAfPZtrIoBxnoNhr8+DSq9D8
AXDScPQg9oQpLkZoSc1fPadg9tr2rgPIR9VTaELllzgdWwmQ3Dq9/aKsOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvFDzOWbJhl8DAQFZ//I1GNRWnYMB8GA1UdIwQY
MBaAFKXBBgI8SVkEsECsuZePT6OwxeLcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGNFR0FqeEpXUVN3UUt5NWw0OVBvN0RGNHR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8wNzAwMzItMGJiMy00MzUyLTg5ZWIt
NDkxM2EwY2E3NDA5LzEvNjhVUE01WnNtR1h3TUJBVm5fOGpVWTFGYWRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8wNzAwMzItMGJiMy00MzUyLTg5ZWItNDkxM2EwY2E3NDA5
LzEvcGNFR0FqeEpXUVN3UUt5NWw0OVBvN0RGNHR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSWZMA0G
CSqGSIb3DQEBCwUAA4IBAQCpZsPmJ9Fi0965j0evkPGg5rvDT/NBb8k6rONvJ1Yg
RTEQQfW22Df95HbOQp7k7FFRfaXAaZv25xHz9D6AGUBeM2VqTCu33FE/gvFS03Aj
5oBGSicpZl33M48XKMo+zMo3PkjD0eevl08IOlino68cTzMBONv+H+fsK5xlfp55
TG+jBOU9C5tSpEUZ3o536d2Gr15aq09XInDkJxGAf/d118v6LE+dJUmrkn9DvYXs
F8hIoGrOSbC8AsJ1YDjBKuHU9umLdmCFx+MoNifLeg4x3+Fj4iI26GZHZ169ilRt
+V/E9ktaUC/76dZ3wyXYEsVZjue8wWVgU9CqjMLfjyCP
-----END CERTIFICATE-----