This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/Uy72jUxgOXJIgs7T4DZejwWDKy4.roa
File:                     Uy72jUxgOXJIgs7T4DZejwWDKy4.roa (raw, json)
Hash identifier:          e+N6lBT3rf/haiXAn+O11QG5l4fWSj8f+0jPE8bUCC4=
Subject key identifier:   53:2E:F6:8D:4C:60:39:72:48:82:CE:D3:E0:36:5E:8F:05:83:2B:2E
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019B77C6F7A96EACD2848FFD13E106BFADE0
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/Uy72jUxgOXJIgs7T4DZejwWDKy4.roa
Signing time:             Thu 01 Jan 2026 04:18:06 +0000
ROA not before:           Thu 01 Jan 2026 04:18:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7018
IP address blocks:        152.89.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 03:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:f7:a9:6e:ac:d2:84:8f:fd:13:e1:06:bf:ad:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jan  1 04:18:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=532ef68d4c6039724882ced3e0365e8f05832b2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:20:ce:7b:8d:43:25:2a:26:6a:22:a8:83:22:
                    78:dc:91:2b:88:60:11:08:3e:11:cd:76:e1:ee:ef:
                    d8:f8:33:1b:a2:e5:f9:6c:fd:d2:3d:4e:e0:c2:74:
                    6c:18:77:89:c4:91:3e:72:4c:39:83:b1:e0:88:df:
                    64:0f:85:36:15:d4:c3:cd:3d:76:62:ea:6f:2a:94:
                    8e:98:57:f4:03:b0:5a:9e:79:0a:5a:44:26:57:79:
                    ee:e2:e3:a4:b9:05:94:1f:35:da:54:0f:5e:92:bc:
                    7f:a2:f0:2f:aa:1b:ae:c3:91:d8:ef:a0:ab:2b:75:
                    b2:aa:46:f3:54:48:71:91:39:09:29:25:b7:8d:3a:
                    6f:ba:9a:dd:e5:dd:ea:4f:22:26:42:8b:3f:80:0f:
                    0d:79:16:9f:84:aa:57:6e:9e:72:ed:db:a4:b2:d1:
                    b9:62:9e:65:c6:20:38:b7:f4:fd:4c:c5:cd:75:98:
                    95:0a:a8:76:c3:af:5f:ff:3b:23:8f:80:b1:b2:d0:
                    a4:ef:44:1a:7e:9e:b7:1e:ec:ff:0a:b2:a9:d7:00:
                    0d:64:df:43:1b:68:2d:81:f9:89:b3:1c:20:8b:4a:
                    d7:a5:da:8c:1b:e1:b0:5c:b7:d5:a7:50:36:f6:2a:
                    af:8c:44:4e:70:84:ec:59:01:4d:bf:99:69:74:cb:
                    12:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:2E:F6:8D:4C:60:39:72:48:82:CE:D3:E0:36:5E:8F:05:83:2B:2E
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/Uy72jUxgOXJIgs7T4DZejwWDKy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:ce:70:1e:a5:f2:cf:2b:d1:ea:27:03:d6:21:87:63:ba:f3:
         f9:77:d3:24:02:a5:23:90:84:aa:70:07:a8:a5:72:a2:6c:b8:
         13:79:e5:c9:47:29:87:38:41:86:f3:9b:8e:9f:14:25:e0:22:
         92:a3:e0:55:88:49:bc:66:31:fa:37:58:93:28:86:12:88:48:
         82:39:15:39:b5:0a:89:30:e5:d7:ca:33:1f:7b:98:e9:6a:af:
         75:71:3a:9c:6d:04:2d:4e:25:66:3a:30:64:44:05:44:ad:39:
         c8:fa:89:1b:a5:91:6e:cc:ad:ae:3a:2b:69:53:55:b0:e0:65:
         cc:24:a3:ee:87:1a:ef:1c:a2:f1:4f:1e:53:fa:dd:61:5d:83:
         2a:53:91:1c:f5:41:04:b3:80:29:1b:86:66:cd:b0:34:e4:9d:
         b8:26:56:38:14:fd:16:55:22:60:5b:78:3e:37:f6:3e:c6:e5:
         a8:60:d2:0d:ab:08:93:d4:af:ee:39:25:fe:18:62:90:ba:7c:
         7c:00:b7:6f:55:89:b1:19:94:1c:2f:2d:7c:ed:26:73:c6:8d:
         22:41:9c:78:2a:74:81:85:f5:72:57:a9:52:1b:a7:d7:ab:5b:
         21:ff:74:64:da:e6:26:5d:7d:6c:bf:76:b9:0d:ea:55:ae:7b:
         0a:30:7d:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xvepbqzShI/9E+EGv63gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjYwMTAxMDQxODA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzJlZjY4ZDRjNjAzOTcyNDg4MmNlZDNlMDM2NWU4ZjA1ODMyYjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCDOe41DJSomaiKogyJ43JEriGAR
CD4RzXbh7u/Y+DMbouX5bP3SPU7gwnRsGHeJxJE+ckw5g7HgiN9kD4U2FdTDzT12
YupvKpSOmFf0A7BannkKWkQmV3nu4uOkuQWUHzXaVA9ekrx/ovAvqhuuw5HY76Cr
K3WyqkbzVEhxkTkJKSW3jTpvuprd5d3qTyImQos/gA8NeRafhKpXbp5y7dukstG5
Yp5lxiA4t/T9TMXNdZiVCqh2w69f/zsjj4CxstCk70Qafp63Huz/CrKp1wANZN9D
G2gtgfmJsxwgi0rXpdqMG+GwXLfVp1A29iqvjEROcITsWQFNv5lpdMsScwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMu9o1MYDlySILO0+A2Xo8FgysuMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvVXk3MmpVeGdPWEpJZ3M3VDREWmVqd1dES3k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmFnBMA0G
CSqGSIb3DQEBCwUAA4IBAQAPznAepfLPK9HqJwPWIYdjuvP5d9MkAqUjkISqcAeo
pXKibLgTeeXJRymHOEGG85uOnxQl4CKSo+BViEm8ZjH6N1iTKIYSiEiCORU5tQqJ
MOXXyjMfe5jpaq91cTqcbQQtTiVmOjBkRAVErTnI+okbpZFuzK2uOitpU1Ww4GXM
JKPuhxrvHKLxTx5T+t1hXYMqU5Ec9UEEs4ApG4ZmzbA05J24JlY4FP0WVSJgW3g+
N/Y+xuWoYNINqwiT1K/uOSX+GGKQunx8ALdvVYmxGZQcLy187SZzxo0iQZx4KnSB
hfVyV6lSG6fXq1sh/3Rk2uYmXX1sv3a5DepVrnsKMH30
-----END CERTIFICATE-----