This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/7667be-9670-4701-99f0-a7814fc46e65/1/uPE6gLHMqb3nKE7DzMWRnUhenUA.roa
File:                     uPE6gLHMqb3nKE7DzMWRnUhenUA.roa (raw, json)
Hash identifier:          mtPIGYUxBY+70GNIt71oIf/x09iHAh2hPcdu0/0I5Nc=
Subject key identifier:   B8:F1:3A:80:B1:CC:A9:BD:E7:28:4E:C3:CC:C5:91:9D:48:5E:9D:40
Certificate issuer:       /CN=fc18ab34c5a2128ac4ae55c1af6def6534b3811d
Certificate serial:       019B4B258A2DC8229EF4E74B56AC55B52F41
Authority key identifier: FC:18:AB:34:C5:A2:12:8A:C4:AE:55:C1:AF:6D:EF:65:34:B3:81:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_BirNMWiEorErlXBr23vZTSzgR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/7667be-9670-4701-99f0-a7814fc46e65/1/uPE6gLHMqb3nKE7DzMWRnUhenUA.roa
Signing time:             Tue 23 Dec 2025 12:18:29 +0000
ROA not before:           Tue 23 Dec 2025 12:18:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203742
IP address blocks:        185.125.132.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/7667be-9670-4701-99f0-a7814fc46e65/1/_BirNMWiEorErlXBr23vZTSzgR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/7667be-9670-4701-99f0-a7814fc46e65/1/_BirNMWiEorErlXBr23vZTSzgR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_BirNMWiEorErlXBr23vZTSzgR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Dec 2025 11:47:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:4b:25:8a:2d:c8:22:9e:f4:e7:4b:56:ac:55:b5:2f:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc18ab34c5a2128ac4ae55c1af6def6534b3811d
        Validity
            Not Before: Dec 23 12:18:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b8f13a80b1cca9bde7284ec3ccc5919d485e9d40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:66:55:c5:3d:22:ee:37:6a:c7:5d:75:6b:ce:
                    cf:85:4a:38:26:41:df:fa:ee:83:5c:9e:4d:e1:aa:
                    94:d0:4f:8e:78:e5:46:ff:e8:f4:49:af:9d:14:b5:
                    a5:54:c0:65:9f:63:fd:78:ec:d8:79:2e:1f:87:12:
                    9c:ef:43:40:40:08:bd:29:3e:b2:c3:9f:51:59:6e:
                    27:c5:ca:3b:22:da:fc:7d:80:be:a9:d8:a6:bf:87:
                    ba:fd:a5:89:37:2d:43:da:b6:05:6f:7a:96:db:3a:
                    4c:2f:7e:fd:51:84:4a:ee:30:b0:bc:f0:a4:83:f7:
                    1c:06:9a:3d:7c:60:f0:bd:aa:27:65:6f:ea:4c:b1:
                    84:5c:b9:ff:48:2a:86:c1:85:ab:3f:b8:7d:b0:aa:
                    af:6b:c7:cd:93:b2:55:ea:15:d5:e7:ba:b6:2d:7d:
                    04:4e:6f:f9:8c:1a:36:15:1c:f2:0e:98:4d:78:5b:
                    26:b6:d9:9a:59:15:2d:18:bf:eb:c1:80:6f:9a:49:
                    2f:55:bf:ca:e3:93:41:d8:94:8c:e4:f4:d6:94:0a:
                    24:7f:cd:0c:f9:8e:dc:4e:82:7c:42:89:39:5a:79:
                    8e:7a:9e:b9:b4:21:94:ac:20:76:85:bc:70:e8:d5:
                    fe:2c:54:73:c8:e0:d8:78:02:ef:b9:bd:f1:ec:73:
                    28:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:F1:3A:80:B1:CC:A9:BD:E7:28:4E:C3:CC:C5:91:9D:48:5E:9D:40
            X509v3 Authority Key Identifier:
                keyid:FC:18:AB:34:C5:A2:12:8A:C4:AE:55:C1:AF:6D:EF:65:34:B3:81:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_BirNMWiEorErlXBr23vZTSzgR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7667be-9670-4701-99f0-a7814fc46e65/1/uPE6gLHMqb3nKE7DzMWRnUhenUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7667be-9670-4701-99f0-a7814fc46e65/1/_BirNMWiEorErlXBr23vZTSzgR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:91:4e:01:ab:c4:12:7d:aa:66:d0:d5:2d:81:c3:d4:f9:14:
         16:d3:a8:0f:00:3b:b0:0f:82:4f:b9:9d:aa:39:9e:a3:69:2a:
         07:4f:a8:dc:4f:f3:79:5e:f7:92:05:0e:04:84:45:04:7e:34:
         03:02:ee:d3:13:e5:55:8a:21:b1:cd:c5:b6:ac:19:c6:a5:75:
         ad:e3:87:dc:ae:c6:17:f6:e2:d3:89:c0:7f:7b:64:d7:ba:7c:
         40:9e:b4:16:f0:d3:58:22:7c:f7:5f:48:8a:16:84:ba:dd:73:
         37:f1:0b:57:15:79:f4:80:09:14:22:b2:74:5b:32:11:a0:99:
         73:78:c3:c8:4e:72:5f:1c:1b:5b:cb:07:6c:ed:74:57:fe:64:
         12:8f:5f:d5:00:b4:7b:4f:2d:ba:7a:37:dc:0f:3b:2d:c3:c0:
         0d:65:67:3b:ef:be:8a:15:6b:b4:0c:e8:50:e9:b4:74:d2:47:
         29:c3:50:2f:bb:27:0d:fb:da:a8:aa:fe:6d:64:fa:83:29:ce:
         53:9b:4d:1d:db:58:c1:76:1f:66:dc:36:78:13:dd:92:25:27:
         bf:61:69:f7:89:d7:42:9a:fa:08:31:e1:a5:1c:3f:4e:b5:ba:
         67:40:fa:b3:1d:4b:86:42:ef:87:d8:be:e8:ee:8b:23:72:7c:
         15:2b:8a:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZtLJYotyCKe9OdLVqxVtS9BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjMThhYjM0YzVhMjEyOGFjNGFlNTVjMWFmNmRlZjY1MzRi
MzgxMWQwHhcNMjUxMjIzMTIxODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGYxM2E4MGIxY2NhOWJkZTcyODRlYzNjY2M1OTE5ZDQ4NWU5ZDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGZVxT0i7jdqx111a87PhUo4JkHf
+u6DXJ5N4aqU0E+OeOVG/+j0Sa+dFLWlVMBln2P9eOzYeS4fhxKc70NAQAi9KT6y
w59RWW4nxco7Itr8fYC+qdimv4e6/aWJNy1D2rYFb3qW2zpML379UYRK7jCwvPCk
g/ccBpo9fGDwvaonZW/qTLGEXLn/SCqGwYWrP7h9sKqva8fNk7JV6hXV57q2LX0E
Tm/5jBo2FRzyDphNeFsmttmaWRUtGL/rwYBvmkkvVb/K45NB2JSM5PTWlAokf80M
+Y7cToJ8Qok5WnmOep65tCGUrCB2hbxw6NX+LFRzyODYeALvub3x7HMoXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLjxOoCxzKm95yhOw8zFkZ1IXp1AMB8GA1UdIwQY
MBaAFPwYqzTFohKKxK5Vwa9t72U0s4EdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0Jpck5NV2lFb3JFcmxYQnIyM3ZaVFN6Z1IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS83NjY3YmUtOTY3MC00NzAxLTk5ZjAt
YTc4MTRmYzQ2ZTY1LzEvdVBFNmdMSE1xYjNuS0U3RHpNV1JuVWhlblVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS83NjY3YmUtOTY3MC00NzAxLTk5ZjAtYTc4MTRmYzQ2ZTY1
LzEvX0Jpck5NV2lFb3JFcmxYQnIyM3ZaVFN6Z1IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuX2EMA0G
CSqGSIb3DQEBCwUAA4IBAQAJkU4Bq8QSfapm0NUtgcPU+RQW06gPADuwD4JPuZ2q
OZ6jaSoHT6jcT/N5XveSBQ4EhEUEfjQDAu7TE+VViiGxzcW2rBnGpXWt44fcrsYX
9uLTicB/e2TXunxAnrQW8NNYInz3X0iKFoS63XM38QtXFXn0gAkUIrJ0WzIRoJlz
eMPITnJfHBtbywds7XRX/mQSj1/VALR7Ty26ejfcDzstw8ANZWc7776KFWu0DOhQ
6bR00kcpw1AvuycN+9qoqv5tZPqDKc5Tm00d21jBdh9m3DZ4E92SJSe/YWn3iddC
mvoIMeGlHD9OtbpnQPqzHUuGQu+H2L7o7osjcnwVK4r9
-----END CERTIFICATE-----