This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/xUyp5z9ki9x2dJcpNDLQqnXtfXs.roa
File:                     xUyp5z9ki9x2dJcpNDLQqnXtfXs.roa (raw, json)
Hash identifier:          OB5oPZJI1/ir+viyC2KaHJjQwYX8WdLDSXZSic2R5Fs=
Subject key identifier:   C5:4C:A9:E7:3F:64:8B:DC:76:74:97:29:34:32:D0:AA:75:ED:7D:7B
Certificate issuer:       /CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
Certificate serial:       019B7EA7067D6B104A9FA68D96FDFBDDF56F
Authority key identifier: 1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/xUyp5z9ki9x2dJcpNDLQqnXtfXs.roa
Signing time:             Fri 02 Jan 2026 12:20:33 +0000
ROA not before:           Fri 02 Jan 2026 12:20:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152672
IP address blocks:        2.59.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 05 Jan 2026 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:06:7d:6b:10:4a:9f:a6:8d:96:fd:fb:dd:f5:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
        Validity
            Not Before: Jan  2 12:20:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c54ca9e73f648bdc767497293432d0aa75ed7d7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:aa:9c:96:1f:21:0a:e4:a0:de:7a:31:9f:26:
                    04:e9:da:0a:b9:e3:e6:49:dc:5e:3a:75:af:19:54:
                    c7:6d:57:22:1e:9f:ef:f1:ac:bf:5c:30:42:34:ac:
                    d8:e4:a5:f4:47:69:7f:38:0e:a3:09:34:14:da:4e:
                    e3:6f:f5:49:fd:02:66:65:c0:f9:d4:31:7c:97:bb:
                    06:11:d1:b2:0e:2f:38:b1:82:e0:f1:ec:8e:27:aa:
                    5d:bb:4e:86:93:6c:0b:ab:6f:6b:6e:1a:57:14:d3:
                    fd:08:af:e1:39:d3:ce:21:1d:1c:70:76:d2:03:79:
                    b3:df:e5:ee:59:ce:83:08:03:30:9e:48:37:81:0f:
                    6a:90:fd:08:a5:b8:59:a1:33:8f:fd:7a:a8:63:e0:
                    0f:9f:b0:58:93:f1:7e:44:8c:dc:80:55:7d:0c:6d:
                    cf:d5:db:5e:70:bc:60:c7:cc:c3:9b:90:7f:f5:b2:
                    8b:90:c3:2a:02:e1:d8:32:c7:37:7c:62:b6:c7:88:
                    c4:13:58:f6:8c:68:97:60:28:ea:60:20:92:6c:4e:
                    f2:5a:0d:46:a0:2f:30:4f:36:03:a5:60:ac:65:61:
                    ef:90:2d:c8:45:e9:b1:4d:3c:f4:8f:d5:de:1c:4c:
                    68:0e:09:d2:ae:75:47:c7:b7:09:ab:28:02:be:d5:
                    fa:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:4C:A9:E7:3F:64:8B:DC:76:74:97:29:34:32:D0:AA:75:ED:7D:7B
            X509v3 Authority Key Identifier:
                keyid:1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/xUyp5z9ki9x2dJcpNDLQqnXtfXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:37:b4:9f:87:86:b9:16:c0:f6:c2:b8:7b:ec:93:47:3e:82:
         bf:a2:cb:3d:ab:f2:76:7c:2b:12:b6:13:05:fc:78:56:af:32:
         d6:2e:25:c1:d2:71:11:22:b5:0d:d1:57:42:fd:a5:45:d2:dc:
         ca:42:b2:8d:48:f9:15:88:e9:54:ad:06:e1:23:2e:b9:07:95:
         4b:1b:b8:70:f5:36:be:92:99:11:5b:98:e8:f1:ae:e5:b7:c8:
         18:ad:a4:94:85:a4:5a:8c:1c:b5:f4:f6:f0:b1:a5:70:b2:a4:
         62:a7:5f:ef:b6:84:d2:fe:90:c0:0d:42:2e:a5:44:29:e9:1c:
         e9:c6:02:fd:8a:aa:8e:0c:bc:92:fa:00:8d:14:44:42:0d:82:
         33:59:c4:77:73:04:8f:75:7d:a0:51:f7:6e:2f:a6:b2:2f:f4:
         81:1e:23:c5:92:57:1a:86:a0:25:b3:2a:a0:09:89:49:8e:74:
         bd:78:4c:6e:79:92:36:a8:50:bf:a4:3d:c3:e4:6e:dc:98:8a:
         5d:e1:4f:da:b1:c7:57:fa:a6:13:8e:f5:18:b8:22:40:e2:d5:
         de:00:73:02:29:0d:54:b4:0e:db:1f:b2:e7:47:7b:24:d6:fe:
         96:57:58:11:bd:65:cf:63:f8:49:2f:1f:04:fc:09:0d:e1:5c:
         3c:58:77:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pwZ9axBKn6aNlv373fVvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhN2YwMzZlMjU5MjM5MWZiNDVhM2RkMzNjYWYwYjA3OTU2
OTczY2YwHhcNMjYwMTAyMTIyMDMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTRjYTllNzNmNjQ4YmRjNzY3NDk3MjkzNDMyZDBhYTc1ZWQ3ZDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaqclh8hCuSg3noxnyYE6doKuePm
SdxeOnWvGVTHbVciHp/v8ay/XDBCNKzY5KX0R2l/OA6jCTQU2k7jb/VJ/QJmZcD5
1DF8l7sGEdGyDi84sYLg8eyOJ6pdu06Gk2wLq29rbhpXFNP9CK/hOdPOIR0ccHbS
A3mz3+XuWc6DCAMwnkg3gQ9qkP0IpbhZoTOP/XqoY+APn7BYk/F+RIzcgFV9DG3P
1dtecLxgx8zDm5B/9bKLkMMqAuHYMsc3fGK2x4jEE1j2jGiXYCjqYCCSbE7yWg1G
oC8wTzYDpWCsZWHvkC3IRemxTTz0j9XeHExoDgnSrnVHx7cJqygCvtX65QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMVMqec/ZIvcdnSXKTQy0Kp17X17MB8GA1UdIwQY
MBaAFBp/A24lkjkftFo90zyvCweVaXPPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2It
MzQwZDYyNWM2ZGJhLzEveFV5cDV6OWtpOXgyZEpjcE5ETFFxblh0ZlhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2ItMzQwZDYyNWM2ZGJh
LzEvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAju2MA0G
CSqGSIb3DQEBCwUAA4IBAQCzN7Sfh4a5FsD2wrh77JNHPoK/oss9q/J2fCsSthMF
/HhWrzLWLiXB0nERIrUN0VdC/aVF0tzKQrKNSPkViOlUrQbhIy65B5VLG7hw9Ta+
kpkRW5jo8a7lt8gYraSUhaRajBy19PbwsaVwsqRip1/vtoTS/pDADUIupUQp6Rzp
xgL9iqqODLyS+gCNFERCDYIzWcR3cwSPdX2gUfduL6ayL/SBHiPFklcahqAlsyqg
CYlJjnS9eExueZI2qFC/pD3D5G7cmIpd4U/ascdX+qYTjvUYuCJA4tXeAHMCKQ1U
tA7bH7LnR3sk1v6WV1gRvWXPY/hJLx8E/AkN4Vw8WHet
-----END CERTIFICATE-----