This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/UADZ4YVn7TSGISo3JiXNjBmBm_s.roa
File:                     UADZ4YVn7TSGISo3JiXNjBmBm_s.roa (raw, json)
Hash identifier:          N3tP1R0iLr7HsiUesHdYEFoZ03zveLr6qDLnn0E6Gpg=
Subject key identifier:   50:00:D9:E1:85:67:ED:34:86:21:2A:37:26:25:CD:8C:19:81:9B:FB
Certificate issuer:       /CN=632e3d037bf0507571b2a068cb90308374ce53ed
Certificate serial:       019B7EA68814052ADF39837EC42434FDC8C6
Authority key identifier: 63:2E:3D:03:7B:F0:50:75:71:B2:A0:68:CB:90:30:83:74:CE:53:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yy49A3vwUHVxsqBoy5Awg3TOU-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/UADZ4YVn7TSGISo3JiXNjBmBm_s.roa
Signing time:             Fri 02 Jan 2026 12:20:01 +0000
ROA not before:           Fri 02 Jan 2026 12:20:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8881
IP address blocks:        185.171.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/Yy49A3vwUHVxsqBoy5Awg3TOU-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/Yy49A3vwUHVxsqBoy5Awg3TOU-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yy49A3vwUHVxsqBoy5Awg3TOU-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 18:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:88:14:05:2a:df:39:83:7e:c4:24:34:fd:c8:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632e3d037bf0507571b2a068cb90308374ce53ed
        Validity
            Not Before: Jan  2 12:20:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5000d9e18567ed3486212a372625cd8c19819bfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:a1:49:58:ac:14:c4:c5:e1:96:d1:cd:8c:e4:
                    20:3f:45:4e:0c:50:f4:f6:08:21:43:af:52:05:e0:
                    ee:5d:d4:6c:9d:1b:53:d2:6c:53:d7:ca:c7:3b:40:
                    5e:cb:a1:a4:02:b4:c4:0f:cc:b2:f9:ae:12:f8:f3:
                    0c:25:bc:63:3f:f8:69:da:f3:a1:bc:0e:02:85:10:
                    51:9a:fc:1a:c7:16:4c:61:57:bf:05:3e:eb:64:44:
                    1f:15:46:9e:eb:71:3d:7e:7e:7e:7a:ec:1e:c0:f2:
                    1a:5b:a4:8d:87:89:a2:23:23:d8:37:5e:f9:9c:3f:
                    34:23:81:e7:65:1a:9e:45:9b:a2:25:18:e4:4d:64:
                    d9:e5:4d:fc:60:8e:3e:59:f6:28:dd:99:3e:32:6b:
                    92:a2:45:48:79:b4:f2:a9:c1:00:bb:1f:a0:ce:2e:
                    33:a7:7b:e8:c4:d3:be:3f:3a:6e:e2:0e:d9:e5:f1:
                    e5:47:ed:2a:70:4a:26:f2:af:04:cf:69:0f:7d:20:
                    d2:67:46:06:a1:82:8c:1c:81:66:19:30:db:fb:b6:
                    de:d4:1f:18:a0:b6:d5:dc:9c:ec:fd:5c:f7:82:57:
                    b3:5a:7a:3d:14:be:30:e3:08:ca:7e:27:e7:63:2d:
                    5a:95:dd:1d:db:bc:e4:e9:dd:f1:34:5a:e7:c8:3d:
                    eb:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:00:D9:E1:85:67:ED:34:86:21:2A:37:26:25:CD:8C:19:81:9B:FB
            X509v3 Authority Key Identifier:
                keyid:63:2E:3D:03:7B:F0:50:75:71:B2:A0:68:CB:90:30:83:74:CE:53:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yy49A3vwUHVxsqBoy5Awg3TOU-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/UADZ4YVn7TSGISo3JiXNjBmBm_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/Yy49A3vwUHVxsqBoy5Awg3TOU-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:af:3f:5f:c6:c1:db:31:d0:0c:22:aa:01:1b:03:ad:8d:ca:
         75:85:c0:b3:e7:13:dc:bd:25:18:15:39:e1:53:15:c5:c7:a8:
         1e:c2:6d:e4:6c:e3:2b:4f:48:9d:1e:f7:a5:93:43:67:eb:40:
         b1:46:14:07:6b:77:05:b8:3a:f7:ab:8f:47:e2:77:61:77:ac:
         71:64:75:3f:9b:ce:2f:c2:65:c4:d5:23:ea:6c:31:4c:01:29:
         d3:26:80:3c:bc:01:00:40:5e:6e:25:89:36:e2:ff:c3:33:d2:
         f9:2a:c6:69:03:f2:30:47:d4:1c:e0:48:c4:a1:4a:e7:13:c8:
         30:0b:b3:24:6a:65:a0:87:c7:0d:82:a3:66:56:72:fc:0f:b2:
         d2:27:03:91:e4:ff:cc:b3:13:54:45:83:a3:87:0e:f1:f1:d7:
         39:79:14:3a:cd:ad:82:cf:38:bd:c2:b2:47:03:a2:99:c0:c0:
         3d:23:a5:06:94:df:18:59:92:f1:85:52:5d:44:cf:48:a8:ca:
         62:6c:c9:2c:4a:2d:9d:15:b8:46:2f:47:c2:49:77:24:fa:7b:
         15:fc:d2:b2:ab:77:be:2b:8d:34:c0:43:b5:5f:52:cd:37:fa:
         bc:a7:c1:ea:b7:5e:c2:7a:f4:ea:47:98:44:c8:1b:a1:0d:ee:
         6a:a1:e8:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pogUBSrfOYN+xCQ0/cjGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmUzZDAzN2JmMDUwNzU3MWIyYTA2OGNiOTAzMDgzNzRj
ZTUzZWQwHhcNMjYwMTAyMTIyMDAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDAwZDllMTg1NjdlZDM0ODYyMTJhMzcyNjI1Y2Q4YzE5ODE5YmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8aFJWKwUxMXhltHNjOQgP0VODFD0
9gghQ69SBeDuXdRsnRtT0mxT18rHO0Bey6GkArTED8yy+a4S+PMMJbxjP/hp2vOh
vA4ChRBRmvwaxxZMYVe/BT7rZEQfFUae63E9fn5+euwewPIaW6SNh4miIyPYN175
nD80I4HnZRqeRZuiJRjkTWTZ5U38YI4+WfYo3Zk+MmuSokVIebTyqcEAux+gzi4z
p3voxNO+Pzpu4g7Z5fHlR+0qcEom8q8Ez2kPfSDSZ0YGoYKMHIFmGTDb+7be1B8Y
oLbV3Jzs/Vz3glezWno9FL4w4wjKfifnYy1ald0d27zk6d3xNFrnyD3r7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFAA2eGFZ+00hiEqNyYlzYwZgZv7MB8GA1UdIwQY
MBaAFGMuPQN78FB1cbKgaMuQMIN0zlPtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXk0OUEzdndVSFZ4c3FCb3k1QXdnM1RPVS0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9mOWY0YTktYTBjZC00MTA3LWFhNDEt
ZDUyYTE4OTg1OTk5LzEvVUFEWjRZVm43VFNHSVNvM0ppWE5qQm1CbV9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9mOWY0YTktYTBjZC00MTA3LWFhNDEtZDUyYTE4OTg1OTk5
LzEvWXk0OUEzdndVSFZ4c3FCb3k1QXdnM1RPVS0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaugMA0G
CSqGSIb3DQEBCwUAA4IBAQAfrz9fxsHbMdAMIqoBGwOtjcp1hcCz5xPcvSUYFTnh
UxXFx6gewm3kbOMrT0idHvelk0Nn60CxRhQHa3cFuDr3q49H4ndhd6xxZHU/m84v
wmXE1SPqbDFMASnTJoA8vAEAQF5uJYk24v/DM9L5KsZpA/IwR9Qc4EjEoUrnE8gw
C7MkamWgh8cNgqNmVnL8D7LSJwOR5P/MsxNURYOjhw7x8dc5eRQ6za2Czzi9wrJH
A6KZwMA9I6UGlN8YWZLxhVJdRM9IqMpibMksSi2dFbhGL0fCSXck+nsV/NKyq3e+
K400wEO1X1LNN/q8p8Hqt17CevTqR5hEyBuhDe5qoeh2
-----END CERTIFICATE-----