This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/c33da4-c15d-4f2c-9dba-ea890a6d461d/1/aUh3x7DI2Z0QyBQuTYq_U_DtZqQ.roa
File:                     aUh3x7DI2Z0QyBQuTYq_U_DtZqQ.roa (raw, json)
Hash identifier:          idW0XNrijAGGDeXUERFO9a49l8MnLifc9mzLJwTjB58=
Subject key identifier:   69:48:77:C7:B0:C8:D9:9D:10:C8:14:2E:4D:8A:BF:53:F0:ED:66:A4
Certificate issuer:       /CN=4abf42d1d323688b5a32716c229048cf9b4a29ca
Certificate serial:       019AEE49DD80C7D9EBD605F6BDDD1F37912D
Authority key identifier: 4A:BF:42:D1:D3:23:68:8B:5A:32:71:6C:22:90:48:CF:9B:4A:29:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sr9C0dMjaItaMnFsIpBIz5tKKco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/c33da4-c15d-4f2c-9dba-ea890a6d461d/1/aUh3x7DI2Z0QyBQuTYq_U_DtZqQ.roa
Signing time:             Fri 05 Dec 2025 11:33:29 +0000
ROA not before:           Fri 05 Dec 2025 11:33:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203284
IP address blocks:        176.111.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/c33da4-c15d-4f2c-9dba-ea890a6d461d/1/Sr9C0dMjaItaMnFsIpBIz5tKKco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/c33da4-c15d-4f2c-9dba-ea890a6d461d/1/Sr9C0dMjaItaMnFsIpBIz5tKKco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sr9C0dMjaItaMnFsIpBIz5tKKco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 13:09:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:ee:49:dd:80:c7:d9:eb:d6:05:f6:bd:dd:1f:37:91:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4abf42d1d323688b5a32716c229048cf9b4a29ca
        Validity
            Not Before: Dec  5 11:33:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=694877c7b0c8d99d10c8142e4d8abf53f0ed66a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:8b:25:30:be:79:2e:cc:d6:b1:64:a1:86:00:
                    18:ce:c9:4b:9c:b0:9e:cf:28:d4:7d:20:79:6a:22:
                    ee:0a:0d:0b:87:7c:13:23:4c:c4:ca:f6:23:89:2e:
                    f3:a0:bc:f7:85:ba:6f:07:e1:ad:65:c1:7c:48:3a:
                    37:49:5e:b8:6e:b3:96:94:60:d7:9e:b6:ba:e7:fc:
                    0c:62:92:80:01:12:40:ab:7f:9f:0e:1f:be:2a:fe:
                    c2:ed:0a:50:78:39:58:d9:51:52:37:2b:a8:f6:8f:
                    01:3c:be:2d:6c:60:62:70:77:62:63:3c:44:9e:ef:
                    a9:01:2c:36:04:af:94:80:79:be:90:27:89:28:85:
                    a1:73:8d:c1:66:08:5d:90:04:34:91:81:57:17:85:
                    56:67:99:47:73:b3:44:b4:d4:1c:a1:e6:09:e6:26:
                    22:3f:e0:d2:45:1f:4a:71:5f:53:6a:f3:93:5c:85:
                    7b:c0:d2:d7:39:61:1e:6e:e8:89:19:d5:13:58:4f:
                    2b:84:f9:57:f6:5c:d0:73:6d:66:1e:5e:11:4d:f6:
                    70:fd:bb:56:03:48:a3:80:8b:20:75:69:80:15:69:
                    43:9b:00:62:7a:e0:50:d6:93:1a:76:66:7e:0d:a6:
                    00:d6:93:88:1b:e7:41:7c:94:b9:69:45:0f:39:23:
                    79:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:48:77:C7:B0:C8:D9:9D:10:C8:14:2E:4D:8A:BF:53:F0:ED:66:A4
            X509v3 Authority Key Identifier:
                keyid:4A:BF:42:D1:D3:23:68:8B:5A:32:71:6C:22:90:48:CF:9B:4A:29:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sr9C0dMjaItaMnFsIpBIz5tKKco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/c33da4-c15d-4f2c-9dba-ea890a6d461d/1/aUh3x7DI2Z0QyBQuTYq_U_DtZqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/c33da4-c15d-4f2c-9dba-ea890a6d461d/1/Sr9C0dMjaItaMnFsIpBIz5tKKco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.111.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:9c:0e:ff:fd:8b:64:f6:6b:11:08:8d:84:ab:a7:7a:cc:c8:
         80:7c:f8:2a:84:ff:bc:69:ce:e8:6a:32:fe:dd:78:36:65:30:
         72:a9:44:f7:ed:fe:9c:3b:fe:81:0a:2e:fa:bf:f6:44:1e:dd:
         50:3d:f8:67:d9:ee:24:ec:9d:fc:22:72:05:1c:10:b6:71:23:
         81:56:5b:f4:98:b4:e9:d9:12:c2:ba:e1:90:89:06:ce:f3:b0:
         5b:70:d8:ec:8c:fb:4e:0d:26:99:38:42:1e:8f:7d:4f:a9:11:
         34:cb:be:ff:c7:af:dd:4b:22:bb:74:ed:27:06:bf:4e:ba:de:
         47:d7:39:0b:10:42:74:29:75:a3:70:cc:83:54:05:9d:f8:93:
         5d:ad:d8:6f:b1:44:c7:2b:a6:f0:b9:87:20:1b:4a:2b:b3:4e:
         44:30:ca:02:df:93:b5:8e:06:21:63:f6:4a:59:1e:1e:ef:db:
         20:3f:14:2c:a0:a6:f5:09:f3:7b:fd:93:31:88:75:41:c5:63:
         ed:d5:74:ec:7d:21:f9:2b:aa:8e:48:58:e8:1b:d1:2b:cc:61:
         97:17:6e:28:dc:7b:9f:d6:26:ba:c4:f2:47:76:81:a6:d3:47:
         20:36:76:d3:fe:51:b1:1d:e8:13:19:43:2d:18:8f:73:82:e0:
         15:8a:c8:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZruSd2Ax9nr1gX2vd0fN5EtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhYmY0MmQxZDMyMzY4OGI1YTMyNzE2YzIyOTA0OGNmOWI0
YTI5Y2EwHhcNMjUxMjA1MTEzMzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTQ4NzdjN2IwYzhkOTlkMTBjODE0MmU0ZDhhYmY1M2YwZWQ2NmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4slML55LszWsWShhgAYzslLnLCe
zyjUfSB5aiLuCg0Lh3wTI0zEyvYjiS7zoLz3hbpvB+GtZcF8SDo3SV64brOWlGDX
nra65/wMYpKAARJAq3+fDh++Kv7C7QpQeDlY2VFSNyuo9o8BPL4tbGBicHdiYzxE
nu+pASw2BK+UgHm+kCeJKIWhc43BZghdkAQ0kYFXF4VWZ5lHc7NEtNQcoeYJ5iYi
P+DSRR9KcV9TavOTXIV7wNLXOWEebuiJGdUTWE8rhPlX9lzQc21mHl4RTfZw/btW
A0ijgIsgdWmAFWlDmwBieuBQ1pMadmZ+DaYA1pOIG+dBfJS5aUUPOSN5owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGlId8ewyNmdEMgULk2Kv1Pw7WakMB8GA1UdIwQY
MBaAFEq/QtHTI2iLWjJxbCKQSM+bSinKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3I5QzBkTWphSXRhTW5Gc0lwQkl6NXRLS2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy9jMzNkYTQtYzE1ZC00ZjJjLTlkYmEt
ZWE4OTBhNmQ0NjFkLzEvYVVoM3g3REkyWjBReUJRdVRZcV9VX0R0WnFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy9jMzNkYTQtYzE1ZC00ZjJjLTlkYmEtZWE4OTBhNmQ0NjFk
LzEvU3I5QzBkTWphSXRhTW5Gc0lwQkl6NXRLS2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsG8oMA0G
CSqGSIb3DQEBCwUAA4IBAQASnA7//Ytk9msRCI2Eq6d6zMiAfPgqhP+8ac7oajL+
3Xg2ZTByqUT37f6cO/6BCi76v/ZEHt1QPfhn2e4k7J38InIFHBC2cSOBVlv0mLTp
2RLCuuGQiQbO87BbcNjsjPtODSaZOEIej31PqRE0y77/x6/dSyK7dO0nBr9Out5H
1zkLEEJ0KXWjcMyDVAWd+JNdrdhvsUTHK6bwuYcgG0ors05EMMoC35O1jgYhY/ZK
WR4e79sgPxQsoKb1CfN7/ZMxiHVBxWPt1XTsfSH5K6qOSFjoG9ErzGGXF24o3Huf
1ia6xPJHdoGm00cgNnbT/lGxHegTGUMtGI9zguAVishw
-----END CERTIFICATE-----