This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/UlvxYSaKh8Oc3zweZMlSdRb-gtk.roa
File:                     UlvxYSaKh8Oc3zweZMlSdRb-gtk.roa (raw, json)
Hash identifier:          oQKB3We88m7rm0/lXA7VFioKwk6yZDH7U1EGDEWoMxw=
Subject key identifier:   52:5B:F1:61:26:8A:87:C3:9C:DF:3C:1E:64:C9:52:75:16:FE:82:D9
Certificate issuer:       /CN=6eab53640b0931924b73f760925845150a6ccca5
Certificate serial:       019B7BA5303D4CEAF1E3895B2FBAC112D54D
Authority key identifier: 6E:AB:53:64:0B:09:31:92:4B:73:F7:60:92:58:45:15:0A:6C:CC:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/UlvxYSaKh8Oc3zweZMlSdRb-gtk.roa
Signing time:             Thu 01 Jan 2026 22:19:41 +0000
ROA not before:           Thu 01 Jan 2026 22:19:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48367
IP address blocks:        62.93.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:30:3d:4c:ea:f1:e3:89:5b:2f:ba:c1:12:d5:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6eab53640b0931924b73f760925845150a6ccca5
        Validity
            Not Before: Jan  1 22:19:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=525bf161268a87c39cdf3c1e64c9527516fe82d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:20:a2:15:e6:50:68:50:93:70:9c:1c:90:85:
                    cb:1a:3c:89:a6:af:61:26:a7:dc:97:d7:09:b3:5b:
                    f8:cf:e0:b5:5e:c7:e2:b3:c7:0f:17:bc:39:59:f3:
                    db:d5:6d:03:38:79:d0:e9:5c:9e:1e:fe:d9:36:2d:
                    f9:fc:be:9c:fe:e8:c4:46:fe:e4:d1:a5:54:88:6a:
                    64:86:7b:fb:5a:4e:35:87:44:a9:b8:c6:31:0c:aa:
                    d9:64:09:da:9a:e2:0d:07:da:89:09:93:ab:d2:47:
                    71:96:b1:02:12:a3:fd:98:4f:91:af:93:f6:d7:9a:
                    22:40:e5:66:21:fd:92:fb:95:12:7b:41:ff:58:9e:
                    31:f5:9c:af:3c:ae:c8:a6:b6:21:64:9b:c9:e3:5c:
                    26:08:a7:b2:99:14:7b:30:83:cf:ee:48:58:70:5a:
                    28:fc:b3:33:9c:31:86:3b:a3:a9:71:e1:f1:32:b6:
                    6a:7e:31:a3:1e:e5:2f:90:cb:d0:5e:9f:20:0b:0c:
                    23:e1:8f:68:4e:be:64:7b:e6:d0:45:24:79:c2:fe:
                    42:e5:0a:82:a2:0a:3c:b3:c1:5a:41:a4:3f:17:87:
                    9b:e9:ce:3e:8e:39:55:a7:78:81:21:36:ea:be:8b:
                    32:af:4c:0c:15:6b:b0:8f:b2:46:0a:39:1b:c7:b5:
                    aa:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:5B:F1:61:26:8A:87:C3:9C:DF:3C:1E:64:C9:52:75:16:FE:82:D9
            X509v3 Authority Key Identifier:
                keyid:6E:AB:53:64:0B:09:31:92:4B:73:F7:60:92:58:45:15:0A:6C:CC:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/UlvxYSaKh8Oc3zweZMlSdRb-gtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.93.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:e8:5b:a8:7d:0a:2b:bf:1e:a8:0e:5c:d9:59:88:39:49:06:
         34:7e:7c:ca:fb:37:cb:46:6d:e8:40:b6:5d:f2:8a:02:e2:40:
         26:09:fd:67:7e:e5:7c:0b:c2:dd:86:35:48:4a:be:f8:d1:4c:
         16:1e:56:63:7c:05:72:73:5b:e9:ae:db:58:e2:25:27:4f:ef:
         34:6d:7d:29:fb:27:86:fe:b7:49:1f:5b:b4:83:7f:7e:51:ac:
         9b:e0:23:a7:72:f1:65:cb:3f:dc:c5:89:56:89:38:8e:52:14:
         cf:40:4f:d0:aa:2f:28:58:ab:01:09:96:4d:b9:b9:d5:99:ba:
         f2:8b:3b:45:bc:e3:4f:d4:4a:74:f2:8d:7f:f2:f4:59:a0:c0:
         9e:d0:93:ca:3b:5d:99:34:31:3f:9f:24:fe:49:4a:9c:e3:c4:
         5d:55:1c:0c:3e:26:61:25:a5:05:d4:3f:97:27:b2:33:7d:6e:
         16:89:2a:f2:3d:0b:ab:df:ed:e3:33:bb:98:ff:99:6f:b0:07:
         57:83:09:1b:32:f7:7c:67:0c:ec:9c:4d:94:9e:32:98:b6:6f:
         4e:27:e3:41:b4:cb:0d:79:76:8a:22:30:9b:3a:2e:4c:a7:3a:
         73:a8:64:32:5a:55:d3:19:63:e5:ca:d5:87:cc:96:c7:f3:50:
         1c:9b:d5:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pTA9TOrx44lbL7rBEtVNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYWI1MzY0MGIwOTMxOTI0YjczZjc2MDkyNTg0NTE1MGE2
Y2NjYTUwHhcNMjYwMTAxMjIxOTQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjViZjE2MTI2OGE4N2MzOWNkZjNjMWU2NGM5NTI3NTE2ZmU4MmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyCiFeZQaFCTcJwckIXLGjyJpq9h
Jqfcl9cJs1v4z+C1Xsfis8cPF7w5WfPb1W0DOHnQ6VyeHv7ZNi35/L6c/ujERv7k
0aVUiGpkhnv7Wk41h0SpuMYxDKrZZAnamuINB9qJCZOr0kdxlrECEqP9mE+Rr5P2
15oiQOVmIf2S+5USe0H/WJ4x9ZyvPK7IprYhZJvJ41wmCKeymRR7MIPP7khYcFoo
/LMznDGGO6OpceHxMrZqfjGjHuUvkMvQXp8gCwwj4Y9oTr5ke+bQRSR5wv5C5QqC
ogo8s8FaQaQ/F4eb6c4+jjlVp3iBITbqvosyr0wMFWuwj7JGCjkbx7WqvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJb8WEmiofDnN88HmTJUnUW/oLZMB8GA1UdIwQY
MBaAFG6rU2QLCTGSS3P3YJJYRRUKbMylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnF0VFpBc0pNWkpMY19kZ2tsaEZGUXBzektVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8yYTM4ZTYtMjk0ZS00ZmEzLWE1YTAt
NTMwNDYzMjM5NTFmLzEvVWx2eFlTYUtoOE9jM3p3ZVpNbFNkUmItZ3RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8yYTM4ZTYtMjk0ZS00ZmEzLWE1YTAtNTMwNDYzMjM5NTFm
LzEvYnF0VFpBc0pNWkpMY19kZ2tsaEZGUXBzektVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPl1vMA0G
CSqGSIb3DQEBCwUAA4IBAQBz6FuofQorvx6oDlzZWYg5SQY0fnzK+zfLRm3oQLZd
8ooC4kAmCf1nfuV8C8LdhjVISr740UwWHlZjfAVyc1vprttY4iUnT+80bX0p+yeG
/rdJH1u0g39+Uayb4COncvFlyz/cxYlWiTiOUhTPQE/Qqi8oWKsBCZZNubnVmbry
iztFvONP1Ep08o1/8vRZoMCe0JPKO12ZNDE/nyT+SUqc48RdVRwMPiZhJaUF1D+X
J7IzfW4WiSryPQur3+3jM7uY/5lvsAdXgwkbMvd8ZwzsnE2UnjKYtm9OJ+NBtMsN
eXaKIjCbOi5MpzpzqGQyWlXTGWPlytWHzJbH81Acm9UE
-----END CERTIFICATE-----