This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/5c65af-b3f9-4bb3-a702-2bc90794d38d/1/uC-qKkxICY7vZwEQrGmhDJDMiDU.roa
File:                     uC-qKkxICY7vZwEQrGmhDJDMiDU.roa (raw, json)
Hash identifier:          YuDasb2hKsUu4M7RFAlrFvessaLsAmNOCaH9378WVUk=
Subject key identifier:   B8:2F:AA:2A:4C:48:09:8E:EF:67:01:10:AC:69:A1:0C:90:CC:88:35
Certificate issuer:       /CN=46ebddae6a7acee83a322a0e743a6759d85365f2
Certificate serial:       019B78348F63EE5C36FEA7C94025C0AB91E2
Authority key identifier: 46:EB:DD:AE:6A:7A:CE:E8:3A:32:2A:0E:74:3A:67:59:D8:53:65:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ruvdrmp6zug6MioOdDpnWdhTZfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/5c65af-b3f9-4bb3-a702-2bc90794d38d/1/uC-qKkxICY7vZwEQrGmhDJDMiDU.roa
Signing time:             Thu 01 Jan 2026 06:17:49 +0000
ROA not before:           Thu 01 Jan 2026 06:17:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25540
IP address blocks:        185.171.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/5c65af-b3f9-4bb3-a702-2bc90794d38d/1/Ruvdrmp6zug6MioOdDpnWdhTZfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/5c65af-b3f9-4bb3-a702-2bc90794d38d/1/Ruvdrmp6zug6MioOdDpnWdhTZfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ruvdrmp6zug6MioOdDpnWdhTZfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:8f:63:ee:5c:36:fe:a7:c9:40:25:c0:ab:91:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46ebddae6a7acee83a322a0e743a6759d85365f2
        Validity
            Not Before: Jan  1 06:17:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b82faa2a4c48098eef670110ac69a10c90cc8835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:aa:4c:da:94:99:15:c7:c3:db:74:54:c0:fc:
                    76:ac:b6:a5:51:a8:3b:71:e6:22:5c:35:79:c1:e3:
                    5d:28:36:6a:47:40:cb:8c:ff:f1:1c:e2:9a:d9:e0:
                    bc:9d:6b:4e:a3:55:19:3d:69:ba:7b:05:1e:39:84:
                    e3:b6:b0:f8:ad:28:55:50:26:59:55:3c:53:ae:26:
                    66:e1:87:e3:ce:f8:9b:54:26:2d:cd:aa:c0:45:e6:
                    d7:a1:9d:75:37:7c:2b:9a:fe:27:25:4f:ac:f6:06:
                    41:41:0a:cb:83:0d:9f:a8:a1:2d:eb:b1:90:bb:7e:
                    df:ab:27:3c:4b:7f:27:f8:43:d4:71:cf:09:22:c5:
                    85:99:77:64:8b:f2:bf:01:8a:48:7d:b3:7d:7a:6e:
                    99:12:8b:40:82:d5:f0:14:83:5e:f3:82:a0:2d:45:
                    3f:36:6f:83:97:f7:64:ee:3f:df:47:0c:04:20:82:
                    05:71:77:c7:48:5f:2c:a2:71:19:cb:4a:5d:29:8b:
                    99:67:32:1d:7b:15:74:9e:09:91:6f:0b:35:93:6b:
                    8d:7f:cb:83:fd:45:20:77:37:05:7b:e8:16:99:e3:
                    86:53:47:05:51:fa:00:41:2a:e8:e4:99:4e:85:4f:
                    22:68:3e:60:6c:2d:3d:71:98:1c:27:ac:df:5b:4f:
                    d4:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:2F:AA:2A:4C:48:09:8E:EF:67:01:10:AC:69:A1:0C:90:CC:88:35
            X509v3 Authority Key Identifier:
                keyid:46:EB:DD:AE:6A:7A:CE:E8:3A:32:2A:0E:74:3A:67:59:D8:53:65:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ruvdrmp6zug6MioOdDpnWdhTZfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/5c65af-b3f9-4bb3-a702-2bc90794d38d/1/uC-qKkxICY7vZwEQrGmhDJDMiDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/5c65af-b3f9-4bb3-a702-2bc90794d38d/1/Ruvdrmp6zug6MioOdDpnWdhTZfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:eb:c3:a0:38:78:96:b0:db:8e:6b:e3:91:e9:1b:03:b3:56:
         87:3a:5a:39:31:b4:70:6c:4f:21:7b:2a:b0:c8:9a:02:91:67:
         ee:5d:e1:de:5a:4f:09:c2:74:38:10:a0:66:3f:36:f4:3b:91:
         99:8a:6e:8b:6d:52:78:3e:eb:9f:de:47:33:c2:e2:77:d3:82:
         27:13:54:9f:d5:02:8b:fe:f0:8c:1d:d5:36:be:93:74:22:82:
         a9:80:d1:f8:38:0c:dd:50:b0:da:6b:57:62:8f:cb:0f:00:89:
         c9:2c:47:32:37:d1:58:90:45:a9:28:ee:bd:ff:8f:88:d1:ab:
         68:64:61:7a:80:d2:28:a9:74:22:eb:79:35:95:c2:7d:0b:ad:
         e2:ba:d9:ce:e7:87:5a:66:bc:c4:dc:8b:d8:ba:bc:0a:e4:9e:
         e7:9f:65:b7:16:62:3c:aa:a0:71:53:d5:8b:bc:7d:c8:57:6b:
         fb:10:ea:97:0b:c6:d5:2a:3a:c9:69:6e:e6:f2:9f:b3:19:d7:
         28:ec:9a:ad:3b:af:65:58:a8:ab:44:6d:cd:8a:55:cb:ed:62:
         ac:d7:da:45:0d:cf:96:9a:86:07:72:f7:66:47:bf:5e:49:20:
         c5:40:d2:4b:38:47:6a:73:04:a2:a2:64:45:95:51:df:6c:e9:
         90:73:eb:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NI9j7lw2/qfJQCXAq5HiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZWJkZGFlNmE3YWNlZTgzYTMyMmEwZTc0M2E2NzU5ZDg1
MzY1ZjIwHhcNMjYwMTAxMDYxNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODJmYWEyYTRjNDgwOThlZWY2NzAxMTBhYzY5YTEwYzkwY2M4ODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvapM2pSZFcfD23RUwPx2rLalUag7
ceYiXDV5weNdKDZqR0DLjP/xHOKa2eC8nWtOo1UZPWm6ewUeOYTjtrD4rShVUCZZ
VTxTriZm4YfjzvibVCYtzarARebXoZ11N3wrmv4nJU+s9gZBQQrLgw2fqKEt67GQ
u37fqyc8S38n+EPUcc8JIsWFmXdki/K/AYpIfbN9em6ZEotAgtXwFINe84KgLUU/
Nm+Dl/dk7j/fRwwEIIIFcXfHSF8sonEZy0pdKYuZZzIdexV0ngmRbws1k2uNf8uD
/UUgdzcFe+gWmeOGU0cFUfoAQSro5JlOhU8iaD5gbC09cZgcJ6zfW0/UQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLgvqipMSAmO72cBEKxpoQyQzIg1MB8GA1UdIwQY
MBaAFEbr3a5qes7oOjIqDnQ6Z1nYU2XyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnV2ZHJtcDZ6dWc2TWlvT2REcG5XZGhUWmZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC81YzY1YWYtYjNmOS00YmIzLWE3MDIt
MmJjOTA3OTRkMzhkLzEvdUMtcUtreElDWTd2WndFUXJHbWhESkRNaURVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC81YzY1YWYtYjNmOS00YmIzLWE3MDItMmJjOTA3OTRkMzhk
LzEvUnV2ZHJtcDZ6dWc2TWlvT2REcG5XZGhUWmZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuasWMA0G
CSqGSIb3DQEBCwUAA4IBAQCV68OgOHiWsNuOa+OR6RsDs1aHOlo5MbRwbE8heyqw
yJoCkWfuXeHeWk8JwnQ4EKBmPzb0O5GZim6LbVJ4Puuf3kczwuJ304InE1Sf1QKL
/vCMHdU2vpN0IoKpgNH4OAzdULDaa1dij8sPAInJLEcyN9FYkEWpKO69/4+I0ato
ZGF6gNIoqXQi63k1lcJ9C63iutnO54daZrzE3IvYurwK5J7nn2W3FmI8qqBxU9WL
vH3IV2v7EOqXC8bVKjrJaW7m8p+zGdco7JqtO69lWKirRG3NilXL7WKs19pFDc+W
moYHcvdmR79eSSDFQNJLOEdqcwSiomRFlVHfbOmQc+u8
-----END CERTIFICATE-----