This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/UFBqlqbDbCJdY4yyGZXAZPEHhZ0.roa
File:                     UFBqlqbDbCJdY4yyGZXAZPEHhZ0.roa (raw, json)
Hash identifier:          NYR75LT8EcYVp5wWj3tYR34PO47ZPDQS52OiuEfA/iM=
Subject key identifier:   50:50:6A:96:A6:C3:6C:22:5D:63:8C:B2:19:95:C0:64:F1:07:85:9D
Certificate issuer:       /CN=b2ed1d6066f4e4654ef5f3cc70a5d905a9af8290
Certificate serial:       019B797E58213EE2041D875AAED062CB7786
Authority key identifier: B2:ED:1D:60:66:F4:E4:65:4E:F5:F3:CC:70:A5:D9:05:A9:AF:82:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/su0dYGb05GVO9fPMcKXZBamvgpA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/UFBqlqbDbCJdY4yyGZXAZPEHhZ0.roa
Signing time:             Thu 01 Jan 2026 12:18:01 +0000
ROA not before:           Thu 01 Jan 2026 12:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50866
IP address blocks:        217.145.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/su0dYGb05GVO9fPMcKXZBamvgpA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/su0dYGb05GVO9fPMcKXZBamvgpA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/su0dYGb05GVO9fPMcKXZBamvgpA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:58:21:3e:e2:04:1d:87:5a:ae:d0:62:cb:77:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2ed1d6066f4e4654ef5f3cc70a5d905a9af8290
        Validity
            Not Before: Jan  1 12:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50506a96a6c36c225d638cb21995c064f107859d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ed:62:3f:28:bf:ea:ec:72:63:78:26:ff:93:
                    64:13:f5:f5:4b:7b:a0:c2:dc:54:8f:1e:b0:79:ba:
                    77:cb:2a:66:15:43:52:46:4d:1b:8e:18:98:08:d5:
                    bc:10:35:b8:5a:2a:d7:1b:54:eb:0c:92:cd:85:ed:
                    10:36:e1:f3:da:f9:cb:cc:77:6f:f2:1c:d7:7d:29:
                    fb:b2:a2:95:b0:a5:fb:65:d8:89:d2:61:6a:9c:a2:
                    9b:0c:5b:97:f9:bc:aa:75:a9:41:f0:69:5e:79:fb:
                    75:3d:8b:2d:c6:1f:36:d7:72:61:5c:ed:64:2d:59:
                    76:59:5b:74:65:4a:5d:44:63:4a:b2:b2:26:6d:e6:
                    b6:1c:45:f8:d2:ba:38:79:15:a5:15:93:05:3f:7e:
                    15:99:a8:38:bf:b0:9b:f8:41:b5:f5:59:0c:c3:15:
                    6d:b2:2a:79:78:74:c4:23:d0:b8:34:8d:4f:53:a0:
                    08:ba:d3:de:a1:66:12:2f:1d:89:55:78:81:1d:28:
                    41:5d:e5:73:7e:7b:85:64:6e:98:99:f1:24:8b:63:
                    5c:e7:28:58:c6:9e:3e:c0:b1:45:a4:36:01:62:da:
                    99:d8:c7:62:47:55:13:ec:fa:a0:37:f7:7d:95:eb:
                    fa:fb:4d:b7:2c:b9:e9:33:f1:19:8f:69:d1:ff:80:
                    b6:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:50:6A:96:A6:C3:6C:22:5D:63:8C:B2:19:95:C0:64:F1:07:85:9D
            X509v3 Authority Key Identifier:
                keyid:B2:ED:1D:60:66:F4:E4:65:4E:F5:F3:CC:70:A5:D9:05:A9:AF:82:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/su0dYGb05GVO9fPMcKXZBamvgpA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/UFBqlqbDbCJdY4yyGZXAZPEHhZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/1182cb-5f95-4cd4-b72f-46b46fc0e496/1/su0dYGb05GVO9fPMcKXZBamvgpA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.145.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:89:a8:8a:27:e2:07:02:a9:b0:05:dd:9c:42:c3:5d:2f:8c:
         0b:ba:7b:2a:21:0b:43:71:3d:9a:eb:85:d4:e8:ec:8c:08:81:
         25:b4:34:3e:92:41:c7:9b:88:07:57:0b:db:e7:15:df:c7:be:
         78:44:79:ea:b8:1a:5d:0b:a7:f3:19:e8:35:fc:ee:f7:33:c2:
         7f:2e:03:b8:56:f9:90:c0:78:ef:f7:db:35:28:e0:ea:c4:6a:
         65:83:4e:f8:6c:50:e4:f4:bc:9d:f1:ba:ba:c8:ed:78:77:ab:
         0d:db:1a:2e:b5:52:8f:87:36:2e:15:21:ff:68:da:eb:5e:9a:
         4c:a7:c2:9b:a1:e0:d5:68:24:aa:f6:97:de:2d:d3:a5:b2:81:
         93:44:e3:0b:69:fa:de:86:b5:47:78:0b:89:b8:eb:9a:c4:98:
         54:60:d7:ea:5d:76:53:5f:51:e0:ef:5d:40:38:ec:e6:a0:1c:
         b8:6c:9f:cc:e1:ea:84:30:47:cf:23:10:e3:e3:d3:ce:4d:b4:
         78:78:d9:57:d7:72:9c:18:e7:f6:70:72:57:a2:d2:aa:63:ec:
         69:84:4d:67:c6:a8:25:bb:95:9c:12:04:c6:93:ca:9e:d2:03:
         e2:c7:08:bd:ab:bb:71:19:51:b3:c5:67:d9:21:11:fd:92:17:
         a9:23:89:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5flghPuIEHYdartBiy3eGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZWQxZDYwNjZmNGU0NjU0ZWY1ZjNjYzcwYTVkOTA1YTlh
ZjgyOTAwHhcNMjYwMTAxMTIxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDUwNmE5NmE2YzM2YzIyNWQ2MzhjYjIxOTk1YzA2NGYxMDc4NTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApO1iPyi/6uxyY3gm/5NkE/X1S3ug
wtxUjx6webp3yypmFUNSRk0bjhiYCNW8EDW4WirXG1TrDJLNhe0QNuHz2vnLzHdv
8hzXfSn7sqKVsKX7ZdiJ0mFqnKKbDFuX+byqdalB8Gleeft1PYstxh8213JhXO1k
LVl2WVt0ZUpdRGNKsrImbea2HEX40ro4eRWlFZMFP34Vmag4v7Cb+EG19VkMwxVt
sip5eHTEI9C4NI1PU6AIutPeoWYSLx2JVXiBHShBXeVzfnuFZG6YmfEki2Nc5yhY
xp4+wLFFpDYBYtqZ2MdiR1UT7PqgN/d9lev6+023LLnpM/EZj2nR/4C24wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFBQapamw2wiXWOMshmVwGTxB4WdMB8GA1UdIwQY
MBaAFLLtHWBm9ORlTvXzzHCl2QWpr4KQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3UwZFlHYjA1R1ZPOWZQTWNLWFpCYW12Z3BBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8xMTgyY2ItNWY5NS00Y2Q0LWI3MmYt
NDZiNDZmYzBlNDk2LzEvVUZCcWxxYkRiQ0pkWTR5eUdaWEFaUEVIaFowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8xMTgyY2ItNWY5NS00Y2Q0LWI3MmYtNDZiNDZmYzBlNDk2
LzEvc3UwZFlHYjA1R1ZPOWZQTWNLWFpCYW12Z3BBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZGmMA0G
CSqGSIb3DQEBCwUAA4IBAQAhiaiKJ+IHAqmwBd2cQsNdL4wLunsqIQtDcT2a64XU
6OyMCIEltDQ+kkHHm4gHVwvb5xXfx754RHnquBpdC6fzGeg1/O73M8J/LgO4VvmQ
wHjv99s1KODqxGplg074bFDk9Lyd8bq6yO14d6sN2xoutVKPhzYuFSH/aNrrXppM
p8KboeDVaCSq9pfeLdOlsoGTROMLafrehrVHeAuJuOuaxJhUYNfqXXZTX1Hg711A
OOzmoBy4bJ/M4eqEMEfPIxDj49POTbR4eNlX13KcGOf2cHJXotKqY+xphE1nxqgl
u5WcEgTGk8qe0gPixwi9q7txGVGzxWfZIRH9khepI4lQ
-----END CERTIFICATE-----