This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Ux2hsUflFZMiihXJQq6kLvLGkbY.roa
File:                     Ux2hsUflFZMiihXJQq6kLvLGkbY.roa (raw, json)
Hash identifier:          sDbOg2CVcuBoXwpm6FBA0oRc2aGeFj1NcUw/kYaEwEw=
Subject key identifier:   53:1D:A1:B1:47:E5:15:93:22:8A:15:C9:42:AE:A4:2E:F2:C6:91:B6
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019B7F14AB21E05532BC029F779B3C743F07
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Ux2hsUflFZMiihXJQq6kLvLGkbY.roa
Signing time:             Fri 02 Jan 2026 14:20:19 +0000
ROA not before:           Fri 02 Jan 2026 14:20:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24693
IP address blocks:        85.95.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:ab:21:e0:55:32:bc:02:9f:77:9b:3c:74:3f:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 14:20:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=531da1b147e51593228a15c942aea42ef2c691b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:dd:65:c3:1d:61:d5:b8:1e:a4:67:b3:78:9e:
                    7c:88:74:3b:b9:e2:76:7d:61:d6:b5:44:52:f1:7d:
                    70:38:06:10:9e:4b:f0:f9:d9:4f:d7:34:f8:90:31:
                    19:02:37:a3:89:cc:54:40:1f:7f:3e:e3:fd:70:25:
                    c4:97:4a:3b:99:3b:71:bb:a4:e7:e4:54:6d:39:8b:
                    fd:4d:08:44:73:bb:75:1a:24:f3:75:2a:db:7d:9a:
                    8e:59:98:86:f6:7c:48:26:b4:95:af:29:95:75:9c:
                    9a:90:7f:9e:9a:ef:84:ef:99:19:80:1f:4a:0a:1a:
                    27:97:1a:7a:67:1c:2a:46:7b:fb:ee:63:d1:36:cb:
                    d4:f6:c7:e7:13:a0:46:cb:d9:ee:86:25:34:af:99:
                    c5:9e:e8:dd:11:eb:11:e7:ea:dd:e4:48:1e:98:d2:
                    a9:26:b4:68:8e:ed:ff:cc:2b:d1:cc:cd:e9:52:46:
                    c8:8e:67:92:ca:24:4f:7a:df:b1:13:bf:c4:28:27:
                    9c:34:64:22:9d:f5:dc:b6:17:8f:5b:c3:cc:bf:5f:
                    02:88:c1:79:b6:eb:35:d3:7e:b4:e5:d6:ce:90:bd:
                    a1:2c:a7:4f:c3:ac:a1:46:cc:cd:2b:62:42:a8:21:
                    cb:5f:f9:6b:da:c0:4f:7d:00:78:df:46:b2:f8:6a:
                    ed:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:1D:A1:B1:47:E5:15:93:22:8A:15:C9:42:AE:A4:2E:F2:C6:91:B6
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/Ux2hsUflFZMiihXJQq6kLvLGkbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.95.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:46:cc:1b:c0:cf:02:47:16:23:8d:02:77:99:fd:2e:16:21:
         25:3c:1d:58:d3:f9:64:72:ae:a6:fc:26:f0:0a:19:7a:0a:77:
         85:82:56:66:a2:bc:79:83:38:3d:08:55:9e:29:62:af:3a:3e:
         bc:9d:01:2b:fe:ec:7e:12:00:e1:5f:72:57:53:9b:a9:0c:64:
         cd:c4:0b:95:a6:b1:b4:f5:db:30:67:58:62:ff:64:6d:bf:71:
         22:63:e3:47:82:68:af:41:62:7c:20:5f:7d:fd:63:50:91:49:
         75:6c:66:c8:23:6a:8f:25:f5:2b:30:e8:5c:59:26:0f:16:8a:
         fa:cb:da:4d:1a:b6:25:b5:aa:3b:a0:c3:4f:df:ef:3d:c1:f7:
         bb:63:d7:84:3e:51:91:cb:50:71:1c:3d:88:eb:23:39:35:0c:
         ee:b7:3a:00:18:7c:0a:7a:70:20:80:17:2c:af:d9:63:c3:49:
         fc:bc:0a:75:0d:c4:fd:6a:d7:23:64:32:f7:d8:22:bc:1b:00:
         2c:3e:96:12:48:9d:e3:e2:5a:c6:86:69:37:e0:3f:66:c2:05:
         1a:56:9a:9c:0d:d2:c0:54:cd:72:0b:31:35:5e:f6:79:6b:db:
         a6:84:6f:fd:d4:81:b2:82:f5:d9:91:2d:64:f8:ec:5e:ef:44:
         09:8f:e9:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FKsh4FUyvAKfd5s8dD8HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwMTAyMTQyMDE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzFkYTFiMTQ3ZTUxNTkzMjI4YTE1Yzk0MmFlYTQyZWYyYzY5MWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkd1lwx1h1bgepGezeJ58iHQ7ueJ2
fWHWtURS8X1wOAYQnkvw+dlP1zT4kDEZAjejicxUQB9/PuP9cCXEl0o7mTtxu6Tn
5FRtOYv9TQhEc7t1GiTzdSrbfZqOWZiG9nxIJrSVrymVdZyakH+emu+E75kZgB9K
Chonlxp6ZxwqRnv77mPRNsvU9sfnE6BGy9nuhiU0r5nFnujdEesR5+rd5EgemNKp
JrRoju3/zCvRzM3pUkbIjmeSyiRPet+xE7/EKCecNGQinfXcthePW8PMv18CiMF5
tus103605dbOkL2hLKdPw6yhRszNK2JCqCHLX/lr2sBPfQB430ay+GrtKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMdobFH5RWTIooVyUKupC7yxpG2MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvVXgyaHNVZmxGWk1paWhYSlFxNmtMdkxHa2JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVV9QMA0G
CSqGSIb3DQEBCwUAA4IBAQDPRswbwM8CRxYjjQJ3mf0uFiElPB1Y0/lkcq6m/Cbw
Chl6CneFglZmorx5gzg9CFWeKWKvOj68nQEr/ux+EgDhX3JXU5upDGTNxAuVprG0
9dswZ1hi/2Rtv3EiY+NHgmivQWJ8IF99/WNQkUl1bGbII2qPJfUrMOhcWSYPFor6
y9pNGrYltao7oMNP3+89wfe7Y9eEPlGRy1BxHD2I6yM5NQzutzoAGHwKenAggBcs
r9ljw0n8vAp1DcT9atcjZDL32CK8GwAsPpYSSJ3j4lrGhmk34D9mwgUaVpqcDdLA
VM1yCzE1XvZ5a9umhG/91IGygvXZkS1k+Oxe70QJj+no
-----END CERTIFICATE-----