This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/b491e0-1941-4273-9a25-922e224459fb/1/UcfLZ7L91GVWjLGWEYmlJV2c10o.roa
File:                     UcfLZ7L91GVWjLGWEYmlJV2c10o.roa (raw, json)
Hash identifier:          uVZ/PpG6ROCuILZTxmMA8qXeD47uyabcF2INsekoGNc=
Subject key identifier:   51:C7:CB:67:B2:FD:D4:65:56:8C:B1:96:11:89:A5:25:5D:9C:D7:4A
Certificate issuer:       /CN=dea4a507ad15865a0b2eec09ebb4e75457f4018b
Certificate serial:       019B7AC8CFE17C7DEFAFF42F2E4FF72A9428
Authority key identifier: DE:A4:A5:07:AD:15:86:5A:0B:2E:EC:09:EB:B4:E7:54:57:F4:01:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3qSlB60VhloLLuwJ67TnVFf0AYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/b491e0-1941-4273-9a25-922e224459fb/1/UcfLZ7L91GVWjLGWEYmlJV2c10o.roa
Signing time:             Thu 01 Jan 2026 18:18:59 +0000
ROA not before:           Thu 01 Jan 2026 18:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     45593
IP address blocks:        79.170.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/b491e0-1941-4273-9a25-922e224459fb/1/3qSlB60VhloLLuwJ67TnVFf0AYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/b491e0-1941-4273-9a25-922e224459fb/1/3qSlB60VhloLLuwJ67TnVFf0AYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3qSlB60VhloLLuwJ67TnVFf0AYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:cf:e1:7c:7d:ef:af:f4:2f:2e:4f:f7:2a:94:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dea4a507ad15865a0b2eec09ebb4e75457f4018b
        Validity
            Not Before: Jan  1 18:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=51c7cb67b2fdd465568cb1961189a5255d9cd74a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:16:f3:c0:33:8f:22:88:b3:5b:48:f9:a9:cf:
                    dc:9c:3f:73:83:6b:b5:19:7e:cc:e3:0c:ed:ce:52:
                    41:e8:41:76:11:23:e5:53:7a:84:a6:39:07:65:86:
                    89:e4:65:cb:a5:9c:72:f7:90:a1:a4:ee:59:78:a9:
                    8e:35:8b:8d:9d:b3:4e:29:6d:ed:86:d4:50:7d:b0:
                    2e:ca:f5:f2:90:b6:7a:ec:0f:db:60:61:ca:ee:86:
                    e4:6c:01:d9:00:ca:3c:f0:2f:ea:d1:c3:a3:fb:75:
                    fe:90:ac:50:66:66:48:f0:75:23:c1:99:39:89:61:
                    12:96:f5:04:82:d1:f4:06:f7:8a:b8:69:8e:9e:53:
                    be:77:b1:65:99:ab:1c:2b:44:95:d2:25:64:a1:16:
                    0a:22:70:00:e8:c6:54:19:60:3a:b0:0d:c3:cc:09:
                    17:d4:1c:c2:47:b4:4c:83:fc:13:a9:92:90:f7:c4:
                    82:ed:a4:57:bd:04:7f:94:fb:c5:52:89:47:2f:95:
                    6b:86:12:1c:4f:6a:c4:33:29:6f:a2:30:d2:8d:e9:
                    54:05:7b:54:05:dd:dc:40:7b:bf:6a:5b:8e:29:37:
                    8f:be:46:d0:66:c5:d7:1a:d0:f9:08:b7:ba:07:af:
                    bd:85:df:c9:5e:b7:8f:a9:6a:25:b9:a9:6c:d0:86:
                    48:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:C7:CB:67:B2:FD:D4:65:56:8C:B1:96:11:89:A5:25:5D:9C:D7:4A
            X509v3 Authority Key Identifier:
                keyid:DE:A4:A5:07:AD:15:86:5A:0B:2E:EC:09:EB:B4:E7:54:57:F4:01:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3qSlB60VhloLLuwJ67TnVFf0AYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b491e0-1941-4273-9a25-922e224459fb/1/UcfLZ7L91GVWjLGWEYmlJV2c10o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/b491e0-1941-4273-9a25-922e224459fb/1/3qSlB60VhloLLuwJ67TnVFf0AYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.170.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:99:90:04:8d:a7:69:1f:95:a5:4f:9a:40:12:39:e4:57:c7:
         40:fc:43:d1:f4:cd:28:92:2b:1f:8c:f2:8f:49:94:f3:82:0d:
         74:a2:67:d1:11:8c:56:b4:bb:23:9a:8b:03:ed:d3:ae:6d:7c:
         e5:88:ab:90:e5:a1:3c:23:33:db:3d:8d:14:d2:87:8d:f2:96:
         69:da:c4:2b:e6:d4:0c:96:d1:e6:ac:5d:e4:e0:a9:71:bd:17:
         a3:20:96:0d:4e:1b:3a:b1:b7:b7:d9:e3:62:d3:c3:4c:90:04:
         0e:9f:29:f1:e0:b7:36:63:6e:f0:c7:0b:54:a5:c6:dc:6d:82:
         05:d9:f0:45:36:fd:c8:53:22:8e:72:bc:4b:17:34:0a:ca:b0:
         f3:22:36:5c:b2:0a:fd:27:26:0e:0c:9c:bf:90:68:8f:e2:c5:
         47:ef:b9:93:72:0e:ff:a4:d5:19:96:68:94:39:62:09:21:c8:
         67:98:24:f3:2e:7d:20:e1:c4:57:23:44:e8:ee:70:a0:5c:0a:
         de:d9:35:63:7d:1d:0a:15:09:03:20:5c:0f:60:c8:37:2f:2b:
         d1:7c:c2:ac:87:c4:c8:e9:92:1b:c2:03:b5:45:35:da:a9:e5:
         59:6b:fe:04:74:b2:70:92:f0:11:e6:b3:55:30:ac:dc:cf:af:
         7e:5b:ab:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yM/hfH3vr/QvLk/3KpQoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlYTRhNTA3YWQxNTg2NWEwYjJlZWMwOWViYjRlNzU0NTdm
NDAxOGIwHhcNMjYwMTAxMTgxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWM3Y2I2N2IyZmRkNDY1NTY4Y2IxOTYxMTg5YTUyNTVkOWNkNzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6BbzwDOPIoizW0j5qc/cnD9zg2u1
GX7M4wztzlJB6EF2ESPlU3qEpjkHZYaJ5GXLpZxy95ChpO5ZeKmONYuNnbNOKW3t
htRQfbAuyvXykLZ67A/bYGHK7obkbAHZAMo88C/q0cOj+3X+kKxQZmZI8HUjwZk5
iWESlvUEgtH0BveKuGmOnlO+d7FlmascK0SV0iVkoRYKInAA6MZUGWA6sA3DzAkX
1BzCR7RMg/wTqZKQ98SC7aRXvQR/lPvFUolHL5VrhhIcT2rEMylvojDSjelUBXtU
Bd3cQHu/aluOKTePvkbQZsXXGtD5CLe6B6+9hd/JXrePqWoluals0IZIXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFHHy2ey/dRlVoyxlhGJpSVdnNdKMB8GA1UdIwQY
MBaAFN6kpQetFYZaCy7sCeu051RX9AGLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3FTbEI2MFZobG9MTHV3SjY3VG5WRmYwQVlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9iNDkxZTAtMTk0MS00MjczLTlhMjUt
OTIyZTIyNDQ1OWZiLzEvVWNmTFo3TDkxR1ZXakxHV0VZbWxKVjJjMTBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9iNDkxZTAtMTk0MS00MjczLTlhMjUtOTIyZTIyNDQ1OWZi
LzEvM3FTbEI2MFZobG9MTHV3SjY3VG5WRmYwQVlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT6olMA0G
CSqGSIb3DQEBCwUAA4IBAQBUmZAEjadpH5WlT5pAEjnkV8dA/EPR9M0okisfjPKP
SZTzgg10omfREYxWtLsjmosD7dOubXzliKuQ5aE8IzPbPY0U0oeN8pZp2sQr5tQM
ltHmrF3k4KlxvRejIJYNThs6sbe32eNi08NMkAQOnynx4Lc2Y27wxwtUpcbcbYIF
2fBFNv3IUyKOcrxLFzQKyrDzIjZcsgr9JyYODJy/kGiP4sVH77mTcg7/pNUZlmiU
OWIJIchnmCTzLn0g4cRXI0To7nCgXAre2TVjfR0KFQkDIFwPYMg3LyvRfMKsh8TI
6ZIbwgO1RTXaqeVZa/4EdLJwkvAR5rNVMKzcz69+W6vy
-----END CERTIFICATE-----