This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/uGcdeOeH2FGE8oSm_emFftbBDBI.roa
File:                     uGcdeOeH2FGE8oSm_emFftbBDBI.roa (raw, json)
Hash identifier:          K6Jsrsz0fx7XMWqDVYW8cVOMG7U2AmGR+nHljnd4RYQ=
Subject key identifier:   B8:67:1D:78:E7:87:D8:51:84:F2:84:A6:FD:E9:85:7E:D6:C1:0C:12
Certificate issuer:       /CN=843d1afcf13bd2117d47df683e40a63287004cfe
Certificate serial:       019B7EA64FE5B87999FB684DC161E286FEBC
Authority key identifier: 84:3D:1A:FC:F1:3B:D2:11:7D:47:DF:68:3E:40:A6:32:87:00:4C:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hD0a_PE70hF9R99oPkCmMocATP4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/uGcdeOeH2FGE8oSm_emFftbBDBI.roa
Signing time:             Fri 02 Jan 2026 12:19:47 +0000
ROA not before:           Fri 02 Jan 2026 12:19:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43824
IP address blocks:        45.142.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/hD0a_PE70hF9R99oPkCmMocATP4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/hD0a_PE70hF9R99oPkCmMocATP4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hD0a_PE70hF9R99oPkCmMocATP4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:4f:e5:b8:79:99:fb:68:4d:c1:61:e2:86:fe:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=843d1afcf13bd2117d47df683e40a63287004cfe
        Validity
            Not Before: Jan  2 12:19:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b8671d78e787d85184f284a6fde9857ed6c10c12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:7f:0b:70:37:29:da:21:14:51:24:7f:1c:fb:
                    bb:78:31:60:1b:c2:2a:18:6e:d5:1f:48:09:d9:59:
                    74:54:bb:0b:ab:6b:19:ca:33:7e:23:30:7a:bc:ea:
                    c3:39:c8:94:34:b3:03:a7:ac:ef:64:bc:93:50:7c:
                    a9:2f:ba:25:aa:f5:d2:bb:a2:3d:e9:aa:55:48:cf:
                    46:8b:c2:09:0f:e6:2e:bf:d8:4a:03:03:6d:3b:f9:
                    6b:ab:ff:21:ff:ba:84:e7:83:b1:56:74:4d:93:6f:
                    49:fe:49:51:2e:18:f7:af:29:71:1e:fd:32:37:75:
                    5a:61:73:65:3a:a6:9a:49:b0:3d:29:d2:06:a0:9b:
                    6e:ac:1e:e8:68:48:54:1d:5c:8e:36:90:db:2d:cc:
                    67:1f:9b:96:15:e3:28:09:a2:58:5b:73:34:29:d4:
                    2e:11:6e:5f:b4:dd:82:ae:b1:e2:7c:22:d2:2d:66:
                    be:f3:49:fb:10:e8:97:7d:a2:3d:23:fd:88:1a:ee:
                    69:00:e8:6c:58:fe:15:93:cf:bf:5d:22:d2:04:6c:
                    56:82:6f:af:4b:1b:ed:ad:67:79:82:4e:ea:03:5e:
                    0f:03:99:01:49:f1:56:96:7e:8a:58:c2:32:01:4e:
                    17:ce:47:0f:e8:57:4e:aa:33:6e:05:ef:8d:4f:4f:
                    ca:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:67:1D:78:E7:87:D8:51:84:F2:84:A6:FD:E9:85:7E:D6:C1:0C:12
            X509v3 Authority Key Identifier:
                keyid:84:3D:1A:FC:F1:3B:D2:11:7D:47:DF:68:3E:40:A6:32:87:00:4C:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hD0a_PE70hF9R99oPkCmMocATP4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/uGcdeOeH2FGE8oSm_emFftbBDBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/hD0a_PE70hF9R99oPkCmMocATP4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:5f:03:10:2d:23:23:ba:b3:de:0d:33:7a:f3:d9:51:af:05:
         d2:67:b8:4e:e8:1b:9f:3f:1b:e7:52:ee:11:bb:d9:40:3e:85:
         10:c9:8d:50:d8:fa:43:84:83:e9:3f:54:92:0b:19:9a:d4:fc:
         01:60:d1:3e:01:b7:4b:1e:77:01:2f:3e:18:01:64:40:0d:97:
         72:74:a1:4f:dd:3d:1f:15:f3:37:5c:02:a4:4b:98:8e:b9:35:
         0e:f7:17:d2:db:91:c8:df:2c:76:a3:78:a5:20:e2:d2:d0:e3:
         ea:fb:a2:ce:03:48:eb:d0:77:d9:22:9d:ce:9e:bc:df:a1:af:
         e2:8a:b7:f4:0e:4c:ba:3c:9a:5e:f1:05:ab:1a:64:0f:12:8a:
         52:05:e4:2a:5f:68:25:14:fe:93:b4:22:c3:d4:dd:6d:86:b8:
         f8:fd:eb:70:08:45:de:1c:76:77:d1:2b:6f:a3:79:1e:b2:bf:
         ea:21:e6:98:42:a2:15:ab:96:f9:02:49:8c:d6:c7:ba:d9:be:
         f5:6d:d9:83:52:7d:7a:40:ce:9d:53:08:31:a4:35:5b:7a:10:
         89:e0:42:b2:1f:ec:a3:1d:d4:3d:48:e2:4a:af:00:40:b6:d8:
         bf:b9:10:bd:3b:c2:63:aa:5b:ef:62:84:9c:42:7d:91:1a:61:
         ad:15:c2:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pk/luHmZ+2hNwWHihv68MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0M2QxYWZjZjEzYmQyMTE3ZDQ3ZGY2ODNlNDBhNjMyODcw
MDRjZmUwHhcNMjYwMTAyMTIxOTQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODY3MWQ3OGU3ODdkODUxODRmMjg0YTZmZGU5ODU3ZWQ2YzEwYzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy38LcDcp2iEUUSR/HPu7eDFgG8Iq
GG7VH0gJ2Vl0VLsLq2sZyjN+IzB6vOrDOciUNLMDp6zvZLyTUHypL7olqvXSu6I9
6apVSM9Gi8IJD+Yuv9hKAwNtO/lrq/8h/7qE54OxVnRNk29J/klRLhj3rylxHv0y
N3VaYXNlOqaaSbA9KdIGoJturB7oaEhUHVyONpDbLcxnH5uWFeMoCaJYW3M0KdQu
EW5ftN2CrrHifCLSLWa+80n7EOiXfaI9I/2IGu5pAOhsWP4Vk8+/XSLSBGxWgm+v
SxvtrWd5gk7qA14PA5kBSfFWln6KWMIyAU4XzkcP6FdOqjNuBe+NT0/KowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLhnHXjnh9hRhPKEpv3phX7WwQwSMB8GA1UdIwQY
MBaAFIQ9GvzxO9IRfUffaD5ApjKHAEz+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEQwYV9QRTcwaEY5Ujk5b1BrQ21Nb2NBVFA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS8xNzMzMDYtMmRiZC00YWQ4LWJkNTEt
YjFmM2JjYzY3YWFlLzEvdUdjZGVPZUgyRkdFOG9TbV9lbUZmdGJCREJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS8xNzMzMDYtMmRiZC00YWQ4LWJkNTEtYjFmM2JjYzY3YWFl
LzEvaEQwYV9QRTcwaEY5Ujk5b1BrQ21Nb2NBVFA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY5XMA0G
CSqGSIb3DQEBCwUAA4IBAQCjXwMQLSMjurPeDTN689lRrwXSZ7hO6BufPxvnUu4R
u9lAPoUQyY1Q2PpDhIPpP1SSCxma1PwBYNE+AbdLHncBLz4YAWRADZdydKFP3T0f
FfM3XAKkS5iOuTUO9xfS25HI3yx2o3ilIOLS0OPq+6LOA0jr0HfZIp3Onrzfoa/i
irf0Dky6PJpe8QWrGmQPEopSBeQqX2glFP6TtCLD1N1thrj4/etwCEXeHHZ30Stv
o3kesr/qIeaYQqIVq5b5AkmM1se62b71bdmDUn16QM6dUwgxpDVbehCJ4EKyH+yj
HdQ9SOJKrwBAtti/uRC9O8JjqlvvYoScQn2RGmGtFcLC
-----END CERTIFICATE-----