This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/UsXARVO0ku9iIm3C-vStGeFRLlc.roa
File:                     UsXARVO0ku9iIm3C-vStGeFRLlc.roa (raw, json)
Hash identifier:          Za1raUPPBFhNuB0MNODIseZi3+2ddIMhH5cJ3c+pEH0=
Subject key identifier:   52:C5:C0:45:53:B4:92:EF:62:22:6D:C2:FA:F4:AD:19:E1:51:2E:57
Certificate issuer:       /CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
Certificate serial:       019B7758ED9B794D10EF70BF53313898A690
Authority key identifier: 93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/UsXARVO0ku9iIm3C-vStGeFRLlc.roa
Signing time:             Thu 01 Jan 2026 02:17:55 +0000
ROA not before:           Thu 01 Jan 2026 02:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39344
IP address blocks:        91.205.196.0/23 maxlen: 24
                          91.205.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:ed:9b:79:4d:10:ef:70:bf:53:31:38:98:a6:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
        Validity
            Not Before: Jan  1 02:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=52c5c04553b492ef62226dc2faf4ad19e1512e57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:0b:55:2f:44:78:13:01:17:e9:7c:65:3a:58:
                    94:a9:93:cd:57:8f:44:3b:2b:c2:0f:46:a4:ab:cf:
                    33:35:bf:ef:68:f5:a6:6c:ca:b1:2e:bf:48:07:f5:
                    b8:10:3a:c3:e8:7e:21:8b:84:a2:d5:06:f0:7f:10:
                    df:3b:21:15:ff:f0:91:1b:d8:82:65:ef:a7:02:c8:
                    08:3a:4b:74:ca:38:f7:19:f6:7c:e2:f9:a9:26:58:
                    fa:4e:fd:22:44:b4:af:ac:d4:48:ca:42:70:a7:f1:
                    f8:dc:50:67:b5:5c:56:fc:71:99:82:a4:7f:e6:bd:
                    87:06:06:84:fc:43:ae:8f:52:e4:75:30:a5:16:b4:
                    fc:4b:dc:fb:e9:30:a1:41:d6:00:f7:c7:92:3e:6d:
                    24:c4:31:12:c3:74:91:9b:37:8d:56:a9:aa:82:dd:
                    65:c2:6c:f6:23:8d:f8:07:34:c2:ff:44:f3:af:1f:
                    fe:76:db:8c:2c:57:c3:9d:e3:e9:79:2b:20:cb:a9:
                    fa:7a:b5:8e:be:da:11:65:ee:d4:ff:6d:c8:39:9b:
                    9f:80:a3:28:aa:3f:ba:b8:cf:b4:fa:0e:8d:37:87:
                    5f:1d:b1:4f:8f:ac:cd:08:8a:9f:7b:60:5a:1e:2e:
                    15:98:78:28:28:4b:59:3c:7e:2d:18:34:ad:25:0d:
                    2a:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:C5:C0:45:53:B4:92:EF:62:22:6D:C2:FA:F4:AD:19:E1:51:2E:57
            X509v3 Authority Key Identifier:
                keyid:93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/UsXARVO0ku9iIm3C-vStGeFRLlc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:8f:a1:5d:62:0d:fd:dc:1d:71:98:1d:b0:22:3c:53:90:7a:
         82:7a:29:11:f9:24:98:e7:6f:79:4d:d9:04:29:75:3d:91:ea:
         7a:59:cb:4c:dc:f4:2e:e8:3f:34:8f:24:58:8b:e2:be:bf:73:
         bc:92:d4:32:92:a8:6d:c3:3b:fa:c6:ad:e9:9e:2d:ec:f8:97:
         c3:d1:44:e8:92:f2:56:8a:35:81:e3:09:0c:1d:ef:1b:a7:04:
         4c:c1:53:bd:d2:0f:4d:07:79:c9:eb:29:24:78:27:d3:48:e8:
         f9:41:a3:a3:8a:78:56:e8:a1:ad:cc:bd:ba:f0:5e:92:c4:3b:
         48:96:b0:93:04:e9:db:0d:63:bb:3e:0a:09:fc:12:6e:e1:ca:
         e6:6a:c3:db:45:36:1d:8c:68:ce:8e:0d:f1:e9:d7:64:f8:3a:
         57:07:40:f0:86:9d:02:91:32:52:46:14:08:cf:8f:68:9e:ff:
         a3:e2:f2:01:26:f2:b2:dd:3b:80:d0:2b:b2:67:a1:e3:d5:3d:
         39:5f:42:31:0d:93:fd:25:9b:f2:ad:23:12:56:b8:b0:be:1f:
         5a:5d:b5:c5:60:c4:b2:0f:18:da:1a:05:82:a4:43:3f:98:88:
         c0:32:d2:a9:92:c5:53:ce:10:ec:0d:84:f2:05:6a:1f:c4:4b:
         e5:19:0e:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WO2beU0Q73C/UzE4mKaQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZThmNGVkNWRkMDYzMDFjNDIzOTg4ZTc4NmRhYmY1MWM1
ZjU2NzQwHhcNMjYwMTAxMDIxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmM1YzA0NTUzYjQ5MmVmNjIyMjZkYzJmYWY0YWQxOWUxNTEyZTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyAtVL0R4EwEX6XxlOliUqZPNV49E
OyvCD0akq88zNb/vaPWmbMqxLr9IB/W4EDrD6H4hi4Si1QbwfxDfOyEV//CRG9iC
Ze+nAsgIOkt0yjj3GfZ84vmpJlj6Tv0iRLSvrNRIykJwp/H43FBntVxW/HGZgqR/
5r2HBgaE/EOuj1LkdTClFrT8S9z76TChQdYA98eSPm0kxDESw3SRmzeNVqmqgt1l
wmz2I434BzTC/0Tzrx/+dtuMLFfDnePpeSsgy6n6erWOvtoRZe7U/23IOZufgKMo
qj+6uM+0+g6NN4dfHbFPj6zNCIqfe2BaHi4VmHgoKEtZPH4tGDStJQ0qtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFLFwEVTtJLvYiJtwvr0rRnhUS5XMB8GA1UdIwQY
MBaAFJPo9O1d0GMBxCOYjnhtq/UcX1Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQt
MWZjMTllYTczYTJhLzEvVXNYQVJWTzBrdTlpSW0zQy12U3RHZUZSTGxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQtMWZjMTllYTczYTJh
LzEvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW83EMA0G
CSqGSIb3DQEBCwUAA4IBAQAjj6FdYg393B1xmB2wIjxTkHqCeikR+SSY5295TdkE
KXU9kep6WctM3PQu6D80jyRYi+K+v3O8ktQykqhtwzv6xq3pni3s+JfD0UTokvJW
ijWB4wkMHe8bpwRMwVO90g9NB3nJ6ykkeCfTSOj5QaOjinhW6KGtzL268F6SxDtI
lrCTBOnbDWO7PgoJ/BJu4crmasPbRTYdjGjOjg3x6ddk+DpXB0Dwhp0CkTJSRhQI
z49onv+j4vIBJvKy3TuA0CuyZ6Hj1T05X0IxDZP9JZvyrSMSVriwvh9aXbXFYMSy
DxjaGgWCpEM/mIjAMtKpksVTzhDsDYTyBWofxEvlGQ42
-----END CERTIFICATE-----