This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/UX21t3Eucdp3Z3xzsP-3n91_r9g.roa
File:                     UX21t3Eucdp3Z3xzsP-3n91_r9g.roa (raw, json)
Hash identifier:          ZavW4AA+x7nFJ2Pn5B6nZ5RKsCyjyFrDNIaHmQXMEn8=
Subject key identifier:   51:7D:B5:B7:71:2E:71:DA:77:67:7C:73:B0:FF:B7:9F:DD:7F:AF:D8
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       019AA0DA23232154B87DCC4214DD608D281D
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/UX21t3Eucdp3Z3xzsP-3n91_r9g.roa
Signing time:             Thu 20 Nov 2025 10:40:41 +0000
ROA not before:           Thu 20 Nov 2025 10:40:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29076
IP address blocks:        212.22.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 21:29:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:a0:da:23:23:21:54:b8:7d:cc:42:14:dd:60:8d:28:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Nov 20 10:40:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=517db5b7712e71da77677c73b0ffb79fdd7fafd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:74:7a:44:aa:08:ef:6a:b7:fc:a2:4f:d1:69:
                    e4:91:98:f8:cd:f8:4f:85:70:72:10:0c:2a:f8:6d:
                    84:f4:a5:5e:4c:bb:54:53:68:fb:73:d4:ce:ae:55:
                    9d:18:c1:ed:8c:6c:2a:b9:d2:8d:49:92:9f:78:81:
                    ad:80:4c:cd:14:1a:c0:75:1c:df:07:1f:e2:c9:08:
                    63:3e:a6:ab:79:f3:7c:61:30:ee:d8:4a:60:bd:ad:
                    6f:d5:cc:69:7e:65:7d:e9:80:3e:ed:31:94:e7:63:
                    6f:ff:35:e3:28:b9:50:b8:8a:e6:78:a1:19:3e:b7:
                    52:a3:35:ab:85:c9:49:76:dc:01:45:11:d4:03:1b:
                    a2:8b:65:5b:4d:47:c6:2f:d9:d5:38:43:4d:a8:d3:
                    0f:7f:54:13:20:74:01:ea:c2:b9:90:16:bc:63:70:
                    ff:d6:e3:5c:63:7b:8a:db:6a:93:c4:28:79:27:83:
                    4c:65:2d:e4:fa:dc:ff:c9:73:c6:f2:3c:2e:bc:6a:
                    3b:ef:0b:73:61:23:71:93:7b:59:62:72:e3:06:fb:
                    01:8a:8f:ed:5a:16:49:63:98:4e:5c:5f:17:ee:f1:
                    1d:91:64:99:25:39:82:94:71:6c:3e:8e:09:8b:35:
                    91:b8:e6:f7:34:24:ff:3c:fe:50:49:de:46:de:69:
                    4b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:7D:B5:B7:71:2E:71:DA:77:67:7C:73:B0:FF:B7:9F:DD:7F:AF:D8
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/UX21t3Eucdp3Z3xzsP-3n91_r9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:0b:6a:03:a3:28:b5:88:0f:1b:88:1e:8e:78:04:52:45:31:
         b6:95:8c:50:a1:45:52:1e:4e:0e:68:1b:64:7f:67:de:aa:a1:
         90:ba:90:31:2d:33:d2:bd:2b:6b:70:ac:43:0d:e4:5b:a5:32:
         d0:4a:33:d8:31:fd:69:be:99:d4:95:a5:02:0f:39:2e:9a:61:
         0c:d8:27:4c:1e:25:9b:e3:9a:c5:c4:41:c0:8e:cf:04:80:4c:
         27:7c:8e:36:bc:5a:d0:6e:38:d3:8c:76:3f:ee:bc:2b:18:94:
         cf:cd:1e:d6:1d:38:75:0e:be:eb:bc:29:0b:33:4b:60:4a:e2:
         d3:26:34:57:b9:a1:37:1a:25:c4:ec:85:bf:a0:c7:00:65:7b:
         97:9d:8e:62:8b:19:d7:98:6a:3f:ba:1f:ed:2e:48:a5:00:74:
         98:e7:ca:8d:f1:2e:c1:37:3a:bf:56:ae:a2:7e:44:2e:07:1c:
         9a:b5:db:7e:10:4e:fb:84:f5:8e:c2:07:9b:45:2c:30:4e:ff:
         e6:91:73:c9:1a:d3:05:4a:27:45:11:78:05:45:fe:ee:50:24:
         eb:66:39:44:fb:f8:de:1b:3e:fe:b3:8f:27:57:ab:e8:ec:13:
         fd:c9:95:a4:79:6c:17:b6:ba:ab:59:d0:66:e0:02:58:74:d7:
         97:f7:9d:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqg2iMjIVS4fcxCFN1gjSgdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjUxMTIwMTA0MDQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTdkYjViNzcxMmU3MWRhNzc2NzdjNzNiMGZmYjc5ZmRkN2ZhZmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHR6RKoI72q3/KJP0WnkkZj4zfhP
hXByEAwq+G2E9KVeTLtUU2j7c9TOrlWdGMHtjGwqudKNSZKfeIGtgEzNFBrAdRzf
Bx/iyQhjPqarefN8YTDu2Epgva1v1cxpfmV96YA+7TGU52Nv/zXjKLlQuIrmeKEZ
PrdSozWrhclJdtwBRRHUAxuii2VbTUfGL9nVOENNqNMPf1QTIHQB6sK5kBa8Y3D/
1uNcY3uK22qTxCh5J4NMZS3k+tz/yXPG8jwuvGo77wtzYSNxk3tZYnLjBvsBio/t
WhZJY5hOXF8X7vEdkWSZJTmClHFsPo4JizWRuOb3NCT/PP5QSd5G3mlLmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFF9tbdxLnHad2d8c7D/t5/df6/YMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvVVgyMXQzRXVjZHAzWjN4enNQLTNuOTFfcjlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BZJMA0G
CSqGSIb3DQEBCwUAA4IBAQApC2oDoyi1iA8biB6OeARSRTG2lYxQoUVSHk4OaBtk
f2feqqGQupAxLTPSvStrcKxDDeRbpTLQSjPYMf1pvpnUlaUCDzkummEM2CdMHiWb
45rFxEHAjs8EgEwnfI42vFrQbjjTjHY/7rwrGJTPzR7WHTh1Dr7rvCkLM0tgSuLT
JjRXuaE3GiXE7IW/oMcAZXuXnY5iixnXmGo/uh/tLkilAHSY58qN8S7BNzq/Vq6i
fkQuBxyatdt+EE77hPWOwgebRSwwTv/mkXPJGtMFSidFEXgFRf7uUCTrZjlE+/je
Gz7+s48nV6vo7BP9yZWkeWwXtrqrWdBm4AJYdNeX952F
-----END CERTIFICATE-----