This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/uLnMcLcUWRCcXlFm__hvpLThR8I.roa
File:                     uLnMcLcUWRCcXlFm__hvpLThR8I.roa (raw, json)
Hash identifier:          9cjIwPGp5T4I69s6qHAXfiFBjcnsIFbf8F3tONGrGTI=
Subject key identifier:   B8:B9:CC:70:B7:14:59:10:9C:5E:51:66:FF:F8:6F:A4:B4:E1:47:C2
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019B797F2896E5DBE27CA6D0A617DB2D16A0
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/uLnMcLcUWRCcXlFm__hvpLThR8I.roa
Signing time:             Thu 01 Jan 2026 12:18:55 +0000
ROA not before:           Thu 01 Jan 2026 12:18:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49424
IP address blocks:        170.168.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:28:96:e5:db:e2:7c:a6:d0:a6:17:db:2d:16:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Jan  1 12:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b8b9cc70b71459109c5e5166fff86fa4b4e147c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:21:3b:24:95:16:80:62:36:5a:06:6d:d8:f5:
                    e2:38:de:d6:3f:83:3a:bc:69:7c:ad:98:43:69:01:
                    83:b0:55:67:6f:0c:a3:47:5e:a0:12:cc:e5:c1:35:
                    4e:3c:76:c8:6f:ab:6e:bc:87:30:03:1f:2f:76:06:
                    e1:99:d5:10:38:a2:b3:e9:1e:a2:83:2c:60:84:9a:
                    73:f2:7b:0c:b0:68:7e:c3:f9:54:16:29:c5:7b:42:
                    09:c2:89:06:8c:c8:b8:b4:a7:16:b1:d1:6e:67:44:
                    6f:73:9d:57:64:5f:82:5f:d5:3b:0d:a7:8b:21:b3:
                    6f:87:81:1d:5a:6f:a3:1a:1f:ac:50:e0:b1:56:11:
                    0f:86:1d:31:ae:26:34:00:9d:2a:56:83:13:c6:a0:
                    e3:bc:1f:75:f6:5a:5a:07:0b:05:c3:07:1e:3e:37:
                    89:62:77:c1:3d:a7:e4:50:56:74:be:d0:79:87:c3:
                    5a:b3:39:64:80:ec:68:a5:82:7f:e2:e8:43:fd:98:
                    35:84:ca:be:51:ae:3f:e9:46:ea:f0:fa:fc:a0:53:
                    8d:6b:88:a2:05:6c:37:c1:08:f3:56:30:e0:d0:d4:
                    36:93:5b:02:4a:35:a4:2d:75:37:2b:4f:0c:b8:a4:
                    f7:dc:39:d8:8e:3e:0f:1e:2d:92:85:03:88:b4:e6:
                    58:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:B9:CC:70:B7:14:59:10:9C:5E:51:66:FF:F8:6F:A4:B4:E1:47:C2
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/uLnMcLcUWRCcXlFm__hvpLThR8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:d0:56:53:ba:bd:32:5e:13:9a:26:d8:77:3f:21:79:a4:2a:
         97:53:46:3a:6a:84:39:a3:6c:3c:b8:9a:47:ac:c5:24:a0:79:
         5a:0a:b2:05:93:dc:03:19:8f:a0:bb:55:b0:fe:47:48:7f:d8:
         5c:c6:f5:e6:cd:b8:7f:ae:ec:76:01:66:be:b6:63:c4:89:cb:
         c1:bd:6d:0f:00:c1:8c:89:91:2c:ea:8e:be:1a:3d:b3:77:74:
         2a:23:f4:f3:9f:2d:d5:e2:d8:1d:53:c7:07:79:ca:37:60:9b:
         cf:e3:3a:ce:b3:e8:cf:8b:da:1e:29:61:17:58:b9:2b:fc:03:
         6c:18:27:45:e9:4c:e9:b7:11:3a:49:6b:ee:1d:6f:de:0d:89:
         57:a3:eb:12:df:e1:3b:6e:6c:59:13:2d:59:c9:96:6e:00:e5:
         c5:91:0e:3e:1e:d8:a1:dd:d9:bd:04:ba:7d:eb:37:d5:a7:fb:
         c1:93:c7:2d:d9:d2:48:9e:08:88:bf:b1:ec:ec:2e:9f:d1:fe:
         f8:ed:4d:d1:dd:25:03:a0:70:f7:fe:0e:39:a9:6e:a6:75:3b:
         8d:46:84:7a:50:cb:f0:c8:75:6f:b0:4e:1c:e5:e0:bf:c3:d7:
         19:b9:b2:c3:ce:bf:f8:80:54:94:fd:51:ae:c1:43:7c:33:aa:
         ca:4d:cf:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fyiW5dvifKbQphfbLRagMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwMTAxMTIxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGI5Y2M3MGI3MTQ1OTEwOWM1ZTUxNjZmZmY4NmZhNGI0ZTE0N2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9CE7JJUWgGI2WgZt2PXiON7WP4M6
vGl8rZhDaQGDsFVnbwyjR16gEszlwTVOPHbIb6tuvIcwAx8vdgbhmdUQOKKz6R6i
gyxghJpz8nsMsGh+w/lUFinFe0IJwokGjMi4tKcWsdFuZ0Rvc51XZF+CX9U7DaeL
IbNvh4EdWm+jGh+sUOCxVhEPhh0xriY0AJ0qVoMTxqDjvB919lpaBwsFwwcePjeJ
YnfBPafkUFZ0vtB5h8NaszlkgOxopYJ/4uhD/Zg1hMq+Ua4/6Ubq8Pr8oFONa4ii
BWw3wQjzVjDg0NQ2k1sCSjWkLXU3K08MuKT33DnYjj4PHi2ShQOItOZYcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLi5zHC3FFkQnF5RZv/4b6S04UfCMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvdUxuTWNMY1VXUkNjWGxGbV9faHZwTFRoUjhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqg8MA0G
CSqGSIb3DQEBCwUAA4IBAQB90FZTur0yXhOaJth3PyF5pCqXU0Y6aoQ5o2w8uJpH
rMUkoHlaCrIFk9wDGY+gu1Ww/kdIf9hcxvXmzbh/rux2AWa+tmPEicvBvW0PAMGM
iZEs6o6+Gj2zd3QqI/Tzny3V4tgdU8cHeco3YJvP4zrOs+jPi9oeKWEXWLkr/ANs
GCdF6UzptxE6SWvuHW/eDYlXo+sS3+E7bmxZEy1ZyZZuAOXFkQ4+Htih3dm9BLp9
6zfVp/vBk8ct2dJIngiIv7Hs7C6f0f747U3R3SUDoHD3/g45qW6mdTuNRoR6UMvw
yHVvsE4c5eC/w9cZubLDzr/4gFSU/VGuwUN8M6rKTc9a
-----END CERTIFICATE-----