This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/0uGMWn-6qLETw1Tsea08buY56yc.roa
File:                     0uGMWn-6qLETw1Tsea08buY56yc.roa (raw, json)
Hash identifier:          tc8AkMIM4M5DkBfOSm7kKlSe6Ya+8Y9DlNTqsSSUjFI=
Subject key identifier:   D2:E1:8C:5A:7F:BA:A8:B1:13:C3:54:EC:79:AD:3C:6E:E6:39:EB:27
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019A9D878D582FC3933B66E559B216387EE2
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/0uGMWn-6qLETw1Tsea08buY56yc.roa
Signing time:             Wed 19 Nov 2025 19:11:37 +0000
ROA not before:           Wed 19 Nov 2025 19:11:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199058
IP address blocks:        158.173.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 02:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:9d:87:8d:58:2f:c3:93:3b:66:e5:59:b2:16:38:7e:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Nov 19 19:11:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2e18c5a7fbaa8b113c354ec79ad3c6ee639eb27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a7:b1:e5:06:02:22:e3:9a:0d:0c:b9:2b:bf:
                    88:6b:89:8f:bd:c7:87:e8:d8:6a:47:93:67:6a:1d:
                    47:18:88:8d:7f:51:ae:a8:1f:ff:8d:20:31:cd:b5:
                    a4:85:22:76:0e:68:7c:1c:96:39:f8:5c:3c:fc:8b:
                    81:93:bc:59:ae:3e:8a:7b:99:76:90:b1:39:f4:ba:
                    3a:83:46:d1:5c:e7:4e:d5:16:ba:da:34:d9:0f:d8:
                    83:61:39:20:90:b9:76:ac:7e:d4:2d:f2:25:d7:4a:
                    20:9c:54:c1:f0:d0:b2:1d:a9:f5:8c:33:62:1f:07:
                    55:0c:28:fa:ba:7b:91:fd:99:b6:d8:1e:8b:b7:1e:
                    9a:3f:e0:6e:db:04:20:02:f6:77:ad:0a:f2:d8:26:
                    f5:ba:f2:9c:28:c2:66:39:05:b9:98:d1:1a:76:64:
                    ae:8f:ed:da:0b:f6:d7:a2:cd:39:6c:1e:9f:5c:c4:
                    7b:88:c5:1c:05:b0:66:6d:46:a8:15:5d:f1:82:cf:
                    6e:d8:02:c3:1d:60:92:77:1a:96:58:ac:eb:f7:51:
                    e7:35:e2:f7:df:f7:1b:24:15:ae:12:fb:ef:89:89:
                    58:2a:a1:b6:df:1d:d5:08:7d:5c:4e:70:ff:84:d5:
                    1c:99:dc:b6:08:a7:b5:bb:b3:82:5f:83:87:52:d1:
                    15:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:E1:8C:5A:7F:BA:A8:B1:13:C3:54:EC:79:AD:3C:6E:E6:39:EB:27
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/0uGMWn-6qLETw1Tsea08buY56yc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:af:9c:20:bc:5d:df:8f:83:e7:4b:89:c0:69:54:52:d6:11:
         22:44:85:b3:be:33:72:38:9a:9c:d9:35:ce:e0:1e:a1:99:f1:
         dd:0e:1f:d4:48:cd:2d:36:df:6e:2d:ae:1a:ad:b8:62:58:49:
         b4:fd:e3:f5:e6:3e:f2:33:4d:0b:00:db:59:c1:ab:ac:b6:0e:
         40:67:43:5f:aa:06:fd:b8:b8:18:38:1b:ea:b3:ce:4c:73:82:
         e0:08:a2:7b:cb:11:45:b9:9d:d8:5d:a8:f3:78:47:57:4f:2d:
         84:c4:a3:40:cd:64:94:3f:bd:ef:3a:5b:17:b7:c0:a0:e3:d4:
         7b:a0:49:f8:a1:a4:b6:55:46:df:83:fe:69:a0:ab:79:d4:bc:
         49:40:56:fb:0e:98:50:82:2e:47:f6:2b:ce:8d:77:c9:0e:26:
         b4:59:a6:ee:c3:60:32:ef:95:20:15:c9:63:7e:f4:50:af:75:
         eb:45:c9:73:aa:31:ca:71:6b:72:85:05:06:f7:9b:24:d3:9a:
         f9:55:22:2f:0e:6f:30:4b:1f:a9:00:34:67:11:68:e9:df:c6:
         c5:11:27:71:d8:33:17:2a:ab:25:09:86:3b:6d:17:ac:94:17:
         40:d8:b9:9b:0b:a5:e7:3f:7f:9b:a0:69:92:a5:f2:01:2b:6c:
         9a:5c:cc:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqdh41YL8OTO2blWbIWOH7iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUxMTE5MTkxMTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmUxOGM1YTdmYmFhOGIxMTNjMzU0ZWM3OWFkM2M2ZWU2MzllYjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKex5QYCIuOaDQy5K7+Ia4mPvceH
6NhqR5Nnah1HGIiNf1GuqB//jSAxzbWkhSJ2Dmh8HJY5+Fw8/IuBk7xZrj6Ke5l2
kLE59Lo6g0bRXOdO1Ra62jTZD9iDYTkgkLl2rH7ULfIl10ognFTB8NCyHan1jDNi
HwdVDCj6unuR/Zm22B6Ltx6aP+Bu2wQgAvZ3rQry2Cb1uvKcKMJmOQW5mNEadmSu
j+3aC/bXos05bB6fXMR7iMUcBbBmbUaoFV3xgs9u2ALDHWCSdxqWWKzr91HnNeL3
3/cbJBWuEvvviYlYKqG23x3VCH1cTnD/hNUcmdy2CKe1u7OCX4OHUtEVdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNLhjFp/uqixE8NU7HmtPG7mOesnMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvMHVHTVduLTZxTEVUdzFUc2VhMDhidVk1NnljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq3LMA0G
CSqGSIb3DQEBCwUAA4IBAQCCr5wgvF3fj4PnS4nAaVRS1hEiRIWzvjNyOJqc2TXO
4B6hmfHdDh/USM0tNt9uLa4arbhiWEm0/eP15j7yM00LANtZwaustg5AZ0Nfqgb9
uLgYOBvqs85Mc4LgCKJ7yxFFuZ3YXajzeEdXTy2ExKNAzWSUP73vOlsXt8Cg49R7
oEn4oaS2VUbfg/5poKt51LxJQFb7DphQgi5H9ivOjXfJDia0Wabuw2Ay75UgFclj
fvRQr3XrRclzqjHKcWtyhQUG95sk05r5VSIvDm8wSx+pADRnEWjp38bFESdx2DMX
KqslCYY7bReslBdA2LmbC6XnP3+boGmSpfIBK2yaXMxZ
-----END CERTIFICATE-----