This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/ughKvz4zorztqh7yWUjfuuHBP5E.roa
File:                     ughKvz4zorztqh7yWUjfuuHBP5E.roa (raw, json)
Hash identifier:          XOZZpijgX85rlrIVt7kzdBz4Rca7aZetcDWsBATSYMU=
Subject key identifier:   BA:08:4A:BF:3E:33:A2:BC:ED:AA:1E:F2:59:48:DF:BA:E1:C1:3F:91
Certificate issuer:       /CN=1983b02e10ca821bfe1be6e751d92cf73d6d4c0b
Certificate serial:       019B7F1593B794B27EC235A04859791AA759
Authority key identifier: 19:83:B0:2E:10:CA:82:1B:FE:1B:E6:E7:51:D9:2C:F7:3D:6D:4C:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GYOwLhDKghv-G-bnUdks9z1tTAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/ughKvz4zorztqh7yWUjfuuHBP5E.roa
Signing time:             Fri 02 Jan 2026 14:21:18 +0000
ROA not before:           Fri 02 Jan 2026 14:21:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35753
IP address blocks:        194.11.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/GYOwLhDKghv-G-bnUdks9z1tTAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/GYOwLhDKghv-G-bnUdks9z1tTAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GYOwLhDKghv-G-bnUdks9z1tTAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:93:b7:94:b2:7e:c2:35:a0:48:59:79:1a:a7:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1983b02e10ca821bfe1be6e751d92cf73d6d4c0b
        Validity
            Not Before: Jan  2 14:21:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ba084abf3e33a2bcedaa1ef25948dfbae1c13f91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:65:dc:32:80:e8:60:28:ca:3b:d3:48:f0:06:
                    bb:8e:07:a3:1d:bd:83:8c:39:8c:1c:fa:58:d9:73:
                    29:93:f8:8d:55:01:df:23:e3:73:b0:cb:66:95:2f:
                    a1:70:a0:04:13:25:ef:dd:30:e0:c2:b5:1c:30:04:
                    1c:67:ac:7e:33:e4:2b:4f:e0:16:b4:c3:96:2e:60:
                    72:46:4a:20:55:8a:a2:a8:ea:af:f3:02:3b:1d:06:
                    4c:be:8e:a5:04:bf:77:65:c0:c6:c6:84:52:17:a1:
                    b5:fd:04:11:32:10:1d:fe:3e:a9:72:00:d7:43:bf:
                    16:a9:ea:22:9f:d1:c3:ab:f6:1b:6d:f6:f2:aa:2e:
                    b2:97:45:88:c7:4f:49:b8:a4:db:5f:72:68:44:0a:
                    80:1c:c9:02:59:e8:ce:9c:bd:c5:17:b9:7a:2d:0c:
                    51:f5:d2:17:3e:ec:e3:37:8a:96:d5:5d:f3:b8:82:
                    2f:0c:b9:d1:ca:1f:92:80:c4:20:6a:1e:4a:c5:d6:
                    91:ce:ee:1f:c9:00:72:5e:b6:8f:3a:d8:85:66:13:
                    45:73:fb:59:67:32:4e:9a:a9:41:4b:cf:f3:d5:44:
                    23:42:5e:7d:a1:1f:7b:30:b4:f7:61:24:98:21:76:
                    3d:31:e9:27:3a:54:9a:ce:3d:08:56:19:a1:78:95:
                    84:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:08:4A:BF:3E:33:A2:BC:ED:AA:1E:F2:59:48:DF:BA:E1:C1:3F:91
            X509v3 Authority Key Identifier:
                keyid:19:83:B0:2E:10:CA:82:1B:FE:1B:E6:E7:51:D9:2C:F7:3D:6D:4C:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GYOwLhDKghv-G-bnUdks9z1tTAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/ughKvz4zorztqh7yWUjfuuHBP5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/GYOwLhDKghv-G-bnUdks9z1tTAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:c9:fd:f8:73:6c:27:93:2a:5a:9b:2d:90:14:15:a7:db:52:
         c9:c2:bb:28:ab:07:2e:b8:69:b6:7a:61:0a:8b:95:e7:54:66:
         b1:e8:b5:88:de:80:4b:ea:9f:90:06:af:0a:f5:48:73:05:93:
         b1:19:1f:ed:54:bb:bb:98:7e:42:4a:85:b4:57:ba:ca:65:72:
         39:db:6f:59:3a:ce:06:1f:ae:53:71:18:97:02:4d:f9:4b:c8:
         75:28:3a:0b:4f:95:7f:b7:9c:0d:d8:27:a8:ed:3d:05:81:41:
         13:9d:33:e2:3d:a5:24:49:2d:15:2d:53:d4:3f:2d:a2:83:9f:
         6e:a8:fd:c6:34:22:c0:c0:84:d3:53:37:fb:4f:78:52:b7:10:
         b5:b6:2b:5c:a8:a1:16:9a:67:bb:21:71:71:f3:a8:cc:c1:31:
         98:cf:e7:67:bd:fa:3b:0d:e1:56:12:20:3b:7f:2f:14:d8:39:
         72:5f:0f:61:08:c7:29:79:cf:fa:ce:7a:a2:00:1c:b8:cf:b8:
         e2:c4:da:bc:0e:db:80:a9:b6:c0:c8:4e:d4:90:ae:dd:9f:6b:
         69:f9:cc:af:41:6f:1a:09:21:f7:f3:c7:5d:d8:61:19:50:52:
         dc:e2:b6:48:45:25:c6:99:f1:ca:24:be:a0:8a:a3:d3:65:a8:
         a5:d9:29:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FZO3lLJ+wjWgSFl5GqdZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ODNiMDJlMTBjYTgyMWJmZTFiZTZlNzUxZDkyY2Y3M2Q2
ZDRjMGIwHhcNMjYwMTAyMTQyMTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTA4NGFiZjNlMzNhMmJjZWRhYTFlZjI1OTQ4ZGZiYWUxYzEzZjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWXcMoDoYCjKO9NI8Aa7jgejHb2D
jDmMHPpY2XMpk/iNVQHfI+NzsMtmlS+hcKAEEyXv3TDgwrUcMAQcZ6x+M+QrT+AW
tMOWLmByRkogVYqiqOqv8wI7HQZMvo6lBL93ZcDGxoRSF6G1/QQRMhAd/j6pcgDX
Q78Wqeoin9HDq/Ybbfbyqi6yl0WIx09JuKTbX3JoRAqAHMkCWejOnL3FF7l6LQxR
9dIXPuzjN4qW1V3zuIIvDLnRyh+SgMQgah5KxdaRzu4fyQByXraPOtiFZhNFc/tZ
ZzJOmqlBS8/z1UQjQl59oR97MLT3YSSYIXY9MeknOlSazj0IVhmheJWEKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLoISr8+M6K87aoe8llI37rhwT+RMB8GA1UdIwQY
MBaAFBmDsC4QyoIb/hvm51HZLPc9bUwLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1lPd0xoREtnaHYtRy1iblVka3M5ejF0VEFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wOTZjMTctZGQ4My00MDU4LTgyZTEt
Y2RhMzYyNTYyOTZjLzEvdWdoS3Z6NHpvcnp0cWg3eVdVamZ1dUhCUDVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wOTZjMTctZGQ4My00MDU4LTgyZTEtY2RhMzYyNTYyOTZj
LzEvR1lPd0xoREtnaHYtRy1iblVka3M5ejF0VEFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgv3MA0G
CSqGSIb3DQEBCwUAA4IBAQAZyf34c2wnkypamy2QFBWn21LJwrsoqwcuuGm2emEK
i5XnVGax6LWI3oBL6p+QBq8K9UhzBZOxGR/tVLu7mH5CSoW0V7rKZXI5229ZOs4G
H65TcRiXAk35S8h1KDoLT5V/t5wN2Ceo7T0FgUETnTPiPaUkSS0VLVPUPy2ig59u
qP3GNCLAwITTUzf7T3hStxC1titcqKEWmme7IXFx86jMwTGYz+dnvfo7DeFWEiA7
fy8U2DlyXw9hCMcpec/6znqiABy4z7jixNq8DtuAqbbAyE7UkK7dn2tp+cyvQW8a
CSH388dd2GEZUFLc4rZIRSXGmfHKJL6giqPTZail2SnI
-----END CERTIFICATE-----