This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/uXC5zKKOjzWFwCNZnQuMj0X7l9Q.roa
File:                     uXC5zKKOjzWFwCNZnQuMj0X7l9Q.roa (raw, json)
Hash identifier:          6y/EcqpbXbmDqdGI8rmEqUTha/sO0CNRwRXjX2FdI+A=
Subject key identifier:   B9:70:B9:CC:A2:8E:8F:35:85:C0:23:59:9D:0B:8C:8F:45:FB:97:D4
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019B7A5AA6ABA7B7C70FB321F08B9FAB1259
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/uXC5zKKOjzWFwCNZnQuMj0X7l9Q.roa
Signing time:             Thu 01 Jan 2026 16:18:39 +0000
ROA not before:           Thu 01 Jan 2026 16:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49127
IP address blocks:        109.176.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:a6:ab:a7:b7:c7:0f:b3:21:f0:8b:9f:ab:12:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 16:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b970b9cca28e8f3585c023599d0b8c8f45fb97d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:71:85:cb:37:6b:1e:62:d5:1e:4f:aa:0a:81:
                    15:54:b0:a2:5b:a6:72:b7:04:06:16:ee:bf:11:6c:
                    e3:1f:92:ec:7d:a7:b8:8b:2b:1b:88:8a:93:07:4a:
                    c3:11:a3:a8:31:d5:b0:ea:d9:83:00:d1:df:3e:46:
                    90:03:1f:77:d9:54:e7:12:87:ad:fd:e6:60:46:8f:
                    73:30:13:06:6f:50:4b:06:e8:dc:45:82:09:d9:4b:
                    6c:1e:fc:37:58:2a:d5:a7:db:97:d1:00:9b:87:6f:
                    86:22:c5:d9:98:f5:bf:d9:91:79:fc:33:d7:29:e6:
                    b9:51:83:aa:fc:78:1f:69:4d:ee:3e:93:34:43:2d:
                    1d:2c:40:96:28:08:7c:e3:f4:7a:38:57:a1:a4:35:
                    34:bf:16:a1:42:85:0c:3c:df:53:24:45:67:10:76:
                    01:d0:10:d2:12:12:a3:42:bd:c0:09:41:0e:52:ed:
                    8c:4e:3a:fa:16:8a:21:73:28:7c:ef:8b:63:c1:3e:
                    c8:ec:6c:c1:f1:76:3b:f2:91:92:1f:56:9b:53:86:
                    13:7d:0d:51:42:77:8a:f8:40:26:03:df:60:71:91:
                    2b:e3:b8:ea:41:e8:3f:43:5b:01:1e:d3:c7:3c:9a:
                    94:25:4a:b9:e9:46:dc:1b:42:18:76:b8:04:15:67:
                    8e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:70:B9:CC:A2:8E:8F:35:85:C0:23:59:9D:0B:8C:8F:45:FB:97:D4
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/uXC5zKKOjzWFwCNZnQuMj0X7l9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:95:15:53:4a:0c:61:65:59:5f:92:64:c0:7d:79:12:a2:58:
         10:85:a0:7b:b8:f0:54:e3:81:72:cf:31:a3:36:98:01:33:af:
         46:5e:bc:b2:3a:e6:d9:1b:ca:3d:4c:9d:a5:f2:9d:f5:d8:51:
         95:d1:30:4a:46:ca:7e:f6:b7:5b:28:89:ad:d1:a5:18:ae:85:
         a5:b8:a3:86:42:b9:f6:4a:47:77:63:3d:53:ea:a1:5e:61:59:
         c4:b5:6e:1d:b6:60:78:b6:c0:80:e5:3c:23:1a:ce:48:f8:72:
         ea:c3:b7:51:3c:34:70:9f:99:1e:43:28:eb:cb:43:95:35:73:
         8e:41:c2:f7:6e:5a:e8:05:c1:d2:59:bd:8e:3f:d7:55:9e:e4:
         b3:b9:85:e3:b3:95:61:ad:f5:3d:2e:76:92:78:a2:74:8e:46:
         3f:6d:28:bb:47:fb:11:31:99:5d:93:5d:30:1d:1f:db:18:3b:
         f2:55:af:bd:c4:86:90:80:56:1a:f0:70:ab:d5:8c:3d:59:d7:
         1f:89:87:87:de:a4:70:ef:9c:55:a9:3c:74:f7:91:5d:62:3a:
         24:81:f0:72:5f:be:0d:c9:a4:a5:77:95:32:57:7d:33:19:5d:
         31:90:ef:bc:07:f2:82:d2:e5:83:da:8a:d1:81:37:9f:4a:db:
         a1:4a:28:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Wqarp7fHD7Mh8IufqxJZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMTAxMTYxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTcwYjljY2EyOGU4ZjM1ODVjMDIzNTk5ZDBiOGM4ZjQ1ZmI5N2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnGFyzdrHmLVHk+qCoEVVLCiW6Zy
twQGFu6/EWzjH5Lsfae4iysbiIqTB0rDEaOoMdWw6tmDANHfPkaQAx932VTnEoet
/eZgRo9zMBMGb1BLBujcRYIJ2UtsHvw3WCrVp9uX0QCbh2+GIsXZmPW/2ZF5/DPX
Kea5UYOq/HgfaU3uPpM0Qy0dLECWKAh84/R6OFehpDU0vxahQoUMPN9TJEVnEHYB
0BDSEhKjQr3ACUEOUu2MTjr6Foohcyh874tjwT7I7GzB8XY78pGSH1abU4YTfQ1R
QneK+EAmA99gcZEr47jqQeg/Q1sBHtPHPJqUJUq56UbcG0IYdrgEFWeOdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLlwucyijo81hcAjWZ0LjI9F+5fUMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdVhDNXpLS09qeldGd0NOWm5RdU1qMFg3bDlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbDPMA0G
CSqGSIb3DQEBCwUAA4IBAQAplRVTSgxhZVlfkmTAfXkSolgQhaB7uPBU44FyzzGj
NpgBM69GXryyOubZG8o9TJ2l8p312FGV0TBKRsp+9rdbKImt0aUYroWluKOGQrn2
Skd3Yz1T6qFeYVnEtW4dtmB4tsCA5TwjGs5I+HLqw7dRPDRwn5keQyjry0OVNXOO
QcL3blroBcHSWb2OP9dVnuSzuYXjs5VhrfU9LnaSeKJ0jkY/bSi7R/sRMZldk10w
HR/bGDvyVa+9xIaQgFYa8HCr1Yw9WdcfiYeH3qRw75xVqTx095FdYjokgfByX74N
yaSld5UyV30zGV0xkO+8B/KC0uWD2orRgTefStuhSijk
-----END CERTIFICATE-----