This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/e9a31f-1537-40c1-b62d-31adf6439643/1/UUqgGSLj84boI_NxgkGB4TKwVIU.roa
File:                     UUqgGSLj84boI_NxgkGB4TKwVIU.roa (raw, json)
Hash identifier:          el0OUsfFn2pwq6lrAb2NBOC3HWUwPQO50Ng8SKy5hMc=
Subject key identifier:   51:4A:A0:19:22:E3:F3:86:E8:23:F3:71:82:41:81:E1:32:B0:54:85
Certificate issuer:       /CN=08d493078812d09e1a1e0eb2a380fc6574983f5c
Certificate serial:       019B79ED1F4BEF45B21196F3A063A49AAF9F
Authority key identifier: 08:D4:93:07:88:12:D0:9E:1A:1E:0E:B2:A3:80:FC:65:74:98:3F:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CNSTB4gS0J4aHg6yo4D8ZXSYP1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/e9a31f-1537-40c1-b62d-31adf6439643/1/UUqgGSLj84boI_NxgkGB4TKwVIU.roa
Signing time:             Thu 01 Jan 2026 14:19:01 +0000
ROA not before:           Thu 01 Jan 2026 14:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     786
IP address blocks:        137.43.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/e9a31f-1537-40c1-b62d-31adf6439643/1/CNSTB4gS0J4aHg6yo4D8ZXSYP1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/e9a31f-1537-40c1-b62d-31adf6439643/1/CNSTB4gS0J4aHg6yo4D8ZXSYP1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CNSTB4gS0J4aHg6yo4D8ZXSYP1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:1f:4b:ef:45:b2:11:96:f3:a0:63:a4:9a:af:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08d493078812d09e1a1e0eb2a380fc6574983f5c
        Validity
            Not Before: Jan  1 14:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=514aa01922e3f386e823f371824181e132b05485
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:a8:1b:55:3f:c7:bd:13:6c:7c:cf:01:a1:fe:
                    1f:88:60:64:d3:70:27:66:fe:05:1a:22:04:18:81:
                    c2:d7:63:3a:9b:74:21:f4:b6:af:0d:05:3c:eb:62:
                    fe:3b:33:48:4f:ac:61:87:d1:d5:84:d4:ef:7a:fa:
                    09:02:79:7a:2f:2b:eb:a0:1d:96:e3:1f:1b:0b:70:
                    af:8c:89:d5:bd:18:82:bd:c6:10:66:a3:88:c0:ba:
                    63:f8:32:6b:f5:75:13:5c:cd:6d:8d:84:af:ee:b5:
                    86:7c:59:cb:35:73:ca:88:aa:97:47:7f:74:c6:b7:
                    25:3e:9c:9c:08:28:a8:69:00:c2:55:98:7b:b9:76:
                    1a:e9:75:21:a7:a2:6d:be:0d:d5:3f:0d:d1:40:52:
                    ce:af:b7:86:65:88:c5:fc:5c:7c:07:ba:33:af:e7:
                    f6:f7:83:d9:6a:d9:11:16:fd:1d:00:df:f9:f1:14:
                    15:3d:72:eb:20:5b:b0:39:a9:c5:c2:d1:2e:ef:8d:
                    6f:b8:2e:34:51:e7:ea:76:1c:1a:e4:5e:7d:25:b5:
                    39:d2:0b:2b:f0:24:e2:30:e6:38:7c:a0:b1:66:55:
                    93:e1:a2:28:6c:08:9c:e7:5a:c6:b3:14:a9:f7:c7:
                    01:e0:5b:e9:fb:6d:45:bd:74:0e:f0:9c:a2:ef:45:
                    25:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:4A:A0:19:22:E3:F3:86:E8:23:F3:71:82:41:81:E1:32:B0:54:85
            X509v3 Authority Key Identifier:
                keyid:08:D4:93:07:88:12:D0:9E:1A:1E:0E:B2:A3:80:FC:65:74:98:3F:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CNSTB4gS0J4aHg6yo4D8ZXSYP1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/e9a31f-1537-40c1-b62d-31adf6439643/1/UUqgGSLj84boI_NxgkGB4TKwVIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/e9a31f-1537-40c1-b62d-31adf6439643/1/CNSTB4gS0J4aHg6yo4D8ZXSYP1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.43.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1f:13:21:68:db:08:46:f1:70:d1:47:b0:ed:5a:ec:79:4c:6d:
         48:51:a4:bf:04:63:b1:74:45:f3:49:1a:be:89:2b:e5:52:87:
         81:d4:88:47:e2:c8:3c:a9:42:dd:f7:cf:69:79:82:0d:fe:b9:
         c9:05:a1:2c:b1:50:23:00:63:2c:3e:d3:7c:19:24:6e:3e:c0:
         7f:94:d1:96:6f:3b:ed:46:d9:bc:e8:4c:0e:05:58:6f:8c:70:
         e8:b2:cb:0e:bb:5a:cf:26:43:71:33:92:1a:b5:96:24:de:bb:
         3b:2b:3b:d5:e7:8c:44:3d:03:72:97:0a:bf:ef:c0:4f:5c:70:
         2f:f2:d4:f1:3d:82:90:b8:66:3c:e9:f4:3c:8f:3f:68:35:e3:
         10:19:a5:c6:c2:96:70:21:e2:bf:69:c8:2a:ea:da:45:7f:08:
         57:4b:06:8e:ae:72:78:64:30:2d:24:70:8a:8e:74:af:52:70:
         10:ca:c6:89:5c:e1:5d:26:88:12:17:5e:7c:8e:35:43:8f:ed:
         8c:c1:04:58:43:6b:21:8c:17:58:60:f4:22:08:f6:bd:bd:25:
         4f:a0:3b:9d:80:08:c6:88:bd:51:1b:11:2c:22:20:46:cd:28:
         af:a0:00:bf:b9:48:e8:4c:62:c4:c5:ca:1b:2b:29:2d:b6:b0:
         cb:52:64:d5
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt57R9L70WyEZbzoGOkmq+fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZDQ5MzA3ODgxMmQwOWUxYTFlMGViMmEzODBmYzY1NzQ5
ODNmNWMwHhcNMjYwMTAxMTQxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTRhYTAxOTIyZTNmMzg2ZTgyM2YzNzE4MjQxODFlMTMyYjA1NDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2agbVT/HvRNsfM8Bof4fiGBk03An
Zv4FGiIEGIHC12M6m3Qh9LavDQU862L+OzNIT6xhh9HVhNTvevoJAnl6LyvroB2W
4x8bC3CvjInVvRiCvcYQZqOIwLpj+DJr9XUTXM1tjYSv7rWGfFnLNXPKiKqXR390
xrclPpycCCioaQDCVZh7uXYa6XUhp6Jtvg3VPw3RQFLOr7eGZYjF/Fx8B7ozr+f2
94PZatkRFv0dAN/58RQVPXLrIFuwOanFwtEu741vuC40Uefqdhwa5F59JbU50gsr
8CTiMOY4fKCxZlWT4aIobAic51rGsxSp98cB4Fvp+21FvXQO8Jyi70UlNwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFFFKoBki4/OG6CPzcYJBgeEysFSFMB8GA1UdIwQY
MBaAFAjUkweIEtCeGh4OsqOA/GV0mD9cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ05TVEI0Z1MwSjRhSGc2eW80RDhaWFNZUDF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9lOWEzMWYtMTUzNy00MGMxLWI2MmQt
MzFhZGY2NDM5NjQzLzEvVVVxZ0dTTGo4NGJvSV9OeGdrR0I0VEt3VklVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9lOWEzMWYtMTUzNy00MGMxLWI2MmQtMzFhZGY2NDM5NjQz
LzEvQ05TVEI0Z1MwSjRhSGc2eW80RDhaWFNZUDF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAiSswDQYJ
KoZIhvcNAQELBQADggEBAB8TIWjbCEbxcNFHsO1a7HlMbUhRpL8EY7F0RfNJGr6J
K+VSh4HUiEfiyDypQt33z2l5gg3+uckFoSyxUCMAYyw+03wZJG4+wH+U0ZZvO+1G
2bzoTA4FWG+McOiyyw67Ws8mQ3Ezkhq1liTeuzsrO9XnjEQ9A3KXCr/vwE9ccC/y
1PE9gpC4Zjzp9DyPP2g14xAZpcbClnAh4r9pyCrq2kV/CFdLBo6ucnhkMC0kcIqO
dK9ScBDKxolc4V0miBIXXnyONUOP7YzBBFhDayGMF1hg9CII9r29JU+gO52ACMaI
vVEbESwiIEbNKK+gAL+5SOhMYsTFyhsrKS22sMtSZNU=
-----END CERTIFICATE-----