This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/ufhtLD1gy6NviXSRnFHBdIQ9zyQ.roa
File:                     ufhtLD1gy6NviXSRnFHBdIQ9zyQ.roa (raw, json)
Hash identifier:          8Lar/SqCjCGaEvTLOLiK7uVO3D2pbh/ygh68QJ7dDaM=
Subject key identifier:   B9:F8:6D:2C:3D:60:CB:A3:6F:89:74:91:9C:51:C1:74:84:3D:CF:24
Certificate issuer:       /CN=22373571c90249bf2aa948e78bed13e08528b87e
Certificate serial:       019B7A5B7B8AFEBB72C2F763E5C09AFE4D8E
Authority key identifier: 22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/ufhtLD1gy6NviXSRnFHBdIQ9zyQ.roa
Signing time:             Thu 01 Jan 2026 16:19:34 +0000
ROA not before:           Thu 01 Jan 2026 16:19:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59757
IP address blocks:        5.160.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:7b:8a:fe:bb:72:c2:f7:63:e5:c0:9a:fe:4d:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22373571c90249bf2aa948e78bed13e08528b87e
        Validity
            Not Before: Jan  1 16:19:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b9f86d2c3d60cba36f8974919c51c174843dcf24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e2:21:20:59:ce:bd:da:7b:ab:0e:d9:eb:7e:
                    27:c0:46:85:a4:69:cb:6a:35:7c:58:8c:e0:ba:83:
                    fd:54:10:4a:16:a7:d6:f1:1c:00:a2:c7:03:78:bf:
                    ad:68:00:a8:5e:76:07:34:da:31:7b:4c:1e:fd:76:
                    c4:73:39:5c:d1:10:cf:d5:c0:dd:87:e9:1e:c5:95:
                    50:cf:2f:08:68:03:fb:5a:33:b8:68:ed:d7:32:31:
                    bd:8c:c4:13:6f:aa:2c:33:40:ff:ce:a1:54:40:db:
                    6c:eb:b4:01:81:68:46:5f:3e:04:80:bb:93:b8:fb:
                    10:a2:11:ec:e0:bf:fa:83:cd:ce:75:0e:4d:83:ba:
                    73:65:5f:bd:d8:72:55:78:98:d0:8e:77:88:10:a1:
                    a7:71:e6:fd:15:9d:b7:b9:ee:1e:c0:5a:47:6b:d1:
                    84:c7:3e:a3:b9:d9:3d:97:a4:f9:96:40:89:d1:c5:
                    5a:d4:d2:ba:ad:be:44:62:4d:52:3f:17:6a:91:92:
                    0a:67:20:4a:66:0b:2c:43:2a:ab:c4:c3:72:9a:45:
                    b4:10:01:e8:c1:52:2a:23:7b:e9:ac:26:de:b3:f3:
                    46:61:34:8d:3f:a7:88:db:1c:be:e2:5a:ad:86:e7:
                    f4:a9:60:55:ac:50:17:11:a5:a7:e1:55:5e:14:0c:
                    bf:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:F8:6D:2C:3D:60:CB:A3:6F:89:74:91:9C:51:C1:74:84:3D:CF:24
            X509v3 Authority Key Identifier:
                keyid:22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/ufhtLD1gy6NviXSRnFHBdIQ9zyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:35:2a:22:55:80:b7:8c:cf:2a:74:7d:7c:94:f6:98:c0:19:
         8a:e4:a3:79:ca:c1:ed:62:1c:97:30:22:3b:58:88:ba:a9:db:
         56:67:1e:75:92:c0:05:d8:53:0b:fc:fd:e3:4f:cf:ad:a6:79:
         2e:28:15:d9:a4:c8:72:02:f4:c1:46:ce:f3:a6:99:13:2a:b2:
         94:04:ea:c1:08:a0:8d:83:4a:3e:43:ba:7f:fe:02:c9:1b:77:
         1f:08:80:4c:28:27:4b:0b:f9:b5:9d:ab:69:a9:b7:a6:f7:e3:
         dd:25:b4:9e:d2:ad:99:c3:fb:27:46:03:47:f8:ef:3e:26:37:
         9e:41:76:4e:95:0c:7f:be:b0:a5:72:10:ff:b2:dd:42:18:62:
         55:7e:ee:0b:8e:13:f0:53:8e:20:4e:55:10:04:98:7e:94:49:
         f1:1b:fb:44:3d:e0:8d:ad:c7:76:fe:f4:f5:16:8d:32:f3:41:
         d6:93:d9:b3:70:73:d5:64:c1:df:0b:9a:4c:02:e1:c0:3b:be:
         b1:11:04:26:95:7e:0f:11:0c:ac:0a:58:bf:b1:fd:c7:00:d4:
         17:f0:53:3d:44:5d:52:60:a8:98:96:0a:e6:e5:c0:3d:ac:0d:
         9c:46:ca:55:8b:3b:96:87:a7:6b:d4:11:15:92:be:d0:88:28:
         0f:b7:19:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6W3uK/rtywvdj5cCa/k2OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMzczNTcxYzkwMjQ5YmYyYWE5NDhlNzhiZWQxM2UwODUy
OGI4N2UwHhcNMjYwMTAxMTYxOTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWY4NmQyYzNkNjBjYmEzNmY4OTc0OTE5YzUxYzE3NDg0M2RjZjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOIhIFnOvdp7qw7Z634nwEaFpGnL
ajV8WIzguoP9VBBKFqfW8RwAoscDeL+taACoXnYHNNoxe0we/XbEczlc0RDP1cDd
h+kexZVQzy8IaAP7WjO4aO3XMjG9jMQTb6osM0D/zqFUQNts67QBgWhGXz4EgLuT
uPsQohHs4L/6g83OdQ5Ng7pzZV+92HJVeJjQjneIEKGnceb9FZ23ue4ewFpHa9GE
xz6judk9l6T5lkCJ0cVa1NK6rb5EYk1SPxdqkZIKZyBKZgssQyqrxMNymkW0EAHo
wVIqI3vprCbes/NGYTSNP6eI2xy+4lqthuf0qWBVrFAXEaWn4VVeFAy/AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLn4bSw9YMujb4l0kZxRwXSEPc8kMB8GA1UdIwQY
MBaAFCI3NXHJAkm/KqlI54vtE+CFKLh+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEt
YjQ1NDBjNzRjOTRiLzEvdWZodExEMWd5Nk52aVhTUm5GSEJkSVE5enlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEtYjQ1NDBjNzRjOTRi
LzEvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABaDYMA0G
CSqGSIb3DQEBCwUAA4IBAQB5NSoiVYC3jM8qdH18lPaYwBmK5KN5ysHtYhyXMCI7
WIi6qdtWZx51ksAF2FML/P3jT8+tpnkuKBXZpMhyAvTBRs7zppkTKrKUBOrBCKCN
g0o+Q7p//gLJG3cfCIBMKCdLC/m1natpqbem9+PdJbSe0q2Zw/snRgNH+O8+Jjee
QXZOlQx/vrClchD/st1CGGJVfu4LjhPwU44gTlUQBJh+lEnxG/tEPeCNrcd2/vT1
Fo0y80HWk9mzcHPVZMHfC5pMAuHAO76xEQQmlX4PEQysCli/sf3HANQX8FM9RF1S
YKiYlgrm5cA9rA2cRspVizuWh6dr1BEVkr7QiCgPtxnM
-----END CERTIFICATE-----