This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/f491a0-b666-4e9f-b0f9-6eed52968b1c/1/U838CZ3tP-SqpmS_2UEPBZ3tGac.roa
File:                     U838CZ3tP-SqpmS_2UEPBZ3tGac.roa (raw, json)
Hash identifier:          0MbyurR/tw2t4cWUzKHipnxJH0cpvpDBnD2yvgzDDAc=
Subject key identifier:   53:CD:FC:09:9D:ED:3F:E4:AA:A6:64:BF:D9:41:0F:05:9D:ED:19:A7
Certificate issuer:       /CN=5a0aa9682c683a9c1b95ce9676d51b20d39fd2ae
Certificate serial:       019B7C7F2DC676B1AF6AAA48687BE9CA08C9
Authority key identifier: 5A:0A:A9:68:2C:68:3A:9C:1B:95:CE:96:76:D5:1B:20:D3:9F:D2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WgqpaCxoOpwblc6WdtUbINOf0q4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/f491a0-b666-4e9f-b0f9-6eed52968b1c/1/U838CZ3tP-SqpmS_2UEPBZ3tGac.roa
Signing time:             Fri 02 Jan 2026 02:17:48 +0000
ROA not before:           Fri 02 Jan 2026 02:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210687
IP address blocks:        185.153.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/f491a0-b666-4e9f-b0f9-6eed52968b1c/1/WgqpaCxoOpwblc6WdtUbINOf0q4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/f491a0-b666-4e9f-b0f9-6eed52968b1c/1/WgqpaCxoOpwblc6WdtUbINOf0q4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WgqpaCxoOpwblc6WdtUbINOf0q4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:2d:c6:76:b1:af:6a:aa:48:68:7b:e9:ca:08:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a0aa9682c683a9c1b95ce9676d51b20d39fd2ae
        Validity
            Not Before: Jan  2 02:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=53cdfc099ded3fe4aaa664bfd9410f059ded19a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:15:b9:f0:76:fb:c8:c0:d6:dd:ca:f7:4b:17:
                    55:c4:e2:12:4a:c2:59:36:9a:f6:89:75:00:ec:72:
                    c4:96:55:e5:1f:bb:82:97:bf:ee:45:e9:09:19:2b:
                    a3:88:0c:36:9d:5b:af:ec:39:db:c9:75:a9:79:e5:
                    ee:e3:98:4e:a2:bd:a2:be:bc:21:f3:6b:8c:27:ee:
                    9a:b8:14:49:7d:6a:f9:94:0d:d1:06:56:db:6b:be:
                    3e:0d:38:cd:30:e4:31:a9:ae:24:2e:12:1e:dc:ac:
                    70:6e:e7:b1:fd:35:00:c3:c4:f4:d0:3c:3e:18:bf:
                    5e:84:2d:a9:4c:d5:96:52:68:1d:f7:bc:63:05:de:
                    57:8f:5c:61:d7:49:7c:a3:05:f0:66:7f:f9:15:6f:
                    b7:81:b8:6b:34:13:6e:6a:3b:51:e8:0b:b9:ae:f9:
                    ba:90:18:ef:58:63:3b:7a:cc:ea:36:92:67:17:13:
                    ae:dd:b6:46:d2:ec:04:0e:53:aa:1d:4b:f4:03:ff:
                    7b:91:f9:d9:01:5c:c1:e3:2d:f1:d0:91:a3:b3:1a:
                    22:a7:ca:23:e0:f8:61:7b:6e:3f:55:97:79:73:b2:
                    3f:fb:1a:07:4c:96:13:5a:7e:5e:0f:54:b1:32:62:
                    a2:c6:bc:a9:13:ca:46:5c:c5:02:72:41:55:28:35:
                    8a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:CD:FC:09:9D:ED:3F:E4:AA:A6:64:BF:D9:41:0F:05:9D:ED:19:A7
            X509v3 Authority Key Identifier:
                keyid:5A:0A:A9:68:2C:68:3A:9C:1B:95:CE:96:76:D5:1B:20:D3:9F:D2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WgqpaCxoOpwblc6WdtUbINOf0q4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f491a0-b666-4e9f-b0f9-6eed52968b1c/1/U838CZ3tP-SqpmS_2UEPBZ3tGac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f491a0-b666-4e9f-b0f9-6eed52968b1c/1/WgqpaCxoOpwblc6WdtUbINOf0q4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.153.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:09:97:f9:8f:25:3b:aa:fd:31:09:d3:a3:e6:7a:74:4d:93:
         5c:e4:58:e8:86:73:92:2d:80:9a:c3:92:a7:14:48:f8:e1:c2:
         08:0f:8f:19:d9:50:bf:c9:f7:6c:65:d4:69:ce:df:92:3b:22:
         df:55:90:89:57:14:f3:d9:e7:09:71:9e:3c:06:de:d4:be:a6:
         11:d7:25:db:be:53:c1:36:4a:9d:6d:f9:b9:a2:ea:ba:18:1e:
         dc:6d:85:41:e2:0f:28:fe:a1:18:14:56:a6:08:3e:8f:2f:20:
         1c:be:c3:d7:03:c0:20:ca:fd:bd:c6:ba:2a:23:c2:66:78:46:
         9c:66:b9:c6:cb:ef:18:d1:b1:a2:6e:c1:05:5a:53:68:b2:0c:
         a0:61:d6:c1:1e:4d:f6:b7:65:b7:8f:d6:81:8f:06:10:34:d3:
         97:8c:d8:e3:da:e6:04:97:4e:84:29:48:d0:75:5a:e5:91:d2:
         55:22:59:40:ac:91:41:31:27:d9:61:d0:6b:bb:6c:70:34:f8:
         29:09:d8:ca:00:43:b5:87:56:2b:00:93:58:cd:01:c2:89:f1:
         33:37:da:88:7d:af:fc:6f:bd:19:e2:4d:dc:65:19:27:cf:09:
         db:e4:9a:35:b6:d8:80:af:08:76:15:a1:9a:b7:3b:ca:4d:c7:
         30:96:12:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8fy3GdrGvaqpIaHvpygjJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMGFhOTY4MmM2ODNhOWMxYjk1Y2U5Njc2ZDUxYjIwZDM5
ZmQyYWUwHhcNMjYwMTAyMDIxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2NkZmMwOTlkZWQzZmU0YWFhNjY0YmZkOTQxMGYwNTlkZWQxOWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRW58Hb7yMDW3cr3SxdVxOISSsJZ
Npr2iXUA7HLEllXlH7uCl7/uRekJGSujiAw2nVuv7DnbyXWpeeXu45hOor2ivrwh
82uMJ+6auBRJfWr5lA3RBlbba74+DTjNMOQxqa4kLhIe3Kxwbuex/TUAw8T00Dw+
GL9ehC2pTNWWUmgd97xjBd5Xj1xh10l8owXwZn/5FW+3gbhrNBNuajtR6Au5rvm6
kBjvWGM7eszqNpJnFxOu3bZG0uwEDlOqHUv0A/97kfnZAVzB4y3x0JGjsxoip8oj
4Phhe24/VZd5c7I/+xoHTJYTWn5eD1SxMmKixrypE8pGXMUCckFVKDWKXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPN/Amd7T/kqqZkv9lBDwWd7RmnMB8GA1UdIwQY
MBaAFFoKqWgsaDqcG5XOlnbVGyDTn9KuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2dxcGFDeG9PcHdibGM2V2R0VWJJTk9mMHE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9mNDkxYTAtYjY2Ni00ZTlmLWIwZjkt
NmVlZDUyOTY4YjFjLzEvVTgzOENaM3RQLVNxcG1TXzJVRVBCWjN0R2FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9mNDkxYTAtYjY2Ni00ZTlmLWIwZjktNmVlZDUyOTY4YjFj
LzEvV2dxcGFDeG9PcHdibGM2V2R0VWJJTk9mMHE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZnqMA0G
CSqGSIb3DQEBCwUAA4IBAQAzCZf5jyU7qv0xCdOj5np0TZNc5FjohnOSLYCaw5Kn
FEj44cIID48Z2VC/yfdsZdRpzt+SOyLfVZCJVxTz2ecJcZ48Bt7UvqYR1yXbvlPB
Nkqdbfm5ouq6GB7cbYVB4g8o/qEYFFamCD6PLyAcvsPXA8Agyv29xroqI8JmeEac
ZrnGy+8Y0bGibsEFWlNosgygYdbBHk32t2W3j9aBjwYQNNOXjNjj2uYEl06EKUjQ
dVrlkdJVIllArJFBMSfZYdBru2xwNPgpCdjKAEO1h1YrAJNYzQHCifEzN9qIfa/8
b70Z4k3cZRknzwnb5Jo1ttiArwh2FaGatzvKTccwlhLh
-----END CERTIFICATE-----