This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/ug2lwdEDypbroUTh-MUKjX7xHxM.roa
File:                     ug2lwdEDypbroUTh-MUKjX7xHxM.roa (raw, json)
Hash identifier:          tzIgDVhwzntyEbgry33zKLqLx6I3KowYd/8dZ4T/e/0=
Subject key identifier:   BA:0D:A5:C1:D1:03:CA:96:EB:A1:44:E1:F8:C5:0A:8D:7E:F1:1F:13
Certificate issuer:       /CN=4f9ac6fe2031adde03668240e3c5d91ec6711e1e
Certificate serial:       019B7834FDA39B9EB68EBFA473B7ED1566B6
Authority key identifier: 4F:9A:C6:FE:20:31:AD:DE:03:66:82:40:E3:C5:D9:1E:C6:71:1E:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5rG_iAxrd4DZoJA48XZHsZxHh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/ug2lwdEDypbroUTh-MUKjX7xHxM.roa
Signing time:             Thu 01 Jan 2026 06:18:17 +0000
ROA not before:           Thu 01 Jan 2026 06:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202165
IP address blocks:        2a0b:a080:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/T5rG_iAxrd4DZoJA48XZHsZxHh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/T5rG_iAxrd4DZoJA48XZHsZxHh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T5rG_iAxrd4DZoJA48XZHsZxHh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 15:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:fd:a3:9b:9e:b6:8e:bf:a4:73:b7:ed:15:66:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9ac6fe2031adde03668240e3c5d91ec6711e1e
        Validity
            Not Before: Jan  1 06:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ba0da5c1d103ca96eba144e1f8c50a8d7ef11f13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:8f:ef:a7:6a:e3:ba:9b:0e:c8:2e:44:70:22:
                    69:8e:15:98:97:34:59:fa:50:fa:d3:eb:35:23:02:
                    fb:db:97:99:67:98:39:35:a0:b9:fa:db:5c:56:d7:
                    d9:08:c7:ac:10:0f:52:1f:6d:c3:e5:d9:96:c9:5f:
                    10:d1:21:07:fd:2a:88:6e:09:f2:5b:0a:e4:03:4e:
                    0d:09:e0:b4:f1:67:fa:fc:0b:43:92:8f:a1:5f:c0:
                    e8:72:c8:e6:b1:16:d9:48:60:9f:03:4e:10:65:ed:
                    3b:ce:af:42:5c:59:5f:a7:5c:e6:dd:6f:6a:2d:09:
                    84:37:7e:5f:88:eb:ce:22:dc:1b:57:37:43:b8:22:
                    29:b7:f3:7f:4c:03:98:7f:e2:8c:9a:da:ae:f6:cb:
                    a9:20:74:a9:2f:28:1a:b5:b9:46:70:17:33:04:63:
                    e2:64:8d:6b:61:4c:dd:24:c6:46:ea:e0:01:7c:43:
                    08:2d:fd:07:6f:fc:37:57:80:59:e8:3e:3b:b4:6a:
                    f5:43:ed:81:89:fe:6f:fd:8d:8b:a9:28:2c:8f:32:
                    2a:97:9a:92:d9:4e:8a:29:12:de:26:10:d9:47:84:
                    ec:ad:b0:e1:15:09:c9:49:4b:85:fe:56:d8:60:74:
                    7d:67:a3:2d:c9:46:6f:8f:a1:2e:bc:21:ea:44:04:
                    58:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:0D:A5:C1:D1:03:CA:96:EB:A1:44:E1:F8:C5:0A:8D:7E:F1:1F:13
            X509v3 Authority Key Identifier:
                keyid:4F:9A:C6:FE:20:31:AD:DE:03:66:82:40:E3:C5:D9:1E:C6:71:1E:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5rG_iAxrd4DZoJA48XZHsZxHh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/ug2lwdEDypbroUTh-MUKjX7xHxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/847ffa-9f38-4610-98e7-528a63be4c87/1/T5rG_iAxrd4DZoJA48XZHsZxHh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:a080:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:07:70:dc:a8:e5:91:22:1d:05:a7:f2:d1:67:0f:2a:3d:70:
         62:ab:e7:cc:3f:11:06:f0:05:70:45:4c:4b:c1:30:5e:fa:df:
         65:59:6e:95:6b:4e:86:09:da:ba:5f:f8:36:5d:c6:91:fd:e3:
         c9:5d:bc:7f:57:af:08:74:92:48:4f:d2:c4:8c:ed:ea:5e:7c:
         3f:ce:d0:e5:34:39:15:4b:8b:d7:3e:3a:06:c6:fd:cb:cc:ca:
         da:d3:94:31:b7:ef:52:a8:96:15:cc:0d:a5:9f:e4:45:df:23:
         b4:db:a2:c2:14:1c:a6:35:e6:7e:f3:89:f3:b6:8c:5e:21:df:
         5c:b6:39:50:db:8d:09:a1:4a:2e:a8:2d:73:14:08:e5:6c:c6:
         5f:a0:47:d0:51:c0:5d:d3:56:8a:fc:7f:f8:ba:1f:72:4d:34:
         37:4b:df:4a:bf:39:cc:8e:34:10:c7:3c:b6:ae:83:a5:af:36:
         6d:a1:77:1d:76:11:b0:86:f0:7f:53:5e:85:e5:49:33:8b:f4:
         a8:7c:f0:14:9b:5c:45:b8:36:4b:e8:2c:40:89:d8:09:02:64:
         f0:74:fb:02:87:72:47:69:20:89:43:70:f3:55:f0:23:4e:c1:
         15:c0:26:a9:e1:e7:fb:22:ce:e4:71:64:ca:3e:3f:f9:e8:46:
         da:2d:60:cf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt4NP2jm562jr+kc7ftFWa2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOWFjNmZlMjAzMWFkZGUwMzY2ODI0MGUzYzVkOTFlYzY3
MTFlMWUwHhcNMjYwMTAxMDYxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTBkYTVjMWQxMDNjYTk2ZWJhMTQ0ZTFmOGM1MGE4ZDdlZjExZjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkY/vp2rjupsOyC5EcCJpjhWYlzRZ
+lD60+s1IwL725eZZ5g5NaC5+ttcVtfZCMesEA9SH23D5dmWyV8Q0SEH/SqIbgny
WwrkA04NCeC08Wf6/AtDko+hX8DocsjmsRbZSGCfA04QZe07zq9CXFlfp1zm3W9q
LQmEN35fiOvOItwbVzdDuCIpt/N/TAOYf+KMmtqu9supIHSpLygatblGcBczBGPi
ZI1rYUzdJMZG6uABfEMILf0Hb/w3V4BZ6D47tGr1Q+2Bif5v/Y2LqSgsjzIql5qS
2U6KKRLeJhDZR4TsrbDhFQnJSUuF/lbYYHR9Z6MtyUZvj6EuvCHqRARYzwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLoNpcHRA8qW66FE4fjFCo1+8R8TMB8GA1UdIwQY
MBaAFE+axv4gMa3eA2aCQOPF2R7GcR4eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVyR19pQXhyZDREWm9KQTQ4WFpIc1p4SGg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi84NDdmZmEtOWYzOC00NjEwLTk4ZTct
NTI4YTYzYmU0Yzg3LzEvdWcybHdkRUR5cGJyb1VUaC1NVUtqWDd4SHhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi84NDdmZmEtOWYzOC00NjEwLTk4ZTctNTI4YTYzYmU0Yzg3
LzEvVDVyR19pQXhyZDREWm9KQTQ4WFpIc1p4SGg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKguggAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQCZB3DcqOWRIh0Fp/LRZw8qPXBiq+fMPxEG8AVw
RUxLwTBe+t9lWW6Va06GCdq6X/g2XcaR/ePJXbx/V68IdJJIT9LEjO3qXnw/ztDl
NDkVS4vXPjoGxv3LzMra05Qxt+9SqJYVzA2ln+RF3yO026LCFBymNeZ+84nztoxe
Id9ctjlQ240JoUouqC1zFAjlbMZfoEfQUcBd01aK/H/4uh9yTTQ3S99KvznMjjQQ
xzy2roOlrzZtoXcddhGwhvB/U16F5Ukzi/SofPAUm1xFuDZL6CxAidgJAmTwdPsC
h3JHaSCJQ3DzVfAjTsEVwCap4ef7Is7kcWTKPj/56EbaLWDP
-----END CERTIFICATE-----