This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/3c2676-9245-4b3c-bb7f-8a29120750bf/1/uXS0bdbFdOHb6Fis6v93sRggyKI.roa
File:                     uXS0bdbFdOHb6Fis6v93sRggyKI.roa (raw, json)
Hash identifier:          5dDzWf7HGqV8pXI0aYhhoLgb4jJbNqsLqa/M4syFKfo=
Subject key identifier:   B9:74:B4:6D:D6:C5:74:E1:DB:E8:58:AC:EA:FF:77:B1:18:20:C8:A2
Certificate issuer:       /CN=5ae7953e9459dc09486f0ddc59f2a405b5669250
Certificate serial:       019B77C6DD71FC380134A72F014F25776B66
Authority key identifier: 5A:E7:95:3E:94:59:DC:09:48:6F:0D:DC:59:F2:A4:05:B5:66:92:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WueVPpRZ3AlIbw3cWfKkBbVmklA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/3c2676-9245-4b3c-bb7f-8a29120750bf/1/uXS0bdbFdOHb6Fis6v93sRggyKI.roa
Signing time:             Thu 01 Jan 2026 04:18:00 +0000
ROA not before:           Thu 01 Jan 2026 04:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213366
IP address blocks:        2001:67c:a50::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/3c2676-9245-4b3c-bb7f-8a29120750bf/1/WueVPpRZ3AlIbw3cWfKkBbVmklA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/3c2676-9245-4b3c-bb7f-8a29120750bf/1/WueVPpRZ3AlIbw3cWfKkBbVmklA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WueVPpRZ3AlIbw3cWfKkBbVmklA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:dd:71:fc:38:01:34:a7:2f:01:4f:25:77:6b:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ae7953e9459dc09486f0ddc59f2a405b5669250
        Validity
            Not Before: Jan  1 04:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b974b46dd6c574e1dbe858aceaff77b11820c8a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:18:86:89:30:f5:2e:36:90:8d:67:75:51:33:
                    c1:43:44:3b:9d:55:4b:7d:27:d4:13:22:15:e2:a5:
                    40:fb:17:72:0b:95:5d:a6:3f:8e:86:79:f7:fa:18:
                    c0:a2:12:ab:e4:69:00:e4:ef:05:70:07:d8:c4:bb:
                    a6:d1:aa:91:5a:53:cd:50:a1:c4:54:c0:5d:fe:67:
                    e0:ea:60:29:a6:f0:e3:ec:e3:4f:9d:0e:b6:0b:13:
                    30:89:0c:a8:e1:0e:2c:36:ac:e2:0d:1e:c8:2b:ae:
                    f6:26:12:00:33:1a:98:c0:65:e3:0d:ff:d6:64:3d:
                    fa:64:56:88:1a:7c:61:ed:9b:b1:d7:c3:1e:1f:ad:
                    f6:6f:85:40:df:69:00:4e:f6:71:1d:cc:0a:4e:f7:
                    01:3c:f0:49:c2:61:14:50:17:18:99:22:cf:8b:e0:
                    4a:01:19:26:e7:78:50:47:f0:18:90:9f:a8:26:65:
                    0d:a0:8a:23:27:f6:a2:3c:0e:12:41:ed:f9:be:a0:
                    57:a6:6c:e3:84:0f:ce:9d:63:47:33:68:c6:79:8c:
                    db:36:ba:39:14:ee:31:39:68:76:64:78:ac:0f:5c:
                    b2:37:59:75:3f:af:c5:dc:55:a0:22:8d:12:70:6e:
                    f4:cc:d2:d5:e8:ee:13:7c:7f:00:3f:f4:0e:60:f7:
                    66:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:74:B4:6D:D6:C5:74:E1:DB:E8:58:AC:EA:FF:77:B1:18:20:C8:A2
            X509v3 Authority Key Identifier:
                keyid:5A:E7:95:3E:94:59:DC:09:48:6F:0D:DC:59:F2:A4:05:B5:66:92:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WueVPpRZ3AlIbw3cWfKkBbVmklA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/3c2676-9245-4b3c-bb7f-8a29120750bf/1/uXS0bdbFdOHb6Fis6v93sRggyKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/3c2676-9245-4b3c-bb7f-8a29120750bf/1/WueVPpRZ3AlIbw3cWfKkBbVmklA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:a50::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:00:21:35:68:f1:a6:60:18:cb:dc:fc:cf:29:c8:fa:0d:ed:
         e0:bc:19:36:69:b6:24:70:68:e8:60:68:c9:47:27:23:c9:1e:
         81:f9:d4:9d:a6:f7:43:1b:ae:56:20:d7:92:40:08:90:49:93:
         28:3e:cf:ef:cc:7a:f5:d3:e1:9c:8f:f8:a1:7d:7c:e4:48:8c:
         dd:28:79:24:f5:a2:54:a8:f5:a9:ce:36:80:62:9a:35:8c:e9:
         73:1c:a3:c5:9a:ec:19:0a:c8:4f:cb:4a:c6:61:ae:e8:5d:38:
         f7:94:20:00:57:07:53:04:41:f5:64:4a:f1:c6:2a:68:09:d3:
         f8:19:20:82:a7:7b:06:e3:ba:9d:e5:0d:b1:a5:4c:3b:53:e5:
         64:a3:c3:60:79:b2:c9:29:4a:39:12:1e:97:c3:b1:35:1a:fc:
         a4:f2:2d:64:04:81:4c:d3:99:97:1a:5d:dc:da:81:a0:58:2f:
         5b:6a:10:89:f7:2b:05:01:82:52:bf:75:24:bc:c2:67:81:10:
         e5:f5:6e:5d:25:f8:ab:0e:bb:4f:08:84:7a:ee:9c:f3:95:e3:
         cc:16:04:d4:e6:fc:66:7e:b9:38:be:fe:83:8a:81:b4:8c:b0:
         4e:d9:04:7d:30:84:15:f5:18:c1:8f:b8:71:da:f7:4e:e9:9a:
         c7:8b:5d:5e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3xt1x/DgBNKcvAU8ld2tmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZTc5NTNlOTQ1OWRjMDk0ODZmMGRkYzU5ZjJhNDA1YjU2
NjkyNTAwHhcNMjYwMTAxMDQxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTc0YjQ2ZGQ2YzU3NGUxZGJlODU4YWNlYWZmNzdiMTE4MjBjOGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBiGiTD1LjaQjWd1UTPBQ0Q7nVVL
fSfUEyIV4qVA+xdyC5Vdpj+Ohnn3+hjAohKr5GkA5O8FcAfYxLum0aqRWlPNUKHE
VMBd/mfg6mAppvDj7ONPnQ62CxMwiQyo4Q4sNqziDR7IK672JhIAMxqYwGXjDf/W
ZD36ZFaIGnxh7Zux18MeH632b4VA32kATvZxHcwKTvcBPPBJwmEUUBcYmSLPi+BK
ARkm53hQR/AYkJ+oJmUNoIojJ/aiPA4SQe35vqBXpmzjhA/OnWNHM2jGeYzbNro5
FO4xOWh2ZHisD1yyN1l1P6/F3FWgIo0ScG70zNLV6O4TfH8AP/QOYPdmeQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLl0tG3WxXTh2+hYrOr/d7EYIMiiMB8GA1UdIwQY
MBaAFFrnlT6UWdwJSG8N3FnypAW1ZpJQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3VlVlBwUlozQWxJYnczY1dmS2tCYlZta2xBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8zYzI2NzYtOTI0NS00YjNjLWJiN2Yt
OGEyOTEyMDc1MGJmLzEvdVhTMGJkYkZkT0hiNkZpczZ2OTNzUmdneUtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8zYzI2NzYtOTI0NS00YjNjLWJiN2YtOGEyOTEyMDc1MGJm
LzEvV3VlVlBwUlozQWxJYnczY1dmS2tCYlZta2xBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfApQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA/ACE1aPGmYBjL3PzPKcj6De3gvBk2abYkcGjo
YGjJRycjyR6B+dSdpvdDG65WINeSQAiQSZMoPs/vzHr10+Gcj/ihfXzkSIzdKHkk
9aJUqPWpzjaAYpo1jOlzHKPFmuwZCshPy0rGYa7oXTj3lCAAVwdTBEH1ZErxxipo
CdP4GSCCp3sG47qd5Q2xpUw7U+Vko8NgebLJKUo5Eh6Xw7E1Gvyk8i1kBIFM05mX
Gl3c2oGgWC9bahCJ9ysFAYJSv3UkvMJngRDl9W5dJfirDrtPCIR67pzzlePMFgTU
5vxmfrk4vv6DioG0jLBO2QR9MIQV9RjBj7hx2vdO6ZrHi11e
-----END CERTIFICATE-----