This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/uHuUzzjJV0HUtV7aunxTY6hSyL0.roa
File:                     uHuUzzjJV0HUtV7aunxTY6hSyL0.roa (raw, json)
Hash identifier:          ywDDk4Da2VFEPAZYkJbPbp7ZppYitudvQc1nou/VXXE=
Subject key identifier:   B8:7B:94:CF:38:C9:57:41:D4:B5:5E:DA:BA:7C:53:63:A8:52:C8:BD
Certificate issuer:       /CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
Certificate serial:       019B7AC8A0083EE374A57CC9F8EE1CBD72A4
Authority key identifier: 46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/uHuUzzjJV0HUtV7aunxTY6hSyL0.roa
Signing time:             Thu 01 Jan 2026 18:18:46 +0000
ROA not before:           Thu 01 Jan 2026 18:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206750
IP address blocks:        146.19.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 21:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:a0:08:3e:e3:74:a5:7c:c9:f8:ee:1c:bd:72:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
        Validity
            Not Before: Jan  1 18:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b87b94cf38c95741d4b55edaba7c5363a852c8bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:54:84:23:fd:cf:8b:e6:5d:41:04:b7:11:07:
                    e3:62:49:2b:6a:d0:11:6f:1c:6b:02:9c:12:c7:a9:
                    9b:8d:87:24:84:46:4a:c3:7c:53:fc:95:3e:d3:76:
                    bd:bf:a3:9b:92:79:4c:61:d9:af:73:92:4f:be:72:
                    58:82:e1:e3:29:f8:a1:30:7d:51:25:e2:f0:13:58:
                    7b:36:00:f8:15:a7:09:5d:af:4c:cb:8b:c1:c6:3e:
                    b1:6d:30:ca:40:a7:c1:73:7e:5d:fd:4a:fa:f7:dc:
                    d6:00:83:e8:e5:f1:28:b0:2c:d9:09:9b:fa:a6:3b:
                    8d:59:d5:fc:3b:ce:dd:e4:6d:69:41:43:76:d7:55:
                    cf:f6:d9:e4:c4:63:56:96:e4:57:0e:77:57:1a:ef:
                    c0:0a:18:6e:e9:0b:3b:53:84:3f:87:03:d8:49:1b:
                    52:fa:85:ee:e0:38:52:6f:59:63:24:f8:46:06:39:
                    bc:60:61:1a:07:a0:ec:7d:48:16:87:a9:cf:f7:d8:
                    80:17:1f:d8:77:e1:23:e1:37:b8:20:0d:9a:5c:29:
                    f2:22:76:0d:ef:43:37:46:82:85:80:b1:a3:fa:4f:
                    18:df:85:ae:4c:75:d2:5c:e8:fb:9e:74:b0:86:4d:
                    fd:08:3a:58:d3:bd:ac:60:2a:00:c1:72:e4:58:f9:
                    e9:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:7B:94:CF:38:C9:57:41:D4:B5:5E:DA:BA:7C:53:63:A8:52:C8:BD
            X509v3 Authority Key Identifier:
                keyid:46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/uHuUzzjJV0HUtV7aunxTY6hSyL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:21:10:fa:74:61:8e:d3:74:94:ad:e9:6c:1e:17:27:7e:de:
         a6:20:dd:1b:8f:44:e1:b7:f2:3a:27:b1:aa:d3:0d:22:d5:8b:
         f4:b6:87:c0:a4:c1:4a:11:2f:2d:f5:ac:6d:32:b1:7c:28:4a:
         67:b1:b3:95:36:0f:05:3c:12:9a:6c:4d:80:4b:5f:a7:42:16:
         7a:47:73:08:9a:b4:6a:4e:ea:98:8b:68:31:a7:92:74:52:4e:
         1b:2a:6e:c6:60:19:24:60:d4:ac:d5:0d:ef:d9:b8:96:28:6a:
         4d:e8:a3:dd:ad:bd:58:06:e7:8e:6d:58:fc:6b:83:c6:6c:f9:
         f9:47:48:ff:1e:cc:d4:c8:77:db:b8:aa:9f:b0:29:5a:f8:4c:
         83:84:81:46:42:9d:38:1e:5c:bc:02:7c:9a:f6:cd:c0:ef:da:
         d5:fc:85:b4:f1:ad:59:10:ad:aa:92:71:d0:59:9c:38:58:dc:
         9f:39:b3:5a:70:cc:38:89:7f:74:b9:67:34:58:e4:d3:48:7d:
         f4:81:f7:4c:80:ef:3c:64:48:7a:54:15:bc:27:9f:05:5d:bc:
         32:b4:e7:76:8f:30:f9:5e:b5:9b:5a:52:9d:a4:7e:27:8e:6b:
         c5:30:d1:ae:e0:07:de:a9:4e:2d:91:92:bf:e2:4b:a2:1f:d4:
         8e:b5:47:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yKAIPuN0pXzJ+O4cvXKkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2OGI1OTJmMzExMGJjNmMzNTI0OWE4MjcxYTBkYWMxYTlh
Y2IwY2UwHhcNMjYwMTAxMTgxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODdiOTRjZjM4Yzk1NzQxZDRiNTVlZGFiYTdjNTM2M2E4NTJjOGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1SEI/3Pi+ZdQQS3EQfjYkkratAR
bxxrApwSx6mbjYckhEZKw3xT/JU+03a9v6ObknlMYdmvc5JPvnJYguHjKfihMH1R
JeLwE1h7NgD4FacJXa9My4vBxj6xbTDKQKfBc35d/Ur699zWAIPo5fEosCzZCZv6
pjuNWdX8O87d5G1pQUN211XP9tnkxGNWluRXDndXGu/AChhu6Qs7U4Q/hwPYSRtS
+oXu4DhSb1ljJPhGBjm8YGEaB6DsfUgWh6nP99iAFx/Yd+Ej4Te4IA2aXCnyInYN
70M3RoKFgLGj+k8Y34WuTHXSXOj7nnSwhk39CDpY072sYCoAwXLkWPnpXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLh7lM84yVdB1LVe2rp8U2OoUsi9MB8GA1UdIwQY
MBaAFEaLWS8xELxsNSSagnGg2sGprLDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTct
MDUwMzc0OWFkZWEwLzEvdUh1VXp6akpWMEhVdFY3YXVueFRZNmhTeUwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTctMDUwMzc0OWFkZWEw
LzEvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhMyMA0G
CSqGSIb3DQEBCwUAA4IBAQAHIRD6dGGO03SUrelsHhcnft6mIN0bj0Tht/I6J7Gq
0w0i1Yv0tofApMFKES8t9axtMrF8KEpnsbOVNg8FPBKabE2AS1+nQhZ6R3MImrRq
TuqYi2gxp5J0Uk4bKm7GYBkkYNSs1Q3v2biWKGpN6KPdrb1YBueObVj8a4PGbPn5
R0j/HszUyHfbuKqfsCla+EyDhIFGQp04Hly8Anya9s3A79rV/IW08a1ZEK2qknHQ
WZw4WNyfObNacMw4iX90uWc0WOTTSH30gfdMgO88ZEh6VBW8J58FXbwytOd2jzD5
XrWbWlKdpH4njmvFMNGu4AfeqU4tkZK/4kuiH9SOtUcP
-----END CERTIFICATE-----