This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/uljHeXtwPoXTWfqHenoj_DXb3ww.roa
File:                     uljHeXtwPoXTWfqHenoj_DXb3ww.roa (raw, json)
Hash identifier:          wGmp5Bh78//8aIg6gUIYujT06jT2kqD/3V641rlo7LY=
Subject key identifier:   BA:58:C7:79:7B:70:3E:85:D3:59:FA:87:7A:7A:23:FC:35:DB:DF:0C
Certificate issuer:       /CN=aca77c708af0ba1f81549c9f87089559390167a5
Certificate serial:       019B7EA6808D4D288A4FEC2F0A9FDDBB8BCF
Authority key identifier: AC:A7:7C:70:8A:F0:BA:1F:81:54:9C:9F:87:08:95:59:39:01:67:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/uljHeXtwPoXTWfqHenoj_DXb3ww.roa
Signing time:             Fri 02 Jan 2026 12:19:59 +0000
ROA not before:           Fri 02 Jan 2026 12:19:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24990
IP address blocks:        88.84.144.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 03:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:80:8d:4d:28:8a:4f:ec:2f:0a:9f:dd:bb:8b:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aca77c708af0ba1f81549c9f87089559390167a5
        Validity
            Not Before: Jan  2 12:19:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ba58c7797b703e85d359fa877a7a23fc35dbdf0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f3:a6:27:16:80:96:a6:17:8e:ce:b2:30:41:
                    30:bd:40:27:f5:88:f2:2e:ab:69:5a:00:a0:dd:e8:
                    9d:df:e8:ae:35:6d:0f:76:27:56:c9:82:2b:38:7c:
                    bb:ab:71:44:69:79:e1:13:a9:b7:06:45:ef:03:97:
                    70:2e:f0:74:e9:14:f7:c3:45:dd:e3:7c:8c:39:2f:
                    91:01:7e:5f:bf:99:4c:ae:76:dd:f0:d9:b8:a2:e0:
                    ac:d4:0e:81:fa:e8:72:0f:03:0d:f6:09:b0:31:af:
                    11:4e:74:b9:e0:ec:6e:43:b3:86:f2:1d:8d:7b:7e:
                    02:78:5f:e2:79:07:1b:84:36:b0:81:c5:fb:98:a1:
                    61:9a:94:5f:14:08:42:76:b8:4d:94:14:8d:4a:44:
                    2a:4e:e4:aa:31:6f:0c:65:40:2a:37:cf:54:1c:0f:
                    88:38:34:af:47:13:74:de:ce:2e:c9:b0:38:6d:40:
                    45:0e:f9:f0:d7:87:f2:8f:18:84:47:be:cb:6e:f3:
                    70:bd:b6:d3:0c:5c:89:79:cf:01:f7:2e:7b:75:37:
                    b1:5d:2d:03:8b:4e:84:fb:83:5a:90:76:1d:65:7c:
                    cd:42:a4:23:d9:42:1d:9a:25:c7:44:89:e0:65:e1:
                    3e:2c:6b:68:61:30:c5:1e:30:2a:92:07:f8:74:93:
                    7c:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:58:C7:79:7B:70:3E:85:D3:59:FA:87:7A:7A:23:FC:35:DB:DF:0C
            X509v3 Authority Key Identifier:
                keyid:AC:A7:7C:70:8A:F0:BA:1F:81:54:9C:9F:87:08:95:59:39:01:67:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/uljHeXtwPoXTWfqHenoj_DXb3ww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.84.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2e:89:63:ce:e8:48:c9:cf:27:0f:93:d1:03:95:14:63:1f:d1:
         55:28:17:73:7c:5f:70:02:75:ae:db:ad:51:af:65:ae:41:42:
         34:71:ac:8f:94:43:c3:ca:b9:83:c6:cb:12:33:96:60:5e:dc:
         8b:05:c3:bd:50:de:c0:f5:d2:55:da:32:c9:65:1b:5d:95:1d:
         aa:b5:7d:d9:45:cd:82:c2:e1:71:44:e7:7f:36:74:e9:df:32:
         8c:95:e2:c3:cc:7b:47:9d:b5:c6:3c:7c:5a:bb:68:24:4a:93:
         ab:1c:28:64:82:3e:29:11:20:63:8a:65:d4:d4:99:5f:70:aa:
         f0:44:c6:45:38:91:77:6f:43:c4:5d:2f:84:bd:ac:4e:43:44:
         06:f3:eb:dc:81:37:ba:fd:f7:71:f6:bd:bc:89:f9:25:1a:48:
         6e:75:cd:17:4e:b8:cb:24:c9:b1:36:03:ea:db:bb:d2:6b:e3:
         fb:4d:7d:b7:02:cc:00:1b:10:f3:f2:b6:b0:9a:fe:80:41:bc:
         82:6d:4c:98:57:9a:e8:36:38:f2:65:de:5d:9b:d7:d0:16:9c:
         06:53:b2:cf:74:0f:dc:4c:d9:78:91:19:b3:e7:d0:6c:6b:9b:
         ee:bb:fc:6d:03:61:6f:8f:07:e4:68:88:60:a8:7f:8e:b2:d4:
         82:d9:83:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+poCNTSiKT+wvCp/du4vPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTc3YzcwOGFmMGJhMWY4MTU0OWM5Zjg3MDg5NTU5Mzkw
MTY3YTUwHhcNMjYwMTAyMTIxOTU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTU4Yzc3OTdiNzAzZTg1ZDM1OWZhODc3YTdhMjNmYzM1ZGJkZjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2fOmJxaAlqYXjs6yMEEwvUAn9Yjy
LqtpWgCg3eid3+iuNW0PdidWyYIrOHy7q3FEaXnhE6m3BkXvA5dwLvB06RT3w0Xd
43yMOS+RAX5fv5lMrnbd8Nm4ouCs1A6B+uhyDwMN9gmwMa8RTnS54OxuQ7OG8h2N
e34CeF/ieQcbhDawgcX7mKFhmpRfFAhCdrhNlBSNSkQqTuSqMW8MZUAqN89UHA+I
ODSvRxN03s4uybA4bUBFDvnw14fyjxiER77LbvNwvbbTDFyJec8B9y57dTexXS0D
i06E+4NakHYdZXzNQqQj2UIdmiXHRIngZeE+LGtoYTDFHjAqkgf4dJN8UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLpYx3l7cD6F01n6h3p6I/w1298MMB8GA1UdIwQY
MBaAFKynfHCK8LofgVScn4cIlVk5AWelMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktkOGNJcnd1aC1CVkp5Zmh3aVZXVGtCWjZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS84ZmU3ZDgtMDE3Yi00MWFhLWE5MWYt
MjhiMTllM2ZkNGE2LzEvdWxqSGVYdHdQb1hUV2ZxSGVub2pfRFhiM3d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS84ZmU3ZDgtMDE3Yi00MWFhLWE5MWYtMjhiMTllM2ZkNGE2
LzEvcktkOGNJcnd1aC1CVkp5Zmh3aVZXVGtCWjZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDWFSQMA0G
CSqGSIb3DQEBCwUAA4IBAQAuiWPO6EjJzycPk9EDlRRjH9FVKBdzfF9wAnWu261R
r2WuQUI0cayPlEPDyrmDxssSM5ZgXtyLBcO9UN7A9dJV2jLJZRtdlR2qtX3ZRc2C
wuFxROd/NnTp3zKMleLDzHtHnbXGPHxau2gkSpOrHChkgj4pESBjimXU1JlfcKrw
RMZFOJF3b0PEXS+EvaxOQ0QG8+vcgTe6/fdx9r28ifklGkhudc0XTrjLJMmxNgPq
27vSa+P7TX23AswAGxDz8rawmv6AQbyCbUyYV5roNjjyZd5dm9fQFpwGU7LPdA/c
TNl4kRmz59Bsa5vuu/xtA2FvjwfkaIhgqH+OstSC2YO3
-----END CERTIFICATE-----