This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/ujxmrsAD6ElipghLJjm4S_EjtY0.roa
File:                     ujxmrsAD6ElipghLJjm4S_EjtY0.roa (raw, json)
Hash identifier:          tMt8pfzLjVJP0DsZiN3H6/uOY+TlTFmGD9SDREa0VPc=
Subject key identifier:   BA:3C:66:AE:C0:03:E8:49:62:A6:08:4B:26:39:B8:4B:F1:23:B5:8D
Certificate issuer:       /CN=8ef7c09c1a3f73ebe61740ab65e589f91655bded
Certificate serial:       019B7F84F432BD1DAA3265AC96F45A7C5140
Authority key identifier: 8E:F7:C0:9C:1A:3F:73:EB:E6:17:40:AB:65:E5:89:F9:16:55:BD:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jvfAnBo_c-vmF0CrZeWJ-RZVve0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/ujxmrsAD6ElipghLJjm4S_EjtY0.roa
Signing time:             Fri 02 Jan 2026 16:22:58 +0000
ROA not before:           Fri 02 Jan 2026 16:22:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60223
IP address blocks:        195.24.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/jvfAnBo_c-vmF0CrZeWJ-RZVve0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/jvfAnBo_c-vmF0CrZeWJ-RZVve0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jvfAnBo_c-vmF0CrZeWJ-RZVve0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:f4:32:bd:1d:aa:32:65:ac:96:f4:5a:7c:51:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ef7c09c1a3f73ebe61740ab65e589f91655bded
        Validity
            Not Before: Jan  2 16:22:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ba3c66aec003e84962a6084b2639b84bf123b58d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:82:da:1e:a1:67:b0:12:a0:4d:d0:6a:d9:6b:
                    04:fc:3a:43:5b:07:ec:67:c9:86:4a:54:37:ea:e6:
                    02:af:ae:9e:50:5f:6b:f1:5e:ef:b7:25:9c:83:6f:
                    2b:db:11:c3:ac:68:88:8e:38:ae:d3:1e:17:a2:40:
                    87:a6:4a:37:f5:af:40:0a:80:dd:0f:5f:5d:07:a9:
                    e0:5a:a1:c5:8f:3b:28:6e:f4:2c:f8:7b:68:f2:33:
                    74:3e:19:c7:0e:42:f4:8e:94:dc:23:ba:33:e4:a8:
                    1f:c0:18:98:7a:c6:5a:11:31:0c:3b:82:a9:0d:13:
                    28:09:ff:0e:d3:2d:0e:83:5e:2f:fa:c4:7b:7a:bc:
                    71:9d:9e:32:7a:30:d2:90:fe:f7:cf:01:3b:c0:10:
                    92:cd:b4:d8:71:ea:42:1d:d3:7e:e1:7d:f2:81:ed:
                    b6:cd:d5:9d:c0:90:8d:42:ff:14:2a:e1:22:88:13:
                    98:8b:bd:a9:e5:bd:f5:b1:48:e4:48:84:b3:12:11:
                    c4:b9:a0:b7:b3:17:c2:f8:35:fc:96:50:a8:51:05:
                    67:01:f2:24:ce:b0:f2:df:69:3f:04:12:8e:d4:38:
                    5a:59:b2:5d:82:a1:f6:f6:5e:99:6e:24:80:a0:7e:
                    9d:c9:a2:99:5d:91:e2:f0:82:ad:a3:93:56:cf:c6:
                    e4:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:3C:66:AE:C0:03:E8:49:62:A6:08:4B:26:39:B8:4B:F1:23:B5:8D
            X509v3 Authority Key Identifier:
                keyid:8E:F7:C0:9C:1A:3F:73:EB:E6:17:40:AB:65:E5:89:F9:16:55:BD:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jvfAnBo_c-vmF0CrZeWJ-RZVve0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/ujxmrsAD6ElipghLJjm4S_EjtY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/8c6d88-52c3-47e6-8009-f62be9e8a671/1/jvfAnBo_c-vmF0CrZeWJ-RZVve0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.24.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:7f:87:86:ee:56:13:9c:85:e3:98:8a:77:36:b6:e6:7d:41:
         af:77:76:30:b5:7f:de:49:4a:e0:7f:00:01:3a:4e:a5:e5:4d:
         9e:83:0c:15:71:3f:30:f2:4e:10:8e:9a:92:31:af:e9:09:14:
         72:d6:fc:4e:ef:49:83:7b:9b:eb:33:d6:58:f6:49:d2:27:de:
         d9:60:1f:d7:99:fe:99:d4:a4:f1:56:0a:55:37:41:42:75:d2:
         3f:83:8a:a3:a9:7d:ed:ba:5f:ba:11:50:71:18:c4:6c:c0:01:
         89:db:b0:d6:d6:b4:25:6f:cf:93:5b:f9:c1:e2:b7:39:9d:33:
         dc:30:80:57:b9:09:29:72:8c:92:de:20:0b:25:c6:3b:43:26:
         14:12:6f:94:01:26:24:37:16:89:e7:3d:e6:fd:10:ec:6a:2e:
         b8:76:3e:9e:15:0e:3e:00:0e:ef:e3:32:53:e0:a3:22:62:04:
         ef:04:6d:60:75:d5:1e:6b:51:14:a3:9d:6d:99:e4:4b:51:d3:
         b1:ed:7e:c1:e2:55:b7:28:f6:c4:f9:08:3a:65:2c:6d:ea:83:
         6e:bd:e7:48:ed:79:97:2d:16:8c:72:b5:bf:9e:7d:3a:52:f7:
         35:e5:fc:be:85:b2:36:d5:25:bc:4f:50:78:0f:c3:b9:c6:14:
         49:2f:cd:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hPQyvR2qMmWslvRafFFAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlZjdjMDljMWEzZjczZWJlNjE3NDBhYjY1ZTU4OWY5MTY1
NWJkZWQwHhcNMjYwMTAyMTYyMjU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTNjNjZhZWMwMDNlODQ5NjJhNjA4NGIyNjM5Yjg0YmYxMjNiNThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4LaHqFnsBKgTdBq2WsE/DpDWwfs
Z8mGSlQ36uYCr66eUF9r8V7vtyWcg28r2xHDrGiIjjiu0x4XokCHpko39a9ACoDd
D19dB6ngWqHFjzsobvQs+Hto8jN0PhnHDkL0jpTcI7oz5KgfwBiYesZaETEMO4Kp
DRMoCf8O0y0Og14v+sR7erxxnZ4yejDSkP73zwE7wBCSzbTYcepCHdN+4X3yge22
zdWdwJCNQv8UKuEiiBOYi72p5b31sUjkSISzEhHEuaC3sxfC+DX8llCoUQVnAfIk
zrDy32k/BBKO1DhaWbJdgqH29l6ZbiSAoH6dyaKZXZHi8IKto5NWz8bk1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLo8Zq7AA+hJYqYISyY5uEvxI7WNMB8GA1UdIwQY
MBaAFI73wJwaP3Pr5hdAq2XlifkWVb3tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanZmQW5Cb19jLXZtRjBDclplV0otUlpWdmUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS84YzZkODgtNTJjMy00N2U2LTgwMDkt
ZjYyYmU5ZThhNjcxLzEvdWp4bXJzQUQ2RWxpcGdoTEpqbTRTX0VqdFkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS84YzZkODgtNTJjMy00N2U2LTgwMDktZjYyYmU5ZThhNjcx
LzEvanZmQW5Cb19jLXZtRjBDclplV0otUlpWdmUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxjsMA0G
CSqGSIb3DQEBCwUAA4IBAQA6f4eG7lYTnIXjmIp3NrbmfUGvd3YwtX/eSUrgfwAB
Ok6l5U2egwwVcT8w8k4QjpqSMa/pCRRy1vxO70mDe5vrM9ZY9knSJ97ZYB/Xmf6Z
1KTxVgpVN0FCddI/g4qjqX3tul+6EVBxGMRswAGJ27DW1rQlb8+TW/nB4rc5nTPc
MIBXuQkpcoyS3iALJcY7QyYUEm+UASYkNxaJ5z3m/RDsai64dj6eFQ4+AA7v4zJT
4KMiYgTvBG1gddUea1EUo51tmeRLUdOx7X7B4lW3KPbE+Qg6ZSxt6oNuvedI7XmX
LRaMcrW/nn06Uvc15fy+hbI21SW8T1B4D8O5xhRJL837
-----END CERTIFICATE-----