This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/626eef-12d0-47fa-b633-641dd4288c40/1/umCBjEn3NnVHg79eLHC3xk9rgS0.roa
File:                     umCBjEn3NnVHg79eLHC3xk9rgS0.roa (raw, json)
Hash identifier:          /fSksQdekqYTESP/mXyQvaIFQ1BWx6zsTRDj8qcB0V4=
Subject key identifier:   BA:60:81:8C:49:F7:36:75:47:83:BF:5E:2C:70:B7:C6:4F:6B:81:2D
Certificate issuer:       /CN=b19f07669e58ec32b9d9132e2ca6d19c2e949360
Certificate serial:       019B7E386DCB71C56AB571486382D320A006
Authority key identifier: B1:9F:07:66:9E:58:EC:32:B9:D9:13:2E:2C:A6:D1:9C:2E:94:93:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sZ8HZp5Y7DK52RMuLKbRnC6Uk2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/626eef-12d0-47fa-b633-641dd4288c40/1/umCBjEn3NnVHg79eLHC3xk9rgS0.roa
Signing time:             Fri 02 Jan 2026 10:19:45 +0000
ROA not before:           Fri 02 Jan 2026 10:19:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        185.141.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/626eef-12d0-47fa-b633-641dd4288c40/1/sZ8HZp5Y7DK52RMuLKbRnC6Uk2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/626eef-12d0-47fa-b633-641dd4288c40/1/sZ8HZp5Y7DK52RMuLKbRnC6Uk2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sZ8HZp5Y7DK52RMuLKbRnC6Uk2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:6d:cb:71:c5:6a:b5:71:48:63:82:d3:20:a0:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b19f07669e58ec32b9d9132e2ca6d19c2e949360
        Validity
            Not Before: Jan  2 10:19:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ba60818c49f736754783bf5e2c70b7c64f6b812d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:71:6e:bd:b3:81:16:03:24:d3:77:74:02:d1:
                    1d:e7:b9:2b:61:f7:6a:26:ab:3d:04:a3:df:d4:02:
                    d5:7f:04:a4:22:3b:1a:7c:89:1f:5d:f5:8d:d6:f8:
                    46:ea:22:29:ce:d3:08:9b:d0:eb:30:89:a8:16:11:
                    2d:d8:68:65:c2:63:f6:5f:d2:e1:0c:c9:d9:59:a9:
                    f3:7e:af:36:58:1a:32:9a:55:ea:33:4a:5b:fd:34:
                    14:33:7d:6b:a3:ff:a0:3a:cd:fb:8f:fb:b0:74:af:
                    74:66:08:80:cf:55:4e:34:c2:53:f4:5f:ec:5a:e0:
                    5d:97:a1:21:21:74:94:a1:1f:64:27:6f:78:db:a0:
                    c1:81:a8:0b:9c:08:ab:ab:44:c0:43:63:11:d2:5a:
                    7f:7c:d3:c5:5a:43:fa:2e:ee:d5:21:34:e5:33:59:
                    ea:1a:58:42:3b:30:15:e2:22:ad:9b:b6:d8:96:dc:
                    d9:c4:f3:1b:bb:e5:de:26:d5:fe:42:7e:45:ec:aa:
                    d1:03:a0:94:20:fe:d3:94:f3:38:ed:7b:04:cf:bc:
                    42:bc:4f:e9:e9:34:38:66:de:e3:a0:e5:f1:a3:8d:
                    e2:74:0e:78:bd:5a:2d:7c:55:ff:95:df:93:26:e0:
                    86:0c:09:d8:e9:af:f5:8b:bd:fc:93:cb:cc:ac:6e:
                    89:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:60:81:8C:49:F7:36:75:47:83:BF:5E:2C:70:B7:C6:4F:6B:81:2D
            X509v3 Authority Key Identifier:
                keyid:B1:9F:07:66:9E:58:EC:32:B9:D9:13:2E:2C:A6:D1:9C:2E:94:93:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sZ8HZp5Y7DK52RMuLKbRnC6Uk2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/626eef-12d0-47fa-b633-641dd4288c40/1/umCBjEn3NnVHg79eLHC3xk9rgS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/626eef-12d0-47fa-b633-641dd4288c40/1/sZ8HZp5Y7DK52RMuLKbRnC6Uk2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:85:cc:c5:ca:4c:d1:3d:52:3e:10:fc:c1:90:f7:1a:56:53:
         f3:c7:29:f3:ba:a3:9c:e4:a4:42:a3:13:79:d0:f3:de:3c:6b:
         83:77:43:c6:43:a7:3c:10:09:40:b6:55:e3:0f:a4:92:7c:41:
         28:67:0c:dd:bd:6f:4e:91:69:a6:d4:39:a5:32:c7:1f:b2:c9:
         e4:78:74:fa:19:21:b8:c5:f1:0a:15:71:4f:de:b6:3e:b4:02:
         84:89:fc:f6:25:c8:fa:0a:52:f7:53:8b:f3:e9:41:77:1f:11:
         74:9b:ca:6c:57:07:18:4e:99:56:d9:55:70:b0:f7:9a:f1:64:
         6a:8c:16:b2:b5:a3:7b:76:78:08:48:8c:a8:16:d4:3f:3c:64:
         9b:45:3e:85:ae:f7:49:a7:7f:05:7a:63:db:f2:0d:9d:49:61:
         c5:25:d4:40:fa:63:86:f0:95:ac:80:f7:cf:44:5b:69:3c:51:
         11:90:3f:7e:1e:45:72:8b:8a:28:52:1c:94:de:38:9f:3c:63:
         cb:a6:c9:b0:8d:37:c1:71:f9:be:cd:28:f2:fe:5c:00:26:52:
         ae:9f:8b:aa:f4:5c:82:0f:22:f6:d9:fa:2a:f1:3a:21:f3:d6:
         01:5e:50:39:fe:a1:c1:dc:40:33:3c:24:43:92:f2:42:b4:99:
         71:46:27:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OG3LccVqtXFIY4LTIKAGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxOWYwNzY2OWU1OGVjMzJiOWQ5MTMyZTJjYTZkMTljMmU5
NDkzNjAwHhcNMjYwMTAyMTAxOTQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTYwODE4YzQ5ZjczNjc1NDc4M2JmNWUyYzcwYjdjNjRmNmI4MTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHFuvbOBFgMk03d0AtEd57krYfdq
Jqs9BKPf1ALVfwSkIjsafIkfXfWN1vhG6iIpztMIm9DrMImoFhEt2GhlwmP2X9Lh
DMnZWanzfq82WBoymlXqM0pb/TQUM31ro/+gOs37j/uwdK90ZgiAz1VONMJT9F/s
WuBdl6EhIXSUoR9kJ29426DBgagLnAirq0TAQ2MR0lp/fNPFWkP6Lu7VITTlM1nq
GlhCOzAV4iKtm7bYltzZxPMbu+XeJtX+Qn5F7KrRA6CUIP7TlPM47XsEz7xCvE/p
6TQ4Zt7joOXxo43idA54vVotfFX/ld+TJuCGDAnY6a/1i738k8vMrG6JKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLpggYxJ9zZ1R4O/Xixwt8ZPa4EtMB8GA1UdIwQY
MBaAFLGfB2aeWOwyudkTLiym0ZwulJNgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1o4SFpwNVk3REs1MlJNdUxLYlJuQzZVazJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy82MjZlZWYtMTJkMC00N2ZhLWI2MzMt
NjQxZGQ0Mjg4YzQwLzEvdW1DQmpFbjNOblZIZzc5ZUxIQzN4azlyZ1MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy82MjZlZWYtMTJkMC00N2ZhLWI2MzMtNjQxZGQ0Mjg4YzQw
LzEvc1o4SFpwNVk3REs1MlJNdUxLYlJuQzZVazJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY38MA0G
CSqGSIb3DQEBCwUAA4IBAQAwhczFykzRPVI+EPzBkPcaVlPzxynzuqOc5KRCoxN5
0PPePGuDd0PGQ6c8EAlAtlXjD6SSfEEoZwzdvW9OkWmm1DmlMscfssnkeHT6GSG4
xfEKFXFP3rY+tAKEifz2Jcj6ClL3U4vz6UF3HxF0m8psVwcYTplW2VVwsPea8WRq
jBaytaN7dngISIyoFtQ/PGSbRT6FrvdJp38FemPb8g2dSWHFJdRA+mOG8JWsgPfP
RFtpPFERkD9+HkVyi4ooUhyU3jifPGPLpsmwjTfBcfm+zSjy/lwAJlKun4uq9FyC
DyL22foq8Toh89YBXlA5/qHB3EAzPCRDkvJCtJlxRieH
-----END CERTIFICATE-----