This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/787aae-1131-4d9c-8594-6947f02ac6af/1/m8GmWxaGzhbyfzeA3jXtYZtS49c.roa
File:                     m8GmWxaGzhbyfzeA3jXtYZtS49c.roa (raw, json)
Hash identifier:          ufyYBYKdtvNPQKTZ7RHmH34YskTQ9OHfZWJp++dRaZU=
Subject key identifier:   9B:C1:A6:5B:16:86:CE:16:F2:7F:37:80:DE:35:ED:61:9B:52:E3:D7
Certificate issuer:       /CN=1ccaab0b0defc93c32f80c44b082fb2905f23c62
Certificate serial:       019B7E38EE475349FE18DBD3B6AAE2193E00
Authority key identifier: 1C:CA:AB:0B:0D:EF:C9:3C:32:F8:0C:44:B0:82:FB:29:05:F2:3C:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HMqrCw3vyTwy-AxEsIL7KQXyPGI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/787aae-1131-4d9c-8594-6947f02ac6af/1/m8GmWxaGzhbyfzeA3jXtYZtS49c.roa
Signing time:             Fri 02 Jan 2026 10:20:18 +0000
ROA not before:           Fri 02 Jan 2026 10:20:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59885
IP address blocks:        185.159.100.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/787aae-1131-4d9c-8594-6947f02ac6af/1/HMqrCw3vyTwy-AxEsIL7KQXyPGI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/787aae-1131-4d9c-8594-6947f02ac6af/1/HMqrCw3vyTwy-AxEsIL7KQXyPGI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HMqrCw3vyTwy-AxEsIL7KQXyPGI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:ee:47:53:49:fe:18:db:d3:b6:aa:e2:19:3e:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ccaab0b0defc93c32f80c44b082fb2905f23c62
        Validity
            Not Before: Jan  2 10:20:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9bc1a65b1686ce16f27f3780de35ed619b52e3d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:64:1a:4c:09:9b:40:55:d4:f3:23:95:a1:89:
                    e8:d9:7c:6a:62:7d:17:0e:ba:7b:e9:87:37:40:5f:
                    57:5e:ac:35:b4:e8:58:09:7f:47:72:f2:2a:5f:63:
                    12:9b:43:ce:8a:c9:a0:57:4c:f5:8e:0a:0e:0a:28:
                    f8:a4:f9:67:d1:12:ee:89:60:8f:2f:78:2d:f9:14:
                    67:d4:16:ed:e0:ec:1d:e5:46:46:54:87:b7:39:0b:
                    d2:f7:96:7e:cd:7e:e7:74:24:40:ab:c6:10:27:a9:
                    65:70:6c:dc:b6:d6:4a:dd:33:c6:f6:2d:1a:dd:46:
                    d4:30:b6:79:78:9d:3a:fc:44:44:f3:f2:19:e7:ef:
                    73:df:05:31:63:f0:48:8a:c4:94:50:e7:4d:a7:67:
                    f8:b6:78:1f:d9:25:d3:7b:80:a1:68:39:3a:fd:7b:
                    ea:ab:0a:62:7b:74:53:7a:91:bc:77:41:ec:af:fe:
                    70:3d:b5:b7:b9:be:24:1e:80:ab:dd:54:ee:fb:f0:
                    7d:a3:90:03:e2:4e:2e:33:63:ab:35:fe:19:c3:5c:
                    2a:57:03:b0:a2:61:c1:b5:76:50:ac:70:97:51:36:
                    5e:98:d8:76:3e:89:bf:14:6d:c1:91:c2:27:d4:20:
                    c0:c3:7b:5f:06:a5:58:1e:2d:9d:d4:9d:e8:31:47:
                    fb:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:C1:A6:5B:16:86:CE:16:F2:7F:37:80:DE:35:ED:61:9B:52:E3:D7
            X509v3 Authority Key Identifier:
                keyid:1C:CA:AB:0B:0D:EF:C9:3C:32:F8:0C:44:B0:82:FB:29:05:F2:3C:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HMqrCw3vyTwy-AxEsIL7KQXyPGI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/787aae-1131-4d9c-8594-6947f02ac6af/1/m8GmWxaGzhbyfzeA3jXtYZtS49c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/787aae-1131-4d9c-8594-6947f02ac6af/1/HMqrCw3vyTwy-AxEsIL7KQXyPGI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:d7:d2:eb:13:51:0b:ba:c2:bb:6a:12:76:f4:2e:8a:ad:29:
         a2:a2:1f:02:e4:82:49:72:0e:30:a1:e3:e8:0a:04:b4:44:8d:
         e3:44:ec:32:b7:5b:b7:6e:7f:ed:fa:52:d5:00:0e:95:c5:2b:
         de:58:6f:42:fc:21:ef:26:c1:66:06:6f:c4:99:75:fb:16:d8:
         57:a9:cd:39:57:10:d7:af:8f:e7:e3:af:3c:da:1d:64:a3:88:
         a5:de:f9:d3:34:6e:56:5e:dd:d7:80:79:bc:07:0d:82:ae:9e:
         84:88:97:49:56:13:05:ac:98:66:98:a1:b9:bd:cc:a3:e3:e1:
         77:d3:99:71:5b:b8:2b:d8:18:2f:7b:cc:ad:f0:78:cb:d0:36:
         ad:5b:66:19:3d:ac:94:6a:fe:59:27:a9:9c:3c:70:a6:3c:39:
         0c:23:79:91:f8:d2:97:ab:db:10:38:bb:69:04:94:a2:91:6b:
         4b:b5:19:54:0f:c7:00:2b:ef:26:90:8a:93:19:89:86:dc:33:
         ba:46:b8:9d:57:a3:9d:f8:83:58:96:5c:a7:4c:d7:9e:d1:21:
         88:33:5a:76:ab:be:72:04:2a:c0:2d:b9:48:30:c5:e0:98:b7:
         98:a8:e4:5e:b5:ce:9b:0a:f3:32:69:6a:5d:2e:8e:7c:d4:9d:
         a5:fe:02:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OO5HU0n+GNvTtqriGT4AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjY2FhYjBiMGRlZmM5M2MzMmY4MGM0NGIwODJmYjI5MDVm
MjNjNjIwHhcNMjYwMTAyMTAyMDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmMxYTY1YjE2ODZjZTE2ZjI3ZjM3ODBkZTM1ZWQ2MTliNTJlM2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGQaTAmbQFXU8yOVoYno2XxqYn0X
Drp76Yc3QF9XXqw1tOhYCX9HcvIqX2MSm0POismgV0z1jgoOCij4pPln0RLuiWCP
L3gt+RRn1Bbt4Owd5UZGVIe3OQvS95Z+zX7ndCRAq8YQJ6llcGzcttZK3TPG9i0a
3UbUMLZ5eJ06/ERE8/IZ5+9z3wUxY/BIisSUUOdNp2f4tngf2SXTe4ChaDk6/Xvq
qwpie3RTepG8d0Hsr/5wPbW3ub4kHoCr3VTu+/B9o5AD4k4uM2OrNf4Zw1wqVwOw
omHBtXZQrHCXUTZemNh2Pom/FG3BkcIn1CDAw3tfBqVYHi2d1J3oMUf73wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJvBplsWhs4W8n83gN417WGbUuPXMB8GA1UdIwQY
MBaAFBzKqwsN78k8MvgMRLCC+ykF8jxiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSE1xckN3M3Z5VHd5LUF4RXNJTDdLUVh5UEdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy83ODdhYWUtMTEzMS00ZDljLTg1OTQt
Njk0N2YwMmFjNmFmLzEvbThHbVd4YUd6aGJ5ZnplQTNqWHRZWnRTNDljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy83ODdhYWUtMTEzMS00ZDljLTg1OTQtNjk0N2YwMmFjNmFm
LzEvSE1xckN3M3Z5VHd5LUF4RXNJTDdLUVh5UEdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ9kMA0G
CSqGSIb3DQEBCwUAA4IBAQAQ19LrE1ELusK7ahJ29C6KrSmioh8C5IJJcg4woePo
CgS0RI3jROwyt1u3bn/t+lLVAA6VxSveWG9C/CHvJsFmBm/EmXX7FthXqc05VxDX
r4/n46882h1ko4il3vnTNG5WXt3XgHm8Bw2Crp6EiJdJVhMFrJhmmKG5vcyj4+F3
05lxW7gr2Bgve8yt8HjL0DatW2YZPayUav5ZJ6mcPHCmPDkMI3mR+NKXq9sQOLtp
BJSikWtLtRlUD8cAK+8mkIqTGYmG3DO6RridV6Od+INYllynTNee0SGIM1p2q75y
BCrALblIMMXgmLeYqORetc6bCvMyaWpdLo581J2l/gJQ
-----END CERTIFICATE-----