This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/589db9-e22b-4d64-94b4-8ecf751057ac/1/WkpO27Y8ZxNKd7U3qDzWmgFGPCo.roa
File:                     WkpO27Y8ZxNKd7U3qDzWmgFGPCo.roa (raw, json)
Hash identifier:          8pKYcInVWQ20ee2YIPC0/BRFBVDzYLbWsfYCougTXnw=
Subject key identifier:   5A:4A:4E:DB:B6:3C:67:13:4A:77:B5:37:A8:3C:D6:9A:01:46:3C:2A
Certificate issuer:       /CN=6d146056f0fbbde618bff011c0f22ba74a5832b7
Certificate serial:       019B7E382C63A3A0CA05452324173916177B
Authority key identifier: 6D:14:60:56:F0:FB:BD:E6:18:BF:F0:11:C0:F2:2B:A7:4A:58:32:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bRRgVvD7veYYv_ARwPIrp0pYMrc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/589db9-e22b-4d64-94b4-8ecf751057ac/1/WkpO27Y8ZxNKd7U3qDzWmgFGPCo.roa
Signing time:             Fri 02 Jan 2026 10:19:29 +0000
ROA not before:           Fri 02 Jan 2026 10:19:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48362
IP address blocks:        185.101.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/589db9-e22b-4d64-94b4-8ecf751057ac/1/bRRgVvD7veYYv_ARwPIrp0pYMrc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/589db9-e22b-4d64-94b4-8ecf751057ac/1/bRRgVvD7veYYv_ARwPIrp0pYMrc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bRRgVvD7veYYv_ARwPIrp0pYMrc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:2c:63:a3:a0:ca:05:45:23:24:17:39:16:17:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d146056f0fbbde618bff011c0f22ba74a5832b7
        Validity
            Not Before: Jan  2 10:19:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5a4a4edbb63c67134a77b537a83cd69a01463c2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:b1:3e:41:6b:a3:61:2e:2a:07:17:6f:9f:b2:
                    06:c0:2b:54:f4:5c:22:bb:fd:25:7b:7f:c0:52:d1:
                    10:08:ea:8c:a6:11:72:c9:02:c8:3a:c5:ab:73:0d:
                    f2:eb:15:a1:dd:fd:0d:0b:be:0d:b9:5b:4b:30:13:
                    7b:fa:4f:25:a9:b8:8b:f1:22:96:05:bb:25:86:1f:
                    9b:d1:97:f7:d0:5b:4b:d0:02:ff:de:3b:3c:fe:5d:
                    54:5e:78:02:9e:0a:1f:60:65:1c:1d:9a:b2:a9:b3:
                    55:0c:ef:3e:7c:0c:8a:ab:d3:c1:9e:1f:cb:52:23:
                    93:58:69:5c:f2:d3:fa:10:a2:fc:6d:42:61:57:a3:
                    2a:09:76:ab:ba:fd:2e:a3:a8:a4:0f:c9:5c:be:f8:
                    7b:95:0a:d0:10:7b:f2:0c:96:5f:43:ac:ef:cf:08:
                    ae:e0:3c:1e:c3:a2:be:2e:28:be:cd:f8:f2:ad:5f:
                    6c:cf:1d:52:c8:04:29:bb:99:95:8a:54:47:c7:8d:
                    20:16:b8:d9:16:fb:e2:e3:a4:8f:a0:5f:5f:c8:ce:
                    03:1e:a7:f5:5c:f2:82:04:d4:e6:06:8f:df:a5:22:
                    86:89:49:dd:c7:67:ef:9d:7e:b2:8b:43:a4:13:67:
                    38:d2:c3:30:d3:f2:6c:48:88:d4:6f:a9:e9:75:53:
                    9e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:4A:4E:DB:B6:3C:67:13:4A:77:B5:37:A8:3C:D6:9A:01:46:3C:2A
            X509v3 Authority Key Identifier:
                keyid:6D:14:60:56:F0:FB:BD:E6:18:BF:F0:11:C0:F2:2B:A7:4A:58:32:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bRRgVvD7veYYv_ARwPIrp0pYMrc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/589db9-e22b-4d64-94b4-8ecf751057ac/1/WkpO27Y8ZxNKd7U3qDzWmgFGPCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/589db9-e22b-4d64-94b4-8ecf751057ac/1/bRRgVvD7veYYv_ARwPIrp0pYMrc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:37:61:de:b1:95:0a:b9:90:ab:e9:1e:17:94:ea:22:6d:9d:
         12:23:7a:8e:e4:f0:08:11:4b:15:d3:36:7b:ea:15:a3:40:cd:
         4d:ec:6a:2b:5f:2a:1a:0e:32:9f:bb:e6:5f:9a:23:7e:81:e3:
         47:3f:3e:cd:43:27:9b:62:6e:59:18:47:d2:15:2d:f5:c3:0f:
         b4:e0:bd:9b:f1:02:4b:a8:31:d8:33:a6:8e:fa:10:a4:2c:71:
         b6:96:69:94:c5:21:7a:16:e2:73:c1:14:e3:25:21:37:43:7e:
         c8:20:33:69:ce:04:9e:c2:bd:19:36:d5:fc:92:47:c7:10:3f:
         f7:b1:46:97:a7:fe:c6:39:a1:46:fa:fa:7a:c2:f6:0f:60:22:
         cf:df:85:ed:0d:70:c8:39:e9:ca:4d:53:e1:0d:3c:40:3c:87:
         ff:08:a9:6f:22:fd:9b:35:2c:c2:4c:b4:02:06:ec:74:d9:64:
         a4:78:b3:49:46:2a:af:b1:bd:31:a0:fd:62:81:42:72:de:46:
         a7:12:ec:67:41:2b:59:10:1d:94:89:c2:49:36:58:de:d6:e2:
         3a:94:f5:4a:cc:40:da:15:cd:a0:ba:8d:3e:a2:b2:18:1c:72:
         3a:c3:ab:54:e4:95:05:09:83:38:88:8b:95:ac:7c:f1:53:7c:
         ff:bd:62:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OCxjo6DKBUUjJBc5Fhd7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMTQ2MDU2ZjBmYmJkZTYxOGJmZjAxMWMwZjIyYmE3NGE1
ODMyYjcwHhcNMjYwMTAyMTAxOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTRhNGVkYmI2M2M2NzEzNGE3N2I1MzdhODNjZDY5YTAxNDYzYzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrE+QWujYS4qBxdvn7IGwCtU9Fwi
u/0le3/AUtEQCOqMphFyyQLIOsWrcw3y6xWh3f0NC74NuVtLMBN7+k8lqbiL8SKW
Bbslhh+b0Zf30FtL0AL/3js8/l1UXngCngofYGUcHZqyqbNVDO8+fAyKq9PBnh/L
UiOTWGlc8tP6EKL8bUJhV6MqCXaruv0uo6ikD8lcvvh7lQrQEHvyDJZfQ6zvzwiu
4Dwew6K+Lii+zfjyrV9szx1SyAQpu5mVilRHx40gFrjZFvvi46SPoF9fyM4DHqf1
XPKCBNTmBo/fpSKGiUndx2fvnX6yi0OkE2c40sMw0/JsSIjUb6npdVOe3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFpKTtu2PGcTSne1N6g81poBRjwqMB8GA1UdIwQY
MBaAFG0UYFbw+73mGL/wEcDyK6dKWDK3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlJSZ1Z2RDd2ZVlZdl9BUndQSXJwMHBZTXJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS81ODlkYjktZTIyYi00ZDY0LTk0YjQt
OGVjZjc1MTA1N2FjLzEvV2twTzI3WThaeE5LZDdVM3FEeldtZ0ZHUENvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS81ODlkYjktZTIyYi00ZDY0LTk0YjQtOGVjZjc1MTA1N2Fj
LzEvYlJSZ1Z2RDd2ZVlZdl9BUndQSXJwMHBZTXJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWUIMA0G
CSqGSIb3DQEBCwUAA4IBAQCnN2HesZUKuZCr6R4XlOoibZ0SI3qO5PAIEUsV0zZ7
6hWjQM1N7GorXyoaDjKfu+ZfmiN+geNHPz7NQyebYm5ZGEfSFS31ww+04L2b8QJL
qDHYM6aO+hCkLHG2lmmUxSF6FuJzwRTjJSE3Q37IIDNpzgSewr0ZNtX8kkfHED/3
sUaXp/7GOaFG+vp6wvYPYCLP34XtDXDIOenKTVPhDTxAPIf/CKlvIv2bNSzCTLQC
Bux02WSkeLNJRiqvsb0xoP1igUJy3kanEuxnQStZEB2UicJJNlje1uI6lPVKzEDa
Fc2guo0+orIYHHI6w6tU5JUFCYM4iIuVrHzxU3z/vWJd
-----END CERTIFICATE-----