This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/mAJpb-FsFkz7dybYs4PeIWecwc4.roa
File:                     mAJpb-FsFkz7dybYs4PeIWecwc4.roa (raw, json)
Hash identifier:          wMuP/t1rmuAKd01y5S1TPonT58b58o5bTHyhjOQ7ywU=
Subject key identifier:   98:02:69:6F:E1:6C:16:4C:FB:77:26:D8:B3:83:DE:21:67:9C:C1:CE
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019AEEF33E03325D01E59B3AE4BE49AB5426
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/mAJpb-FsFkz7dybYs4PeIWecwc4.roa
Signing time:             Fri 05 Dec 2025 14:38:29 +0000
ROA not before:           Fri 05 Dec 2025 14:38:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21840
IP address blocks:        185.218.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 20:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:ee:f3:3e:03:32:5d:01:e5:9b:3a:e4:be:49:ab:54:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Dec  5 14:38:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9802696fe16c164cfb7726d8b383de21679cc1ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:34:d3:2e:66:6a:c4:1c:df:6d:1f:b7:c1:73:
                    ea:41:c1:83:d1:41:1f:14:00:2e:83:61:41:b5:74:
                    10:76:09:6d:36:b7:f3:e9:b3:d2:ff:cf:4b:3d:be:
                    31:50:c7:f9:8e:a0:a7:9e:c1:ce:16:b2:01:d9:e5:
                    39:ce:d9:0a:0c:43:3b:19:a5:6a:5e:80:f0:dc:d2:
                    d8:4b:6e:5e:34:49:d4:90:b5:cb:11:ef:e3:10:9e:
                    d7:5e:3b:19:b2:57:e5:d8:8f:83:2a:26:40:30:89:
                    13:5d:0a:e0:e9:12:e3:d4:2d:b3:21:b8:c0:9c:97:
                    01:6a:15:45:d1:26:75:75:d2:9e:e4:5d:05:f4:6b:
                    c6:63:0a:c5:d5:72:6e:7b:bd:4a:46:cb:5e:bd:a5:
                    85:79:e0:3f:84:29:1a:ed:11:47:d0:a4:10:a1:6d:
                    53:f1:30:9f:55:a3:5e:36:a8:85:1a:d1:3b:91:19:
                    a6:f4:46:fc:51:5d:77:e7:8b:f4:66:fc:2c:7e:6c:
                    bc:85:6f:0f:17:de:4f:31:b8:8e:3b:55:ac:5b:46:
                    4c:13:db:e2:1f:4b:8c:a0:8b:ab:f7:1f:3e:c7:8a:
                    6a:d5:74:f8:07:5e:48:b8:e1:f7:6b:ec:be:f0:0d:
                    0c:40:d0:65:e5:e2:25:1e:4f:8b:a9:7b:25:50:a7:
                    13:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:02:69:6F:E1:6C:16:4C:FB:77:26:D8:B3:83:DE:21:67:9C:C1:CE
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/mAJpb-FsFkz7dybYs4PeIWecwc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:5d:57:8b:1c:89:1d:c9:30:bf:36:8c:8f:12:eb:29:c2:42:
         15:f8:14:05:ae:8b:3f:2b:58:c7:10:f4:c1:56:14:93:0f:e2:
         74:ce:fe:d8:94:99:77:73:e9:07:7f:ba:d3:c3:48:38:86:f6:
         a0:51:9e:f2:b0:3d:e3:eb:53:dd:2a:2b:5a:36:12:61:c4:f1:
         89:46:ca:fa:b5:d4:e5:b9:58:a7:59:b5:6e:e9:51:58:87:b5:
         eb:c1:f2:84:04:c7:4e:00:63:fb:98:4c:c7:d0:79:8e:a6:96:
         bd:de:ce:f8:e4:96:50:27:47:4a:f3:28:d6:db:e3:91:85:a5:
         8e:68:8a:ed:46:db:3b:2c:12:ff:7d:ec:23:05:eb:73:37:45:
         4c:19:da:c7:17:c2:bd:7f:7c:38:49:b2:26:56:9b:de:00:a0:
         e8:16:05:ad:07:d9:e0:3e:4e:a6:c9:a8:0d:a9:4c:a2:0a:19:
         72:52:04:b3:e6:a4:2e:ac:02:1d:c9:f2:b5:df:0f:3f:cb:34:
         46:65:e8:dc:ba:8f:69:bf:9a:e5:80:b1:c6:52:d5:fd:b7:bf:
         c6:7d:35:dd:4c:33:f3:56:51:82:0b:c7:e1:03:0b:ce:32:a1:
         4d:d7:d7:13:3f:22:76:c4:cb:eb:81:a4:58:7e:13:bc:46:d9:
         35:08:ef:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZru8z4DMl0B5Zs65L5Jq1QmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUxMjA1MTQzODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODAyNjk2ZmUxNmMxNjRjZmI3NzI2ZDhiMzgzZGUyMTY3OWNjMWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8TTTLmZqxBzfbR+3wXPqQcGD0UEf
FAAug2FBtXQQdgltNrfz6bPS/89LPb4xUMf5jqCnnsHOFrIB2eU5ztkKDEM7GaVq
XoDw3NLYS25eNEnUkLXLEe/jEJ7XXjsZslfl2I+DKiZAMIkTXQrg6RLj1C2zIbjA
nJcBahVF0SZ1ddKe5F0F9GvGYwrF1XJue71KRstevaWFeeA/hCka7RFH0KQQoW1T
8TCfVaNeNqiFGtE7kRmm9Eb8UV1354v0Zvwsfmy8hW8PF95PMbiOO1WsW0ZME9vi
H0uMoIur9x8+x4pq1XT4B15IuOH3a+y+8A0MQNBl5eIlHk+LqXslUKcT8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJgCaW/hbBZM+3cm2LOD3iFnnMHOMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvbUFKcGItRnNGa3o3ZHliWXM0UGVJV2Vjd2M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudqOMA0G
CSqGSIb3DQEBCwUAA4IBAQAcXVeLHIkdyTC/NoyPEuspwkIV+BQFros/K1jHEPTB
VhSTD+J0zv7YlJl3c+kHf7rTw0g4hvagUZ7ysD3j61PdKitaNhJhxPGJRsr6tdTl
uVinWbVu6VFYh7XrwfKEBMdOAGP7mEzH0HmOppa93s745JZQJ0dK8yjW2+ORhaWO
aIrtRts7LBL/fewjBetzN0VMGdrHF8K9f3w4SbImVpveAKDoFgWtB9ngPk6myagN
qUyiChlyUgSz5qQurAIdyfK13w8/yzRGZejcuo9pv5rlgLHGUtX9t7/GfTXdTDPz
VlGCC8fhAwvOMqFN19cTPyJ2xMvrgaRYfhO8Rtk1CO80
-----END CERTIFICATE-----