This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/mJmloBqH1ccv7pf7_dE3WxThQ58.roa
File:                     mJmloBqH1ccv7pf7_dE3WxThQ58.roa (raw, json)
Hash identifier:          L0vhterDlOQyvmoADd6+0joQnbdSLqt2I9Yyqwk+Dl8=
Subject key identifier:   98:99:A5:A0:1A:87:D5:C7:2F:EE:97:FB:FD:D1:37:5B:14:E1:43:9F
Certificate issuer:       /CN=0ce1308ead6adb1d085e7e5910a0cb2de56aa32e
Certificate serial:       019B7FF1B1FD6AF075A9280CEAC76EADE538
Authority key identifier: 0C:E1:30:8E:AD:6A:DB:1D:08:5E:7E:59:10:A0:CB:2D:E5:6A:A3:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/mJmloBqH1ccv7pf7_dE3WxThQ58.roa
Signing time:             Fri 02 Jan 2026 18:21:44 +0000
ROA not before:           Fri 02 Jan 2026 18:21:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34965
IP address blocks:        85.235.0.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 03:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:b1:fd:6a:f0:75:a9:28:0c:ea:c7:6e:ad:e5:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce1308ead6adb1d085e7e5910a0cb2de56aa32e
        Validity
            Not Before: Jan  2 18:21:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9899a5a01a87d5c72fee97fbfdd1375b14e1439f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a0:fe:04:52:2f:d7:34:d5:8a:f9:bb:bf:51:
                    13:36:48:25:c0:20:ee:57:ac:01:84:5e:c0:de:4b:
                    40:ae:01:33:b6:d0:81:ac:0d:0f:c6:a8:0d:24:c6:
                    a0:95:20:48:2c:0e:ed:f1:00:52:5e:d1:2d:2e:d0:
                    6a:84:2d:f4:c0:b8:7a:b7:e6:7e:25:91:ba:e1:59:
                    a5:89:d9:44:93:84:51:2c:12:27:76:4e:69:88:89:
                    8c:5b:2b:7b:1c:7e:0f:41:8e:e2:9a:f5:15:e0:75:
                    30:60:58:5d:8a:50:46:d3:23:0c:f0:c7:9c:b1:42:
                    25:79:d0:98:a9:f5:f9:e8:62:3b:17:05:7e:87:1d:
                    40:36:af:82:6c:6f:05:13:c9:a5:f6:7c:e0:72:62:
                    ce:98:bd:a4:99:95:e2:5b:21:34:42:71:cd:06:92:
                    28:d4:aa:f1:1e:0b:1f:d3:c8:b8:a7:21:34:d6:ab:
                    a0:13:11:c5:2b:f3:13:0d:75:5e:51:e8:e0:cb:fa:
                    58:f5:b0:07:0a:4a:ab:51:7c:d7:33:b2:47:7e:87:
                    d9:2a:23:c9:2f:26:e8:fc:fc:3a:bf:e2:1b:fe:37:
                    6d:a6:df:ae:60:a8:62:a9:d6:b3:e1:da:4b:fc:e2:
                    5b:60:51:96:d7:bd:68:44:bd:fc:36:01:e2:a0:8d:
                    06:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:99:A5:A0:1A:87:D5:C7:2F:EE:97:FB:FD:D1:37:5B:14:E1:43:9F
            X509v3 Authority Key Identifier:
                keyid:0C:E1:30:8E:AD:6A:DB:1D:08:5E:7E:59:10:A0:CB:2D:E5:6A:A3:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/mJmloBqH1ccv7pf7_dE3WxThQ58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.235.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         43:c7:4f:96:69:4c:2d:29:4f:45:60:cb:ee:c5:9a:d3:4d:ad:
         19:4f:22:d9:7e:f6:82:3a:6e:1c:be:82:1c:c8:ae:af:56:c1:
         93:4a:69:47:72:a7:0a:53:f4:2c:d8:89:b2:ec:b4:c7:a6:71:
         11:cd:47:f7:d0:ab:3f:40:d1:26:94:ef:f0:42:d6:68:8c:9b:
         6f:03:57:2d:11:d8:ea:76:cd:dc:53:21:46:65:d1:cb:e9:cd:
         fe:c9:c8:18:2e:71:1f:25:36:d2:d7:13:da:7f:6a:ec:50:e4:
         07:8a:c5:58:c7:13:50:d7:e6:9e:ea:b7:49:8d:80:50:44:ac:
         b4:51:2b:db:91:9d:ae:6a:40:8a:96:5d:75:9f:1e:24:78:9e:
         58:f8:d5:e1:89:59:17:31:2e:9a:1d:49:bf:0a:16:13:f6:eb:
         a6:65:f6:a1:f5:f2:30:07:8c:ba:40:f2:67:91:b2:1f:54:a7:
         47:63:d1:bf:62:0a:0f:aa:bd:0d:74:d9:9b:5a:04:c5:eb:7e:
         db:df:71:9c:77:bf:0d:de:51:f4:d0:ff:3e:ce:bc:ff:6e:80:
         53:4d:c7:02:3a:4c:b7:97:2a:d2:e4:c8:3e:86:1c:14:c5:42:
         97:f2:b7:de:3f:43:b2:fc:54:0e:03:33:07:20:ba:71:42:a5:
         01:d9:11:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8bH9avB1qSgM6sdureU4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTEzMDhlYWQ2YWRiMWQwODVlN2U1OTEwYTBjYjJkZTU2
YWEzMmUwHhcNMjYwMTAyMTgyMTQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODk5YTVhMDFhODdkNWM3MmZlZTk3ZmJmZGQxMzc1YjE0ZTE0MzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqD+BFIv1zTVivm7v1ETNkglwCDu
V6wBhF7A3ktArgEzttCBrA0PxqgNJMaglSBILA7t8QBSXtEtLtBqhC30wLh6t+Z+
JZG64VmlidlEk4RRLBIndk5piImMWyt7HH4PQY7imvUV4HUwYFhdilBG0yMM8Mec
sUIledCYqfX56GI7FwV+hx1ANq+CbG8FE8ml9nzgcmLOmL2kmZXiWyE0QnHNBpIo
1KrxHgsf08i4pyE01qugExHFK/MTDXVeUejgy/pY9bAHCkqrUXzXM7JHfofZKiPJ
Lybo/Pw6v+Ib/jdtpt+uYKhiqdaz4dpL/OJbYFGW171oRL38NgHioI0G5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJiZpaAah9XHL+6X+/3RN1sU4UOfMB8GA1UdIwQY
MBaAFAzhMI6tatsdCF5+WRCgyy3laqMuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9Fd2pxMXEyeDBJWG41WkVLRExMZVZxb3k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS84OTkzODAtYWQyNy00NGViLThjMmUt
YjBiYWQxOGYwMmQwLzEvbUptbG9CcUgxY2N2N3BmN19kRTNXeFRoUTU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS84OTkzODAtYWQyNy00NGViLThjMmUtYjBiYWQxOGYwMmQw
LzEvRE9Fd2pxMXEyeDBJWG41WkVLRExMZVZxb3k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEVesAMA0G
CSqGSIb3DQEBCwUAA4IBAQBDx0+WaUwtKU9FYMvuxZrTTa0ZTyLZfvaCOm4cvoIc
yK6vVsGTSmlHcqcKU/Qs2Imy7LTHpnERzUf30Ks/QNEmlO/wQtZojJtvA1ctEdjq
ds3cUyFGZdHL6c3+ycgYLnEfJTbS1xPaf2rsUOQHisVYxxNQ1+ae6rdJjYBQRKy0
USvbkZ2uakCKll11nx4keJ5Y+NXhiVkXMS6aHUm/ChYT9uumZfah9fIwB4y6QPJn
kbIfVKdHY9G/YgoPqr0NdNmbWgTF637b33Gcd78N3lH00P8+zrz/boBTTccCOky3
lyrS5Mg+hhwUxUKX8rfeP0Oy/FQOAzMHILpxQqUB2RHT
-----END CERTIFICATE-----