This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/aMUM82zpD72PsTtPXeMoMh79hv4.roa
File:                     aMUM82zpD72PsTtPXeMoMh79hv4.roa (raw, json)
Hash identifier:          H8WMnSCDbFYVDWSdtnYWXZ6sdYW8tWytjzxH1fpLKPM=
Subject key identifier:   68:C5:0C:F3:6C:E9:0F:BD:8F:B1:3B:4F:5D:E3:28:32:1E:FD:86:FE
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       019B7758B8BEDE98B419F275EF8F6680F8B3
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/aMUM82zpD72PsTtPXeMoMh79hv4.roa
Signing time:             Thu 01 Jan 2026 02:17:41 +0000
ROA not before:           Thu 01 Jan 2026 02:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210599
IP address blocks:        185.88.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:b8:be:de:98:b4:19:f2:75:ef:8f:66:80:f8:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 02:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=68c50cf36ce90fbd8fb13b4f5de328321efd86fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:df:b6:21:a7:75:d6:90:da:ae:21:2d:cf:b7:
                    ee:6a:80:05:f8:e0:4b:b7:04:39:76:81:38:f6:82:
                    7d:9d:c0:d0:b2:1e:d7:ca:71:be:b6:86:ac:f3:6a:
                    19:50:f7:c8:e7:cc:ec:a7:f7:45:bb:0e:6d:cb:9b:
                    87:37:4d:76:de:1e:b5:5b:3b:5f:41:98:5a:d2:67:
                    07:4b:56:63:0d:92:b9:de:22:49:8f:50:31:a1:2d:
                    5d:5b:19:2e:c7:79:33:32:66:c5:70:eb:77:a7:fa:
                    23:7c:54:67:bd:f8:f4:8f:ea:96:49:1f:59:4a:61:
                    c7:40:37:ec:e7:96:52:3d:1e:86:4c:ba:e8:7a:f5:
                    44:12:5a:7b:d6:de:a5:8c:08:09:9e:a0:21:85:21:
                    5b:91:92:7a:27:3f:7f:d2:28:b3:3a:3b:06:fd:17:
                    7c:c0:b2:9d:c1:b2:e1:bc:73:a9:28:8c:24:12:6a:
                    db:fb:ae:bd:d3:fa:a0:5e:12:7f:f4:1c:99:ee:82:
                    54:3c:24:88:0c:49:19:92:dd:a0:e4:50:fc:02:9a:
                    ca:63:c6:86:f5:5c:c1:7e:66:dd:d5:ec:f5:8c:f7:
                    64:39:4c:96:d3:d7:8a:2a:26:68:e5:4c:21:3a:5c:
                    95:0c:9e:f3:14:2d:08:be:e7:3e:2a:5c:b8:47:af:
                    fb:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:C5:0C:F3:6C:E9:0F:BD:8F:B1:3B:4F:5D:E3:28:32:1E:FD:86:FE
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/aMUM82zpD72PsTtPXeMoMh79hv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:0e:ec:65:7e:3b:f1:af:56:98:a5:cf:a1:1b:13:24:94:3b:
         b6:dc:b1:7b:32:a6:8d:2e:aa:c2:17:fe:e6:1b:ce:36:21:70:
         13:0a:de:74:fd:48:ea:58:66:b8:e2:7c:79:f0:92:32:e7:16:
         8d:3d:ff:54:d9:da:58:92:25:e4:04:66:05:8a:9c:dd:87:93:
         3b:43:7e:da:48:83:ce:08:bc:b2:3f:1e:4f:5f:29:11:a0:bc:
         84:64:95:0b:10:b1:c4:2b:c6:df:89:1c:83:87:21:ae:8f:d9:
         5f:18:32:ca:3a:4f:38:9e:f5:cc:91:0b:2a:23:97:50:8d:42:
         41:17:22:1b:71:d7:9d:ec:43:5e:85:77:28:1b:a0:33:7e:44:
         5d:cb:b6:21:c9:cb:4e:0f:1a:cf:be:5d:1c:15:d6:c9:f0:64:
         76:98:30:2c:6d:d2:90:72:b2:af:0a:0f:15:cd:ff:f6:d0:b2:
         93:b0:a4:73:1b:43:89:69:b9:10:79:5b:16:ab:24:d6:87:bc:
         d4:65:c4:81:70:b8:0c:4f:be:0d:49:e9:c4:da:6f:71:47:a6:
         af:dd:84:6f:d6:e7:81:f3:cd:62:6d:d9:d1:dd:f1:a0:85:29:
         1d:0b:f1:33:6c:80:a2:b5:65:66:b1:4d:83:51:c6:a7:27:d0:
         b5:d2:39:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WLi+3pi0GfJ1749mgPizMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjYwMTAxMDIxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGM1MGNmMzZjZTkwZmJkOGZiMTNiNGY1ZGUzMjgzMjFlZmQ4NmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9+2Iad11pDariEtz7fuaoAF+OBL
twQ5doE49oJ9ncDQsh7XynG+toas82oZUPfI58zsp/dFuw5ty5uHN0123h61Wztf
QZha0mcHS1ZjDZK53iJJj1AxoS1dWxkux3kzMmbFcOt3p/ojfFRnvfj0j+qWSR9Z
SmHHQDfs55ZSPR6GTLroevVEElp71t6ljAgJnqAhhSFbkZJ6Jz9/0iizOjsG/Rd8
wLKdwbLhvHOpKIwkEmrb+6690/qgXhJ/9ByZ7oJUPCSIDEkZkt2g5FD8AprKY8aG
9VzBfmbd1ez1jPdkOUyW09eKKiZo5UwhOlyVDJ7zFC0Ivuc+Kly4R6/72QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjFDPNs6Q+9j7E7T13jKDIe/Yb+MB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvYU1VTTgyenBENzJQc1R0UFhlTW9NaDc5aHY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVisMA0G
CSqGSIb3DQEBCwUAA4IBAQBXDuxlfjvxr1aYpc+hGxMklDu23LF7MqaNLqrCF/7m
G842IXATCt50/UjqWGa44nx58JIy5xaNPf9U2dpYkiXkBGYFipzdh5M7Q37aSIPO
CLyyPx5PXykRoLyEZJULELHEK8bfiRyDhyGuj9lfGDLKOk84nvXMkQsqI5dQjUJB
FyIbcded7ENehXcoG6AzfkRdy7YhyctODxrPvl0cFdbJ8GR2mDAsbdKQcrKvCg8V
zf/20LKTsKRzG0OJabkQeVsWqyTWh7zUZcSBcLgMT74NSenE2m9xR6av3YRv1ueB
881ibdnR3fGghSkdC/EzbICitWVmsU2DUcanJ9C10jlN
-----END CERTIFICATE-----