This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/a_MXwN7MuegnVCIAkZ6clu1iX4o.roa
File:                     a_MXwN7MuegnVCIAkZ6clu1iX4o.roa (raw, json)
Hash identifier:          8VPNVVCKyMOejDUVqp4xHvLzU1vxgcPn/f9Z8nB1/Bk=
Subject key identifier:   6B:F3:17:C0:DE:CC:B9:E8:27:54:22:00:91:9E:9C:96:ED:62:5F:8A
Certificate issuer:       /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial:       019B7A5B2FD89DD3035991881D2D19FC0632
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/a_MXwN7MuegnVCIAkZ6clu1iX4o.roa
Signing time:             Thu 01 Jan 2026 16:19:14 +0000
ROA not before:           Thu 01 Jan 2026 16:19:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7545
IP address blocks:        185.27.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:2f:d8:9d:d3:03:59:91:88:1d:2d:19:fc:06:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
        Validity
            Not Before: Jan  1 16:19:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6bf317c0deccb9e827542200919e9c96ed625f8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:bb:56:57:d3:bd:33:ae:e8:d7:6e:51:7f:71:
                    ac:cf:23:ed:fe:38:f2:c2:89:ff:27:2c:d0:af:bc:
                    28:37:9a:f5:0c:13:10:47:bc:42:23:43:5c:69:89:
                    61:82:d2:2d:ab:54:74:34:fa:9a:8c:a3:c8:51:7f:
                    21:6d:fd:32:ac:eb:c1:e5:d0:b5:12:2b:81:3c:31:
                    d4:8b:4f:6e:f4:21:bf:01:cb:68:44:a6:d8:6a:48:
                    e2:3c:c0:84:7a:ec:8a:c4:42:4f:3c:08:e5:cc:e8:
                    00:84:ec:ec:86:c5:e3:19:c0:c6:a4:2d:1d:c6:bf:
                    67:19:d3:90:72:3b:f8:93:0f:5b:62:3c:c3:51:ee:
                    48:02:ff:41:1b:7e:1c:a2:f9:1d:bb:dd:7e:26:5a:
                    42:a2:97:e0:61:02:5e:2e:1c:37:ed:1e:cc:65:f0:
                    29:66:01:37:f7:ac:2c:18:b8:6b:56:72:03:5a:fb:
                    ab:5f:79:4d:79:a6:e2:45:bd:18:8c:38:87:a4:bc:
                    7f:92:45:db:b9:a4:93:d2:79:1e:97:bb:0f:43:ee:
                    f4:dc:20:03:d1:22:48:b4:18:37:82:dd:bf:aa:b8:
                    e6:f1:6a:7c:04:b1:fd:84:2f:20:78:f2:7e:b8:4a:
                    44:67:a8:31:35:60:3b:77:49:35:63:e6:be:91:40:
                    df:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:F3:17:C0:DE:CC:B9:E8:27:54:22:00:91:9E:9C:96:ED:62:5F:8A
            X509v3 Authority Key Identifier:
                keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/a_MXwN7MuegnVCIAkZ6clu1iX4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:20:0d:cc:37:64:3a:66:83:a5:9e:db:97:00:66:7e:e4:87:
         cb:4b:ef:43:6b:ec:59:8c:66:f7:c9:52:be:af:07:b1:5a:91:
         9c:b7:90:84:68:61:1b:a5:7f:d3:54:17:b3:f2:5a:85:54:e6:
         df:ae:2c:7a:4f:31:c3:aa:43:95:24:52:6c:be:96:17:9e:6f:
         56:81:06:9e:62:38:4d:c3:d4:97:ad:46:dc:8d:d5:e5:85:ce:
         08:9e:96:af:2c:1a:41:5b:78:51:a3:2e:60:81:28:6f:34:7c:
         4d:ed:39:a5:e5:91:fa:c6:a8:96:d0:c0:68:38:7b:0c:12:9e:
         38:9f:8e:00:bb:d8:ff:b3:58:87:4f:67:7e:fa:50:e0:5a:31:
         f7:6b:e9:9a:ff:6e:56:51:76:6e:5c:f4:d0:25:b5:ef:84:ca:
         84:b9:c0:f5:50:9d:62:47:b8:88:56:c6:3d:e1:80:f2:a2:03:
         10:cb:68:8f:a7:2c:6f:c8:24:18:7f:05:84:81:b0:33:56:b9:
         6a:4f:ab:fd:e0:ed:c4:5b:7e:b1:34:9f:b9:49:29:30:a2:d0:
         5a:c1:bc:d9:05:ad:cf:ed:8b:f5:7d:40:d2:97:c0:98:45:68:
         21:84:28:30:02:c9:4f:a6:21:97:88:e7:92:31:9b:85:24:1d:
         77:91:53:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Wy/YndMDWZGIHS0Z/AYyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjYwMTAxMTYxOTE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmYzMTdjMGRlY2NiOWU4Mjc1NDIyMDA5MTllOWM5NmVkNjI1ZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrtWV9O9M67o125Rf3GszyPt/jjy
won/JyzQr7woN5r1DBMQR7xCI0NcaYlhgtItq1R0NPqajKPIUX8hbf0yrOvB5dC1
EiuBPDHUi09u9CG/ActoRKbYakjiPMCEeuyKxEJPPAjlzOgAhOzshsXjGcDGpC0d
xr9nGdOQcjv4kw9bYjzDUe5IAv9BG34covkdu91+JlpCopfgYQJeLhw37R7MZfAp
ZgE396wsGLhrVnIDWvurX3lNeabiRb0YjDiHpLx/kkXbuaST0nkel7sPQ+703CAD
0SJItBg3gt2/qrjm8Wp8BLH9hC8gePJ+uEpEZ6gxNWA7d0k1Y+a+kUDfWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGvzF8DezLnoJ1QiAJGenJbtYl+KMB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvYV9NWHdON011ZWduVkNJQWtaNmNsdTFpWDRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRvkMA0G
CSqGSIb3DQEBCwUAA4IBAQC/IA3MN2Q6ZoOlntuXAGZ+5IfLS+9Da+xZjGb3yVK+
rwexWpGct5CEaGEbpX/TVBez8lqFVObfrix6TzHDqkOVJFJsvpYXnm9WgQaeYjhN
w9SXrUbcjdXlhc4InpavLBpBW3hRoy5ggShvNHxN7Tml5ZH6xqiW0MBoOHsMEp44
n44Au9j/s1iHT2d++lDgWjH3a+ma/25WUXZuXPTQJbXvhMqEucD1UJ1iR7iIVsY9
4YDyogMQy2iPpyxvyCQYfwWEgbAzVrlqT6v94O3EW36xNJ+5SSkwotBawbzZBa3P
7Yv1fUDSl8CYRWghhCgwAslPpiGXiOeSMZuFJB13kVMN
-----END CERTIFICATE-----