This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/DPKgxLI0NEim812ACHhTJpP9arE.roa
File:                     DPKgxLI0NEim812ACHhTJpP9arE.roa (raw, json)
Hash identifier:          PSa9pgoUBB8TCFtmpKwHW+chE82d3McdwFaf9W9wDTg=
Subject key identifier:   0C:F2:A0:C4:B2:34:34:48:A6:F3:5D:80:08:78:53:26:93:FD:6A:B1
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       019B7F83A790CC4648F1036C9F2A7D6CCFC0
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/DPKgxLI0NEim812ACHhTJpP9arE.roa
Signing time:             Fri 02 Jan 2026 16:21:33 +0000
ROA not before:           Fri 02 Jan 2026 16:21:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61326
IP address blocks:        178.170.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:a7:90:cc:46:48:f1:03:6c:9f:2a:7d:6c:cf:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  2 16:21:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0cf2a0c4b2343448a6f35d800878532693fd6ab1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:41:88:0c:f4:bc:6b:22:05:67:eb:90:77:72:
                    3e:e7:2d:7a:2a:85:85:5c:35:e0:6b:97:65:54:6e:
                    71:2b:ce:b7:13:79:08:ce:04:af:f4:ac:1f:89:94:
                    e5:65:e9:bb:ea:ce:01:e7:cd:b5:9a:b9:3d:0d:23:
                    4b:e2:5a:e0:d4:11:42:5f:62:d7:03:93:d7:75:90:
                    73:40:73:ae:0d:a3:b5:71:17:b7:ae:b5:1d:e3:30:
                    62:e9:aa:ba:f7:98:05:b9:ce:89:d1:d4:14:99:13:
                    86:25:16:66:a3:99:54:40:b7:32:1c:5d:82:33:f5:
                    1b:f3:24:35:17:0c:94:87:c7:54:ab:af:54:fd:23:
                    ab:5e:fa:70:30:b0:c3:3f:dc:f0:03:67:ec:15:64:
                    10:68:9a:15:3c:d7:e6:b5:5e:fc:c3:3e:68:7e:55:
                    5d:3b:81:b3:e0:8a:02:e8:de:4a:4f:f4:cd:c8:a1:
                    77:9c:2e:ea:c0:31:25:ce:52:38:9c:a8:87:9b:fc:
                    c7:d5:8c:db:ea:54:62:1d:33:5c:0e:de:12:67:d3:
                    cc:d5:6c:67:61:5c:97:b5:cb:79:c0:fb:c6:67:08:
                    26:68:36:19:45:41:82:e2:a2:4b:d0:30:69:c1:9f:
                    22:5e:74:56:89:bf:8c:90:02:31:95:c6:05:91:8b:
                    1e:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:F2:A0:C4:B2:34:34:48:A6:F3:5D:80:08:78:53:26:93:FD:6A:B1
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/DPKgxLI0NEim812ACHhTJpP9arE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.170.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:e1:62:3b:ad:88:ad:8b:ba:d6:c8:4f:56:b6:ee:60:cc:87:
         59:8d:b1:97:c1:a7:7f:45:f2:1c:16:2c:37:e7:fb:8f:ab:d2:
         bc:0a:23:2f:1d:4a:d8:58:ca:68:d5:07:91:ff:66:32:1a:bb:
         3f:60:5e:28:f8:84:69:55:82:dc:30:db:7b:84:37:6a:0a:28:
         4c:4d:55:c9:d9:cc:58:03:1c:ab:51:75:7e:0a:70:ba:12:e9:
         97:ef:75:6e:90:f4:83:8f:e9:c6:e3:ea:87:7b:68:3f:5f:67:
         90:aa:6f:35:d7:c8:f4:b1:d0:3b:2f:d2:44:b6:19:e3:b8:82:
         6e:41:be:8a:0b:2e:26:78:ee:13:17:71:25:fd:94:15:a2:37:
         79:88:58:a1:5e:c0:70:fd:39:71:69:f9:d8:4b:0c:7f:5b:73:
         99:9e:12:c6:0e:84:c3:be:5a:7f:59:61:62:6e:89:2e:79:c8:
         95:d6:e9:d1:01:89:63:61:e2:cf:cb:0e:9a:84:16:ca:dd:90:
         a0:b6:64:d0:07:68:0e:27:49:3b:0b:82:a9:84:b2:dd:05:94:
         76:7b:80:6c:ee:a8:8b:72:46:45:d0:cd:c7:45:7e:74:2f:1e:
         33:86:0d:60:e9:b1:6e:0a:21:d2:03:f8:99:bd:8d:e0:b2:d8:
         4d:31:09:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g6eQzEZI8QNsnyp9bM/AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjYwMTAyMTYyMTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2YyYTBjNGIyMzQzNDQ4YTZmMzVkODAwODc4NTMyNjkzZmQ2YWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4EGIDPS8ayIFZ+uQd3I+5y16KoWF
XDXga5dlVG5xK863E3kIzgSv9KwfiZTlZem76s4B5821mrk9DSNL4lrg1BFCX2LX
A5PXdZBzQHOuDaO1cRe3rrUd4zBi6aq695gFuc6J0dQUmROGJRZmo5lUQLcyHF2C
M/Ub8yQ1FwyUh8dUq69U/SOrXvpwMLDDP9zwA2fsFWQQaJoVPNfmtV78wz5oflVd
O4Gz4IoC6N5KT/TNyKF3nC7qwDElzlI4nKiHm/zH1Yzb6lRiHTNcDt4SZ9PM1Wxn
YVyXtct5wPvGZwgmaDYZRUGC4qJL0DBpwZ8iXnRWib+MkAIxlcYFkYseSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzyoMSyNDRIpvNdgAh4UyaT/WqxMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvRFBLZ3hMSTBORWltODEyQUNIaFRKcFA5YXJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsqq6MA0G
CSqGSIb3DQEBCwUAA4IBAQCy4WI7rYiti7rWyE9Wtu5gzIdZjbGXwad/RfIcFiw3
5/uPq9K8CiMvHUrYWMpo1QeR/2YyGrs/YF4o+IRpVYLcMNt7hDdqCihMTVXJ2cxY
AxyrUXV+CnC6EumX73VukPSDj+nG4+qHe2g/X2eQqm8118j0sdA7L9JEthnjuIJu
Qb6KCy4meO4TF3El/ZQVojd5iFihXsBw/TlxafnYSwx/W3OZnhLGDoTDvlp/WWFi
bokueciV1unRAYljYeLPyw6ahBbK3ZCgtmTQB2gOJ0k7C4KphLLdBZR2e4Bs7qiL
ckZF0M3HRX50Lx4zhg1g6bFuCiHSA/iZvY3gsthNMQmD
-----END CERTIFICATE-----