This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/k8M8IaPwR8StW_Oc9rtVSEjHoOI.roa
File:                     k8M8IaPwR8StW_Oc9rtVSEjHoOI.roa (raw, json)
Hash identifier:          Ng//L02q2Ww5WOV/c4kDhbYviK5AZ1QqyK1RJXQXNcY=
Subject key identifier:   93:C3:3C:21:A3:F0:47:C4:AD:5B:F3:9C:F6:BB:55:48:48:C7:A0:E2
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       019B7F83B9F8525213773F33317F957C57AD
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/k8M8IaPwR8StW_Oc9rtVSEjHoOI.roa
Signing time:             Fri 02 Jan 2026 16:21:37 +0000
ROA not before:           Fri 02 Jan 2026 16:21:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208503
IP address blocks:        178.170.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:b9:f8:52:52:13:77:3f:33:31:7f:95:7c:57:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  2 16:21:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=93c33c21a3f047c4ad5bf39cf6bb554848c7a0e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:1f:a3:05:6a:ef:f2:a7:18:df:84:83:d7:f1:
                    d5:45:90:16:0b:82:c1:bd:c9:08:9a:be:79:49:06:
                    18:a1:99:85:53:e9:6a:70:9e:98:45:2a:7d:fe:0e:
                    a9:66:30:d1:c0:ca:99:73:86:bb:8e:4d:ac:98:10:
                    bf:0d:af:47:e1:46:56:1f:7e:40:2f:14:2b:7a:bc:
                    f5:41:26:26:59:53:de:6e:62:b1:0a:e7:b6:17:eb:
                    e4:59:b6:1e:cb:db:b1:50:71:a3:f6:1e:49:20:b4:
                    19:a9:c3:e5:f7:11:72:7b:01:11:10:3a:e9:b6:2d:
                    1f:f3:58:35:d8:92:d4:91:ff:b4:ea:89:9d:b7:73:
                    ba:53:86:4b:de:cc:f0:66:0a:e7:56:33:7d:01:60:
                    5b:a6:c3:ad:6f:d7:53:b3:b6:36:61:8f:ba:30:da:
                    66:31:ed:27:77:26:84:a5:8b:48:3b:b5:85:da:f6:
                    f4:b8:1b:e2:b2:b5:30:fe:57:d4:f4:2e:2b:26:a2:
                    56:28:a3:8d:37:04:b8:70:b9:5a:1b:c6:22:87:88:
                    ef:b8:56:ba:b2:65:a6:ad:76:73:f6:89:87:58:23:
                    eb:25:7e:34:fc:82:01:31:61:96:07:9d:6d:2d:e7:
                    f2:68:4c:23:fd:f3:f9:0d:0c:a5:51:7f:f1:6f:75:
                    1c:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:C3:3C:21:A3:F0:47:C4:AD:5B:F3:9C:F6:BB:55:48:48:C7:A0:E2
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/k8M8IaPwR8StW_Oc9rtVSEjHoOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.170.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:51:e8:9b:2a:22:f5:51:0e:a8:04:1d:33:2b:a4:ef:2f:dc:
         cf:56:17:09:20:2f:b2:9f:32:57:36:4a:bb:40:48:0f:db:05:
         b5:be:c0:26:cb:af:32:fd:dd:5e:1b:41:b7:c3:f8:2f:d3:b7:
         9a:01:b6:20:1d:1c:f5:5f:27:0b:22:fa:55:b2:a4:bc:9f:60:
         c2:19:4e:08:b0:97:84:22:ed:7a:dc:3e:dd:52:8c:a0:11:6f:
         d3:bd:25:a1:e6:70:94:35:65:56:7f:89:ec:e8:c9:aa:10:a6:
         2b:ec:dc:ee:fe:cf:9e:a5:0b:f9:3d:29:53:35:da:74:27:35:
         96:ab:5d:6d:63:a7:05:8d:a1:b9:af:50:e9:95:cd:75:b1:56:
         dd:42:e3:e8:69:b2:9d:77:83:ed:5b:25:a5:db:fa:04:05:a5:
         42:25:e6:06:81:ad:c3:c7:73:59:71:19:56:75:fa:12:5f:de:
         5c:f0:85:ff:af:b8:d6:ec:6b:d4:46:e0:d5:cf:26:03:17:ab:
         33:51:8b:26:8f:29:31:b5:85:0b:8e:06:80:26:9f:e6:eb:9a:
         32:29:db:04:6f:80:dd:b4:c9:8c:4c:69:56:60:08:58:ad:93:
         29:0b:5d:d9:bc:2f:6e:b3:52:d6:46:a6:76:1a:68:c8:43:3b:
         b9:af:b8:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g7n4UlITdz8zMX+VfFetMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjYwMTAyMTYyMTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2MzM2MyMWEzZjA0N2M0YWQ1YmYzOWNmNmJiNTU0ODQ4YzdhMGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwR+jBWrv8qcY34SD1/HVRZAWC4LB
vckImr55SQYYoZmFU+lqcJ6YRSp9/g6pZjDRwMqZc4a7jk2smBC/Da9H4UZWH35A
LxQrerz1QSYmWVPebmKxCue2F+vkWbYey9uxUHGj9h5JILQZqcPl9xFyewEREDrp
ti0f81g12JLUkf+06omdt3O6U4ZL3szwZgrnVjN9AWBbpsOtb9dTs7Y2YY+6MNpm
Me0ndyaEpYtIO7WF2vb0uBvisrUw/lfU9C4rJqJWKKONNwS4cLlaG8Yih4jvuFa6
smWmrXZz9omHWCPrJX40/IIBMWGWB51tLefyaEwj/fP5DQylUX/xb3UccwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJPDPCGj8EfErVvznPa7VUhIx6DiMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvazhNOElhUHdSOFN0V19PYzlydFZTRWpIb09JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsqroMA0G
CSqGSIb3DQEBCwUAA4IBAQCbUeibKiL1UQ6oBB0zK6TvL9zPVhcJIC+ynzJXNkq7
QEgP2wW1vsAmy68y/d1eG0G3w/gv07eaAbYgHRz1XycLIvpVsqS8n2DCGU4IsJeE
Iu163D7dUoygEW/TvSWh5nCUNWVWf4ns6MmqEKYr7Nzu/s+epQv5PSlTNdp0JzWW
q11tY6cFjaG5r1Dplc11sVbdQuPoabKdd4PtWyWl2/oEBaVCJeYGga3Dx3NZcRlW
dfoSX95c8IX/r7jW7GvURuDVzyYDF6szUYsmjykxtYULjgaAJp/m65oyKdsEb4Dd
tMmMTGlWYAhYrZMpC13ZvC9us1LWRqZ2GmjIQzu5r7jf
-----END CERTIFICATE-----