This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/547f51-0b39-4b8e-ade6-f400dabb9bc2/1/MkdPJ2X8KSAgPeL_E9eUW7kJg44.roa
File:                     MkdPJ2X8KSAgPeL_E9eUW7kJg44.roa (raw, json)
Hash identifier:          L9wK9aXGqZVs8Xjy0tqG+NiG0/js60DJI6OgRrSyYQQ=
Subject key identifier:   32:47:4F:27:65:FC:29:20:20:3D:E2:FF:13:D7:94:5B:B9:09:83:8E
Certificate issuer:       /CN=a8180bf1a7750b3d22f9358556e11f0ff766a619
Certificate serial:       019B79ED58F34154213C3BE871B0ED2306CD
Authority key identifier: A8:18:0B:F1:A7:75:0B:3D:22:F9:35:85:56:E1:1F:0F:F7:66:A6:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qBgL8ad1Cz0i-TWFVuEfD_dmphk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/547f51-0b39-4b8e-ade6-f400dabb9bc2/1/MkdPJ2X8KSAgPeL_E9eUW7kJg44.roa
Signing time:             Thu 01 Jan 2026 14:19:16 +0000
ROA not before:           Thu 01 Jan 2026 14:19:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216037
IP address blocks:        185.164.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/547f51-0b39-4b8e-ade6-f400dabb9bc2/1/qBgL8ad1Cz0i-TWFVuEfD_dmphk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/547f51-0b39-4b8e-ade6-f400dabb9bc2/1/qBgL8ad1Cz0i-TWFVuEfD_dmphk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qBgL8ad1Cz0i-TWFVuEfD_dmphk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:58:f3:41:54:21:3c:3b:e8:71:b0:ed:23:06:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8180bf1a7750b3d22f9358556e11f0ff766a619
        Validity
            Not Before: Jan  1 14:19:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=32474f2765fc2920203de2ff13d7945bb909838e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:05:86:5e:ba:e3:fe:d4:79:36:92:b5:c6:45:
                    ff:fd:95:40:ba:1f:2e:42:a5:02:ff:f3:a8:69:df:
                    8e:1e:b9:f3:26:24:53:25:1f:fa:fc:59:ec:cf:fd:
                    2c:a9:be:ad:3f:30:58:bf:bb:21:cb:f0:10:18:ac:
                    9f:27:23:90:18:8d:73:ef:12:22:b0:22:38:04:37:
                    67:5c:24:a8:e5:87:be:bd:ea:68:e6:a6:9f:82:a9:
                    15:69:c7:7b:5d:b2:22:1b:34:0a:8e:2d:18:d3:41:
                    74:68:d5:da:47:24:c9:c7:4f:ac:f8:1e:51:65:48:
                    c6:46:b4:9e:b8:1a:cb:d2:ce:3b:d7:6e:b1:ee:6f:
                    1b:70:55:16:bc:ce:d4:89:38:a7:19:cc:de:be:7c:
                    6e:f9:d0:6c:eb:f9:3a:c9:64:22:e4:53:44:93:e5:
                    8e:f3:9a:62:59:67:b6:24:71:97:a4:47:65:64:2e:
                    38:84:eb:ae:ed:25:20:55:03:9f:6c:15:ee:55:f5:
                    f6:39:c5:ae:0f:5d:2d:b7:ee:88:a2:a1:f3:c6:d9:
                    e4:55:2c:67:6c:8a:a3:e9:3e:7d:8c:35:ba:32:30:
                    72:37:58:33:cb:99:5b:0d:ad:11:ed:54:26:ec:77:
                    6c:73:22:02:11:3f:bb:05:4a:fd:e1:e6:1e:3b:c0:
                    0f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:47:4F:27:65:FC:29:20:20:3D:E2:FF:13:D7:94:5B:B9:09:83:8E
            X509v3 Authority Key Identifier:
                keyid:A8:18:0B:F1:A7:75:0B:3D:22:F9:35:85:56:E1:1F:0F:F7:66:A6:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qBgL8ad1Cz0i-TWFVuEfD_dmphk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/547f51-0b39-4b8e-ade6-f400dabb9bc2/1/MkdPJ2X8KSAgPeL_E9eUW7kJg44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/547f51-0b39-4b8e-ade6-f400dabb9bc2/1/qBgL8ad1Cz0i-TWFVuEfD_dmphk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:55:87:35:14:71:a6:7f:49:fa:0d:5d:8f:a3:84:8f:23:6d:
         7a:86:c8:b4:83:f2:60:d6:29:ef:44:41:b1:93:53:99:c0:09:
         6f:06:99:d6:35:3f:a9:cd:68:d8:8c:f4:ec:d0:20:9f:92:37:
         c9:8a:89:5c:e9:63:e5:c4:61:4d:7c:cf:e4:c3:fd:0e:52:1e:
         e2:92:e2:0e:a8:25:9a:d5:44:57:9e:58:4e:0b:a3:46:7d:c0:
         28:40:41:48:22:3f:b1:f5:97:15:c4:2f:48:46:fb:14:80:61:
         dd:40:e3:89:95:6a:df:e8:7f:ac:d7:40:90:d1:39:30:21:bd:
         83:c9:87:db:62:b8:e6:9b:fd:8c:f3:a1:69:b0:8e:4e:3e:46:
         b2:e1:c6:f1:23:15:cb:2d:38:8a:1e:10:9a:07:18:78:b2:0d:
         86:40:de:02:ba:42:3a:9b:19:c8:3d:0b:6e:f5:3a:0c:83:71:
         5d:26:86:63:26:0e:e4:7c:2b:44:1a:f8:d6:95:87:cf:58:d0:
         f2:db:cb:37:d7:39:99:04:f6:3f:44:65:8f:2a:9b:ad:ad:0e:
         66:12:c5:16:20:cd:e4:44:b2:91:50:b1:ad:87:b9:77:61:7f:
         fe:d7:8c:ac:c0:17:b1:87:5a:48:13:29:8c:bc:88:f4:93:43:
         45:70:34:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57VjzQVQhPDvocbDtIwbNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MTgwYmYxYTc3NTBiM2QyMmY5MzU4NTU2ZTExZjBmZjc2
NmE2MTkwHhcNMjYwMTAxMTQxOTE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjQ3NGYyNzY1ZmMyOTIwMjAzZGUyZmYxM2Q3OTQ1YmI5MDk4MzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1QWGXrrj/tR5NpK1xkX//ZVAuh8u
QqUC//Ooad+OHrnzJiRTJR/6/Fnsz/0sqb6tPzBYv7shy/AQGKyfJyOQGI1z7xIi
sCI4BDdnXCSo5Ye+vepo5qafgqkVacd7XbIiGzQKji0Y00F0aNXaRyTJx0+s+B5R
ZUjGRrSeuBrL0s47126x7m8bcFUWvM7UiTinGczevnxu+dBs6/k6yWQi5FNEk+WO
85piWWe2JHGXpEdlZC44hOuu7SUgVQOfbBXuVfX2OcWuD10tt+6IoqHzxtnkVSxn
bIqj6T59jDW6MjByN1gzy5lbDa0R7VQm7HdscyICET+7BUr94eYeO8APbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJHTydl/CkgID3i/xPXlFu5CYOOMB8GA1UdIwQY
MBaAFKgYC/GndQs9Ivk1hVbhHw/3ZqYZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUJnTDhhZDFDejBpLVRXRlZ1RWZEX2RtcGhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81NDdmNTEtMGIzOS00YjhlLWFkZTYt
ZjQwMGRhYmI5YmMyLzEvTWtkUEoyWDhLU0FnUGVMX0U5ZVVXN2tKZzQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81NDdmNTEtMGIzOS00YjhlLWFkZTYtZjQwMGRhYmI5YmMy
LzEvcUJnTDhhZDFDejBpLVRXRlZ1RWZEX2RtcGhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaTMMA0G
CSqGSIb3DQEBCwUAA4IBAQBiVYc1FHGmf0n6DV2Po4SPI216hsi0g/Jg1invREGx
k1OZwAlvBpnWNT+pzWjYjPTs0CCfkjfJiolc6WPlxGFNfM/kw/0OUh7ikuIOqCWa
1URXnlhOC6NGfcAoQEFIIj+x9ZcVxC9IRvsUgGHdQOOJlWrf6H+s10CQ0TkwIb2D
yYfbYrjmm/2M86FpsI5OPkay4cbxIxXLLTiKHhCaBxh4sg2GQN4CukI6mxnIPQtu
9ToMg3FdJoZjJg7kfCtEGvjWlYfPWNDy28s31zmZBPY/RGWPKputrQ5mEsUWIM3k
RLKRULGth7l3YX/+14yswBexh1pIEymMvIj0k0NFcDT0
-----END CERTIFICATE-----