This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/mwarFggf3KLLePlMxIoaUNWbNqc.roa
File:                     mwarFggf3KLLePlMxIoaUNWbNqc.roa (raw, json)
Hash identifier:          YB9TOmy8dGla8Jh8QMZh8IP86fm2N3L1SVszpAby3e0=
Subject key identifier:   9B:06:AB:16:08:1F:DC:A2:CB:78:F9:4C:C4:8A:1A:50:D5:9B:36:A7
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019B7E38FF62E060E66B49EF44546F569846
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/mwarFggf3KLLePlMxIoaUNWbNqc.roa
Signing time:             Fri 02 Jan 2026 10:20:23 +0000
ROA not before:           Fri 02 Jan 2026 10:20:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5567
IP address blocks:        85.143.64.0/20 maxlen: 20
                          85.143.80.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:ff:62:e0:60:e6:6b:49:ef:44:54:6f:56:98:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  2 10:20:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b06ab16081fdca2cb78f94cc48a1a50d59b36a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:07:a6:96:72:68:8e:cd:49:4b:4e:46:86:1f:
                    86:a3:92:25:ab:97:0d:c9:5d:68:02:22:e1:01:9b:
                    5a:87:ce:e1:80:10:16:bb:a9:4a:72:b4:7f:8e:ab:
                    31:89:43:50:f6:d0:56:86:1c:84:27:64:85:bb:74:
                    23:ff:6e:c9:f6:0c:8b:8d:28:9c:7b:fd:0f:45:f4:
                    34:17:8f:44:b9:58:22:99:21:30:96:f2:55:35:09:
                    80:93:bf:3f:ca:1a:07:87:c1:bb:68:fd:c6:36:e3:
                    a4:82:a3:94:c6:65:59:0f:ed:37:dc:b5:9b:05:22:
                    40:bf:7f:d9:bd:3f:4c:cc:62:c6:02:07:55:7b:23:
                    7c:48:1f:b0:42:e0:87:dc:8c:51:3f:89:52:e9:a1:
                    17:c9:93:88:6b:b2:b3:1b:51:50:2c:50:33:bd:dd:
                    ba:86:aa:b7:27:bc:d6:68:e0:03:23:19:26:2f:7b:
                    6f:ed:d8:df:c4:e5:3a:fa:c3:36:55:62:48:4d:69:
                    74:5d:84:cb:2d:1f:94:4d:93:f5:97:f3:42:60:5d:
                    c0:33:42:dc:d2:77:b9:a6:e6:c7:ce:f3:fd:e3:35:
                    00:0f:99:1f:39:f9:92:cf:7b:a2:9b:fb:a5:37:b4:
                    01:fa:07:65:31:05:ff:9e:fc:0d:8e:71:bf:25:32:
                    4b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:06:AB:16:08:1F:DC:A2:CB:78:F9:4C:C4:8A:1A:50:D5:9B:36:A7
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/mwarFggf3KLLePlMxIoaUNWbNqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.143.64.0-85.143.87.255

    Signature Algorithm: sha256WithRSAEncryption
         2c:55:83:76:e3:ba:53:5f:a5:e1:0f:da:7b:63:c6:36:49:66:
         f9:38:ad:85:d5:71:6f:0d:02:d7:ff:9d:a3:e0:cc:40:29:39:
         d4:42:d6:91:f1:fa:c3:bf:6c:21:52:2b:15:6c:14:02:dd:72:
         ca:51:cf:18:59:96:a0:97:15:ff:86:68:d6:65:13:b8:9f:a7:
         99:85:bb:c8:82:2f:c0:65:81:18:54:40:4f:b9:87:25:03:f1:
         f5:85:0c:f4:91:1c:de:67:74:d0:82:78:b5:c6:56:5f:ef:b8:
         a5:fc:dd:e1:1e:c3:f3:bc:6d:f1:5d:76:b6:0a:34:c9:5e:67:
         a1:8a:2b:c8:01:d8:e5:cb:41:73:ef:3a:42:ae:89:5a:b0:f7:
         10:30:14:46:2c:db:f1:40:5f:de:60:54:d2:84:34:3b:26:60:
         3f:74:70:2c:b4:e6:45:4b:f1:31:b3:7a:a7:70:bd:4f:d2:b2:
         1d:17:7f:cd:23:9e:8c:6a:fe:ae:90:33:23:b8:a4:30:2e:84:
         65:11:76:5b:29:c8:75:ac:68:0d:0a:bc:b2:77:0f:1b:ea:82:
         58:21:cd:07:93:ba:13:42:57:b0:0c:ad:32:74:af:08:fe:77:
         4f:10:e5:cc:aa:5b:13:3c:f9:2e:89:f5:99:fa:a7:0f:41:fe:
         6c:c7:c2:0b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZt+OP9i4GDma0nvRFRvVphGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjYwMTAyMTAyMDIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjA2YWIxNjA4MWZkY2EyY2I3OGY5NGNjNDhhMWE1MGQ1OWIzNmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0AemlnJojs1JS05Ghh+Go5Ilq5cN
yV1oAiLhAZtah87hgBAWu6lKcrR/jqsxiUNQ9tBWhhyEJ2SFu3Qj/27J9gyLjSic
e/0PRfQ0F49EuVgimSEwlvJVNQmAk78/yhoHh8G7aP3GNuOkgqOUxmVZD+033LWb
BSJAv3/ZvT9MzGLGAgdVeyN8SB+wQuCH3IxRP4lS6aEXyZOIa7KzG1FQLFAzvd26
hqq3J7zWaOADIxkmL3tv7djfxOU6+sM2VWJITWl0XYTLLR+UTZP1l/NCYF3AM0Lc
0ne5pubHzvP94zUAD5kfOfmSz3uim/ulN7QB+gdlMQX/nvwNjnG/JTJL4QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJsGqxYIH9yiy3j5TMSKGlDVmzanMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvbXdhckZnZ2YzS0xMZVBsTXhJb2FVTldiTnFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAZVj0AD
BANVj1AwDQYJKoZIhvcNAQELBQADggEBACxVg3bjulNfpeEP2ntjxjZJZvk4rYXV
cW8NAtf/naPgzEApOdRC1pHx+sO/bCFSKxVsFALdcspRzxhZlqCXFf+GaNZlE7if
p5mFu8iCL8BlgRhUQE+5hyUD8fWFDPSRHN5ndNCCeLXGVl/vuKX83eEew/O8bfFd
drYKNMleZ6GKK8gB2OXLQXPvOkKuiVqw9xAwFEYs2/FAX95gVNKENDsmYD90cCy0
5kVL8TGzeqdwvU/Ssh0Xf80jnoxq/q6QMyO4pDAuhGURdlspyHWsaA0KvLJ3Dxvq
glghzQeTuhNCV7AMrTJ0rwj+d08Q5cyqWxM8+S6J9Zn6pw9B/mzHwgs=
-----END CERTIFICATE-----