This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/pMY2G7x73wBoXGM586Db9RcFDxY.roa
File:                     pMY2G7x73wBoXGM586Db9RcFDxY.roa (raw, json)
Hash identifier:          9gsZC3WF9scrT9Qn8MwE1JOLyps6ENzUI0Jj7Vf/mzQ=
Subject key identifier:   A4:C6:36:1B:BC:7B:DF:00:68:5C:63:39:F3:A0:DB:F5:17:05:0F:16
Certificate issuer:       /CN=08d3a515683e9ddb85d38e7ab39c33aedacaf7ef
Certificate serial:       019B76EADD8335E93983541A0AB605A4F61D
Authority key identifier: 08:D3:A5:15:68:3E:9D:DB:85:D3:8E:7A:B3:9C:33:AE:DA:CA:F7:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CNOlFWg-nduF0456s5wzrtrK9-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/pMY2G7x73wBoXGM586Db9RcFDxY.roa
Signing time:             Thu 01 Jan 2026 00:17:42 +0000
ROA not before:           Thu 01 Jan 2026 00:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42229
IP address blocks:        185.1.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/CNOlFWg-nduF0456s5wzrtrK9-8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/CNOlFWg-nduF0456s5wzrtrK9-8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CNOlFWg-nduF0456s5wzrtrK9-8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:dd:83:35:e9:39:83:54:1a:0a:b6:05:a4:f6:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08d3a515683e9ddb85d38e7ab39c33aedacaf7ef
        Validity
            Not Before: Jan  1 00:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4c6361bbc7bdf00685c6339f3a0dbf517050f16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ba:32:b7:12:a9:1c:69:03:b3:bf:84:7b:3b:
                    69:05:c7:d4:01:c0:05:6d:4d:96:4d:4a:41:bc:69:
                    79:b3:3e:4e:45:fc:c8:0b:4f:43:59:0a:ac:d4:a5:
                    0a:9c:68:c5:2f:76:8a:b8:50:96:61:f9:06:cc:cb:
                    19:e9:0c:16:ba:5b:db:8a:80:30:d2:3d:ac:9e:2e:
                    b0:e6:55:0a:5d:17:df:8a:b8:8b:1d:e6:c2:e7:d9:
                    f1:f2:fd:27:bb:f0:06:0d:66:8b:50:2d:51:f8:a7:
                    59:ac:4e:17:a0:6e:55:e0:51:41:3b:4d:fb:06:0b:
                    b5:3f:5a:ec:38:ea:7f:3e:4a:3e:64:dd:97:b0:44:
                    5c:cf:7d:54:73:3c:cf:29:dd:cd:25:54:7b:2f:b0:
                    f2:eb:a6:d7:61:8e:50:68:85:12:92:36:e2:b8:c6:
                    94:20:6f:3b:b1:b1:cd:63:36:80:75:d3:5f:ee:8f:
                    96:a4:01:68:db:2b:4b:a2:32:07:e4:3a:c2:a3:4d:
                    1e:ac:22:29:50:c8:0b:ed:07:06:8c:44:0d:fc:09:
                    e2:b2:fa:0d:45:72:be:e1:74:ed:11:39:21:3e:01:
                    0f:1d:4a:fd:ee:ba:70:73:c6:4e:00:e1:f4:05:1d:
                    74:89:d9:cd:38:56:cb:3a:d1:42:97:15:40:f8:87:
                    65:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:C6:36:1B:BC:7B:DF:00:68:5C:63:39:F3:A0:DB:F5:17:05:0F:16
            X509v3 Authority Key Identifier:
                keyid:08:D3:A5:15:68:3E:9D:DB:85:D3:8E:7A:B3:9C:33:AE:DA:CA:F7:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CNOlFWg-nduF0456s5wzrtrK9-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/pMY2G7x73wBoXGM586Db9RcFDxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/CNOlFWg-nduF0456s5wzrtrK9-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:6a:39:55:43:af:78:74:cc:1d:a3:bd:c3:c0:a7:41:19:6d:
         a6:c3:0f:ae:a8:b4:f2:ce:92:80:7c:60:c8:e0:e2:3e:81:a8:
         a8:15:47:4d:ec:70:c2:11:cb:a5:4d:5c:e3:92:e7:96:a8:3e:
         da:b7:0d:b9:d0:3a:d0:89:3a:46:47:d9:4f:8e:2d:35:9e:1d:
         a1:f2:50:7e:0a:a9:44:65:9e:6f:37:02:24:45:a6:dc:10:50:
         f5:08:80:a5:55:69:e5:4b:71:fe:f4:39:d0:1b:c1:6b:5c:da:
         da:63:89:d3:9b:db:95:b9:af:92:31:c5:b8:61:be:9f:0d:f2:
         76:26:9a:40:c7:23:26:08:74:d5:aa:1d:a7:0b:f1:17:a2:4b:
         20:07:2a:58:1a:20:52:88:fc:1a:c5:ad:03:18:bb:e9:39:4e:
         ed:27:6f:f9:83:00:ae:72:9a:0b:92:50:e6:05:35:3b:6f:b2:
         11:5b:cd:4f:45:16:43:bb:ae:14:6d:bc:82:48:1f:94:81:3a:
         49:a2:b1:43:14:bc:cc:93:5d:05:f5:76:7d:18:95:b1:f3:23:
         24:90:f0:ec:0e:cf:c0:7e:5c:b2:86:03:ff:a7:e8:67:a8:4f:
         cf:3b:05:db:09:64:99:56:8a:6b:b5:2a:da:c3:f8:ca:0a:e5:
         df:41:7c:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26t2DNek5g1QaCrYFpPYdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZDNhNTE1NjgzZTlkZGI4NWQzOGU3YWIzOWMzM2FlZGFj
YWY3ZWYwHhcNMjYwMTAxMDAxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGM2MzYxYmJjN2JkZjAwNjg1YzYzMzlmM2EwZGJmNTE3MDUwZjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7oytxKpHGkDs7+EeztpBcfUAcAF
bU2WTUpBvGl5sz5ORfzIC09DWQqs1KUKnGjFL3aKuFCWYfkGzMsZ6QwWulvbioAw
0j2sni6w5lUKXRffiriLHebC59nx8v0nu/AGDWaLUC1R+KdZrE4XoG5V4FFBO037
Bgu1P1rsOOp/Pko+ZN2XsERcz31UczzPKd3NJVR7L7Dy66bXYY5QaIUSkjbiuMaU
IG87sbHNYzaAddNf7o+WpAFo2ytLojIH5DrCo00erCIpUMgL7QcGjEQN/AnisvoN
RXK+4XTtETkhPgEPHUr97rpwc8ZOAOH0BR10idnNOFbLOtFClxVA+IdlZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKTGNhu8e98AaFxjOfOg2/UXBQ8WMB8GA1UdIwQY
MBaAFAjTpRVoPp3bhdOOerOcM67ayvfvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ05PbEZXZy1uZHVGMDQ1NnM1d3pydHJLOS04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82N2NmYTAtYTMyYi00MDYzLTkzNzAt
MGI1YzVkOTQ0MjZhLzEvcE1ZMkc3eDczd0JvWEdNNTg2RGI5UmNGRHhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82N2NmYTAtYTMyYi00MDYzLTkzNzAtMGI1YzVkOTQ0MjZh
LzEvQ05PbEZXZy1uZHVGMDQ1NnM1d3pydHJLOS04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQFaMA0G
CSqGSIb3DQEBCwUAA4IBAQA3ajlVQ694dMwdo73DwKdBGW2mww+uqLTyzpKAfGDI
4OI+gaioFUdN7HDCEculTVzjkueWqD7atw250DrQiTpGR9lPji01nh2h8lB+CqlE
ZZ5vNwIkRabcEFD1CIClVWnlS3H+9DnQG8FrXNraY4nTm9uVua+SMcW4Yb6fDfJ2
JppAxyMmCHTVqh2nC/EXoksgBypYGiBSiPwaxa0DGLvpOU7tJ2/5gwCucpoLklDm
BTU7b7IRW81PRRZDu64UbbyCSB+UgTpJorFDFLzMk10F9XZ9GJWx8yMkkPDsDs/A
flyyhgP/p+hnqE/POwXbCWSZVoprtSraw/jKCuXfQXwy
-----END CERTIFICATE-----