This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/mT-pF9AMKMZsgk-sXRGFTjdjjTw.roa
File:                     mT-pF9AMKMZsgk-sXRGFTjdjjTw.roa (raw, json)
Hash identifier:          8hi8c5X3lOfRNm6eAGE7trxa/urAr1vNuOA2SfS5/jE=
Subject key identifier:   99:3F:A9:17:D0:0C:28:C6:6C:82:4F:AC:5D:11:85:4E:37:63:8D:3C
Certificate issuer:       /CN=770d35d7566ee7246e4d2133cbde48a774423c77
Certificate serial:       019B7B35F6CEC3168AF274D5A2F510A2AD0C
Authority key identifier: 77:0D:35:D7:56:6E:E7:24:6E:4D:21:33:CB:DE:48:A7:74:42:3C:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dw0111Zu5yRuTSEzy95Ip3RCPHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/mT-pF9AMKMZsgk-sXRGFTjdjjTw.roa
Signing time:             Thu 01 Jan 2026 20:18:12 +0000
ROA not before:           Thu 01 Jan 2026 20:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60579
IP address blocks:        185.164.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/dw0111Zu5yRuTSEzy95Ip3RCPHc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/dw0111Zu5yRuTSEzy95Ip3RCPHc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dw0111Zu5yRuTSEzy95Ip3RCPHc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:f6:ce:c3:16:8a:f2:74:d5:a2:f5:10:a2:ad:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=770d35d7566ee7246e4d2133cbde48a774423c77
        Validity
            Not Before: Jan  1 20:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=993fa917d00c28c66c824fac5d11854e37638d3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:62:8f:ce:ea:d1:2e:4c:a1:5b:12:a3:7e:74:
                    31:0a:44:16:a7:fe:1a:54:52:0e:92:80:61:d3:c8:
                    0b:be:89:5c:9b:4e:91:78:18:06:dd:53:d5:1e:4f:
                    ea:86:37:cc:4d:5f:a9:e4:9d:33:40:07:79:2d:3e:
                    fe:3d:c7:e5:af:6d:fb:7d:b7:f1:a3:46:a7:c3:26:
                    90:0a:92:40:b8:be:02:60:73:43:73:e9:88:7e:1d:
                    94:63:62:57:bf:03:83:81:1e:a7:d9:62:fe:6e:75:
                    7f:1b:4e:bc:87:8e:83:80:c9:0f:1a:70:ed:d0:47:
                    78:a6:f3:ed:fe:f8:d1:c3:bc:5e:b5:b3:18:11:49:
                    07:6e:a0:d5:cf:ea:fa:13:1c:e8:b4:22:a7:71:77:
                    d1:52:04:6d:c7:fe:4f:e2:76:a2:fe:14:c7:1b:fb:
                    b9:c7:5a:4b:bc:79:57:15:89:55:6f:61:48:f8:f7:
                    ab:8e:42:2b:e6:e5:57:6b:81:97:5c:32:be:d4:6f:
                    59:cb:e9:6c:9c:a1:d8:b0:45:11:b9:f6:11:ea:3d:
                    e6:35:cb:b9:ba:ff:09:56:78:ae:c8:d0:79:6d:95:
                    26:ef:88:51:dc:03:cc:48:40:9f:9c:a0:ea:5f:96:
                    56:a6:73:a9:e1:c9:0e:b0:eb:aa:5d:13:ca:92:d2:
                    00:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:3F:A9:17:D0:0C:28:C6:6C:82:4F:AC:5D:11:85:4E:37:63:8D:3C
            X509v3 Authority Key Identifier:
                keyid:77:0D:35:D7:56:6E:E7:24:6E:4D:21:33:CB:DE:48:A7:74:42:3C:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dw0111Zu5yRuTSEzy95Ip3RCPHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/mT-pF9AMKMZsgk-sXRGFTjdjjTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/36e60b-2411-463b-8254-5475de603cd3/1/dw0111Zu5yRuTSEzy95Ip3RCPHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:71:1e:e4:9e:5f:37:b1:e1:4b:5e:55:44:6d:58:8b:55:db:
         38:71:21:b0:30:0a:0f:99:aa:0f:52:c8:20:01:56:1b:94:01:
         73:55:95:64:3c:7d:74:21:9d:e0:8d:85:82:5b:af:11:8e:fd:
         5f:1f:7d:33:12:81:aa:d8:c0:28:55:6f:4e:78:3c:46:25:26:
         32:20:9c:57:34:06:fb:64:52:09:ce:54:57:b4:ea:7e:ad:ae:
         3c:fe:5d:e4:ab:26:bc:43:47:c6:a8:2d:74:d6:bb:de:c8:e8:
         df:38:4e:82:f3:75:90:9a:78:af:6a:da:f3:88:eb:65:67:f8:
         c7:35:3a:22:25:d2:3f:1e:90:31:83:59:1f:1a:68:c4:ad:67:
         10:7a:02:85:9c:7b:db:1e:0c:75:60:85:db:77:1f:d7:ca:a9:
         e8:ec:db:54:2c:c2:67:16:a5:1f:1b:77:ec:b4:d4:5f:63:d8:
         00:e9:6e:dc:45:ef:e1:1f:63:b7:70:4f:e9:7c:fb:0c:f4:f3:
         67:e1:ff:05:d3:b4:40:12:3d:19:5f:3e:2a:9f:e8:1b:b1:6d:
         90:b7:1a:f2:dc:71:40:b8:3e:8f:f7:9c:2b:e8:9d:b7:9e:8b:
         6d:dc:4f:9d:a9:40:2a:9a:50:f9:20:c2:db:83:19:c5:97:00:
         be:c9:3d:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NfbOwxaK8nTVovUQoq0MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MGQzNWQ3NTY2ZWU3MjQ2ZTRkMjEzM2NiZGU0OGE3NzQ0
MjNjNzcwHhcNMjYwMTAxMjAxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTNmYTkxN2QwMGMyOGM2NmM4MjRmYWM1ZDExODU0ZTM3NjM4ZDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGKPzurRLkyhWxKjfnQxCkQWp/4a
VFIOkoBh08gLvolcm06ReBgG3VPVHk/qhjfMTV+p5J0zQAd5LT7+Pcflr237fbfx
o0anwyaQCpJAuL4CYHNDc+mIfh2UY2JXvwODgR6n2WL+bnV/G068h46DgMkPGnDt
0Ed4pvPt/vjRw7xetbMYEUkHbqDVz+r6ExzotCKncXfRUgRtx/5P4nai/hTHG/u5
x1pLvHlXFYlVb2FI+PerjkIr5uVXa4GXXDK+1G9Zy+lsnKHYsEURufYR6j3mNcu5
uv8JVniuyNB5bZUm74hR3APMSECfnKDqX5ZWpnOp4ckOsOuqXRPKktIAXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJk/qRfQDCjGbIJPrF0RhU43Y408MB8GA1UdIwQY
MBaAFHcNNddWbuckbk0hM8veSKd0Qjx3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHcwMTExWnU1eVJ1VFNFenk5NUlwM1JDUEhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8zNmU2MGItMjQxMS00NjNiLTgyNTQt
NTQ3NWRlNjAzY2QzLzEvbVQtcEY5QU1LTVpzZ2stc1hSR0ZUamRqalR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8zNmU2MGItMjQxMS00NjNiLTgyNTQtNTQ3NWRlNjAzY2Qz
LzEvZHcwMTExWnU1eVJ1VFNFenk5NUlwM1JDUEhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaSiMA0G
CSqGSIb3DQEBCwUAA4IBAQAPcR7knl83seFLXlVEbViLVds4cSGwMAoPmaoPUsgg
AVYblAFzVZVkPH10IZ3gjYWCW68Rjv1fH30zEoGq2MAoVW9OeDxGJSYyIJxXNAb7
ZFIJzlRXtOp+ra48/l3kqya8Q0fGqC101rveyOjfOE6C83WQmnivatrziOtlZ/jH
NToiJdI/HpAxg1kfGmjErWcQegKFnHvbHgx1YIXbdx/Xyqno7NtULMJnFqUfG3fs
tNRfY9gA6W7cRe/hH2O3cE/pfPsM9PNn4f8F07RAEj0ZXz4qn+gbsW2Qtxry3HFA
uD6P95wr6J23nott3E+dqUAqmlD5IMLbgxnFlwC+yT26
-----END CERTIFICATE-----