This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/MhZOe77osz5B_8Rh1NnTYFYC4RY.roa
File:                     MhZOe77osz5B_8Rh1NnTYFYC4RY.roa (raw, json)
Hash identifier:          rhVOkCdXb2TMRwQp2v+rjEc1UOZNU4YoXtht0IE+lxo=
Subject key identifier:   32:16:4E:7B:BE:E8:B3:3E:41:FF:C4:61:D4:D9:D3:60:56:02:E1:16
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       019B76EAC44FF0676FC00407F6242DAC0FDB
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/MhZOe77osz5B_8Rh1NnTYFYC4RY.roa
Signing time:             Thu 01 Jan 2026 00:17:35 +0000
ROA not before:           Thu 01 Jan 2026 00:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     133398
IP address blocks:        85.208.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 15:30:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:c4:4f:f0:67:6f:c0:04:07:f6:24:2d:ac:0f:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 00:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=32164e7bbee8b33e41ffc461d4d9d3605602e116
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f2:04:f9:a4:15:53:18:25:03:41:2e:d6:20:
                    fa:e3:b3:cd:48:ae:e7:81:18:c7:68:a7:7f:fa:45:
                    90:f5:f8:82:30:68:c3:9e:e9:c3:f2:85:7a:70:84:
                    00:f3:a5:97:36:dc:23:ea:c3:a3:1b:3c:08:dc:30:
                    eb:35:e3:76:c5:44:d3:c3:8b:5b:87:4a:3b:6f:d1:
                    47:7d:49:76:40:75:9e:54:72:5e:25:1e:08:e6:a8:
                    cc:29:83:ac:2a:6b:d1:2a:0b:7a:7b:b2:50:95:44:
                    b4:7f:d8:a7:56:c3:2e:7c:ee:5e:dc:28:1c:72:7d:
                    56:1b:88:35:ff:2e:70:8f:7c:f1:18:33:39:af:4a:
                    76:fb:31:2b:7a:13:66:b8:d9:c2:1d:7e:85:5f:49:
                    9b:e4:04:1b:b5:3c:29:f1:d0:00:74:e0:27:2a:4b:
                    e5:16:c1:43:db:48:67:d1:96:7d:71:9f:17:32:9c:
                    43:5b:5b:c5:dd:74:b2:8c:1c:71:3b:d7:93:d4:07:
                    a9:cd:a1:39:83:4e:96:a7:83:a6:5a:fb:17:47:16:
                    a1:3a:8e:2f:67:11:89:1c:25:39:ed:ae:12:87:11:
                    51:09:4f:18:26:43:6a:86:d4:77:1c:03:62:2d:07:
                    a2:a2:b4:1e:b8:07:a0:63:0a:ae:e1:c8:72:95:3c:
                    bd:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:16:4E:7B:BE:E8:B3:3E:41:FF:C4:61:D4:D9:D3:60:56:02:E1:16
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/MhZOe77osz5B_8Rh1NnTYFYC4RY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:5d:68:e1:f9:c0:d5:82:e8:f9:c5:fa:74:d2:c5:7f:72:23:
         0b:d8:f7:e9:6c:79:ac:95:00:d9:80:6f:c5:8f:b1:01:46:a7:
         4d:fc:de:c6:f4:62:c3:e5:75:de:0a:13:0e:c7:3e:1d:b4:0b:
         ba:0e:53:aa:c1:5c:61:80:ff:57:5f:a7:91:24:1c:ff:07:72:
         9d:83:bc:11:f7:33:24:95:c7:39:f0:46:78:37:fd:bd:d1:f1:
         13:1a:8d:c2:0a:c6:55:a0:4c:f9:da:aa:67:30:0b:79:cf:c5:
         a7:50:9f:c8:a4:92:b1:ce:9a:88:19:b0:96:99:f2:56:af:0f:
         c5:46:9a:94:8e:22:b2:15:fa:a1:c5:f6:3e:b7:83:19:bd:d7:
         6d:66:83:da:12:70:0d:ce:e5:46:72:df:a2:c2:74:4d:6c:30:
         d2:77:fe:c5:b8:76:e6:0d:8b:90:a9:47:c5:d9:ec:4e:97:5b:
         2a:9c:e7:5f:39:79:02:5c:76:06:9a:ee:99:db:5e:f7:e2:c0:
         08:e7:61:08:2c:80:0c:2b:2a:ef:48:6d:3b:ef:31:26:19:cb:
         6d:49:2f:e5:98:f0:64:3e:09:b2:5b:ad:34:48:0b:5a:85:e0:
         0d:1a:22:5d:e1:83:83:86:ef:e4:a4:dd:72:76:98:ba:96:d0:
         4d:36:ca:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26sRP8GdvwAQH9iQtrA/bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjYwMTAxMDAxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjE2NGU3YmJlZThiMzNlNDFmZmM0NjFkNGQ5ZDM2MDU2MDJlMTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvIE+aQVUxglA0Eu1iD647PNSK7n
gRjHaKd/+kWQ9fiCMGjDnunD8oV6cIQA86WXNtwj6sOjGzwI3DDrNeN2xUTTw4tb
h0o7b9FHfUl2QHWeVHJeJR4I5qjMKYOsKmvRKgt6e7JQlUS0f9inVsMufO5e3Cgc
cn1WG4g1/y5wj3zxGDM5r0p2+zErehNmuNnCHX6FX0mb5AQbtTwp8dAAdOAnKkvl
FsFD20hn0ZZ9cZ8XMpxDW1vF3XSyjBxxO9eT1AepzaE5g06Wp4OmWvsXRxahOo4v
ZxGJHCU57a4ShxFRCU8YJkNqhtR3HANiLQeiorQeuAegYwqu4chylTy9awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIWTnu+6LM+Qf/EYdTZ02BWAuEWMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvTWhaT2U3N29zejVCXzhSaDFOblRZRllDNFJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdBqMA0G
CSqGSIb3DQEBCwUAA4IBAQAGXWjh+cDVguj5xfp00sV/ciML2PfpbHmslQDZgG/F
j7EBRqdN/N7G9GLD5XXeChMOxz4dtAu6DlOqwVxhgP9XX6eRJBz/B3Kdg7wR9zMk
lcc58EZ4N/290fETGo3CCsZVoEz52qpnMAt5z8WnUJ/IpJKxzpqIGbCWmfJWrw/F
RpqUjiKyFfqhxfY+t4MZvddtZoPaEnANzuVGct+iwnRNbDDSd/7FuHbmDYuQqUfF
2exOl1sqnOdfOXkCXHYGmu6Z21734sAI52EILIAMKyrvSG077zEmGcttSS/lmPBk
PgmyW600SAtaheANGiJd4YODhu/kpN1ydpi6ltBNNsoL
-----END CERTIFICATE-----