This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/8b906b-9c1d-45d9-86ba-c7fe62227df3/1/wMBz1OxL3HTz5yYKEtRNA_2ypJc.roa
File:                     wMBz1OxL3HTz5yYKEtRNA_2ypJc.roa (raw, json)
Hash identifier:          dgJQac7vUSrU8OsO7dHZl/BzAOs/LTYZ/18knGRwxgA=
Subject key identifier:   C0:C0:73:D4:EC:4B:DC:74:F3:E7:26:0A:12:D4:4D:03:FD:B2:A4:97
Certificate issuer:       /CN=985ae6c59c35e460387daebcfb866f8a1ebb3686
Certificate serial:       019B7D5CE55EFB39FF215F5021A44DD938E8
Authority key identifier: 98:5A:E6:C5:9C:35:E4:60:38:7D:AE:BC:FB:86:6F:8A:1E:BB:36:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mFrmxZw15GA4fa68-4Zvih67NoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/8b906b-9c1d-45d9-86ba-c7fe62227df3/1/wMBz1OxL3HTz5yYKEtRNA_2ypJc.roa
Signing time:             Fri 02 Jan 2026 06:19:58 +0000
ROA not before:           Fri 02 Jan 2026 06:19:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200235
IP address blocks:        45.137.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/8b906b-9c1d-45d9-86ba-c7fe62227df3/1/mFrmxZw15GA4fa68-4Zvih67NoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/8b906b-9c1d-45d9-86ba-c7fe62227df3/1/mFrmxZw15GA4fa68-4Zvih67NoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mFrmxZw15GA4fa68-4Zvih67NoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:e5:5e:fb:39:ff:21:5f:50:21:a4:4d:d9:38:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=985ae6c59c35e460387daebcfb866f8a1ebb3686
        Validity
            Not Before: Jan  2 06:19:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c0c073d4ec4bdc74f3e7260a12d44d03fdb2a497
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:f5:26:cc:82:dc:8d:be:66:c9:c7:6d:c4:5e:
                    94:98:14:0b:a7:30:e4:44:7d:b2:af:70:14:bd:27:
                    ae:35:43:72:fa:6e:09:8c:1c:dd:fb:cf:dd:c7:9e:
                    ab:77:05:62:1d:e2:14:e3:51:ee:e0:bd:43:ff:9a:
                    48:75:64:07:24:0b:d7:65:51:ed:00:e9:bb:a8:13:
                    0a:45:a5:29:92:89:4d:3e:7e:e6:d4:9d:83:de:1f:
                    26:13:f6:09:60:2f:c8:95:35:8e:07:81:b1:ac:76:
                    13:16:a7:d0:f5:db:67:1a:cd:a6:c5:67:83:1f:37:
                    89:c6:dd:b9:90:3f:1d:92:70:77:c0:d8:f7:ef:7b:
                    8d:e2:65:35:ac:f6:5e:93:5e:72:04:43:ac:62:7f:
                    3b:2c:6f:25:07:c9:a7:8d:a3:82:38:a9:19:bc:c3:
                    07:0e:b2:7d:f8:08:64:4c:c0:c0:ea:bc:12:3a:73:
                    53:21:ce:df:64:39:ba:b7:39:e5:38:a6:9e:bd:43:
                    29:22:f0:3b:61:34:00:79:6e:b8:f8:88:49:24:2b:
                    46:63:7c:92:02:2c:e4:bd:d2:83:b7:31:23:86:21:
                    cc:a4:75:f9:ab:ff:d6:0f:9e:aa:f4:a5:0e:60:2f:
                    cb:a1:d9:18:58:2f:39:17:d5:25:d2:aa:d7:37:b6:
                    f6:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:C0:73:D4:EC:4B:DC:74:F3:E7:26:0A:12:D4:4D:03:FD:B2:A4:97
            X509v3 Authority Key Identifier:
                keyid:98:5A:E6:C5:9C:35:E4:60:38:7D:AE:BC:FB:86:6F:8A:1E:BB:36:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mFrmxZw15GA4fa68-4Zvih67NoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/8b906b-9c1d-45d9-86ba-c7fe62227df3/1/wMBz1OxL3HTz5yYKEtRNA_2ypJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/8b906b-9c1d-45d9-86ba-c7fe62227df3/1/mFrmxZw15GA4fa68-4Zvih67NoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:e0:ac:1e:58:b1:f0:1e:ca:05:6e:27:10:b2:13:50:b9:29:
         7e:83:19:c7:4c:39:32:f7:66:63:06:87:19:66:ad:ad:bc:05:
         82:21:b8:fb:9b:a0:ef:9e:92:65:87:8c:0a:9a:b0:fc:97:46:
         54:47:b9:8c:88:24:87:33:da:b6:3f:c2:52:d7:21:86:9c:4b:
         24:6d:74:95:29:24:dc:f7:80:bc:04:ad:e9:7b:d8:ec:a3:cc:
         cd:a5:90:cf:96:ff:b4:2c:65:99:e4:c4:9f:5b:e4:49:3d:08:
         1f:e2:66:34:2a:06:ff:73:19:fd:7b:ba:61:f1:d0:65:dc:cc:
         1e:e4:31:30:9e:a7:14:72:d9:83:da:c0:a9:79:1d:1b:c1:3c:
         94:e0:8c:7c:53:39:ee:f1:7a:07:6c:91:92:d6:1a:72:c1:03:
         77:9d:85:b8:d2:d3:2b:e8:4f:4a:d8:b3:a8:55:27:80:04:da:
         27:30:1e:79:0e:dd:17:14:e2:ff:9e:18:75:20:1f:eb:4e:a4:
         25:4d:b1:32:95:39:6b:48:dc:4e:ec:b6:03:85:c7:80:c8:ee:
         33:80:37:a8:20:d5:78:94:e9:28:7e:9c:61:d2:ea:95:f3:72:
         04:2e:95:32:11:58:14:a1:22:c5:d3:24:49:c5:b6:42:34:77:
         bd:84:f3:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XOVe+zn/IV9QIaRN2TjoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NWFlNmM1OWMzNWU0NjAzODdkYWViY2ZiODY2ZjhhMWVi
YjM2ODYwHhcNMjYwMTAyMDYxOTU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGMwNzNkNGVjNGJkYzc0ZjNlNzI2MGExMmQ0NGQwM2ZkYjJhNDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfUmzILcjb5mycdtxF6UmBQLpzDk
RH2yr3AUvSeuNUNy+m4JjBzd+8/dx56rdwViHeIU41Hu4L1D/5pIdWQHJAvXZVHt
AOm7qBMKRaUpkolNPn7m1J2D3h8mE/YJYC/IlTWOB4GxrHYTFqfQ9dtnGs2mxWeD
HzeJxt25kD8dknB3wNj373uN4mU1rPZek15yBEOsYn87LG8lB8mnjaOCOKkZvMMH
DrJ9+AhkTMDA6rwSOnNTIc7fZDm6tznlOKaevUMpIvA7YTQAeW64+IhJJCtGY3yS
AizkvdKDtzEjhiHMpHX5q//WD56q9KUOYC/LodkYWC85F9Ul0qrXN7b2NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMDAc9TsS9x08+cmChLUTQP9sqSXMB8GA1UdIwQY
MBaAFJha5sWcNeRgOH2uvPuGb4oeuzaGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUZybXhadzE1R0E0ZmE2OC00WnZpaDY3Tm9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS84YjkwNmItOWMxZC00NWQ5LTg2YmEt
YzdmZTYyMjI3ZGYzLzEvd01CejFPeEwzSFR6NXlZS0V0Uk5BXzJ5cEpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS84YjkwNmItOWMxZC00NWQ5LTg2YmEtYzdmZTYyMjI3ZGYz
LzEvbUZybXhadzE1R0E0ZmE2OC00WnZpaDY3Tm9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYkbMA0G
CSqGSIb3DQEBCwUAA4IBAQBz4KweWLHwHsoFbicQshNQuSl+gxnHTDky92ZjBocZ
Zq2tvAWCIbj7m6DvnpJlh4wKmrD8l0ZUR7mMiCSHM9q2P8JS1yGGnEskbXSVKSTc
94C8BK3pe9jso8zNpZDPlv+0LGWZ5MSfW+RJPQgf4mY0Kgb/cxn9e7ph8dBl3Mwe
5DEwnqcUctmD2sCpeR0bwTyU4Ix8Uznu8XoHbJGS1hpywQN3nYW40tMr6E9K2LOo
VSeABNonMB55Dt0XFOL/nhh1IB/rTqQlTbEylTlrSNxO7LYDhceAyO4zgDeoINV4
lOkofpxh0uqV83IELpUyEVgUoSLF0yRJxbZCNHe9hPPT
-----END CERTIFICATE-----