This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/ccea55-eac2-42ba-9dec-e690ed21f94f/1/o-mtc665fbhvSfNUs9vwAj_na4c.roa
File:                     o-mtc665fbhvSfNUs9vwAj_na4c.roa (raw, json)
Hash identifier:          CKoVltX9Hmfz+Z2sk8sI92L3m9MX0WVmDaQsoWexPl4=
Subject key identifier:   A3:E9:AD:73:AE:B9:7D:B8:6F:49:F3:54:B3:DB:F0:02:3F:E7:6B:87
Certificate issuer:       /CN=4714bbf53787af4e935d30a48e8825a2da14a08b
Certificate serial:       019B7F843EDF1DD63B0E6C5470577EA93AB4
Authority key identifier: 47:14:BB:F5:37:87:AF:4E:93:5D:30:A4:8E:88:25:A2:DA:14:A0:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RxS79TeHr06TXTCkjoglotoUoIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/ccea55-eac2-42ba-9dec-e690ed21f94f/1/o-mtc665fbhvSfNUs9vwAj_na4c.roa
Signing time:             Fri 02 Jan 2026 16:22:11 +0000
ROA not before:           Fri 02 Jan 2026 16:22:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210423
IP address blocks:        185.67.28.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/ccea55-eac2-42ba-9dec-e690ed21f94f/1/RxS79TeHr06TXTCkjoglotoUoIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/ccea55-eac2-42ba-9dec-e690ed21f94f/1/RxS79TeHr06TXTCkjoglotoUoIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RxS79TeHr06TXTCkjoglotoUoIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:3e:df:1d:d6:3b:0e:6c:54:70:57:7e:a9:3a:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4714bbf53787af4e935d30a48e8825a2da14a08b
        Validity
            Not Before: Jan  2 16:22:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a3e9ad73aeb97db86f49f354b3dbf0023fe76b87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:4e:b6:46:36:a8:8d:b0:db:1d:e3:9b:89:22:
                    6a:b0:04:19:8d:63:44:c5:a6:3a:37:66:b4:38:56:
                    50:ed:f7:95:d0:83:f3:4f:f8:58:53:c1:51:18:ea:
                    e8:36:d2:b8:33:c4:ff:e0:ea:52:98:b6:83:ed:a7:
                    7b:1b:be:3b:15:4e:a7:d1:a9:3b:ed:74:55:fa:b2:
                    98:42:8c:7e:bc:bf:72:f3:79:c3:c8:38:34:85:b0:
                    41:d5:30:b7:8a:1d:99:81:10:03:41:37:23:57:63:
                    8c:49:01:da:9a:db:0d:85:56:b7:75:fd:85:17:89:
                    3f:fb:71:ec:4e:fd:8e:0a:46:5d:d8:e4:fd:0a:01:
                    7f:e4:a2:8b:d1:e0:c4:71:5a:72:fc:2a:42:4b:b3:
                    01:47:0c:44:6c:7b:8c:d4:ec:19:94:04:a0:88:8b:
                    45:1c:df:f7:87:60:e0:3d:4c:55:b3:6e:48:c5:2d:
                    f3:f4:1d:70:26:06:aa:16:72:50:38:73:27:17:83:
                    10:61:f5:96:56:e0:15:65:73:3d:96:e2:f8:ef:8d:
                    23:dd:46:7e:a1:70:42:60:d1:a1:fe:1f:45:65:04:
                    f3:52:9b:ac:97:c8:2d:71:8b:32:fc:ca:0b:11:98:
                    7a:3e:e2:8e:4c:82:7f:91:71:bf:28:ec:f2:a8:39:
                    ba:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:E9:AD:73:AE:B9:7D:B8:6F:49:F3:54:B3:DB:F0:02:3F:E7:6B:87
            X509v3 Authority Key Identifier:
                keyid:47:14:BB:F5:37:87:AF:4E:93:5D:30:A4:8E:88:25:A2:DA:14:A0:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RxS79TeHr06TXTCkjoglotoUoIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/ccea55-eac2-42ba-9dec-e690ed21f94f/1/o-mtc665fbhvSfNUs9vwAj_na4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/ccea55-eac2-42ba-9dec-e690ed21f94f/1/RxS79TeHr06TXTCkjoglotoUoIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.67.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9a:6c:d5:b2:a8:ad:f5:1e:e3:75:c4:87:50:9e:ec:85:99:9a:
         48:de:cb:f9:d1:cf:18:54:89:7d:89:02:b0:40:27:38:63:db:
         b6:94:39:e7:2e:8e:83:79:a5:d6:3c:b2:da:cb:71:be:fa:55:
         17:21:22:1b:3b:43:f2:2d:89:aa:78:fe:29:61:c9:80:e3:db:
         03:fe:32:b9:3a:5f:55:27:4a:ed:e9:a5:07:5e:8a:a6:99:ec:
         5b:fa:6b:32:6d:d2:44:f4:38:62:7a:1d:65:46:b4:8b:49:1a:
         62:19:0a:22:3d:64:0a:49:d8:f2:20:d2:e2:36:1d:7b:59:ac:
         e9:f1:78:8b:b6:8f:4c:90:a6:c0:a4:30:0b:01:8f:41:11:7b:
         bb:af:a4:ff:d8:fa:e7:8f:95:bf:59:ec:72:16:14:41:ef:a5:
         91:57:46:bb:54:e5:f9:91:e5:85:5d:ba:0b:60:72:81:ff:a8:
         f1:46:34:2d:63:5b:fd:0f:cc:5a:99:28:43:17:42:dc:ce:93:
         e8:f8:9c:8c:0e:df:e0:99:46:b8:1e:db:5c:22:de:49:a4:52:
         ae:dd:e6:6c:a7:ea:bd:3a:9e:ae:2a:a4:2e:62:74:38:cb:fe:
         6b:82:e0:d3:0a:0b:7f:d2:09:2a:c9:4c:fd:d2:9a:f7:ba:ad:
         8d:13:df:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hD7fHdY7DmxUcFd+qTq0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MTRiYmY1Mzc4N2FmNGU5MzVkMzBhNDhlODgyNWEyZGEx
NGEwOGIwHhcNMjYwMTAyMTYyMjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2U5YWQ3M2FlYjk3ZGI4NmY0OWYzNTRiM2RiZjAwMjNmZTc2Yjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz062RjaojbDbHeObiSJqsAQZjWNE
xaY6N2a0OFZQ7feV0IPzT/hYU8FRGOroNtK4M8T/4OpSmLaD7ad7G747FU6n0ak7
7XRV+rKYQox+vL9y83nDyDg0hbBB1TC3ih2ZgRADQTcjV2OMSQHamtsNhVa3df2F
F4k/+3HsTv2OCkZd2OT9CgF/5KKL0eDEcVpy/CpCS7MBRwxEbHuM1OwZlASgiItF
HN/3h2DgPUxVs25IxS3z9B1wJgaqFnJQOHMnF4MQYfWWVuAVZXM9luL4740j3UZ+
oXBCYNGh/h9FZQTzUpusl8gtcYsy/MoLEZh6PuKOTIJ/kXG/KOzyqDm6VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKPprXOuuX24b0nzVLPb8AI/52uHMB8GA1UdIwQY
MBaAFEcUu/U3h69Ok10wpI6IJaLaFKCLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnhTNzlUZUhyMDZUWFRDa2pvZ2xvdG9Vb0lzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9jY2VhNTUtZWFjMi00MmJhLTlkZWMt
ZTY5MGVkMjFmOTRmLzEvby1tdGM2NjVmYmh2U2ZOVXM5dndBal9uYTRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9jY2VhNTUtZWFjMi00MmJhLTlkZWMtZTY5MGVkMjFmOTRm
LzEvUnhTNzlUZUhyMDZUWFRDa2pvZ2xvdG9Vb0lzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUMcMA0G
CSqGSIb3DQEBCwUAA4IBAQCabNWyqK31HuN1xIdQnuyFmZpI3sv50c8YVIl9iQKw
QCc4Y9u2lDnnLo6DeaXWPLLay3G++lUXISIbO0PyLYmqeP4pYcmA49sD/jK5Ol9V
J0rt6aUHXoqmmexb+msybdJE9Dhieh1lRrSLSRpiGQoiPWQKSdjyINLiNh17Wazp
8XiLto9MkKbApDALAY9BEXu7r6T/2Prnj5W/WexyFhRB76WRV0a7VOX5keWFXboL
YHKB/6jxRjQtY1v9D8xamShDF0LczpPo+JyMDt/gmUa4HttcIt5JpFKu3eZsp+q9
Op6uKqQuYnQ4y/5rguDTCgt/0gkqyUz90pr3uq2NE993
-----END CERTIFICATE-----