This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/mPHxvOwTTE-ohVlWNLkzd2n7Pms.roa
File:                     mPHxvOwTTE-ohVlWNLkzd2n7Pms.roa (raw, json)
Hash identifier:          cJKE0gppiNmCaV6puXh+sxoZG+020ZWk7nD2/op1JfM=
Subject key identifier:   98:F1:F1:BC:EC:13:4C:4F:A8:85:59:56:34:B9:33:77:69:FB:3E:6B
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       019B775906AEBE9532B3E3820E8413B55DE7
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/mPHxvOwTTE-ohVlWNLkzd2n7Pms.roa
Signing time:             Thu 01 Jan 2026 02:18:01 +0000
ROA not before:           Thu 01 Jan 2026 02:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203050
IP address blocks:        85.202.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:06:ae:be:95:32:b3:e3:82:0e:84:13:b5:5d:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 02:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=98f1f1bcec134c4fa885595634b9337769fb3e6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:22:f7:86:1e:49:ba:5b:e8:96:ab:06:b4:03:
                    77:34:37:29:cc:5b:8f:17:cc:17:9c:af:c6:74:0b:
                    3b:36:12:2f:61:81:1c:76:d0:21:bc:18:62:2b:dd:
                    ff:01:18:3d:d7:04:c2:60:05:d9:c2:6f:dd:13:0c:
                    d7:58:7b:58:02:0a:a9:af:90:c8:31:13:52:e3:22:
                    72:45:c0:f8:2e:b5:a9:67:ea:ea:9f:22:96:fe:c7:
                    10:67:95:7f:e9:e7:e6:1b:cb:a6:89:d2:00:33:7b:
                    93:60:a3:66:83:2d:3a:ed:b8:4d:d2:d9:b0:d8:b3:
                    fc:8c:39:8b:33:ac:07:e7:0b:24:4d:f2:37:06:0f:
                    31:33:24:60:1e:86:65:2e:56:6d:81:68:9e:ed:9d:
                    0d:55:bc:a2:c8:ea:8e:c0:00:e3:ec:51:b1:f7:70:
                    64:b4:7e:ee:e6:f8:fa:bc:f0:86:8d:08:2c:eb:51:
                    93:c4:0b:5c:08:03:89:34:ed:b7:78:8c:61:f4:0f:
                    74:1f:3b:de:5c:13:0f:09:05:03:58:9e:b6:df:f8:
                    e2:cf:39:06:62:12:13:25:74:4c:37:21:50:b3:25:
                    d1:84:2f:86:1d:aa:06:34:ac:3b:c7:e1:71:73:9c:
                    3d:f5:6b:2d:0a:93:b0:78:c9:b6:9b:4b:c3:96:b5:
                    8e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:F1:F1:BC:EC:13:4C:4F:A8:85:59:56:34:B9:33:77:69:FB:3E:6B
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/mPHxvOwTTE-ohVlWNLkzd2n7Pms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:af:72:2c:da:db:20:44:40:6d:58:3a:e2:82:1d:ff:a1:4e:
         93:04:c0:41:10:a8:27:5a:30:8d:c0:ce:90:8d:ec:b0:56:39:
         c0:c4:45:05:d4:67:91:a8:e2:10:69:a4:54:c6:1b:67:56:07:
         bc:cf:ce:4a:27:60:ed:49:79:87:5c:a9:8e:e5:e4:da:2a:74:
         55:37:f4:b5:37:7d:23:9b:c9:a0:71:8f:11:bf:dc:82:a6:b4:
         91:1c:04:42:3f:8e:21:e2:c8:8b:09:92:eb:f3:08:54:32:51:
         97:fb:07:2f:c4:25:49:d7:ed:fa:ce:5f:a0:a2:b9:c9:15:95:
         2a:e0:ba:4e:eb:36:e5:e3:79:2f:63:3f:37:69:99:22:a1:14:
         f2:65:97:68:01:89:87:96:7e:02:fb:b5:c4:c1:e6:f2:4a:92:
         ee:58:93:56:7f:b1:58:2f:f5:80:ec:8c:76:32:e7:37:15:de:
         b0:77:3d:b5:5f:c3:bf:68:25:28:85:d0:c2:22:6b:7c:2a:b3:
         64:d3:8f:10:3e:cb:73:2e:9e:68:d1:ff:5a:b4:94:c2:79:ed:
         84:34:d3:78:d0:45:5c:30:34:5a:9e:26:15:a2:d2:67:70:10:
         3f:b4:fe:82:09:ba:74:ec:b7:97:21:ad:0b:f6:79:2f:e1:05:
         d1:f8:24:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WQauvpUys+OCDoQTtV3nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjYwMTAxMDIxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGYxZjFiY2VjMTM0YzRmYTg4NTU5NTYzNGI5MzM3NzY5ZmIzZTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSL3hh5JulvolqsGtAN3NDcpzFuP
F8wXnK/GdAs7NhIvYYEcdtAhvBhiK93/ARg91wTCYAXZwm/dEwzXWHtYAgqpr5DI
MRNS4yJyRcD4LrWpZ+rqnyKW/scQZ5V/6efmG8umidIAM3uTYKNmgy067bhN0tmw
2LP8jDmLM6wH5wskTfI3Bg8xMyRgHoZlLlZtgWie7Z0NVbyiyOqOwADj7FGx93Bk
tH7u5vj6vPCGjQgs61GTxAtcCAOJNO23eIxh9A90HzveXBMPCQUDWJ623/jizzkG
YhITJXRMNyFQsyXRhC+GHaoGNKw7x+Fxc5w99WstCpOweMm2m0vDlrWO2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJjx8bzsE0xPqIVZVjS5M3dp+z5rMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvbVBIeHZPd1RURS1vaFZsV05Ma3pkMm43UG1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVco6MA0G
CSqGSIb3DQEBCwUAA4IBAQBJr3Is2tsgREBtWDrigh3/oU6TBMBBEKgnWjCNwM6Q
jeywVjnAxEUF1GeRqOIQaaRUxhtnVge8z85KJ2DtSXmHXKmO5eTaKnRVN/S1N30j
m8mgcY8Rv9yCprSRHARCP44h4siLCZLr8whUMlGX+wcvxCVJ1+36zl+gornJFZUq
4LpO6zbl43kvYz83aZkioRTyZZdoAYmHln4C+7XEwebySpLuWJNWf7FYL/WA7Ix2
Muc3Fd6wdz21X8O/aCUohdDCImt8KrNk048QPstzLp5o0f9atJTCee2ENNN40EVc
MDRaniYVotJncBA/tP6CCbp07LeXIa0L9nkv4QXR+CSv
-----END CERTIFICATE-----