This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/d808c5-4064-4e8c-8766-49fa58fedff3/1/Cms4_2kxSzeRcRSIA9wB43-LvT4.roa
File:                     Cms4_2kxSzeRcRSIA9wB43-LvT4.roa (raw, json)
Hash identifier:          NlxgHVdUZqUs6S+kYTnLVRbbSz1aQACOBdzclkEtqQE=
Subject key identifier:   0A:6B:38:FF:69:31:4B:37:91:71:14:88:03:DC:01:E3:7F:8B:BD:3E
Certificate issuer:       /CN=8390e1042badd88e96e639eaa0ad023287ea507f
Certificate serial:       019B7C1322D140644DD7EDA566E1A80783F3
Authority key identifier: 83:90:E1:04:2B:AD:D8:8E:96:E6:39:EA:A0:AD:02:32:87:EA:50:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g5DhBCut2I6W5jnqoK0CMofqUH8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/d808c5-4064-4e8c-8766-49fa58fedff3/1/Cms4_2kxSzeRcRSIA9wB43-LvT4.roa
Signing time:             Fri 02 Jan 2026 00:19:47 +0000
ROA not before:           Fri 02 Jan 2026 00:19:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31027
IP address blocks:        185.163.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/d808c5-4064-4e8c-8766-49fa58fedff3/1/g5DhBCut2I6W5jnqoK0CMofqUH8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/d808c5-4064-4e8c-8766-49fa58fedff3/1/g5DhBCut2I6W5jnqoK0CMofqUH8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g5DhBCut2I6W5jnqoK0CMofqUH8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 15:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:22:d1:40:64:4d:d7:ed:a5:66:e1:a8:07:83:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8390e1042badd88e96e639eaa0ad023287ea507f
        Validity
            Not Before: Jan  2 00:19:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a6b38ff69314b379171148803dc01e37f8bbd3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:fb:c2:dc:8a:8e:33:4c:c3:a5:3b:b9:92:7b:
                    eb:cd:c0:7b:32:9d:fc:31:c2:98:69:ed:3c:95:f2:
                    4e:a3:9e:25:c4:9d:c6:d3:7d:a2:6a:00:89:7e:f0:
                    28:4d:c1:d3:ff:53:3a:a3:fc:e0:3b:81:70:46:ef:
                    65:95:08:a2:7c:ec:a5:57:0c:3d:b9:22:ab:b8:f6:
                    5b:87:19:61:24:d5:3c:5b:31:b6:9a:36:8c:df:7d:
                    5d:2f:19:e7:6f:b1:21:95:cc:3e:48:0d:87:94:35:
                    d0:b0:05:90:53:ff:7c:17:9f:29:f9:e5:67:5d:a9:
                    de:da:11:91:a6:fe:83:2a:fd:7d:7a:d8:14:9e:e7:
                    95:32:4d:9f:e5:54:48:e4:5c:67:fe:c4:c5:2b:77:
                    98:d7:88:b1:ce:09:ee:60:03:76:66:6d:d3:7a:35:
                    27:9e:59:61:a7:6f:3f:d1:22:04:32:35:e7:84:ab:
                    e9:3b:48:98:c0:75:3f:5a:77:7e:85:2d:54:57:a5:
                    e2:14:ce:c3:46:c9:b8:b6:3d:61:d2:a5:3e:9b:0f:
                    3d:7e:69:8c:30:be:72:0d:5a:fc:09:7f:cf:6a:bb:
                    20:60:e2:1d:9e:dd:41:b2:d1:62:35:94:bc:aa:67:
                    b0:73:f5:0f:98:df:64:27:b4:5a:ef:14:4b:07:db:
                    76:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:6B:38:FF:69:31:4B:37:91:71:14:88:03:DC:01:E3:7F:8B:BD:3E
            X509v3 Authority Key Identifier:
                keyid:83:90:E1:04:2B:AD:D8:8E:96:E6:39:EA:A0:AD:02:32:87:EA:50:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g5DhBCut2I6W5jnqoK0CMofqUH8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/d808c5-4064-4e8c-8766-49fa58fedff3/1/Cms4_2kxSzeRcRSIA9wB43-LvT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/d808c5-4064-4e8c-8766-49fa58fedff3/1/g5DhBCut2I6W5jnqoK0CMofqUH8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.163.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:ed:b5:e1:3c:16:c9:34:8e:03:c2:5b:6f:87:31:5e:79:ef:
         87:4b:dd:dd:d9:9c:00:b5:c4:4e:a3:1d:a2:1f:44:2f:97:ff:
         71:e8:78:3f:2e:98:e5:cf:12:b2:0f:cc:63:8f:cf:21:d1:73:
         10:ec:96:5c:14:7a:7c:e1:bf:40:6b:97:bf:f0:bc:b5:dd:21:
         04:c9:f4:f6:c4:c1:33:04:37:99:4f:49:85:b1:4f:5c:f8:52:
         6a:ea:b0:70:75:9b:59:0a:46:ef:5b:51:6e:ce:0f:ed:36:bd:
         c2:70:2e:7c:b7:99:65:27:9b:5a:99:89:7f:3b:5a:0e:7a:53:
         e7:cc:21:00:2e:2a:53:8a:0c:20:83:b0:46:cd:53:b5:68:d0:
         58:ef:5f:ce:23:d4:10:d4:01:a7:56:50:5f:26:ab:33:c9:2b:
         8c:63:56:2c:5e:b8:8d:e5:6e:86:8d:a8:c2:6c:20:47:58:df:
         c9:b9:f1:3c:7c:46:61:42:67:c6:73:f6:3b:0f:45:cf:f4:93:
         22:be:f1:25:96:cb:1f:43:b8:49:59:91:d0:11:19:33:6d:3a:
         89:2d:27:26:dd:84:73:fe:f5:a8:c4:46:8f:f3:5d:fe:1c:5b:
         c1:6d:23:ef:94:dd:cb:99:77:03:95:bc:df:39:67:0b:8f:67:
         9d:e4:35:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EyLRQGRN1+2lZuGoB4PzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzOTBlMTA0MmJhZGQ4OGU5NmU2MzllYWEwYWQwMjMyODdl
YTUwN2YwHhcNMjYwMTAyMDAxOTQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTZiMzhmZjY5MzE0YjM3OTE3MTE0ODgwM2RjMDFlMzdmOGJiZDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPvC3IqOM0zDpTu5knvrzcB7Mp38
McKYae08lfJOo54lxJ3G032iagCJfvAoTcHT/1M6o/zgO4FwRu9llQiifOylVww9
uSKruPZbhxlhJNU8WzG2mjaM331dLxnnb7Ehlcw+SA2HlDXQsAWQU/98F58p+eVn
Xane2hGRpv6DKv19etgUnueVMk2f5VRI5Fxn/sTFK3eY14ixzgnuYAN2Zm3TejUn
nllhp28/0SIEMjXnhKvpO0iYwHU/Wnd+hS1UV6XiFM7DRsm4tj1h0qU+mw89fmmM
ML5yDVr8CX/ParsgYOIdnt1BstFiNZS8qmewc/UPmN9kJ7Ra7xRLB9t2FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAprOP9pMUs3kXEUiAPcAeN/i70+MB8GA1UdIwQY
MBaAFIOQ4QQrrdiOluY56qCtAjKH6lB/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzVEaEJDdXQySTZXNWpucW9LMENNb2ZxVUg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9kODA4YzUtNDA2NC00ZThjLTg3NjYt
NDlmYTU4ZmVkZmYzLzEvQ21zNF8ya3hTemVSY1JTSUE5d0I0My1MdlQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9kODA4YzUtNDA2NC00ZThjLTg3NjYtNDlmYTU4ZmVkZmYz
LzEvZzVEaEJDdXQySTZXNWpucW9LMENNb2ZxVUg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaPEMA0G
CSqGSIb3DQEBCwUAA4IBAQAp7bXhPBbJNI4DwltvhzFeee+HS93d2ZwAtcROox2i
H0Qvl/9x6Hg/LpjlzxKyD8xjj88h0XMQ7JZcFHp84b9Aa5e/8Ly13SEEyfT2xMEz
BDeZT0mFsU9c+FJq6rBwdZtZCkbvW1Fuzg/tNr3CcC58t5llJ5tamYl/O1oOelPn
zCEALipTigwgg7BGzVO1aNBY71/OI9QQ1AGnVlBfJqszySuMY1YsXriN5W6GjajC
bCBHWN/JufE8fEZhQmfGc/Y7D0XP9JMivvEllssfQ7hJWZHQERkzbTqJLScm3YRz
/vWoxEaP813+HFvBbSPvlN3LmXcDlbzfOWcLj2ed5DVH
-----END CERTIFICATE-----