This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/mkkeIkmpgsHVwgIO-BzD6tt_VFk.roa
File:                     mkkeIkmpgsHVwgIO-BzD6tt_VFk.roa (raw, json)
Hash identifier:          wKH2cRvdhLEDfg/DfIq6FBP+QnbTpHIK2hYRWA+TliE=
Subject key identifier:   9A:49:1E:22:49:A9:82:C1:D5:C2:02:0E:F8:1C:C3:EA:DB:7F:54:59
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019B77C794A8DA8B41C3AD962C76C3C483EB
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/mkkeIkmpgsHVwgIO-BzD6tt_VFk.roa
Signing time:             Thu 01 Jan 2026 04:18:46 +0000
ROA not before:           Thu 01 Jan 2026 04:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209296
IP address blocks:        88.220.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:94:a8:da:8b:41:c3:ad:96:2c:76:c3:c4:83:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 04:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9a491e2249a982c1d5c2020ef81cc3eadb7f5459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:41:64:5e:c1:fa:5b:98:cf:a9:59:44:02:34:
                    36:b6:9b:9b:1e:d9:57:69:dc:86:e7:5c:71:66:7d:
                    68:8c:91:1b:ac:62:94:ab:43:b4:6c:a2:6b:4f:50:
                    fd:92:82:4d:38:fd:a6:14:de:48:86:bd:63:54:a5:
                    d6:8b:82:6f:f0:72:6c:68:0c:29:da:f7:63:59:f3:
                    95:39:c0:3e:bb:8d:23:94:87:f9:7f:72:86:ec:a8:
                    6b:85:41:da:66:59:2e:2c:13:11:e8:ce:fb:82:44:
                    d8:63:c9:c3:98:b2:db:44:17:43:06:62:be:4e:ce:
                    53:ed:6b:5e:36:5e:3a:84:1b:ee:48:77:70:39:37:
                    fe:67:af:95:c5:fc:45:43:25:f9:8f:82:02:3e:50:
                    92:40:fc:85:1f:67:83:1c:fa:9b:a4:5f:7c:9d:88:
                    fe:83:b9:4d:91:16:1f:56:12:d2:17:e9:95:ab:57:
                    b3:f3:08:d0:6b:36:c0:f5:08:fe:3e:09:54:f8:d3:
                    ca:61:35:64:83:e8:04:ed:67:61:85:49:f2:96:92:
                    60:f7:1f:3a:74:e2:68:97:3f:fd:6a:88:5b:e5:72:
                    2b:d3:80:e0:ec:9d:40:86:4d:83:b2:dc:f9:82:1a:
                    cf:29:1c:2f:84:13:95:56:da:d3:e2:f5:19:a2:40:
                    ad:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:49:1E:22:49:A9:82:C1:D5:C2:02:0E:F8:1C:C3:EA:DB:7F:54:59
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/mkkeIkmpgsHVwgIO-BzD6tt_VFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.220.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:ff:9b:86:57:8e:a4:e9:6b:d9:c1:e3:29:a7:72:82:7c:10:
         e8:63:26:f1:85:a6:c5:84:e8:2e:6b:63:ab:3a:60:0d:4f:9d:
         a7:c2:a6:83:7b:91:34:97:d2:b8:1c:b4:d2:40:f5:ce:b3:47:
         e4:e0:fa:17:80:9a:5e:a0:0c:35:60:91:7a:2a:5b:08:a8:42:
         07:8b:3d:b5:5c:31:5a:ea:c3:59:80:9e:12:90:ba:16:5f:0c:
         1f:78:fa:4a:7c:d2:1a:46:f2:46:fc:e1:92:b8:dc:46:84:18:
         db:28:90:30:f8:f1:98:9a:71:c0:7f:c7:9f:69:58:9e:9a:8e:
         ce:0f:e1:07:97:e9:c2:59:33:dd:ae:d8:5b:83:fe:1e:e2:a2:
         73:39:b5:4f:2b:2d:ba:7a:89:83:b6:ab:70:6b:6b:f7:dc:0b:
         36:8e:96:44:e9:da:c7:61:ab:07:ee:d7:e9:86:7c:b3:db:ce:
         9b:45:60:22:41:89:23:bd:c8:bf:4d:97:60:2e:ca:1a:e7:0a:
         d4:09:92:9c:21:1d:b4:1c:37:cc:e5:e8:ad:46:0b:ab:7b:80:
         81:a1:34:f0:54:0d:ce:e7:6b:9d:b3:23:84:3f:cc:40:04:b1:
         ce:f7:ec:63:64:81:46:5f:df:88:50:72:fe:74:47:b4:80:fb:
         66:d5:e3:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x5So2otBw62WLHbDxIPrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjYwMTAxMDQxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTQ5MWUyMjQ5YTk4MmMxZDVjMjAyMGVmODFjYzNlYWRiN2Y1NDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA20FkXsH6W5jPqVlEAjQ2tpubHtlX
adyG51xxZn1ojJEbrGKUq0O0bKJrT1D9koJNOP2mFN5Ihr1jVKXWi4Jv8HJsaAwp
2vdjWfOVOcA+u40jlIf5f3KG7KhrhUHaZlkuLBMR6M77gkTYY8nDmLLbRBdDBmK+
Ts5T7WteNl46hBvuSHdwOTf+Z6+VxfxFQyX5j4ICPlCSQPyFH2eDHPqbpF98nYj+
g7lNkRYfVhLSF+mVq1ez8wjQazbA9Qj+PglU+NPKYTVkg+gE7WdhhUnylpJg9x86
dOJolz/9aohb5XIr04Dg7J1Ahk2Dstz5ghrPKRwvhBOVVtrT4vUZokCtawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJpJHiJJqYLB1cICDvgcw+rbf1RZMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvbWtrZUlrbXBnc0hWd2dJTy1CekQ2dHRfVkZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNwzMA0G
CSqGSIb3DQEBCwUAA4IBAQAo/5uGV46k6WvZweMpp3KCfBDoYybxhabFhOgua2Or
OmANT52nwqaDe5E0l9K4HLTSQPXOs0fk4PoXgJpeoAw1YJF6KlsIqEIHiz21XDFa
6sNZgJ4SkLoWXwwfePpKfNIaRvJG/OGSuNxGhBjbKJAw+PGYmnHAf8efaViemo7O
D+EHl+nCWTPdrthbg/4e4qJzObVPKy26eomDtqtwa2v33As2jpZE6drHYasH7tfp
hnyz286bRWAiQYkjvci/TZdgLsoa5wrUCZKcIR20HDfM5eitRgure4CBoTTwVA3O
52udsyOEP8xABLHO9+xjZIFGX9+IUHL+dEe0gPtm1ePr
-----END CERTIFICATE-----