This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/mnu45cOdH_oYu-eYZDsdxN785yg.roa
File:                     mnu45cOdH_oYu-eYZDsdxN785yg.roa (raw, json)
Hash identifier:          vGHiq81ncPZWavu1P1kTiadrspyqXmbuGJSWGojEiVM=
Subject key identifier:   9A:7B:B8:E5:C3:9D:1F:FA:18:BB:E7:98:64:3B:1D:C4:DE:FC:E7:28
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019B77C797D3DA1E7880D21F895ACEAF5189
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/mnu45cOdH_oYu-eYZDsdxN785yg.roa
Signing time:             Thu 01 Jan 2026 04:18:47 +0000
ROA not before:           Thu 01 Jan 2026 04:18:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213521
IP address blocks:        88.220.168.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:97:d3:da:1e:78:80:d2:1f:89:5a:ce:af:51:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 04:18:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9a7bb8e5c39d1ffa18bbe798643b1dc4defce728
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ed:14:4a:d8:0a:23:67:5f:1c:7a:bd:c3:4b:
                    65:44:9b:6a:0d:dc:8c:b6:cf:b9:d6:1f:08:95:f8:
                    48:ed:c0:71:8e:0a:d5:9b:24:84:cd:33:91:72:88:
                    66:d0:d6:c0:c7:2f:6b:8f:02:a6:e7:63:a0:be:77:
                    31:a6:ec:a3:4f:5d:d4:d2:4b:fa:56:6a:f8:2f:5d:
                    84:a2:de:9b:e0:08:21:2e:ab:3b:4e:11:ca:81:68:
                    92:c1:65:fc:60:30:ea:c3:bb:6c:37:ee:d8:84:62:
                    dd:14:29:d9:59:f9:75:dd:ec:dc:94:c0:be:92:61:
                    ed:25:ae:76:b0:9a:31:1d:25:4d:0b:38:0a:1e:d4:
                    67:5f:7c:34:d0:c4:23:20:06:d2:7a:17:66:d9:fa:
                    90:42:bf:3f:04:d2:31:7a:15:9b:0e:ee:bb:1d:65:
                    48:e7:29:e6:63:87:df:0e:e7:e7:55:8a:c9:c7:89:
                    11:3d:ca:8d:d4:01:d7:2a:76:d1:c5:34:8c:34:86:
                    dc:b9:45:41:9f:71:09:7a:de:f1:70:ed:49:fc:a0:
                    6e:98:d4:a6:a9:25:74:79:6b:58:7b:74:0f:76:8d:
                    82:e3:3d:69:f1:65:81:a1:5b:a0:29:6e:09:49:f4:
                    4a:73:b1:23:7d:5d:f2:97:39:5b:4a:01:bf:74:74:
                    9a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:7B:B8:E5:C3:9D:1F:FA:18:BB:E7:98:64:3B:1D:C4:DE:FC:E7:28
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/mnu45cOdH_oYu-eYZDsdxN785yg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.220.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:f3:81:66:bf:8d:c5:60:c0:98:b8:bf:5a:3a:d7:cb:49:b7:
         0f:89:1a:07:1d:d7:0a:9f:d0:25:9a:f7:82:6a:09:d9:85:29:
         a6:04:1a:de:ba:6f:f4:a3:50:ef:eb:e4:be:31:24:74:0a:38:
         0a:4b:66:7f:9b:0d:4d:6e:99:2b:2e:ba:54:16:fe:e5:5e:35:
         bf:de:25:be:68:be:1c:4e:ea:a4:e0:06:e7:2b:3b:90:1b:fd:
         6a:13:61:7c:39:80:48:b8:e3:5f:10:41:3e:71:47:06:42:ee:
         20:66:a3:c8:9e:e6:dd:ac:aa:3a:d8:08:41:1f:5f:27:05:eb:
         53:3f:13:a3:8e:49:b0:bc:94:19:2b:bb:91:d2:58:5d:39:a5:
         c9:d6:12:93:6f:72:d8:13:d7:63:58:56:7e:14:be:83:4c:c2:
         3b:8b:27:09:7b:51:27:e5:58:50:13:b0:96:ad:be:00:2f:8d:
         06:f7:a6:45:43:7c:db:0c:5c:20:70:e1:1b:b7:6d:f2:80:37:
         ad:fe:1d:e7:b2:09:12:35:92:0d:fc:b7:7d:0f:35:41:f1:a9:
         79:65:21:4f:c2:48:f3:e2:7c:da:2e:31:a4:39:6c:3f:b0:b5:
         37:6b:a0:87:97:93:c4:c8:38:74:5b:55:22:ce:c5:f6:97:c9:
         60:16:ee:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x5fT2h54gNIfiVrOr1GJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjYwMTAxMDQxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTdiYjhlNWMzOWQxZmZhMThiYmU3OTg2NDNiMWRjNGRlZmNlNzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzO0UStgKI2dfHHq9w0tlRJtqDdyM
ts+51h8IlfhI7cBxjgrVmySEzTORcohm0NbAxy9rjwKm52OgvncxpuyjT13U0kv6
Vmr4L12Eot6b4AghLqs7ThHKgWiSwWX8YDDqw7tsN+7YhGLdFCnZWfl13ezclMC+
kmHtJa52sJoxHSVNCzgKHtRnX3w00MQjIAbSehdm2fqQQr8/BNIxehWbDu67HWVI
5ynmY4ffDufnVYrJx4kRPcqN1AHXKnbRxTSMNIbcuUVBn3EJet7xcO1J/KBumNSm
qSV0eWtYe3QPdo2C4z1p8WWBoVugKW4JSfRKc7EjfV3ylzlbSgG/dHSahwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJp7uOXDnR/6GLvnmGQ7HcTe/OcoMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvbW51NDVjT2RIX29ZdS1lWVpEc2R4Tjc4NXlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWNyoMA0G
CSqGSIb3DQEBCwUAA4IBAQCZ84Fmv43FYMCYuL9aOtfLSbcPiRoHHdcKn9AlmveC
agnZhSmmBBreum/0o1Dv6+S+MSR0CjgKS2Z/mw1NbpkrLrpUFv7lXjW/3iW+aL4c
Tuqk4AbnKzuQG/1qE2F8OYBIuONfEEE+cUcGQu4gZqPInubdrKo62AhBH18nBetT
PxOjjkmwvJQZK7uR0lhdOaXJ1hKTb3LYE9djWFZ+FL6DTMI7iycJe1En5VhQE7CW
rb4AL40G96ZFQ3zbDFwgcOEbt23ygDet/h3nsgkSNZIN/Ld9DzVB8al5ZSFPwkjz
4nzaLjGkOWw/sLU3a6CHl5PEyDh0W1UizsX2l8lgFu54
-----END CERTIFICATE-----