This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/MhSY36OZkDXTKKOaDPZo_gxxyys.roa
File:                     MhSY36OZkDXTKKOaDPZo_gxxyys.roa (raw, json)
Hash identifier:          2VWhIerfpwbk0gwrISpBPr4SWZ289fTqKRc3I0+Rsfg=
Subject key identifier:   32:14:98:DF:A3:99:90:35:D3:28:A3:9A:0C:F6:68:FE:0C:71:CB:2B
Certificate issuer:       /CN=380099a81b346f9abcaf26056f5b77094d1cf113
Certificate serial:       019B7E39319C4CAD26E3D0F686819228E6BC
Authority key identifier: 38:00:99:A8:1B:34:6F:9A:BC:AF:26:05:6F:5B:77:09:4D:1C:F1:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OACZqBs0b5q8ryYFb1t3CU0c8RM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/MhSY36OZkDXTKKOaDPZo_gxxyys.roa
Signing time:             Fri 02 Jan 2026 10:20:35 +0000
ROA not before:           Fri 02 Jan 2026 10:20:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60484
IP address blocks:        185.159.172.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/OACZqBs0b5q8ryYFb1t3CU0c8RM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/OACZqBs0b5q8ryYFb1t3CU0c8RM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OACZqBs0b5q8ryYFb1t3CU0c8RM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:31:9c:4c:ad:26:e3:d0:f6:86:81:92:28:e6:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=380099a81b346f9abcaf26056f5b77094d1cf113
        Validity
            Not Before: Jan  2 10:20:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=321498dfa3999035d328a39a0cf668fe0c71cb2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:28:45:d3:f9:f2:fc:1a:18:d6:5c:91:73:48:
                    06:c5:54:28:dc:89:4d:fb:51:cf:15:24:19:3c:f9:
                    e8:32:39:39:62:1f:b6:c1:27:22:2a:33:f3:76:a1:
                    90:dc:a6:a6:24:27:2b:17:9c:0f:71:a4:83:ec:76:
                    23:97:d8:4a:85:27:f1:8a:b4:e3:44:87:a3:d1:c8:
                    be:46:ab:25:1b:4c:1e:74:8e:37:df:45:40:43:e5:
                    9a:1a:94:9d:84:84:20:de:02:e2:d9:4d:af:c4:4d:
                    a1:54:3b:83:69:e4:9f:60:21:b6:60:3e:fa:10:6f:
                    2b:6a:70:6f:d5:7e:2e:3b:5c:73:aa:14:88:73:49:
                    12:21:30:c8:92:53:9a:7b:4d:97:48:d5:94:b0:eb:
                    39:0c:21:57:a1:77:39:cb:18:9c:66:9c:6f:ab:7e:
                    80:27:51:19:71:b7:83:c1:7a:be:35:81:02:bb:a9:
                    d1:90:5b:25:2f:43:16:06:b5:0e:05:5d:a4:14:9f:
                    9a:01:27:57:08:c0:c4:05:f7:b6:03:0b:98:7b:82:
                    b9:17:7b:d3:0b:81:5b:85:63:bf:07:9d:41:17:36:
                    e8:5e:44:6e:67:43:4c:9d:11:6d:55:05:87:01:7f:
                    72:5d:85:0c:7c:5d:1e:e4:6c:d5:33:3e:ee:29:e8:
                    23:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:14:98:DF:A3:99:90:35:D3:28:A3:9A:0C:F6:68:FE:0C:71:CB:2B
            X509v3 Authority Key Identifier:
                keyid:38:00:99:A8:1B:34:6F:9A:BC:AF:26:05:6F:5B:77:09:4D:1C:F1:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OACZqBs0b5q8ryYFb1t3CU0c8RM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/MhSY36OZkDXTKKOaDPZo_gxxyys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/8e501d-c088-4895-aee3-450fe33595d1/1/OACZqBs0b5q8ryYFb1t3CU0c8RM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:44:d0:2f:7e:f8:62:0f:7c:30:31:2b:16:b7:a5:b5:71:82:
         ad:57:b2:b3:cf:35:fc:36:22:b5:3d:a1:40:97:35:ec:5e:17:
         7c:09:6f:49:65:91:f1:58:21:84:7e:14:ba:ec:8d:d1:da:c4:
         51:20:cd:c4:54:51:35:4f:18:f0:50:04:d2:b0:ac:71:fa:4b:
         e2:a6:6f:1d:9b:1f:80:33:c1:22:8d:fc:23:f1:39:2e:f3:02:
         b9:9a:48:e2:d6:13:e7:1c:17:42:9a:28:86:16:b5:92:5e:c2:
         10:25:cb:f8:a8:ff:69:ef:7f:39:27:68:00:5b:97:b4:7b:19:
         18:8f:98:3a:de:f0:02:5f:74:84:be:a9:a1:44:f5:80:ae:f3:
         2b:8c:5f:70:af:8d:ff:98:4d:88:84:f3:ca:e6:0b:76:b5:b1:
         09:c8:c1:d2:94:49:3c:36:ae:3a:86:88:0f:14:fb:e8:51:dc:
         52:61:93:53:82:08:62:10:a1:c4:7e:54:bc:65:e4:cd:ac:a8:
         e0:7b:95:92:48:60:dd:ad:49:a4:ee:f8:51:74:d9:0a:53:f6:
         97:9d:5c:4d:43:82:10:c5:ba:bc:db:5e:ef:b0:57:d5:6b:27:
         20:e2:2d:7e:1f:73:90:39:54:01:ad:14:25:01:62:4e:77:d7:
         21:0d:c6:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OTGcTK0m49D2hoGSKOa8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MDA5OWE4MWIzNDZmOWFiY2FmMjYwNTZmNWI3NzA5NGQx
Y2YxMTMwHhcNMjYwMTAyMTAyMDM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjE0OThkZmEzOTk5MDM1ZDMyOGEzOWEwY2Y2NjhmZTBjNzFjYjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsShF0/ny/BoY1lyRc0gGxVQo3IlN
+1HPFSQZPPnoMjk5Yh+2wSciKjPzdqGQ3KamJCcrF5wPcaSD7HYjl9hKhSfxirTj
RIej0ci+RqslG0wedI4330VAQ+WaGpSdhIQg3gLi2U2vxE2hVDuDaeSfYCG2YD76
EG8ranBv1X4uO1xzqhSIc0kSITDIklOae02XSNWUsOs5DCFXoXc5yxicZpxvq36A
J1EZcbeDwXq+NYECu6nRkFslL0MWBrUOBV2kFJ+aASdXCMDEBfe2AwuYe4K5F3vT
C4FbhWO/B51BFzboXkRuZ0NMnRFtVQWHAX9yXYUMfF0e5GzVMz7uKegjvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIUmN+jmZA10yijmgz2aP4MccsrMB8GA1UdIwQY
MBaAFDgAmagbNG+avK8mBW9bdwlNHPETMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0FDWnFCczBiNXE4cnlZRmIxdDNDVTBjOFJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My84ZTUwMWQtYzA4OC00ODk1LWFlZTMt
NDUwZmUzMzU5NWQxLzEvTWhTWTM2T1prRFhUS0tPYURQWm9fZ3h4eXlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My84ZTUwMWQtYzA4OC00ODk1LWFlZTMtNDUwZmUzMzU5NWQx
LzEvT0FDWnFCczBiNXE4cnlZRmIxdDNDVTBjOFJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ+sMA0G
CSqGSIb3DQEBCwUAA4IBAQB/RNAvfvhiD3wwMSsWt6W1cYKtV7KzzzX8NiK1PaFA
lzXsXhd8CW9JZZHxWCGEfhS67I3R2sRRIM3EVFE1TxjwUATSsKxx+kvipm8dmx+A
M8Eijfwj8Tku8wK5mkji1hPnHBdCmiiGFrWSXsIQJcv4qP9p7385J2gAW5e0exkY
j5g63vACX3SEvqmhRPWArvMrjF9wr43/mE2IhPPK5gt2tbEJyMHSlEk8Nq46hogP
FPvoUdxSYZNTgghiEKHEflS8ZeTNrKjge5WSSGDdrUmk7vhRdNkKU/aXnVxNQ4IQ
xbq8217vsFfVaycg4i1+H3OQOVQBrRQlAWJOd9chDcYJ
-----END CERTIFICATE-----