This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/Mdbc7JKGBe-JSvKB28h6Q_ApLiU.roa
File:                     Mdbc7JKGBe-JSvKB28h6Q_ApLiU.roa (raw, json)
Hash identifier:          ixbEaYXOURIbpbdcksYTq3QhDvoC08h0/HFaZkHONBA=
Subject key identifier:   31:D6:DC:EC:92:86:05:EF:89:4A:F2:81:DB:C8:7A:43:F0:29:2E:25
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       019B7910E8868B6D441818AFB19B2A46C45E
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/Mdbc7JKGBe-JSvKB28h6Q_ApLiU.roa
Signing time:             Thu 01 Jan 2026 10:18:29 +0000
ROA not before:           Thu 01 Jan 2026 10:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34820
IP address blocks:        185.225.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:e8:86:8b:6d:44:18:18:af:b1:9b:2a:46:c4:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  1 10:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31d6dcec928605ef894af281dbc87a43f0292e25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:37:02:6f:fe:39:4d:82:3a:a4:13:b6:2c:25:
                    dc:8f:29:c4:42:d1:7f:95:d6:62:e7:7b:98:a6:af:
                    4b:6a:2f:40:44:f8:e3:f9:e5:63:35:53:91:3e:b4:
                    f5:b8:27:4f:89:18:8b:68:61:6a:f6:bd:96:9f:60:
                    70:a6:89:53:f8:e3:67:87:57:14:55:5e:b4:da:87:
                    c3:c7:b6:71:a8:0e:da:97:36:99:80:22:b9:32:13:
                    d2:61:40:0e:be:30:d0:41:05:93:2a:98:12:83:23:
                    93:d2:30:ca:c2:d3:86:b5:0f:75:62:65:fc:01:62:
                    c2:56:c1:0e:13:fd:d2:b3:67:e0:c4:c5:6a:27:ca:
                    15:c1:41:2f:ab:a0:96:49:f8:4b:11:8b:e5:a8:f4:
                    06:7c:ef:4a:72:76:02:85:1c:87:c8:5e:3a:5e:1f:
                    87:ee:f9:8b:57:43:38:f0:e3:fd:4a:c4:52:a2:06:
                    1d:9a:24:75:b7:d4:02:ba:80:79:74:5d:3d:d7:cf:
                    82:73:1d:d7:da:38:7c:a2:93:6b:6c:90:3b:0f:03:
                    2c:f2:9f:32:e6:cb:77:c1:85:b0:a4:f1:1b:50:9f:
                    2d:03:69:f9:c9:12:b0:98:0d:e8:6e:2a:da:f4:99:
                    0b:b0:a4:54:6a:6c:98:7f:cb:10:26:04:b8:15:23:
                    20:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:D6:DC:EC:92:86:05:EF:89:4A:F2:81:DB:C8:7A:43:F0:29:2E:25
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/Mdbc7JKGBe-JSvKB28h6Q_ApLiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:8e:d6:40:79:49:e2:e5:4d:80:da:f7:16:84:44:3c:bd:e3:
         2b:a6:53:50:df:c0:48:b5:fb:89:fc:c6:05:f0:23:7c:d2:62:
         3a:b6:b8:52:67:5c:db:a1:de:78:bb:99:09:42:a5:f8:32:a1:
         01:73:fb:c7:ad:26:e7:5f:6e:20:b1:cd:bf:18:53:b3:09:f8:
         a4:10:aa:7a:30:79:9a:e5:4b:00:9b:db:c8:1f:d4:4a:65:d2:
         f7:90:2a:2c:9e:07:8b:03:1a:de:cf:10:8d:cc:ea:87:93:40:
         f1:5a:a5:b0:84:44:da:23:47:a1:26:18:a6:ba:7f:d5:a0:92:
         ba:dc:42:2e:fa:dd:0c:eb:c1:cb:c6:cf:f5:d2:c6:a6:c3:0d:
         54:2e:95:94:b8:a0:a4:7e:db:6f:ed:17:2e:9e:72:80:a6:41:
         51:a5:47:70:9d:c7:5b:65:3a:80:fc:9f:91:80:39:91:7e:a6:
         1d:82:d6:c7:0c:0d:c7:a1:37:b6:43:12:e6:59:43:69:93:cb:
         1c:84:93:d2:42:ed:51:97:02:9b:4e:e5:00:8b:c7:5b:2b:25:
         83:7d:a1:11:c8:2c:fe:89:39:f3:bd:11:86:09:0d:26:3c:d3:
         c2:88:fe:08:94:89:a3:94:da:88:d8:34:b1:3d:11:76:89:b4:
         51:a4:e7:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EOiGi21EGBivsZsqRsReMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjYwMTAxMTAxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWQ2ZGNlYzkyODYwNWVmODk0YWYyODFkYmM4N2E0M2YwMjkyZTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszcCb/45TYI6pBO2LCXcjynEQtF/
ldZi53uYpq9Lai9ARPjj+eVjNVORPrT1uCdPiRiLaGFq9r2Wn2BwpolT+ONnh1cU
VV602ofDx7ZxqA7alzaZgCK5MhPSYUAOvjDQQQWTKpgSgyOT0jDKwtOGtQ91YmX8
AWLCVsEOE/3Ss2fgxMVqJ8oVwUEvq6CWSfhLEYvlqPQGfO9KcnYChRyHyF46Xh+H
7vmLV0M48OP9SsRSogYdmiR1t9QCuoB5dF0918+Ccx3X2jh8opNrbJA7DwMs8p8y
5st3wYWwpPEbUJ8tA2n5yRKwmA3obira9JkLsKRUamyYf8sQJgS4FSMgfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHW3OyShgXviUrygdvIekPwKS4lMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvTWRiYzdKS0dCZS1KU3ZLQjI4aDZRX0FwTGlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueHMMA0G
CSqGSIb3DQEBCwUAA4IBAQC2jtZAeUni5U2A2vcWhEQ8veMrplNQ38BItfuJ/MYF
8CN80mI6trhSZ1zbod54u5kJQqX4MqEBc/vHrSbnX24gsc2/GFOzCfikEKp6MHma
5UsAm9vIH9RKZdL3kCosngeLAxrezxCNzOqHk0DxWqWwhETaI0ehJhimun/VoJK6
3EIu+t0M68HLxs/10samww1ULpWUuKCkfttv7RcunnKApkFRpUdwncdbZTqA/J+R
gDmRfqYdgtbHDA3HoTe2QxLmWUNpk8schJPSQu1RlwKbTuUAi8dbKyWDfaERyCz+
iTnzvRGGCQ0mPNPCiP4IlImjlNqI2DSxPRF2ibRRpOc7
-----END CERTIFICATE-----