This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/Ab10LIDLRTF0PMThWTZR2XKCPUo.roa
File:                     Ab10LIDLRTF0PMThWTZR2XKCPUo.roa (raw, json)
Hash identifier:          gOUOA7HUeObMo1sz87FojtFMHZKh1H5YBLGoqzYYHas=
Subject key identifier:   01:BD:74:2C:80:CB:45:31:74:3C:C4:E1:59:36:51:D9:72:82:3D:4A
Certificate issuer:       /CN=30f1ba6111c8f1d3f37c1b7c1a5ed737402192f2
Certificate serial:       019B797EE588322D19CF0E5AB19E0ECFB438
Authority key identifier: 30:F1:BA:61:11:C8:F1:D3:F3:7C:1B:7C:1A:5E:D7:37:40:21:92:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/Ab10LIDLRTF0PMThWTZR2XKCPUo.roa
Signing time:             Thu 01 Jan 2026 12:18:37 +0000
ROA not before:           Thu 01 Jan 2026 12:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209163
IP address blocks:        185.204.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 21:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:e5:88:32:2d:19:cf:0e:5a:b1:9e:0e:cf:b4:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30f1ba6111c8f1d3f37c1b7c1a5ed737402192f2
        Validity
            Not Before: Jan  1 12:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=01bd742c80cb4531743cc4e1593651d972823d4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:b3:c1:eb:d0:a6:5d:de:34:84:eb:fd:50:4d:
                    7a:f6:b6:c2:0c:47:ef:7c:a4:e4:e9:49:b5:e8:19:
                    e9:32:67:4d:be:99:72:2b:a3:c6:5f:52:77:95:6d:
                    ce:41:88:5b:ef:f5:46:95:d4:c7:e2:9b:b5:9e:2c:
                    88:f3:1c:43:bf:1a:54:57:ca:9a:d1:01:03:09:89:
                    08:e0:9e:c7:c5:49:72:97:57:9d:78:3a:f6:ac:3e:
                    75:e8:8d:c7:66:15:b2:9b:8a:64:ef:13:96:92:fa:
                    d3:67:e6:a2:0c:0a:a2:71:4b:95:75:af:82:be:5a:
                    51:97:e1:82:20:e8:4e:47:50:ed:03:85:b4:0c:8c:
                    d3:30:3d:11:5c:3b:8f:aa:dc:77:90:21:f6:92:b2:
                    04:c7:2a:df:c2:39:95:e7:9e:65:57:a8:08:cb:38:
                    cf:b7:0d:b4:ad:8e:b4:a9:c7:4d:16:aa:cc:95:f9:
                    b5:8c:66:67:94:e3:41:da:97:09:cc:54:9b:c9:8f:
                    17:de:f9:8b:84:5a:d5:ad:5f:87:d1:26:12:3c:76:
                    bc:0b:bc:07:93:6e:8c:3f:9f:2b:77:fe:d0:60:94:
                    a5:9f:1c:3f:18:de:13:1c:95:f9:3d:45:e5:b3:13:
                    27:9a:7e:7f:35:2f:29:13:80:15:e6:27:d7:d0:40:
                    9f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:BD:74:2C:80:CB:45:31:74:3C:C4:E1:59:36:51:D9:72:82:3D:4A
            X509v3 Authority Key Identifier:
                keyid:30:F1:BA:61:11:C8:F1:D3:F3:7C:1B:7C:1A:5E:D7:37:40:21:92:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/Ab10LIDLRTF0PMThWTZR2XKCPUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.204.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:f5:c8:5e:a1:38:11:dc:31:35:51:49:13:27:65:fd:b4:ec:
         ee:3c:74:c0:fa:c9:55:49:9d:75:53:6e:d6:f3:8b:f0:e9:f1:
         82:50:f1:ee:75:d2:34:f4:d8:54:56:d4:14:ae:44:29:14:f4:
         fc:73:3b:38:ac:54:83:d5:58:28:b8:17:6c:08:a1:ea:6e:a9:
         cb:ec:50:63:34:09:46:6f:a6:17:c2:8f:2d:e4:5a:23:79:20:
         48:cb:0a:c5:41:b4:41:67:6e:3f:23:50:c8:84:04:19:a6:ed:
         6c:2c:13:55:80:ad:16:86:09:f9:18:d7:f4:4e:1a:28:1a:60:
         54:2e:d2:da:db:f2:c4:b0:34:5a:19:cd:9a:f7:35:fc:d8:a6:
         10:66:be:73:68:f8:a7:02:13:70:32:85:cb:46:75:42:55:14:
         74:98:2e:36:97:af:ff:e2:24:1d:f7:78:29:0f:50:f9:d6:d7:
         74:aa:0c:13:63:7a:c3:1a:28:c0:ef:a7:33:89:0e:31:92:4b:
         38:92:cc:9f:48:55:0c:9d:43:18:96:1e:3c:d1:98:13:81:54:
         29:81:84:3b:8d:2e:d4:29:ae:9c:9c:91:c8:c4:cf:63:7c:1f:
         f8:13:e1:1e:bc:fe:b2:95:37:0f:0f:42:e5:75:78:d2:9c:25:
         28:ef:8b:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fuWIMi0Zzw5asZ4Oz7Q4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZjFiYTYxMTFjOGYxZDNmMzdjMWI3YzFhNWVkNzM3NDAy
MTkyZjIwHhcNMjYwMTAxMTIxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWJkNzQyYzgwY2I0NTMxNzQzY2M0ZTE1OTM2NTFkOTcyODIzZDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7PB69CmXd40hOv9UE169rbCDEfv
fKTk6Um16BnpMmdNvplyK6PGX1J3lW3OQYhb7/VGldTH4pu1niyI8xxDvxpUV8qa
0QEDCYkI4J7HxUlyl1edeDr2rD516I3HZhWym4pk7xOWkvrTZ+aiDAqicUuVda+C
vlpRl+GCIOhOR1DtA4W0DIzTMD0RXDuPqtx3kCH2krIExyrfwjmV555lV6gIyzjP
tw20rY60qcdNFqrMlfm1jGZnlONB2pcJzFSbyY8X3vmLhFrVrV+H0SYSPHa8C7wH
k26MP58rd/7QYJSlnxw/GN4THJX5PUXlsxMnmn5/NS8pE4AV5ifX0ECfmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAG9dCyAy0UxdDzE4Vk2Udlygj1KMB8GA1UdIwQY
MBaAFDDxumERyPHT83wbfBpe1zdAIZLyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVBHNllSSEk4ZFB6ZkJ0OEdsN1hOMEFoa3ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy84ZDdjNTctYmE2NS00N2ZjLWJjYzQt
YzMzMDE4NjMzZDMzLzEvQWIxMExJRExSVEYwUE1UaFdUWlIyWEtDUFVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy84ZDdjNTctYmE2NS00N2ZjLWJjYzQtYzMzMDE4NjMzZDMz
LzEvTVBHNllSSEk4ZFB6ZkJ0OEdsN1hOMEFoa3ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucyiMA0G
CSqGSIb3DQEBCwUAA4IBAQBl9cheoTgR3DE1UUkTJ2X9tOzuPHTA+slVSZ11U27W
84vw6fGCUPHuddI09NhUVtQUrkQpFPT8czs4rFSD1VgouBdsCKHqbqnL7FBjNAlG
b6YXwo8t5FojeSBIywrFQbRBZ24/I1DIhAQZpu1sLBNVgK0Whgn5GNf0ThooGmBU
LtLa2/LEsDRaGc2a9zX82KYQZr5zaPinAhNwMoXLRnVCVRR0mC42l6//4iQd93gp
D1D51td0qgwTY3rDGijA76cziQ4xkks4ksyfSFUMnUMYlh480ZgTgVQpgYQ7jS7U
Ka6cnJHIxM9jfB/4E+EevP6ylTcPD0LldXjSnCUo74t1
-----END CERTIFICATE-----