This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/2dc208-6912-4a12-8dbb-dbb69f284f23/1/mQOpqLaDGvgovaJyvLyQ5sBrw84.roa
File:                     mQOpqLaDGvgovaJyvLyQ5sBrw84.roa (raw, json)
Hash identifier:          MhfMc5IHy7Q2RpMmEQc+IAMBkW+5nzpl9I5JKbxrZ6A=
Subject key identifier:   99:03:A9:A8:B6:83:1A:F8:28:BD:A2:72:BC:BC:90:E6:C0:6B:C3:CE
Certificate issuer:       /CN=453f8ca684037c5433a4b4406211b31d76e13eab
Certificate serial:       019B7A5B0675E3ACD64FD8A5312653193295
Authority key identifier: 45:3F:8C:A6:84:03:7C:54:33:A4:B4:40:62:11:B3:1D:76:E1:3E:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT-MpoQDfFQzpLRAYhGzHXbhPqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/2dc208-6912-4a12-8dbb-dbb69f284f23/1/mQOpqLaDGvgovaJyvLyQ5sBrw84.roa
Signing time:             Thu 01 Jan 2026 16:19:04 +0000
ROA not before:           Thu 01 Jan 2026 16:19:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214215
IP address blocks:        185.154.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/2dc208-6912-4a12-8dbb-dbb69f284f23/1/RT-MpoQDfFQzpLRAYhGzHXbhPqs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/2dc208-6912-4a12-8dbb-dbb69f284f23/1/RT-MpoQDfFQzpLRAYhGzHXbhPqs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT-MpoQDfFQzpLRAYhGzHXbhPqs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:06:75:e3:ac:d6:4f:d8:a5:31:26:53:19:32:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f8ca684037c5433a4b4406211b31d76e13eab
        Validity
            Not Before: Jan  1 16:19:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9903a9a8b6831af828bda272bcbc90e6c06bc3ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:67:1b:ff:36:c0:98:3d:65:7e:ce:5b:e1:d1:
                    68:ac:a9:08:89:90:2c:55:c9:ba:6c:a5:bd:ac:c3:
                    e7:15:ae:75:7e:46:f3:87:ca:44:6e:26:65:79:05:
                    28:98:07:f9:71:51:c0:f3:b7:4c:dd:95:1f:e2:52:
                    e7:dd:f5:79:ec:de:dd:65:57:e7:4a:e8:6b:71:55:
                    a5:16:4a:4a:4c:52:fa:da:d3:2a:ea:c1:7e:33:3a:
                    1f:01:44:92:8d:48:ea:df:f2:21:df:7f:c1:40:c5:
                    5a:88:be:df:e7:ac:7f:9c:4c:a9:ec:94:c9:fb:79:
                    53:27:e8:8d:e1:4d:bc:d4:af:e6:a5:1c:96:e8:9b:
                    30:a0:50:c7:48:0e:f0:cc:4e:62:63:89:86:a4:6f:
                    1c:25:2c:f7:d3:59:ff:c1:cd:21:62:b7:a9:97:44:
                    1a:e1:61:9b:66:74:39:0c:aa:8b:b7:4f:4a:11:cf:
                    e0:d5:0e:2f:5e:02:fe:2b:13:28:47:e8:8e:39:77:
                    52:f7:d0:94:49:c5:cf:4b:d0:17:e3:f2:60:08:41:
                    40:ab:40:01:ee:ca:9f:c9:95:e1:d0:02:d7:a6:2f:
                    be:3f:4e:2f:fa:c7:2f:8e:5a:57:c6:41:f5:b8:0a:
                    b7:09:a2:63:0f:74:ca:9e:73:5c:57:3c:e3:a8:d0:
                    80:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:03:A9:A8:B6:83:1A:F8:28:BD:A2:72:BC:BC:90:E6:C0:6B:C3:CE
            X509v3 Authority Key Identifier:
                keyid:45:3F:8C:A6:84:03:7C:54:33:A4:B4:40:62:11:B3:1D:76:E1:3E:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT-MpoQDfFQzpLRAYhGzHXbhPqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/2dc208-6912-4a12-8dbb-dbb69f284f23/1/mQOpqLaDGvgovaJyvLyQ5sBrw84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/2dc208-6912-4a12-8dbb-dbb69f284f23/1/RT-MpoQDfFQzpLRAYhGzHXbhPqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:4b:a2:78:e4:82:d0:45:8f:9a:4b:b6:8e:e1:14:b4:bd:5c:
         a6:ef:01:59:2d:ab:48:8a:d7:5b:4c:57:25:d6:5a:e1:8c:7f:
         6c:97:3a:ef:58:94:3c:37:7d:7c:02:d3:44:c6:82:73:ef:50:
         66:3a:bd:ce:88:9c:cb:5f:d7:9d:39:3f:b3:f0:39:e9:21:38:
         e3:9e:cf:19:b5:7b:16:03:9e:40:c4:06:c7:7e:77:60:7a:51:
         f5:4f:c7:ea:84:47:bb:ae:dc:26:1b:5e:88:bb:57:0b:8f:21:
         ce:37:13:c7:bc:d3:26:6c:7c:69:91:80:12:06:bb:19:e1:95:
         8a:38:d1:87:39:70:f9:46:fd:14:26:ae:a2:f3:10:6e:fe:cd:
         9d:2b:aa:cd:f2:7a:32:33:93:40:d3:39:cf:17:c8:72:c9:76:
         6d:8f:2a:6c:2d:ae:cf:5f:34:75:48:fe:2a:5d:08:43:19:ec:
         9a:9b:2e:4d:fb:5b:46:64:9d:cb:6c:e6:a7:e6:ac:fe:d6:60:
         26:38:51:17:f3:46:63:b4:b8:6d:61:04:f1:55:87:a6:aa:cd:
         94:51:82:bb:ec:76:ab:2d:7d:3c:01:b7:fe:68:7d:9d:87:a0:
         21:8d:34:70:bc:17:a9:45:51:eb:14:4a:50:f1:b6:bf:2c:40:
         89:23:44:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WwZ146zWT9ilMSZTGTKVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1M2Y4Y2E2ODQwMzdjNTQzM2E0YjQ0MDYyMTFiMzFkNzZl
MTNlYWIwHhcNMjYwMTAxMTYxOTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTAzYTlhOGI2ODMxYWY4MjhiZGEyNzJiY2JjOTBlNmMwNmJjM2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA52cb/zbAmD1lfs5b4dForKkIiZAs
Vcm6bKW9rMPnFa51fkbzh8pEbiZleQUomAf5cVHA87dM3ZUf4lLn3fV57N7dZVfn
SuhrcVWlFkpKTFL62tMq6sF+MzofAUSSjUjq3/Ih33/BQMVaiL7f56x/nEyp7JTJ
+3lTJ+iN4U281K/mpRyW6JswoFDHSA7wzE5iY4mGpG8cJSz301n/wc0hYrepl0Qa
4WGbZnQ5DKqLt09KEc/g1Q4vXgL+KxMoR+iOOXdS99CUScXPS9AX4/JgCEFAq0AB
7sqfyZXh0ALXpi++P04v+scvjlpXxkH1uAq3CaJjD3TKnnNcVzzjqNCARQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJkDqai2gxr4KL2icry8kObAa8POMB8GA1UdIwQY
MBaAFEU/jKaEA3xUM6S0QGIRsx124T6rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlQtTXBvUURmRlF6cExSQVloR3pIWGJoUHFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8yZGMyMDgtNjkxMi00YTEyLThkYmIt
ZGJiNjlmMjg0ZjIzLzEvbVFPcHFMYURHdmdvdmFKeXZMeVE1c0Jydzg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8yZGMyMDgtNjkxMi00YTEyLThkYmItZGJiNjlmMjg0ZjIz
LzEvUlQtTXBvUURmRlF6cExSQVloR3pIWGJoUHFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZp1MA0G
CSqGSIb3DQEBCwUAA4IBAQB2S6J45ILQRY+aS7aO4RS0vVym7wFZLatIitdbTFcl
1lrhjH9slzrvWJQ8N318AtNExoJz71BmOr3OiJzLX9edOT+z8DnpITjjns8ZtXsW
A55AxAbHfndgelH1T8fqhEe7rtwmG16Iu1cLjyHONxPHvNMmbHxpkYASBrsZ4ZWK
ONGHOXD5Rv0UJq6i8xBu/s2dK6rN8noyM5NA0znPF8hyyXZtjypsLa7PXzR1SP4q
XQhDGeyamy5N+1tGZJ3LbOan5qz+1mAmOFEX80ZjtLhtYQTxVYemqs2UUYK77Har
LX08Abf+aH2dh6AhjTRwvBepRVHrFEpQ8ba/LECJI0TW
-----END CERTIFICATE-----