This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/2a7bf4-3454-4d14-9e0c-183f9975fc94/1/WMqwkkOCeJIiDGczokQt6OKgfpo.roa
File:                     WMqwkkOCeJIiDGczokQt6OKgfpo.roa (raw, json)
Hash identifier:          6yCQ2yXVHO2BxnZqJR1Rvu8adOAClmHZ2J60vDEAoZw=
Subject key identifier:   58:CA:B0:92:43:82:78:92:22:0C:67:33:A2:44:2D:E8:E2:A0:7E:9A
Certificate issuer:       /CN=b40d494333cb4d9e5fd10c846c47cf56445c503a
Certificate serial:       019B77C6D975685C97F76E4CF00CE8C979C0
Authority key identifier: B4:0D:49:43:33:CB:4D:9E:5F:D1:0C:84:6C:47:CF:56:44:5C:50:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tA1JQzPLTZ5f0QyEbEfPVkRcUDo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/2a7bf4-3454-4d14-9e0c-183f9975fc94/1/WMqwkkOCeJIiDGczokQt6OKgfpo.roa
Signing time:             Thu 01 Jan 2026 04:17:59 +0000
ROA not before:           Thu 01 Jan 2026 04:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29119
IP address blocks:        185.145.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/2a7bf4-3454-4d14-9e0c-183f9975fc94/1/tA1JQzPLTZ5f0QyEbEfPVkRcUDo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/2a7bf4-3454-4d14-9e0c-183f9975fc94/1/tA1JQzPLTZ5f0QyEbEfPVkRcUDo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tA1JQzPLTZ5f0QyEbEfPVkRcUDo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:d9:75:68:5c:97:f7:6e:4c:f0:0c:e8:c9:79:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b40d494333cb4d9e5fd10c846c47cf56445c503a
        Validity
            Not Before: Jan  1 04:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=58cab09243827892220c6733a2442de8e2a07e9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:cd:75:88:1f:6c:4d:76:64:ef:ad:f2:21:58:
                    20:10:89:4a:02:84:0c:a6:cf:a0:2b:08:e3:f7:86:
                    f9:6b:5f:aa:1b:60:ac:6a:1d:23:1d:f9:f3:44:b0:
                    37:95:95:8d:9a:6e:5d:2b:97:bb:f4:5a:b9:b9:d1:
                    b9:59:8b:57:69:f0:a8:fa:7d:95:e5:4e:18:2d:54:
                    34:64:5b:aa:74:1c:e3:06:86:b8:7a:11:c1:c6:62:
                    01:19:fd:0f:a9:45:b8:6f:1b:90:55:24:92:30:c0:
                    71:d8:b1:98:7f:bc:55:6e:d5:5a:a9:43:4f:48:88:
                    3d:fa:16:96:58:ae:74:0b:b8:e2:74:ac:8c:92:74:
                    a5:d2:58:f0:fb:38:64:d5:a9:eb:41:42:8d:0f:91:
                    88:09:52:ea:07:db:2d:05:bf:68:40:1c:27:98:a2:
                    9c:d6:39:63:f2:2c:ab:84:04:97:44:a1:79:e7:3c:
                    2c:8a:46:c9:cc:c5:07:41:a5:57:85:45:7b:74:e1:
                    f2:0c:55:c9:23:1d:85:52:e4:67:f4:5d:5f:84:ef:
                    bf:a4:8f:4c:97:14:6e:be:7c:21:41:65:d4:61:24:
                    b9:b5:ab:d7:1a:9f:f9:cd:7d:b2:bd:00:18:3b:0c:
                    65:2c:0e:f5:24:83:63:fc:23:da:60:d5:81:32:f3:
                    c8:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:CA:B0:92:43:82:78:92:22:0C:67:33:A2:44:2D:E8:E2:A0:7E:9A
            X509v3 Authority Key Identifier:
                keyid:B4:0D:49:43:33:CB:4D:9E:5F:D1:0C:84:6C:47:CF:56:44:5C:50:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tA1JQzPLTZ5f0QyEbEfPVkRcUDo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/2a7bf4-3454-4d14-9e0c-183f9975fc94/1/WMqwkkOCeJIiDGczokQt6OKgfpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/2a7bf4-3454-4d14-9e0c-183f9975fc94/1/tA1JQzPLTZ5f0QyEbEfPVkRcUDo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:ff:60:d6:51:1f:dd:f6:60:a9:75:42:02:51:84:ab:6a:cc:
         5e:ec:66:1f:f1:c4:a1:0d:61:e9:03:7c:d9:80:15:5a:9d:81:
         5f:ae:f5:43:75:57:b1:55:16:a6:0f:2c:f1:77:15:d8:c1:67:
         9a:5d:fa:02:3f:c1:dd:81:78:52:44:bb:b8:0c:99:2a:a7:e6:
         59:20:47:13:91:01:b4:09:41:32:06:d6:c8:f9:4b:12:ef:78:
         f9:66:79:5f:0d:fe:71:00:f0:ad:7f:62:91:4b:b7:c7:21:44:
         72:d0:3e:24:8f:f3:13:08:0f:79:fd:c1:17:98:ea:ed:c7:ea:
         b3:58:a5:77:f7:c0:70:ea:da:bb:5f:0c:2d:1d:5b:61:1b:f8:
         5d:7a:69:8b:af:9a:51:ff:79:c0:7e:66:d7:48:b9:ee:6f:50:
         fb:dd:65:f4:8b:73:e5:55:02:13:1a:a1:d9:58:1c:11:3f:6c:
         3e:37:3c:0f:dc:32:e7:dc:a9:72:93:60:10:ee:04:54:7f:9d:
         55:24:21:01:2b:1c:ef:76:01:14:b0:f9:4a:a4:c3:bf:9b:dd:
         d8:37:28:d8:3a:03:f8:31:00:7b:43:d3:83:30:48:a4:79:63:
         17:0f:92:57:4c:5e:7f:c0:ff:0b:70:2a:5f:92:37:88:d2:df:
         00:14:d4:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xtl1aFyX925M8AzoyXnAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MGQ0OTQzMzNjYjRkOWU1ZmQxMGM4NDZjNDdjZjU2NDQ1
YzUwM2EwHhcNMjYwMTAxMDQxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGNhYjA5MjQzODI3ODkyMjIwYzY3MzNhMjQ0MmRlOGUyYTA3ZTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0811iB9sTXZk763yIVggEIlKAoQM
ps+gKwjj94b5a1+qG2Csah0jHfnzRLA3lZWNmm5dK5e79Fq5udG5WYtXafCo+n2V
5U4YLVQ0ZFuqdBzjBoa4ehHBxmIBGf0PqUW4bxuQVSSSMMBx2LGYf7xVbtVaqUNP
SIg9+haWWK50C7jidKyMknSl0ljw+zhk1anrQUKND5GICVLqB9stBb9oQBwnmKKc
1jlj8iyrhASXRKF55zwsikbJzMUHQaVXhUV7dOHyDFXJIx2FUuRn9F1fhO+/pI9M
lxRuvnwhQWXUYSS5tavXGp/5zX2yvQAYOwxlLA71JINj/CPaYNWBMvPIkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFjKsJJDgniSIgxnM6JELejioH6aMB8GA1UdIwQY
MBaAFLQNSUMzy02eX9EMhGxHz1ZEXFA6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEExSlF6UExUWjVmMFF5RWJFZlBWa1JjVURvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8yYTdiZjQtMzQ1NC00ZDE0LTllMGMt
MTgzZjk5NzVmYzk0LzEvV01xd2trT0NlSklpREdjem9rUXQ2T0tnZnBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8yYTdiZjQtMzQ1NC00ZDE0LTllMGMtMTgzZjk5NzVmYzk0
LzEvdEExSlF6UExUWjVmMFF5RWJFZlBWa1JjVURvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZGyMA0G
CSqGSIb3DQEBCwUAA4IBAQCv/2DWUR/d9mCpdUICUYSrasxe7GYf8cShDWHpA3zZ
gBVanYFfrvVDdVexVRamDyzxdxXYwWeaXfoCP8HdgXhSRLu4DJkqp+ZZIEcTkQG0
CUEyBtbI+UsS73j5ZnlfDf5xAPCtf2KRS7fHIURy0D4kj/MTCA95/cEXmOrtx+qz
WKV398Bw6tq7XwwtHVthG/hdemmLr5pR/3nAfmbXSLnub1D73WX0i3PlVQITGqHZ
WBwRP2w+NzwP3DLn3Klyk2AQ7gRUf51VJCEBKxzvdgEUsPlKpMO/m93YNyjYOgP4
MQB7Q9ODMEikeWMXD5JXTF5/wP8LcCpfkjeI0t8AFNSV
-----END CERTIFICATE-----