This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/MBXpEi4LzsEbWw5RLznWegmRG9Y.roa
File:                     MBXpEi4LzsEbWw5RLznWegmRG9Y.roa (raw, json)
Hash identifier:          izrHz8tdv649p4K+FWcdqw9jOXI92AbEPeN55iBnUBU=
Subject key identifier:   30:15:E9:12:2E:0B:CE:C1:1B:5B:0E:51:2F:39:D6:7A:09:91:1B:D6
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019B7E37C3D6BAEAF00D9F161DFF8BB3EB52
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/MBXpEi4LzsEbWw5RLznWegmRG9Y.roa
Signing time:             Fri 02 Jan 2026 10:19:02 +0000
ROA not before:           Fri 02 Jan 2026 10:19:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205923
IP address blocks:        158.173.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 00:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:c3:d6:ba:ea:f0:0d:9f:16:1d:ff:8b:b3:eb:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jan  2 10:19:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3015e9122e0bcec11b5b0e512f39d67a09911bd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:88:3e:6c:99:93:af:0c:d6:72:07:40:af:f1:
                    07:bb:c8:fe:a9:0e:63:26:3a:b6:4e:f8:15:b4:27:
                    b8:48:17:58:a8:b8:98:08:85:d7:99:eb:ae:c8:3a:
                    c6:d7:c4:62:60:79:f2:82:e4:57:54:d4:1a:ef:16:
                    3a:33:f8:6d:81:af:d8:54:7f:81:1e:fe:f0:91:88:
                    6b:a9:61:22:00:e4:a4:5d:42:b6:88:f5:32:55:bc:
                    4a:ca:fb:83:09:f7:fb:4c:60:5b:e3:5e:fe:0d:1b:
                    03:91:cb:ec:a6:53:a8:b4:8e:ba:3c:6e:4b:30:42:
                    d2:75:cc:b9:2c:a5:ba:53:5c:b1:22:21:5c:f2:fa:
                    cc:b8:98:b9:ca:2b:20:0b:3a:1f:05:a8:6c:ca:50:
                    9a:1b:44:5b:14:c2:61:df:cf:0f:79:52:bb:e6:ac:
                    0d:46:6d:a5:bc:e5:ef:f5:01:0f:8d:13:82:c3:95:
                    0c:85:f0:56:c1:84:2e:ac:a0:e0:36:95:da:8a:18:
                    c3:82:b4:53:3b:33:ec:a7:f4:12:23:23:6f:66:4e:
                    dd:b9:71:b1:da:d1:e0:fa:7d:25:27:82:e9:fb:3f:
                    7f:0d:44:ba:38:22:ec:43:2a:8d:84:d8:bc:3c:c4:
                    42:90:a6:4d:73:be:81:69:32:40:3e:be:e9:36:af:
                    7b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:15:E9:12:2E:0B:CE:C1:1B:5B:0E:51:2F:39:D6:7A:09:91:1B:D6
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/MBXpEi4LzsEbWw5RLznWegmRG9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:26:2d:aa:6c:f9:96:d1:07:8b:89:09:8d:e8:17:2f:93:bb:
         7f:e8:71:75:66:54:37:fd:83:65:a8:c5:26:d1:a3:fd:74:fd:
         fc:47:89:a9:8b:53:2b:54:1a:f0:5e:de:da:26:0e:86:94:d3:
         80:59:d1:36:73:3e:0a:44:a3:08:67:dd:1b:8b:dc:22:72:6c:
         05:80:55:9f:7a:66:f9:2b:11:79:ca:93:78:5b:9b:b7:69:7f:
         5e:b1:e6:b4:c1:a1:ff:4c:f2:75:13:28:79:12:76:01:40:00:
         bd:5d:83:b1:b4:91:2c:41:96:56:cc:7e:51:7e:d8:79:4a:bc:
         58:2c:cc:31:c9:4d:e4:45:87:26:a8:0e:d5:5b:32:cd:ea:65:
         d8:6b:d9:55:7f:1c:5d:da:ba:7d:20:aa:8f:54:2e:ba:e9:5a:
         35:09:ae:87:c1:cd:d6:e9:73:16:09:11:1c:a0:06:5a:73:06:
         dc:b4:11:d8:65:c6:5f:85:8e:dd:31:11:c9:c6:20:7a:11:95:
         48:7f:a3:e2:13:64:9a:25:29:2c:3e:8c:a3:0c:1f:01:24:5e:
         bf:b7:59:5c:d3:96:05:83:c3:7b:db:c5:2c:2d:f3:a8:d5:8a:
         12:54:30:b1:af:eb:53:5b:f8:18:cb:2c:d6:4f:67:d9:d0:42:
         bb:9b:90:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N8PWuurwDZ8WHf+Ls+tSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMTAyMTAxOTAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDE1ZTkxMjJlMGJjZWMxMWI1YjBlNTEyZjM5ZDY3YTA5OTExYmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoog+bJmTrwzWcgdAr/EHu8j+qQ5j
Jjq2TvgVtCe4SBdYqLiYCIXXmeuuyDrG18RiYHnyguRXVNQa7xY6M/htga/YVH+B
Hv7wkYhrqWEiAOSkXUK2iPUyVbxKyvuDCff7TGBb417+DRsDkcvsplOotI66PG5L
MELSdcy5LKW6U1yxIiFc8vrMuJi5yisgCzofBahsylCaG0RbFMJh388PeVK75qwN
Rm2lvOXv9QEPjROCw5UMhfBWwYQurKDgNpXaihjDgrRTOzPsp/QSIyNvZk7duXGx
2tHg+n0lJ4Lp+z9/DUS6OCLsQyqNhNi8PMRCkKZNc76BaTJAPr7pNq97/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAV6RIuC87BG1sOUS851noJkRvWMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvTUJYcEVpNEx6c0ViV3c1Ukx6bldlZ21SRzlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq2gMA0G
CSqGSIb3DQEBCwUAA4IBAQCeJi2qbPmW0QeLiQmN6Bcvk7t/6HF1ZlQ3/YNlqMUm
0aP9dP38R4mpi1MrVBrwXt7aJg6GlNOAWdE2cz4KRKMIZ90bi9wicmwFgFWfemb5
KxF5ypN4W5u3aX9esea0waH/TPJ1Eyh5EnYBQAC9XYOxtJEsQZZWzH5Rfth5SrxY
LMwxyU3kRYcmqA7VWzLN6mXYa9lVfxxd2rp9IKqPVC666Vo1Ca6Hwc3W6XMWCREc
oAZacwbctBHYZcZfhY7dMRHJxiB6EZVIf6PiE2SaJSksPoyjDB8BJF6/t1lc05YF
g8N728UsLfOo1YoSVDCxr+tTW/gYyyzWT2fZ0EK7m5AP
-----END CERTIFICATE-----