This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/mrdJldiLbe3yeC52dvSmkqTv5cg.roa
File:                     mrdJldiLbe3yeC52dvSmkqTv5cg.roa (raw, json)
Hash identifier:          j6nOs5iFrIO/2OCQb4MqALhm3jUtW9vDjYZEzmGlfNg=
Subject key identifier:   9A:B7:49:95:D8:8B:6D:ED:F2:78:2E:76:76:F4:A6:92:A4:EF:E5:C8
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F8571E96B49A9742243CA0F6E195997
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/mrdJldiLbe3yeC52dvSmkqTv5cg.roa
Signing time:             Fri 02 Jan 2026 16:23:30 +0000
ROA not before:           Fri 02 Jan 2026 16:23:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214504
IP address blocks:        195.133.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:71:e9:6b:49:a9:74:22:43:ca:0f:6e:19:59:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9ab74995d88b6dedf2782e7676f4a692a4efe5c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:2d:83:d4:f5:0a:7d:1e:d9:5f:ba:0d:aa:55:
                    af:db:4c:a1:3a:01:56:b3:8a:0c:c4:d5:cf:03:2c:
                    ac:57:82:56:9f:3f:94:99:33:8c:82:7e:6a:8a:71:
                    6e:0c:5d:5b:c1:f9:e1:af:e7:92:31:e8:ea:0b:ae:
                    a4:3b:ad:b2:5c:b5:f1:b1:cf:cd:98:44:80:ea:69:
                    49:cb:26:b4:ca:57:24:56:ec:4f:f4:03:12:95:cc:
                    13:58:9c:7a:88:a8:2b:56:3c:d8:03:8c:83:d5:eb:
                    3a:77:08:97:bc:07:5d:7b:bd:6d:c1:35:ec:ed:91:
                    ba:5c:91:c1:db:bc:da:79:7d:01:4a:34:f5:80:46:
                    b6:a3:db:e8:28:dd:23:03:86:77:cf:d3:88:b9:1c:
                    90:1f:f7:2f:0d:cf:87:44:e7:a8:82:48:bb:6f:14:
                    03:7b:61:d0:eb:19:f3:ec:77:50:99:40:d2:51:0d:
                    7e:f0:95:85:ec:5b:5d:d6:9b:9b:c3:96:bb:49:c9:
                    e7:35:cf:06:4a:b3:c0:b4:b7:4c:44:a3:d3:ed:87:
                    0b:5e:09:12:42:2e:c9:a0:cc:04:e1:43:87:2a:37:
                    98:a1:fa:c1:1b:f4:6d:90:ce:3e:6d:d6:63:35:fd:
                    3b:f5:e0:e2:eb:d2:15:0f:c0:d0:8b:48:f3:83:07:
                    77:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:B7:49:95:D8:8B:6D:ED:F2:78:2E:76:76:F4:A6:92:A4:EF:E5:C8
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/mrdJldiLbe3yeC52dvSmkqTv5cg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:3b:20:6c:f6:d5:2b:8a:6e:89:1b:31:04:8a:dc:a9:d6:5c:
         81:48:b9:8d:79:42:f9:34:ef:9c:ed:95:7a:27:27:5f:1b:af:
         a5:8f:a5:3a:5d:92:5d:d2:d8:36:1f:97:c0:00:bf:f5:5a:54:
         9d:65:9b:46:4d:2d:fb:7b:3a:64:36:3b:18:72:48:50:88:58:
         24:f5:3d:b4:ef:ed:71:aa:6b:20:ef:07:3c:bf:3e:5b:b0:7a:
         fe:08:7f:7d:34:c1:7d:b3:4f:0b:2d:64:fc:5c:a4:00:57:f4:
         63:51:17:c0:4e:6c:95:ca:15:a0:9f:8b:98:44:dd:70:0e:06:
         4d:b6:ac:52:15:c5:2c:3d:f9:af:48:a9:97:de:21:f5:9a:8c:
         fa:c8:14:c5:90:15:97:6a:86:50:fc:6b:2c:96:d3:ea:fd:cd:
         c6:cc:b7:87:af:be:dc:90:fb:58:8b:44:e9:84:07:21:a6:eb:
         23:6b:a0:8d:17:80:76:9c:3f:94:04:3f:69:10:d3:ac:8c:29:
         1e:61:39:a4:2f:ae:67:d3:5d:ae:8d:74:59:24:35:e8:bb:a6:
         0e:47:61:25:48:dc:0c:93:ff:6e:d4:23:8e:25:3a:ce:b5:00:
         6b:00:40:e5:da:5a:bb:49:6c:1f:b0:e2:44:3d:41:aa:25:51:
         b1:b1:56:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hXHpa0mpdCJDyg9uGVmXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWI3NDk5NWQ4OGI2ZGVkZjI3ODJlNzY3NmY0YTY5MmE0ZWZlNWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwy2D1PUKfR7ZX7oNqlWv20yhOgFW
s4oMxNXPAyysV4JWnz+UmTOMgn5qinFuDF1bwfnhr+eSMejqC66kO62yXLXxsc/N
mESA6mlJyya0ylckVuxP9AMSlcwTWJx6iKgrVjzYA4yD1es6dwiXvAdde71twTXs
7ZG6XJHB27zaeX0BSjT1gEa2o9voKN0jA4Z3z9OIuRyQH/cvDc+HROeogki7bxQD
e2HQ6xnz7HdQmUDSUQ1+8JWF7Ftd1pubw5a7ScnnNc8GSrPAtLdMRKPT7YcLXgkS
Qi7JoMwE4UOHKjeYofrBG/RtkM4+bdZjNf079eDi69IVD8DQi0jzgwd3pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJq3SZXYi23t8ngudnb0ppKk7+XIMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbXJkSmxkaUxiZTN5ZUM1MmR2U21rcVR2NWNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4VdMA0G
CSqGSIb3DQEBCwUAA4IBAQB4OyBs9tUrim6JGzEEityp1lyBSLmNeUL5NO+c7ZV6
JydfG6+lj6U6XZJd0tg2H5fAAL/1WlSdZZtGTS37ezpkNjsYckhQiFgk9T207+1x
qmsg7wc8vz5bsHr+CH99NMF9s08LLWT8XKQAV/RjURfATmyVyhWgn4uYRN1wDgZN
tqxSFcUsPfmvSKmX3iH1moz6yBTFkBWXaoZQ/GssltPq/c3GzLeHr77ckPtYi0Tp
hAchpusja6CNF4B2nD+UBD9pENOsjCkeYTmkL65n012ujXRZJDXou6YOR2ElSNwM
k/9u1COOJTrOtQBrAEDl2lq7SWwfsOJEPUGqJVGxsVbe
-----END CERTIFICATE-----