This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/b3a41c-e456-4f99-93e6-a98110adb67e/1/MHfXLodJ1lTLubHBUzEu-y-nQd8.roa
File:                     MHfXLodJ1lTLubHBUzEu-y-nQd8.roa (raw, json)
Hash identifier:          v+heG+utge9KSHpg0rUF2i0HpIa/3KcrihN3fHNBOZo=
Subject key identifier:   30:77:D7:2E:87:49:D6:54:CB:B9:B1:C1:53:31:2E:FB:2F:A7:41:DF
Certificate issuer:       /CN=79a4b1fbbad1cb6a8b1c7d33737ad72bcd9b8d9d
Certificate serial:       019BC6D04E5F761E2DDC129E8847E5FFEA25
Authority key identifier: 79:A4:B1:FB:BA:D1:CB:6A:8B:1C:7D:33:73:7A:D7:2B:CD:9B:8D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eaSx-7rRy2qLHH0zc3rXK82bjZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/b3a41c-e456-4f99-93e6-a98110adb67e/1/MHfXLodJ1lTLubHBUzEu-y-nQd8.roa
Signing time:             Fri 16 Jan 2026 12:38:18 +0000
ROA not before:           Fri 16 Jan 2026 12:38:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50148
IP address blocks:        195.211.200.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/b3a41c-e456-4f99-93e6-a98110adb67e/1/eaSx-7rRy2qLHH0zc3rXK82bjZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/b3a41c-e456-4f99-93e6-a98110adb67e/1/eaSx-7rRy2qLHH0zc3rXK82bjZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eaSx-7rRy2qLHH0zc3rXK82bjZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Feb 2026 21:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:c6:d0:4e:5f:76:1e:2d:dc:12:9e:88:47:e5:ff:ea:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79a4b1fbbad1cb6a8b1c7d33737ad72bcd9b8d9d
        Validity
            Not Before: Jan 16 12:38:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3077d72e8749d654cbb9b1c153312efb2fa741df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:89:c2:ca:c1:32:52:a5:58:59:29:79:74:85:
                    fd:91:94:11:90:e2:6f:8d:70:d8:d9:eb:ba:f1:04:
                    9f:87:e2:d1:ae:2e:58:5e:92:06:6d:e7:ac:40:ab:
                    ea:d0:98:c6:dd:40:c8:10:c3:a7:f7:ca:cf:27:4e:
                    34:df:9e:66:5e:b4:68:62:49:40:cd:df:e6:0f:91:
                    45:69:d4:e2:38:9a:16:82:f4:3d:1e:36:9f:8e:e1:
                    a1:9e:0e:00:ef:34:ff:a8:4e:da:c6:b2:71:f3:2f:
                    76:18:dd:60:21:f4:97:33:97:76:ee:b4:c5:d2:26:
                    a8:3a:6d:eb:6a:1d:73:ee:1d:bd:0a:c1:05:96:7a:
                    ac:6b:96:17:6a:dc:45:92:50:b2:48:f6:5b:69:59:
                    1e:a9:17:d2:e9:ae:8e:3c:15:82:8d:b3:05:ff:28:
                    0d:85:96:d3:47:b8:b2:4f:02:54:5a:c4:f7:e8:4d:
                    67:6a:52:65:7e:88:8f:58:f3:33:44:4f:13:8c:f8:
                    cf:0c:e6:59:6e:ef:76:eb:ae:4a:c5:dd:1b:5a:ac:
                    82:f9:d8:a3:c4:d6:00:d3:2e:a9:5b:20:ba:d4:64:
                    b5:44:17:a9:71:0c:3d:3a:19:2e:f1:25:92:d3:9e:
                    01:f0:ac:77:73:49:c4:9c:00:98:be:77:09:1c:f0:
                    df:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:77:D7:2E:87:49:D6:54:CB:B9:B1:C1:53:31:2E:FB:2F:A7:41:DF
            X509v3 Authority Key Identifier:
                keyid:79:A4:B1:FB:BA:D1:CB:6A:8B:1C:7D:33:73:7A:D7:2B:CD:9B:8D:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eaSx-7rRy2qLHH0zc3rXK82bjZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/b3a41c-e456-4f99-93e6-a98110adb67e/1/MHfXLodJ1lTLubHBUzEu-y-nQd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/b3a41c-e456-4f99-93e6-a98110adb67e/1/eaSx-7rRy2qLHH0zc3rXK82bjZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.211.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:3d:11:a9:06:23:30:06:f5:3f:80:de:24:33:c0:82:c2:67:
         d7:3c:86:99:d5:8e:b1:cf:22:ea:f1:16:8c:b6:bc:9d:1b:67:
         e0:58:ae:91:0d:53:d6:e5:24:9c:c3:c0:94:79:6f:93:a5:7a:
         24:c2:82:6d:dc:ad:51:4e:02:62:b3:a7:0d:0a:41:b5:14:64:
         e4:bf:45:c8:bf:ce:f1:88:6b:9d:3a:b9:4a:18:6e:fc:c3:2b:
         78:25:2a:1c:ff:7b:d4:46:15:04:43:61:23:2b:15:cb:2e:02:
         ee:e7:49:3c:8d:a7:4e:f3:69:23:f6:5a:d8:cf:bc:f6:de:06:
         2f:af:8b:5c:c9:36:35:ee:a5:b2:3e:e0:83:db:f0:18:38:2d:
         c6:d8:a0:03:58:d4:bc:70:01:8f:b2:29:17:09:cf:d7:ee:df:
         31:63:bb:23:eb:eb:ca:24:3f:7f:15:48:53:d1:d8:18:2e:b4:
         63:2c:38:81:84:1c:48:59:2f:e2:3c:a6:48:ea:10:96:ba:9c:
         78:49:d6:5a:a5:8e:24:4a:3c:b8:39:c5:02:51:f5:d8:f6:22:
         c8:63:2c:3d:a5:5f:ea:00:0d:7d:3a:75:d5:b0:46:71:f0:79:
         ef:fe:23:f5:6c:3e:ba:7e:d7:82:77:b8:e5:53:fd:e7:fa:5e:
         b2:1d:cc:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvG0E5fdh4t3BKeiEfl/+olMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YTRiMWZiYmFkMWNiNmE4YjFjN2QzMzczN2FkNzJiY2Q5
YjhkOWQwHhcNMjYwMTE2MTIzODE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDc3ZDcyZTg3NDlkNjU0Y2JiOWIxYzE1MzMxMmVmYjJmYTc0MWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2onCysEyUqVYWSl5dIX9kZQRkOJv
jXDY2eu68QSfh+LRri5YXpIGbeesQKvq0JjG3UDIEMOn98rPJ040355mXrRoYklA
zd/mD5FFadTiOJoWgvQ9HjafjuGhng4A7zT/qE7axrJx8y92GN1gIfSXM5d27rTF
0iaoOm3rah1z7h29CsEFlnqsa5YXatxFklCySPZbaVkeqRfS6a6OPBWCjbMF/ygN
hZbTR7iyTwJUWsT36E1nalJlfoiPWPMzRE8TjPjPDOZZbu92665Kxd0bWqyC+dij
xNYA0y6pWyC61GS1RBepcQw9Ohku8SWS054B8Kx3c0nEnACYvncJHPDfLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDB31y6HSdZUy7mxwVMxLvsvp0HfMB8GA1UdIwQY
MBaAFHmksfu60ctqixx9M3N61yvNm42dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFTeC03clJ5MnFMSEgwemMzclhLODJialowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9iM2E0MWMtZTQ1Ni00Zjk5LTkzZTYt
YTk4MTEwYWRiNjdlLzEvTUhmWExvZEoxbFRMdWJIQlV6RXUteS1uUWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9iM2E0MWMtZTQ1Ni00Zjk5LTkzZTYtYTk4MTEwYWRiNjdl
LzEvZWFTeC03clJ5MnFMSEgwemMzclhLODJialowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw9PIMA0G
CSqGSIb3DQEBCwUAA4IBAQA4PRGpBiMwBvU/gN4kM8CCwmfXPIaZ1Y6xzyLq8RaM
trydG2fgWK6RDVPW5SScw8CUeW+TpXokwoJt3K1RTgJis6cNCkG1FGTkv0XIv87x
iGudOrlKGG78wyt4JSoc/3vURhUEQ2EjKxXLLgLu50k8jadO82kj9lrYz7z23gYv
r4tcyTY17qWyPuCD2/AYOC3G2KADWNS8cAGPsikXCc/X7t8xY7sj6+vKJD9/FUhT
0dgYLrRjLDiBhBxIWS/iPKZI6hCWupx4SdZapY4kSjy4OcUCUfXY9iLIYyw9pV/q
AA19OnXVsEZx8Hnv/iP1bD66fteCd7jlU/3n+l6yHcxC
-----END CERTIFICATE-----