This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/MWZDlm0xpL8R5RkrPZYBJYDb0_o.roa
File:                     MWZDlm0xpL8R5RkrPZYBJYDb0_o.roa (raw, json)
Hash identifier:          nfoTSFuTsNxZWO3nujZghPtYMQbaisJtokOBbM8uMts=
Subject key identifier:   31:66:43:96:6D:31:A4:BF:11:E5:19:2B:3D:96:01:25:80:DB:D3:FA
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019B7F15F4330FD2E5A2A244D3A1A9FA38C8
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/MWZDlm0xpL8R5RkrPZYBJYDb0_o.roa
Signing time:             Fri 02 Jan 2026 14:21:43 +0000
ROA not before:           Fri 02 Jan 2026 14:21:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213708
IP address blocks:        45.13.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 Jan 2026 14:32:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:f4:33:0f:d2:e5:a2:a2:44:d3:a1:a9:fa:38:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  2 14:21:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=316643966d31a4bf11e5192b3d96012580dbd3fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:72:20:e8:f0:01:38:d9:7e:f4:9a:70:1c:75:
                    66:d7:d0:2b:50:ac:7a:b3:ff:92:64:e2:39:85:af:
                    c5:6c:74:64:0c:1f:c6:fe:58:12:8b:e6:79:13:d5:
                    e0:90:25:ce:5c:70:f1:58:50:bb:b0:8e:e1:b7:17:
                    82:ad:27:54:ea:aa:94:72:e8:f1:f5:3b:71:75:05:
                    55:68:e8:e0:ff:f5:fe:cf:6b:dd:f1:ce:66:ea:38:
                    60:3a:76:93:83:da:25:c7:b8:7a:79:b0:d1:c7:ff:
                    79:94:ff:21:f4:f7:9e:37:88:47:19:58:9e:95:52:
                    8a:d4:08:06:f8:14:82:a0:cc:9e:b8:00:67:93:46:
                    f2:9b:e6:50:34:ce:65:a1:f0:5c:2c:15:8b:74:5f:
                    fc:af:d4:f9:ed:6b:5e:23:5b:30:7a:28:22:bf:49:
                    3b:47:65:e3:94:c8:36:09:e6:5b:44:e9:be:06:90:
                    e9:fa:54:4d:28:d4:56:48:84:8f:a7:10:14:a2:d6:
                    bb:c5:5d:7b:99:98:39:f4:d8:5e:db:07:d3:a7:a6:
                    a8:b9:f9:e3:8e:5d:4b:44:d5:c9:bb:e5:b5:8b:dc:
                    1c:37:51:c2:de:3e:3f:3c:93:68:c1:71:25:ee:0a:
                    10:1a:7a:98:d3:e4:17:a9:1e:8d:1e:13:ca:9c:8d:
                    52:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:66:43:96:6D:31:A4:BF:11:E5:19:2B:3D:96:01:25:80:DB:D3:FA
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/MWZDlm0xpL8R5RkrPZYBJYDb0_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:81:fa:aa:2c:05:be:42:53:17:44:70:82:d3:b8:09:50:52:
         03:fa:92:ef:25:33:5d:bf:d3:7f:a9:68:a7:8b:b0:d2:27:03:
         d6:7a:7b:de:d3:9f:92:29:dc:d8:80:eb:a7:9a:d4:1f:33:2c:
         3c:74:dd:48:b2:4f:dd:f4:22:87:eb:a2:c0:42:5c:68:fd:42:
         74:50:b7:5f:9a:22:6c:6f:0d:7c:bf:1b:8c:f8:31:44:4c:52:
         d2:76:e5:8f:72:ce:96:1e:85:fc:8c:6a:8f:ec:00:59:65:ec:
         31:51:8c:17:3f:50:44:93:fa:3c:4f:68:07:e4:fa:14:7a:9f:
         d2:6a:e9:d1:54:ba:2a:60:e1:84:49:10:bc:06:18:2f:cb:a2:
         d7:24:09:d2:e7:fc:d6:4f:dc:66:b2:dd:bc:b0:c0:23:25:2f:
         b2:db:fd:00:d5:7c:05:3f:31:94:49:a7:f9:f3:9a:33:4d:af:
         1e:60:c1:b9:6a:8f:e8:30:7c:c7:0a:f6:cf:b3:d4:ef:68:b2:
         f2:95:7a:51:64:01:be:df:05:30:e4:c8:7f:b3:ec:97:0b:b3:
         e3:77:6c:83:2f:ef:e7:28:d6:58:82:eb:a0:de:a6:ab:de:de:
         ef:26:43:8c:df:e1:e8:e7:9d:aa:b9:5b:58:7d:26:ac:35:83:
         67:15:16:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FfQzD9LloqJE06Gp+jjIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwMTAyMTQyMTQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTY2NDM5NjZkMzFhNGJmMTFlNTE5MmIzZDk2MDEyNTgwZGJkM2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3Ig6PABONl+9JpwHHVm19ArUKx6
s/+SZOI5ha/FbHRkDB/G/lgSi+Z5E9XgkCXOXHDxWFC7sI7htxeCrSdU6qqUcujx
9TtxdQVVaOjg//X+z2vd8c5m6jhgOnaTg9olx7h6ebDRx/95lP8h9PeeN4hHGVie
lVKK1AgG+BSCoMyeuABnk0bym+ZQNM5lofBcLBWLdF/8r9T57WteI1sweigiv0k7
R2XjlMg2CeZbROm+BpDp+lRNKNRWSISPpxAUota7xV17mZg59Nhe2wfTp6aoufnj
jl1LRNXJu+W1i9wcN1HC3j4/PJNowXEl7goQGnqY0+QXqR6NHhPKnI1S/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDFmQ5ZtMaS/EeUZKz2WASWA29P6MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvTVdaRGxtMHhwTDhSNVJrclBaWUJKWURiMF9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ2+MA0G
CSqGSIb3DQEBCwUAA4IBAQAugfqqLAW+QlMXRHCC07gJUFID+pLvJTNdv9N/qWin
i7DSJwPWenve05+SKdzYgOunmtQfMyw8dN1Isk/d9CKH66LAQlxo/UJ0ULdfmiJs
bw18vxuM+DFETFLSduWPcs6WHoX8jGqP7ABZZewxUYwXP1BEk/o8T2gH5PoUep/S
aunRVLoqYOGESRC8Bhgvy6LXJAnS5/zWT9xmst28sMAjJS+y2/0A1XwFPzGUSaf5
85ozTa8eYMG5ao/oMHzHCvbPs9TvaLLylXpRZAG+3wUw5Mh/s+yXC7Pjd2yDL+/n
KNZYguug3qar3t7vJkOM3+Ho552quVtYfSasNYNnFRaf
-----END CERTIFICATE-----