This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/b25256-0b92-4048-af47-9c9330bd367e/1/mk9FoHtrLbDMqhyHTcDKHNuv37k.roa
File:                     mk9FoHtrLbDMqhyHTcDKHNuv37k.roa (raw, json)
Hash identifier:          +ODYm11fXrZNctf9Tic/a7meV/r5t53Msv62thVJdV4=
Subject key identifier:   9A:4F:45:A0:7B:6B:2D:B0:CC:AA:1C:87:4D:C0:CA:1C:DB:AF:DF:B9
Certificate issuer:       /CN=bce1963a404a73240cad116b9688bf1310f2fe5a
Certificate serial:       019B7BA530881F5EF0DFE33ED6E4014FB088
Authority key identifier: BC:E1:96:3A:40:4A:73:24:0C:AD:11:6B:96:88:BF:13:10:F2:FE:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vOGWOkBKcyQMrRFrloi_ExDy_lo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/b25256-0b92-4048-af47-9c9330bd367e/1/mk9FoHtrLbDMqhyHTcDKHNuv37k.roa
Signing time:             Thu 01 Jan 2026 22:19:41 +0000
ROA not before:           Thu 01 Jan 2026 22:19:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33918
IP address blocks:        194.6.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/b25256-0b92-4048-af47-9c9330bd367e/1/vOGWOkBKcyQMrRFrloi_ExDy_lo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/b25256-0b92-4048-af47-9c9330bd367e/1/vOGWOkBKcyQMrRFrloi_ExDy_lo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vOGWOkBKcyQMrRFrloi_ExDy_lo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:30:88:1f:5e:f0:df:e3:3e:d6:e4:01:4f:b0:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bce1963a404a73240cad116b9688bf1310f2fe5a
        Validity
            Not Before: Jan  1 22:19:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9a4f45a07b6b2db0ccaa1c874dc0ca1cdbafdfb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:65:1e:fa:cb:8f:7d:ad:71:c7:ce:55:e0:12:
                    8a:15:48:62:8f:68:f8:ed:af:9b:e4:ab:e4:67:de:
                    f2:ec:4a:27:77:72:41:2a:73:ab:44:ed:7f:45:bd:
                    34:a2:61:16:cc:a5:a3:ea:60:5b:c5:d9:26:60:62:
                    e3:22:c0:f4:90:1f:3d:f8:13:e5:b4:c9:35:e8:d5:
                    19:2c:7d:4c:6c:26:80:0b:e3:45:d7:4a:92:0c:46:
                    3a:59:bb:6f:da:6b:7f:df:c4:e4:36:55:27:a0:fd:
                    88:c0:39:f9:cb:9f:22:1b:cf:03:26:43:47:f1:ba:
                    5e:9f:ba:46:4c:c1:0f:e5:2b:64:7f:8e:ad:77:22:
                    97:af:ae:46:a0:95:55:3b:9c:77:8d:0b:c1:47:34:
                    f2:e8:dc:5e:57:79:00:c6:3e:5d:83:16:83:b8:c5:
                    73:7a:7f:0a:51:d1:58:99:55:71:52:04:97:b4:05:
                    ea:44:fe:02:a4:d0:70:14:9d:bc:9f:a0:b7:59:e5:
                    37:c1:16:90:6d:c9:c0:8d:73:32:4e:42:bf:32:3e:
                    61:75:93:64:a3:34:c7:88:9d:ae:94:95:ba:af:1d:
                    dd:78:e1:67:88:1d:59:87:a0:60:d2:3b:77:04:ca:
                    33:b9:a9:3e:22:81:21:c7:20:7c:c8:23:8d:08:45:
                    fc:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:4F:45:A0:7B:6B:2D:B0:CC:AA:1C:87:4D:C0:CA:1C:DB:AF:DF:B9
            X509v3 Authority Key Identifier:
                keyid:BC:E1:96:3A:40:4A:73:24:0C:AD:11:6B:96:88:BF:13:10:F2:FE:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vOGWOkBKcyQMrRFrloi_ExDy_lo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/b25256-0b92-4048-af47-9c9330bd367e/1/mk9FoHtrLbDMqhyHTcDKHNuv37k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/b25256-0b92-4048-af47-9c9330bd367e/1/vOGWOkBKcyQMrRFrloi_ExDy_lo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.6.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:f5:72:0a:cf:71:76:b2:25:8d:30:dd:39:40:f6:82:00:3e:
         be:6d:44:9e:c2:7d:1f:f2:25:c4:fc:99:0e:a7:10:a2:77:99:
         c0:bb:e9:61:9b:72:2c:2b:04:fe:ad:09:70:cb:76:8c:c6:d9:
         c6:11:1e:44:49:d5:41:28:cd:bc:39:a3:aa:f0:97:25:ab:04:
         2c:5d:45:ca:44:21:2b:78:74:73:b6:bb:7f:19:a6:5d:85:bc:
         54:bb:98:90:c1:3a:eb:60:4d:54:09:84:74:1e:91:da:91:21:
         4f:3a:f8:e4:43:0c:f1:7f:7a:01:38:a3:a4:4d:96:c4:b8:46:
         64:83:d4:cf:3c:4b:11:1a:20:51:15:60:7a:15:e5:15:1a:43:
         bb:ba:7b:0b:a5:12:21:0e:3b:72:71:90:c3:1c:5b:f5:49:48:
         9b:35:f8:7a:28:98:30:d0:05:7f:fd:b2:8f:cb:96:4e:29:65:
         6d:b3:41:65:93:d7:3e:be:8e:6a:5b:da:5a:9f:67:ea:7a:6b:
         0d:a1:8d:e0:63:3c:88:22:a1:40:1a:66:5c:94:d0:a6:70:fd:
         a0:b7:6d:53:57:69:61:a4:21:de:04:2c:be:81:c1:24:52:ec:
         7a:6a:af:38:34:f7:93:d7:23:d3:25:19:c0:6c:3d:6b:74:ae:
         f5:87:da:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pTCIH17w3+M+1uQBT7CIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZTE5NjNhNDA0YTczMjQwY2FkMTE2Yjk2ODhiZjEzMTBm
MmZlNWEwHhcNMjYwMTAxMjIxOTQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTRmNDVhMDdiNmIyZGIwY2NhYTFjODc0ZGMwY2ExY2RiYWZkZmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2Ue+suPfa1xx85V4BKKFUhij2j4
7a+b5KvkZ97y7Eond3JBKnOrRO1/Rb00omEWzKWj6mBbxdkmYGLjIsD0kB89+BPl
tMk16NUZLH1MbCaAC+NF10qSDEY6Wbtv2mt/38TkNlUnoP2IwDn5y58iG88DJkNH
8bpen7pGTMEP5Stkf46tdyKXr65GoJVVO5x3jQvBRzTy6NxeV3kAxj5dgxaDuMVz
en8KUdFYmVVxUgSXtAXqRP4CpNBwFJ28n6C3WeU3wRaQbcnAjXMyTkK/Mj5hdZNk
ozTHiJ2ulJW6rx3deOFniB1Zh6Bg0jt3BMozuak+IoEhxyB8yCONCEX8KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJpPRaB7ay2wzKoch03Ayhzbr9+5MB8GA1UdIwQY
MBaAFLzhljpASnMkDK0Ra5aIvxMQ8v5aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk9HV09rQktjeVFNclJGcmxvaV9FeER5X2xvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9iMjUyNTYtMGI5Mi00MDQ4LWFmNDct
OWM5MzMwYmQzNjdlLzEvbWs5Rm9IdHJMYkRNcWh5SFRjREtITnV2MzdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9iMjUyNTYtMGI5Mi00MDQ4LWFmNDctOWM5MzMwYmQzNjdl
LzEvdk9HV09rQktjeVFNclJGcmxvaV9FeER5X2xvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgbyMA0G
CSqGSIb3DQEBCwUAA4IBAQBj9XIKz3F2siWNMN05QPaCAD6+bUSewn0f8iXE/JkO
pxCid5nAu+lhm3IsKwT+rQlwy3aMxtnGER5ESdVBKM28OaOq8JclqwQsXUXKRCEr
eHRztrt/GaZdhbxUu5iQwTrrYE1UCYR0HpHakSFPOvjkQwzxf3oBOKOkTZbEuEZk
g9TPPEsRGiBRFWB6FeUVGkO7unsLpRIhDjtycZDDHFv1SUibNfh6KJgw0AV//bKP
y5ZOKWVts0Flk9c+vo5qW9pan2fqemsNoY3gYzyIIqFAGmZclNCmcP2gt21TV2lh
pCHeBCy+gcEkUux6aq84NPeT1yPTJRnAbD1rdK71h9rk
-----END CERTIFICATE-----