This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/ma_hJ5Go12WDQL6E3MOLLSFUGZg.roa
File:                     ma_hJ5Go12WDQL6E3MOLLSFUGZg.roa (raw, json)
Hash identifier:          ri5qcBP3AFkKJ9Kz9G4biTaRxnIVuPjswlV7TfCNoUM=
Subject key identifier:   99:AF:E1:27:91:A8:D7:65:83:40:BE:84:DC:C3:8B:2D:21:54:19:98
Certificate issuer:       /CN=b6f3db35659133315d2fcf93058dce350a4cb17a
Certificate serial:       019B7E3895354AE1EFD48427721FAFB47018
Authority key identifier: B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/ma_hJ5Go12WDQL6E3MOLLSFUGZg.roa
Signing time:             Fri 02 Jan 2026 10:19:56 +0000
ROA not before:           Fri 02 Jan 2026 10:19:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212825
IP address blocks:        194.44.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:95:35:4a:e1:ef:d4:84:27:72:1f:af:b4:70:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6f3db35659133315d2fcf93058dce350a4cb17a
        Validity
            Not Before: Jan  2 10:19:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=99afe12791a8d7658340be84dcc38b2d21541998
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:25:6d:f8:a9:a4:33:f5:33:c8:ed:05:e6:a1:
                    96:6e:78:d4:a0:d9:92:ae:9c:44:cd:a6:05:5b:c4:
                    b6:a2:0a:33:ab:e8:6d:1d:dc:d4:42:26:e8:8f:6b:
                    4e:c4:89:5d:67:86:af:ef:f8:a2:cf:de:21:e1:4b:
                    80:d1:af:7d:90:77:af:c9:3d:3a:40:21:54:cd:20:
                    b3:1c:9c:4b:e4:11:16:54:3c:3f:5a:5d:0f:36:9f:
                    3a:59:c8:9d:c0:70:3e:fe:cc:8a:56:d8:78:ba:4f:
                    9f:57:15:ca:d5:fc:21:98:28:36:cd:56:64:25:f1:
                    06:fc:36:08:fb:91:23:b9:1d:7d:f1:32:28:bf:75:
                    8c:15:e6:9f:2a:fa:71:24:ca:95:37:a9:d7:25:ee:
                    e1:df:c8:92:f3:02:60:aa:3b:a6:75:58:9d:1e:66:
                    53:d5:a8:01:6c:eb:f0:9e:0a:9d:bf:11:14:c5:70:
                    b5:48:d7:42:e0:1b:be:ab:9d:b1:4c:a1:ec:b1:19:
                    e6:8c:ed:7a:11:47:29:c9:c6:a3:11:09:92:56:1e:
                    0f:05:88:83:86:81:d9:2c:9d:d2:1c:f2:3d:53:16:
                    ac:72:4c:fc:7d:d6:e2:46:f6:ee:c0:1d:a2:c4:09:
                    01:31:f4:6b:04:68:99:5f:68:0f:9b:8e:20:fa:7b:
                    b9:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:AF:E1:27:91:A8:D7:65:83:40:BE:84:DC:C3:8B:2D:21:54:19:98
            X509v3 Authority Key Identifier:
                keyid:B6:F3:DB:35:65:91:33:31:5D:2F:CF:93:05:8D:CE:35:0A:4C:B1:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tvPbNWWRMzFdL8-TBY3ONQpMsXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/ma_hJ5Go12WDQL6E3MOLLSFUGZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70bffe-b4f3-449e-81ed-549ee6d30fb6/1/tvPbNWWRMzFdL8-TBY3ONQpMsXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.44.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:ce:ef:59:bc:f7:b2:8c:a8:2e:e9:38:8f:0b:66:40:aa:50:
         e8:01:f9:db:ca:ee:0c:1c:fb:32:bf:0e:bd:1b:3a:e9:d2:6e:
         84:f4:5b:c5:89:72:0a:99:4b:6f:56:9d:8b:bc:07:98:b8:7b:
         50:8e:70:c4:c8:70:40:8f:fa:e8:67:44:de:fe:d2:b2:21:f4:
         2c:ec:68:d9:e2:99:93:f6:cd:69:9b:8f:83:24:1f:d3:42:ee:
         54:dd:0f:cb:5f:f7:28:b0:d9:4c:30:e6:1d:ac:69:2b:92:c0:
         70:9f:92:4f:2c:5c:93:98:88:43:9e:89:6e:2d:16:75:d3:a6:
         ac:b9:38:01:85:b6:54:52:36:c3:17:59:87:b6:34:2a:18:36:
         09:86:ca:d1:4f:ec:6c:f1:ff:03:5f:46:1e:e3:cd:25:28:cd:
         68:a0:f7:8c:14:37:d0:25:65:12:52:bc:1b:c4:72:98:2e:48:
         5f:22:14:cb:a5:33:27:0c:2d:ad:a4:62:36:47:44:55:dd:ca:
         01:43:3c:a0:9b:9e:62:99:ee:01:1d:91:15:28:e8:6b:dc:69:
         d9:af:82:3f:16:d6:df:b4:96:2d:9a:f4:cb:da:14:3b:f6:40:
         37:df:23:c0:c7:a1:18:59:0e:31:72:53:b2:09:c0:bd:b9:8b:
         f2:16:9a:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OJU1SuHv1IQnch+vtHAYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZjNkYjM1NjU5MTMzMzE1ZDJmY2Y5MzA1OGRjZTM1MGE0
Y2IxN2EwHhcNMjYwMTAyMTAxOTU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWFmZTEyNzkxYThkNzY1ODM0MGJlODRkY2MzOGIyZDIxNTQxOTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSVt+KmkM/UzyO0F5qGWbnjUoNmS
rpxEzaYFW8S2ogozq+htHdzUQiboj2tOxIldZ4av7/iiz94h4UuA0a99kHevyT06
QCFUzSCzHJxL5BEWVDw/Wl0PNp86WcidwHA+/syKVth4uk+fVxXK1fwhmCg2zVZk
JfEG/DYI+5EjuR198TIov3WMFeafKvpxJMqVN6nXJe7h38iS8wJgqjumdVidHmZT
1agBbOvwngqdvxEUxXC1SNdC4Bu+q52xTKHssRnmjO16EUcpycajEQmSVh4PBYiD
hoHZLJ3SHPI9Uxasckz8fdbiRvbuwB2ixAkBMfRrBGiZX2gPm44g+nu50QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJmv4SeRqNdlg0C+hNzDiy0hVBmYMB8GA1UdIwQY
MBaAFLbz2zVlkTMxXS/PkwWNzjUKTLF6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQt
NTQ5ZWU2ZDMwZmI2LzEvbWFfaEo1R28xMldEUUw2RTNNT0xMU0ZVR1pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MGJmZmUtYjRmMy00NDllLTgxZWQtNTQ5ZWU2ZDMwZmI2
LzEvdHZQYk5XV1JNekZkTDgtVEJZM09OUXBNc1hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiywMA0G
CSqGSIb3DQEBCwUAA4IBAQAAzu9ZvPeyjKgu6TiPC2ZAqlDoAfnbyu4MHPsyvw69
Gzrp0m6E9FvFiXIKmUtvVp2LvAeYuHtQjnDEyHBAj/roZ0Te/tKyIfQs7GjZ4pmT
9s1pm4+DJB/TQu5U3Q/LX/cosNlMMOYdrGkrksBwn5JPLFyTmIhDnoluLRZ106as
uTgBhbZUUjbDF1mHtjQqGDYJhsrRT+xs8f8DX0Ye480lKM1ooPeMFDfQJWUSUrwb
xHKYLkhfIhTLpTMnDC2tpGI2R0RV3coBQzygm55ime4BHZEVKOhr3GnZr4I/Ftbf
tJYtmvTL2hQ79kA33yPAx6EYWQ4xclOyCcC9uYvyFpq7
-----END CERTIFICATE-----