This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/mFO8chZXrXABdypz6zWwUbtApPA.roa
File:                     mFO8chZXrXABdypz6zWwUbtApPA.roa (raw, json)
Hash identifier:          vg79nXthC0p5zK52U4xBsWnMjJaUYbWfqqsqrP1l0S0=
Subject key identifier:   98:53:BC:72:16:57:AD:70:01:77:2A:73:EB:35:B0:51:BB:40:A4:F0
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       019B797F42D76A489808D49C568312BD0907
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/mFO8chZXrXABdypz6zWwUbtApPA.roa
Signing time:             Thu 01 Jan 2026 12:19:01 +0000
ROA not before:           Thu 01 Jan 2026 12:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43391
IP address blocks:        213.238.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:42:d7:6a:48:98:08:d4:9c:56:83:12:bd:09:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 12:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9853bc721657ad7001772a73eb35b051bb40a4f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:60:df:76:fc:57:81:59:cb:51:14:62:2a:5d:
                    7f:5d:e1:f0:e7:a4:a9:f1:f4:ab:0d:4c:ca:15:5f:
                    f8:cf:d0:15:58:e7:81:c1:39:2a:21:4a:dc:6f:ef:
                    e9:50:65:3c:05:6b:90:7e:f6:24:9f:d0:19:89:ae:
                    90:fc:d5:41:74:3a:37:33:2d:37:5a:8b:ee:9a:79:
                    d3:8c:44:ca:f9:1f:45:e2:5e:fa:e9:24:8f:4c:1f:
                    bd:32:7b:da:aa:95:c2:91:f4:51:d5:ff:c1:d8:cf:
                    2f:32:9b:b4:c9:2b:61:d3:b5:63:bc:98:2a:c0:43:
                    3e:8d:42:5c:bd:87:8e:87:33:04:8f:08:88:a2:af:
                    b0:aa:1d:6b:ab:29:4d:ce:02:07:81:60:1e:28:17:
                    c2:72:5a:82:42:66:11:8c:e6:01:63:f5:be:ef:69:
                    ee:16:87:33:d5:d5:f4:09:8f:fa:74:04:73:bc:ea:
                    98:28:89:fb:bb:cc:8c:83:18:39:e5:f9:e7:e7:d3:
                    89:0a:83:8f:35:8f:26:fc:c4:d6:7d:d7:0e:a5:b6:
                    25:7b:cf:3c:f6:9f:4d:e4:30:57:f4:df:8d:8e:44:
                    ab:64:bb:10:33:95:66:a5:10:40:cb:87:38:ea:30:
                    82:83:19:09:55:43:5d:da:1b:e0:64:35:2a:db:f8:
                    03:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:53:BC:72:16:57:AD:70:01:77:2A:73:EB:35:B0:51:BB:40:A4:F0
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/mFO8chZXrXABdypz6zWwUbtApPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:d0:2c:93:42:9f:7b:be:a8:e5:b4:b5:41:53:cc:4c:30:a9:
         1e:40:d3:c6:de:35:9c:a1:a4:08:82:f1:68:18:f7:7e:df:7e:
         25:41:d0:19:7a:86:e1:94:34:e8:fe:e3:2c:11:7b:a1:b8:05:
         e0:be:0e:74:c8:88:5b:e2:4f:c4:b3:93:44:38:e9:3e:77:e3:
         a1:f2:fe:4b:7f:7e:aa:da:87:0a:b3:03:0b:fe:bc:71:f8:35:
         05:a8:c4:7d:92:8f:6a:b8:e2:47:7f:3a:46:10:18:d5:ff:44:
         85:62:1d:bc:7e:74:b8:6a:ac:b3:2f:c3:a5:0d:6a:53:13:13:
         b3:11:4f:d4:62:00:36:4f:c7:95:a8:1d:65:2b:8e:3e:5b:72:
         62:5d:67:8f:42:06:a6:69:a7:e8:75:52:c9:46:f6:9c:82:c0:
         d6:b2:ff:62:69:12:21:98:52:1c:97:50:47:1a:59:db:44:1e:
         b0:a6:1c:ac:4e:96:f6:4e:69:4b:d8:97:9d:2c:0e:79:3c:dc:
         32:df:19:11:bf:4e:1e:4d:d5:f8:01:ee:da:ac:11:09:94:b2:
         d2:bc:0f:73:65:1c:4f:5d:e0:f9:96:b6:6a:99:44:2e:39:ae:
         27:12:f5:1f:94:e3:fa:2f:a1:cc:bf:3c:11:06:74:8a:b3:7a:
         31:1c:bc:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5f0LXakiYCNScVoMSvQkHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjYwMTAxMTIxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODUzYmM3MjE2NTdhZDcwMDE3NzJhNzNlYjM1YjA1MWJiNDBhNGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGDfdvxXgVnLURRiKl1/XeHw56Sp
8fSrDUzKFV/4z9AVWOeBwTkqIUrcb+/pUGU8BWuQfvYkn9AZia6Q/NVBdDo3My03
WovumnnTjETK+R9F4l766SSPTB+9MnvaqpXCkfRR1f/B2M8vMpu0ySth07VjvJgq
wEM+jUJcvYeOhzMEjwiIoq+wqh1rqylNzgIHgWAeKBfCclqCQmYRjOYBY/W+72nu
Focz1dX0CY/6dARzvOqYKIn7u8yMgxg55fnn59OJCoOPNY8m/MTWfdcOpbYle888
9p9N5DBX9N+NjkSrZLsQM5VmpRBAy4c46jCCgxkJVUNd2hvgZDUq2/gDfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJhTvHIWV61wAXcqc+s1sFG7QKTwMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvbUZPOGNoWlhyWEFCZHlwejZ6V3dVYnRBcFBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e6pMA0G
CSqGSIb3DQEBCwUAA4IBAQBV0CyTQp97vqjltLVBU8xMMKkeQNPG3jWcoaQIgvFo
GPd+334lQdAZeobhlDTo/uMsEXuhuAXgvg50yIhb4k/Es5NEOOk+d+Oh8v5Lf36q
2ocKswML/rxx+DUFqMR9ko9quOJHfzpGEBjV/0SFYh28fnS4aqyzL8OlDWpTExOz
EU/UYgA2T8eVqB1lK44+W3JiXWePQgamaafodVLJRvacgsDWsv9iaRIhmFIcl1BH
GlnbRB6wphysTpb2TmlL2JedLA55PNwy3xkRv04eTdX4Ae7arBEJlLLSvA9zZRxP
XeD5lrZqmUQuOa4nEvUflOP6L6HMvzwRBnSKs3oxHLx3
-----END CERTIFICATE-----