This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/c12b00-af82-4735-aac1-2bfb6addcf45/1/nsMVjB3dBsEs4QDP-UqrSgiiMZk.roa
File:                     nsMVjB3dBsEs4QDP-UqrSgiiMZk.roa (raw, json)
Hash identifier:          4KH9ak7vbK8YvGmfh6MjtuXURmPLUowjhWOo+NHtQgk=
Subject key identifier:   9E:C3:15:8C:1D:DD:06:C1:2C:E1:00:CF:F9:4A:AB:4A:08:A2:31:99
Certificate issuer:       /CN=60f5aac76fe6bf291335d19a658e6489105b869f
Certificate serial:       019B797EF242A253D80B9AD344DDD5F9521D
Authority key identifier: 60:F5:AA:C7:6F:E6:BF:29:13:35:D1:9A:65:8E:64:89:10:5B:86:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YPWqx2_mvykTNdGaZY5kiRBbhp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/c12b00-af82-4735-aac1-2bfb6addcf45/1/nsMVjB3dBsEs4QDP-UqrSgiiMZk.roa
Signing time:             Thu 01 Jan 2026 12:18:41 +0000
ROA not before:           Thu 01 Jan 2026 12:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213485
IP address blocks:        199.34.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/c12b00-af82-4735-aac1-2bfb6addcf45/1/YPWqx2_mvykTNdGaZY5kiRBbhp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/c12b00-af82-4735-aac1-2bfb6addcf45/1/YPWqx2_mvykTNdGaZY5kiRBbhp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YPWqx2_mvykTNdGaZY5kiRBbhp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 20:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:f2:42:a2:53:d8:0b:9a:d3:44:dd:d5:f9:52:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60f5aac76fe6bf291335d19a658e6489105b869f
        Validity
            Not Before: Jan  1 12:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9ec3158c1ddd06c12ce100cff94aab4a08a23199
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:f0:70:b9:96:89:10:f5:7d:13:de:1e:cb:06:
                    50:07:7c:3c:a2:ef:4a:53:64:74:67:3c:cd:07:4d:
                    ea:74:44:65:0a:ff:b6:9f:c1:62:5f:e2:d8:a4:b8:
                    fb:ff:c9:86:a1:7a:0e:e0:38:98:d4:67:94:9f:8b:
                    29:e3:33:85:28:52:e0:b2:d0:8c:5e:b3:a2:7d:69:
                    9c:21:32:0b:3c:91:c3:35:aa:e4:14:ec:c8:eb:b5:
                    24:68:dd:b6:c5:a0:7c:67:7d:a3:a9:41:69:64:49:
                    98:e7:56:3b:3f:fb:94:f2:7f:9e:00:c9:0a:65:3a:
                    ca:7d:67:7d:ba:1b:ac:1f:83:4b:67:39:5b:fe:90:
                    9f:9f:ff:8b:12:40:e2:eb:00:13:50:33:54:bd:e8:
                    34:65:9d:7b:c4:3f:8c:1a:b1:e3:a8:a2:e1:20:85:
                    66:d6:25:9b:72:e4:e1:6e:bf:df:9c:3e:08:0f:a3:
                    91:1f:b8:9b:8e:e3:8e:af:8b:16:72:a6:f9:9e:43:
                    0c:c1:2f:fe:04:f9:46:1b:28:ad:3e:42:94:3d:69:
                    9d:57:2b:41:6f:e7:7b:b0:21:69:40:76:3d:3a:19:
                    96:f8:1d:32:f8:4d:c9:71:4c:95:80:fd:06:61:b6:
                    32:1c:ce:b6:bd:7a:82:ad:a8:f9:29:d2:b3:2a:f7:
                    f5:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:C3:15:8C:1D:DD:06:C1:2C:E1:00:CF:F9:4A:AB:4A:08:A2:31:99
            X509v3 Authority Key Identifier:
                keyid:60:F5:AA:C7:6F:E6:BF:29:13:35:D1:9A:65:8E:64:89:10:5B:86:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YPWqx2_mvykTNdGaZY5kiRBbhp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c12b00-af82-4735-aac1-2bfb6addcf45/1/nsMVjB3dBsEs4QDP-UqrSgiiMZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c12b00-af82-4735-aac1-2bfb6addcf45/1/YPWqx2_mvykTNdGaZY5kiRBbhp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.34.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:72:26:c4:67:59:79:d0:7c:c2:8a:d9:8f:e1:11:80:eb:eb:
         01:93:3d:0f:da:05:cd:88:6a:6d:40:49:39:65:26:14:51:da:
         1e:58:c5:fa:18:17:d2:ad:db:09:bc:dc:ad:4e:0a:ad:af:03:
         45:28:9a:f4:ff:3a:fc:6f:54:4c:ae:c7:3a:71:c8:60:4e:e4:
         60:c2:99:19:99:3a:e1:0f:d2:5e:a2:88:32:bf:54:11:11:12:
         e1:d6:aa:b0:65:40:6f:04:8e:c3:b2:42:20:63:c9:a9:0f:0c:
         d3:a2:4f:43:29:86:09:b9:bc:f9:c0:cd:5e:9c:f7:74:f9:41:
         0d:c2:97:9e:8e:6a:d5:e2:cf:cd:f2:55:9f:42:fb:2a:36:35:
         c8:59:5d:30:fe:62:e2:bc:4f:b9:5e:80:10:68:8b:85:2c:3a:
         58:1b:23:fc:d3:16:b9:48:1b:a9:d8:d2:03:5d:93:34:18:26:
         51:af:78:33:9f:8e:51:78:0c:15:ca:bf:03:5d:43:ff:8a:61:
         9d:c7:5d:1b:5e:d4:73:ad:bb:74:bd:92:2e:f6:be:d0:bd:16:
         2d:2e:0b:dc:c7:c7:13:8b:56:46:37:7f:6e:c3:df:9c:61:4f:
         3d:62:d5:14:8a:87:39:f2:bc:4a:a6:bc:f2:8a:fd:14:6c:ae:
         a4:41:7e:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fvJColPYC5rTRN3V+VIdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZjVhYWM3NmZlNmJmMjkxMzM1ZDE5YTY1OGU2NDg5MTA1
Yjg2OWYwHhcNMjYwMTAxMTIxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWMzMTU4YzFkZGQwNmMxMmNlMTAwY2ZmOTRhYWI0YTA4YTIzMTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7/BwuZaJEPV9E94eywZQB3w8ou9K
U2R0ZzzNB03qdERlCv+2n8FiX+LYpLj7/8mGoXoO4DiY1GeUn4sp4zOFKFLgstCM
XrOifWmcITILPJHDNarkFOzI67UkaN22xaB8Z32jqUFpZEmY51Y7P/uU8n+eAMkK
ZTrKfWd9uhusH4NLZzlb/pCfn/+LEkDi6wATUDNUveg0ZZ17xD+MGrHjqKLhIIVm
1iWbcuThbr/fnD4ID6ORH7ibjuOOr4sWcqb5nkMMwS/+BPlGGyitPkKUPWmdVytB
b+d7sCFpQHY9OhmW+B0y+E3JcUyVgP0GYbYyHM62vXqCraj5KdKzKvf15wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ7DFYwd3QbBLOEAz/lKq0oIojGZMB8GA1UdIwQY
MBaAFGD1qsdv5r8pEzXRmmWOZIkQW4afMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVBXcXgyX212eWtUTmRHYVpZNWtpUkJiaHA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9jMTJiMDAtYWY4Mi00NzM1LWFhYzEt
MmJmYjZhZGRjZjQ1LzEvbnNNVmpCM2RCc0VzNFFEUC1VcXJTZ2lpTVprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9jMTJiMDAtYWY4Mi00NzM1LWFhYzEtMmJmYjZhZGRjZjQ1
LzEvWVBXcXgyX212eWtUTmRHYVpZNWtpUkJiaHA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAxyJCMA0G
CSqGSIb3DQEBCwUAA4IBAQB1cibEZ1l50HzCitmP4RGA6+sBkz0P2gXNiGptQEk5
ZSYUUdoeWMX6GBfSrdsJvNytTgqtrwNFKJr0/zr8b1RMrsc6cchgTuRgwpkZmTrh
D9Jeoogyv1QRERLh1qqwZUBvBI7DskIgY8mpDwzTok9DKYYJubz5wM1enPd0+UEN
wpeejmrV4s/N8lWfQvsqNjXIWV0w/mLivE+5XoAQaIuFLDpYGyP80xa5SBup2NID
XZM0GCZRr3gzn45ReAwVyr8DXUP/imGdx10bXtRzrbt0vZIu9r7QvRYtLgvcx8cT
i1ZGN39uw9+cYU89YtUUioc58rxKprzyiv0UbK6kQX6q
-----END CERTIFICATE-----