This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/2a656a-9323-4424-8fb5-179792768dae/1/MmQGKSoH5LF3BVkr3ibrE-H9I9E.roa
File:                     MmQGKSoH5LF3BVkr3ibrE-H9I9E.roa (raw, json)
Hash identifier:          yWJCfOrBqqRptAvrnSvVrhM/S/WywcoV/IXeHHMd0es=
Subject key identifier:   32:64:06:29:2A:07:E4:B1:77:05:59:2B:DE:26:EB:13:E1:FD:23:D1
Certificate issuer:       /CN=c60f3246fdd61ba1b5792fe1aec4adca98d75a5c
Certificate serial:       019B7758F14BACCD893406D4EFF97F4E95AF
Authority key identifier: C6:0F:32:46:FD:D6:1B:A1:B5:79:2F:E1:AE:C4:AD:CA:98:D7:5A:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xg8yRv3WG6G1eS_hrsStypjXWlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/2a656a-9323-4424-8fb5-179792768dae/1/MmQGKSoH5LF3BVkr3ibrE-H9I9E.roa
Signing time:             Thu 01 Jan 2026 02:17:56 +0000
ROA not before:           Thu 01 Jan 2026 02:17:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214913
IP address blocks:        2001:67c:c0c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/2a656a-9323-4424-8fb5-179792768dae/1/xg8yRv3WG6G1eS_hrsStypjXWlw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/2a656a-9323-4424-8fb5-179792768dae/1/xg8yRv3WG6G1eS_hrsStypjXWlw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xg8yRv3WG6G1eS_hrsStypjXWlw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:f1:4b:ac:cd:89:34:06:d4:ef:f9:7f:4e:95:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c60f3246fdd61ba1b5792fe1aec4adca98d75a5c
        Validity
            Not Before: Jan  1 02:17:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=326406292a07e4b17705592bde26eb13e1fd23d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:14:47:83:90:69:77:cc:2b:82:70:29:f1:47:
                    a5:51:17:b3:18:15:ec:14:f3:b1:17:70:5c:14:60:
                    9a:8a:ea:ae:83:42:7d:aa:88:2e:4d:43:ce:23:84:
                    fc:a2:65:e5:cd:e2:8a:65:1f:74:49:ec:d3:b7:ec:
                    ea:26:b5:2c:51:96:05:61:06:5e:88:fd:1e:b3:38:
                    5b:f3:d6:be:38:58:07:42:f2:da:08:c3:8e:64:c6:
                    d9:b3:87:8a:5b:d7:4b:ef:44:2d:ba:70:35:5d:92:
                    0a:7e:4e:ec:f1:67:8b:c6:ca:d0:83:39:fb:13:70:
                    05:18:55:9b:9e:ee:4d:e2:0b:82:d5:e9:66:a6:00:
                    4b:9e:08:53:8f:0b:7a:9c:94:c2:61:e0:d1:78:71:
                    55:49:3f:13:8a:d6:10:b5:7e:55:8e:b7:28:ab:91:
                    47:56:c2:ef:95:84:f5:8c:52:c9:0d:8a:4c:d1:e3:
                    9f:3b:4d:cd:a3:b4:f1:84:cb:36:50:03:ae:59:86:
                    d4:62:a0:59:8b:35:7e:82:76:87:cc:6b:f7:ec:78:
                    17:a2:a5:db:b0:ee:6a:74:09:4f:96:73:4f:5c:a3:
                    cc:49:6a:79:fd:f2:00:3e:31:59:0e:22:9a:1b:a3:
                    67:27:c4:47:d2:ad:ac:37:72:0a:c2:75:6f:cc:ca:
                    fe:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:64:06:29:2A:07:E4:B1:77:05:59:2B:DE:26:EB:13:E1:FD:23:D1
            X509v3 Authority Key Identifier:
                keyid:C6:0F:32:46:FD:D6:1B:A1:B5:79:2F:E1:AE:C4:AD:CA:98:D7:5A:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xg8yRv3WG6G1eS_hrsStypjXWlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/2a656a-9323-4424-8fb5-179792768dae/1/MmQGKSoH5LF3BVkr3ibrE-H9I9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/2a656a-9323-4424-8fb5-179792768dae/1/xg8yRv3WG6G1eS_hrsStypjXWlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c0c::/48

    Signature Algorithm: sha256WithRSAEncryption
         9f:79:32:2a:73:a7:d6:89:fa:8d:8b:39:de:ec:39:62:4c:a7:
         7d:f5:13:61:05:4f:06:5e:97:25:c3:a4:6c:90:be:42:4a:29:
         a1:f9:cd:07:ed:81:e0:24:e1:6f:07:00:bb:bc:9b:db:dd:41:
         08:1f:7a:f5:20:23:a9:1e:8b:1b:6d:9c:42:7f:4d:2a:10:00:
         12:05:e5:0c:d7:cc:73:bf:40:63:52:79:c7:6e:7e:cf:c9:31:
         f1:f4:07:c8:c1:3c:19:a2:75:0d:f4:88:3c:04:b0:6e:44:64:
         79:8b:4c:87:e3:ba:0f:8b:3e:ff:46:17:f1:59:2d:1c:b4:67:
         5f:8f:2b:a4:ef:a9:c2:70:29:57:05:8a:12:08:47:3a:18:71:
         16:a0:08:53:98:87:0b:ef:81:23:c0:1c:07:f8:2d:9c:bc:e2:
         59:9f:36:d8:b4:9e:78:49:7b:5f:c0:bd:b7:dc:ca:19:2f:76:
         18:c3:05:dc:b7:ab:85:33:77:8f:61:6e:ee:de:ec:9a:f3:98:
         1f:29:b1:bc:7a:16:cd:3a:dc:20:50:5a:a2:eb:30:3b:47:36:
         f3:44:42:41:af:26:9d:b1:78:01:ca:a9:d9:9f:5b:fd:4b:01:
         47:ca:41:e9:f7:e9:2e:59:36:5f:e4:a8:a0:85:17:ec:d1:86:
         da:71:cd:14
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3WPFLrM2JNAbU7/l/TpWvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MGYzMjQ2ZmRkNjFiYTFiNTc5MmZlMWFlYzRhZGNhOThk
NzVhNWMwHhcNMjYwMTAxMDIxNzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjY0MDYyOTJhMDdlNGIxNzcwNTU5MmJkZTI2ZWIxM2UxZmQyM2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxRHg5Bpd8wrgnAp8UelURezGBXs
FPOxF3BcFGCaiuqug0J9qoguTUPOI4T8omXlzeKKZR90SezTt+zqJrUsUZYFYQZe
iP0eszhb89a+OFgHQvLaCMOOZMbZs4eKW9dL70QtunA1XZIKfk7s8WeLxsrQgzn7
E3AFGFWbnu5N4guC1elmpgBLnghTjwt6nJTCYeDReHFVST8TitYQtX5Vjrcoq5FH
VsLvlYT1jFLJDYpM0eOfO03No7TxhMs2UAOuWYbUYqBZizV+gnaHzGv37HgXoqXb
sO5qdAlPlnNPXKPMSWp5/fIAPjFZDiKaG6NnJ8RH0q2sN3IKwnVvzMr+OwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDJkBikqB+SxdwVZK94m6xPh/SPRMB8GA1UdIwQY
MBaAFMYPMkb91huhtXkv4a7ErcqY11pcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGc4eVJ2M1dHNkcxZVNfaHJzU3R5cGpYV2x3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8yYTY1NmEtOTMyMy00NDI0LThmYjUt
MTc5NzkyNzY4ZGFlLzEvTW1RR0tTb0g1TEYzQlZrcjNpYnJFLUg5STlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8yYTY1NmEtOTMyMy00NDI0LThmYjUtMTc5NzkyNzY4ZGFl
LzEveGc4eVJ2M1dHNkcxZVNfaHJzU3R5cGpYV2x3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAwM
MA0GCSqGSIb3DQEBCwUAA4IBAQCfeTIqc6fWifqNizne7DliTKd99RNhBU8GXpcl
w6RskL5CSimh+c0H7YHgJOFvBwC7vJvb3UEIH3r1ICOpHosbbZxCf00qEAASBeUM
18xzv0BjUnnHbn7PyTHx9AfIwTwZonUN9Ig8BLBuRGR5i0yH47oPiz7/RhfxWS0c
tGdfjyuk76nCcClXBYoSCEc6GHEWoAhTmIcL74EjwBwH+C2cvOJZnzbYtJ54SXtf
wL233MoZL3YYwwXct6uFM3ePYW7u3uya85gfKbG8ehbNOtwgUFqi6zA7RzbzREJB
ryadsXgByqnZn1v9SwFHykHp9+kuWTZf5KighRfs0Ybacc0U
-----END CERTIFICATE-----