This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Mb53TN6yKD50A2de1Ozhdge4mrQ.roa
File:                     Mb53TN6yKD50A2de1Ozhdge4mrQ.roa (raw, json)
Hash identifier:          2V1e3M/tFnuzlchzZk/LCxvBGVvryU2uaQdSfsUPEKA=
Subject key identifier:   31:BE:77:4C:DE:B2:28:3E:74:03:67:5E:D4:EC:E1:76:07:B8:9A:B4
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       019B9FBFA06C7DD929441834DD783F07A926
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Mb53TN6yKD50A2de1Ozhdge4mrQ.roa
Signing time:             Thu 08 Jan 2026 22:34:54 +0000
ROA not before:           Thu 08 Jan 2026 22:34:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        176.125.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 18:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:9f:bf:a0:6c:7d:d9:29:44:18:34:dd:78:3f:07:a9:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  8 22:34:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31be774cdeb2283e7403675ed4ece17607b89ab4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:cf:0a:f9:e9:6a:8a:d0:19:db:23:20:ca:7e:
                    22:83:75:8b:fc:d4:4c:f0:7a:af:b3:5d:2f:82:f0:
                    ee:86:79:91:47:71:c7:32:51:9e:78:75:07:59:09:
                    8c:92:f7:a4:0a:e3:2a:27:cc:ca:61:5f:b7:9d:73:
                    fd:a5:c0:f5:88:73:7f:44:2f:80:0e:78:59:c9:ca:
                    ee:ab:1e:8d:8c:74:48:0d:65:62:fa:50:44:4d:c1:
                    62:39:18:ec:c8:71:f3:f6:79:b0:be:13:2a:8f:a1:
                    68:f4:b9:03:0d:38:29:92:01:bd:19:ad:c2:fd:2b:
                    03:fc:a7:f3:9b:83:ca:9a:54:ce:bb:ab:8d:88:9e:
                    f0:c4:44:29:74:c9:a9:8a:13:a4:51:f2:78:cb:d4:
                    56:68:78:0c:1d:68:4c:db:a1:52:23:b8:c7:bb:06:
                    08:1d:01:68:cd:e7:19:1c:25:1c:83:90:71:92:ca:
                    53:a9:66:5f:1d:e8:a2:2f:69:97:cc:3f:13:52:7f:
                    d7:6a:fc:dc:a0:69:09:4f:72:e0:33:3e:7b:22:c1:
                    fc:ee:3a:df:67:5b:8e:72:60:9c:24:7a:cd:22:f4:
                    0f:1c:25:90:f0:64:63:62:85:14:d3:d5:1d:77:f6:
                    b2:2e:7d:9e:cf:e3:63:29:78:d7:13:28:a8:35:03:
                    7b:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:BE:77:4C:DE:B2:28:3E:74:03:67:5E:D4:EC:E1:76:07:B8:9A:B4
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Mb53TN6yKD50A2de1Ozhdge4mrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.125.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:1c:f8:aa:19:77:16:c7:56:ee:9d:3e:94:87:8a:34:c2:3c:
         01:ef:22:d9:cc:3d:c8:8c:3e:7d:60:44:7b:1d:8b:e7:47:53:
         b9:18:3e:6e:aa:a3:da:a6:ba:d8:25:38:71:a9:ed:08:85:3e:
         1d:a3:75:8c:cf:0e:cf:71:da:59:70:8e:42:7e:a9:a0:c0:48:
         f7:0d:68:c5:a0:9a:b8:b5:4c:86:4e:66:5b:b5:1e:7c:d4:c8:
         d2:ec:13:0b:5e:ab:1c:6e:a4:55:e2:c6:6a:7a:c4:0e:c0:d7:
         7b:5b:bc:9d:70:de:33:66:3c:de:41:96:07:46:5d:05:b7:65:
         40:80:cf:32:30:af:6b:b7:76:80:09:96:91:5f:57:40:bd:f8:
         24:9b:88:9f:a9:e9:58:5b:53:c7:aa:94:df:cb:a4:a5:f5:b8:
         09:99:80:4c:92:0d:e7:86:3d:5b:48:42:1f:c8:34:07:2f:7a:
         c1:c6:69:29:79:48:9d:f8:79:2c:32:2e:e3:24:78:e4:5b:b2:
         a6:52:3e:d8:68:75:da:b3:2e:9d:a7:38:0e:eb:15:d3:d7:e4:
         a3:c4:c2:93:54:a1:55:07:26:f7:62:50:cf:f1:ba:c2:34:9f:
         ac:ee:80:d4:71:3e:f5:f5:81:a2:41:52:31:83:96:58:e0:9f:
         6d:ce:73:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZufv6BsfdkpRBg03Xg/B6kmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjYwMTA4MjIzNDU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWJlNzc0Y2RlYjIyODNlNzQwMzY3NWVkNGVjZTE3NjA3Yjg5YWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqM8K+elqitAZ2yMgyn4ig3WL/NRM
8Hqvs10vgvDuhnmRR3HHMlGeeHUHWQmMkvekCuMqJ8zKYV+3nXP9pcD1iHN/RC+A
DnhZycruqx6NjHRIDWVi+lBETcFiORjsyHHz9nmwvhMqj6Fo9LkDDTgpkgG9Ga3C
/SsD/Kfzm4PKmlTOu6uNiJ7wxEQpdMmpihOkUfJ4y9RWaHgMHWhM26FSI7jHuwYI
HQFozecZHCUcg5BxkspTqWZfHeiiL2mXzD8TUn/XavzcoGkJT3LgMz57IsH87jrf
Z1uOcmCcJHrNIvQPHCWQ8GRjYoUU09Udd/ayLn2ez+NjKXjXEyioNQN7HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDG+d0zesig+dANnXtTs4XYHuJq0MB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvTWI1M1RONnlLRDUwQTJkZTFPemhkZ2U0bXJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsH36MA0G
CSqGSIb3DQEBCwUAA4IBAQAsHPiqGXcWx1bunT6Uh4o0wjwB7yLZzD3IjD59YER7
HYvnR1O5GD5uqqPaprrYJThxqe0IhT4do3WMzw7PcdpZcI5CfqmgwEj3DWjFoJq4
tUyGTmZbtR581MjS7BMLXqscbqRV4sZqesQOwNd7W7ydcN4zZjzeQZYHRl0Ft2VA
gM8yMK9rt3aACZaRX1dAvfgkm4ifqelYW1PHqpTfy6Sl9bgJmYBMkg3nhj1bSEIf
yDQHL3rBxmkpeUid+HksMi7jJHjkW7KmUj7YaHXasy6dpzgO6xXT1+SjxMKTVKFV
Byb3YlDP8brCNJ+s7oDUcT719YGiQVIxg5ZY4J9tznPA
-----END CERTIFICATE-----