This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/397b5c-8fc8-4b56-b603-358145d9a81d/1/MbLIlykrQYjYoxOxJX_Xi7Q0gqo.roa
File:                     MbLIlykrQYjYoxOxJX_Xi7Q0gqo.roa (raw, json)
Hash identifier:          JZAWsqEaWoolF2K9I8eqAWU5dEjO9ZBoN8vPUph4Lm8=
Subject key identifier:   31:B2:C8:97:29:2B:41:88:D8:A3:13:B1:25:7F:D7:8B:B4:34:82:AA
Certificate issuer:       /CN=68efcca8498f5d26c120af34d846c0281ff629af
Certificate serial:       019B797E6263888DBD4BE546DFEA484D8244
Authority key identifier: 68:EF:CC:A8:49:8F:5D:26:C1:20:AF:34:D8:46:C0:28:1F:F6:29:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aO_MqEmPXSbBIK802EbAKB_2Ka8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/397b5c-8fc8-4b56-b603-358145d9a81d/1/MbLIlykrQYjYoxOxJX_Xi7Q0gqo.roa
Signing time:             Thu 01 Jan 2026 12:18:04 +0000
ROA not before:           Thu 01 Jan 2026 12:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30931
IP address blocks:        2001:67c:1b24::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/397b5c-8fc8-4b56-b603-358145d9a81d/1/aO_MqEmPXSbBIK802EbAKB_2Ka8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/397b5c-8fc8-4b56-b603-358145d9a81d/1/aO_MqEmPXSbBIK802EbAKB_2Ka8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aO_MqEmPXSbBIK802EbAKB_2Ka8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:62:63:88:8d:bd:4b:e5:46:df:ea:48:4d:82:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68efcca8498f5d26c120af34d846c0281ff629af
        Validity
            Not Before: Jan  1 12:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31b2c897292b4188d8a313b1257fd78bb43482aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a1:ba:25:67:e5:2b:a7:81:11:f8:a3:95:62:
                    da:2a:20:bd:75:8e:8c:cf:bb:8c:fa:fd:33:6d:ab:
                    7a:bf:4e:d2:0b:1b:29:ce:56:5f:00:5d:97:e3:23:
                    5a:76:3d:fa:17:58:64:61:70:cd:4c:3e:d5:61:7b:
                    d2:68:21:26:4b:32:ba:5b:c2:9d:3a:59:b2:9a:6a:
                    b7:96:09:cc:65:6e:1b:7d:8f:65:6e:6d:5b:16:05:
                    63:53:8e:46:dc:a9:6b:2c:34:21:f1:23:c4:47:ad:
                    63:06:23:d6:5c:02:e2:54:33:5a:f6:a8:6d:f3:99:
                    a9:1f:b6:5a:6a:d7:8b:ee:1c:8e:16:6d:59:92:8e:
                    bf:85:c6:90:8d:2c:94:86:63:17:72:c6:55:6d:52:
                    fb:85:40:92:35:e0:ae:3f:04:da:44:2c:68:ad:04:
                    7d:c2:41:99:ec:91:07:07:50:06:0c:49:7e:a5:41:
                    e2:9b:0c:47:80:97:0e:39:1b:68:34:88:82:8d:af:
                    d6:ac:9d:bd:22:c6:c8:93:da:c6:65:39:95:5f:78:
                    40:62:32:7f:e3:61:fb:43:ec:71:15:47:ae:4f:72:
                    04:8c:2d:22:9e:d3:f6:bd:48:1b:71:71:bd:41:a6:
                    c3:ff:dd:32:d9:fb:6a:33:c9:29:55:e1:7b:0f:54:
                    0e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:B2:C8:97:29:2B:41:88:D8:A3:13:B1:25:7F:D7:8B:B4:34:82:AA
            X509v3 Authority Key Identifier:
                keyid:68:EF:CC:A8:49:8F:5D:26:C1:20:AF:34:D8:46:C0:28:1F:F6:29:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aO_MqEmPXSbBIK802EbAKB_2Ka8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/397b5c-8fc8-4b56-b603-358145d9a81d/1/MbLIlykrQYjYoxOxJX_Xi7Q0gqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/397b5c-8fc8-4b56-b603-358145d9a81d/1/aO_MqEmPXSbBIK802EbAKB_2Ka8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1b24::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:94:21:fd:49:ae:29:04:80:ba:28:28:a6:cd:4f:1c:3d:96:
         01:5c:3d:d0:8a:10:28:47:a9:ae:e5:32:68:a8:dd:32:2d:18:
         f8:e6:f1:46:f9:72:8a:d3:74:8e:d5:13:71:2c:48:68:c2:ab:
         77:d8:2c:49:5d:36:2a:60:e9:db:76:13:1b:6e:a3:75:52:73:
         40:26:1e:28:30:f2:8b:14:7a:bb:0d:c1:33:7d:f5:d5:ce:dc:
         5a:69:f6:03:48:18:47:8e:a9:95:7d:0b:1f:8e:d5:ed:44:fa:
         52:8b:6b:d8:90:e2:29:87:bc:0f:40:ae:2e:5b:3c:5e:85:42:
         49:f8:90:ea:83:d0:34:58:33:13:ad:6f:d0:6f:4a:97:47:20:
         1a:ac:e6:cc:93:4f:2f:cb:ce:9d:68:95:0d:08:1d:7e:f7:ca:
         c1:01:cf:d6:5c:f7:06:84:bc:8b:47:52:13:c9:47:28:9d:9d:
         9b:8c:43:ff:76:4a:b8:32:1a:66:2e:3e:ed:70:95:7f:70:fc:
         ff:2b:3b:d0:d2:0c:5c:6f:b3:c1:37:82:ce:fe:5f:67:69:f6:
         f0:bc:b1:c8:fc:43:05:f2:29:38:9d:0f:2b:87:05:7b:26:74:
         38:41:fa:d3:51:c0:92:5b:c3:76:4c:10:66:e7:6f:f4:2d:0e:
         e6:85:36:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5fmJjiI29S+VG3+pITYJEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZWZjY2E4NDk4ZjVkMjZjMTIwYWYzNGQ4NDZjMDI4MWZm
NjI5YWYwHhcNMjYwMTAxMTIxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWIyYzg5NzI5MmI0MTg4ZDhhMzEzYjEyNTdmZDc4YmI0MzQ4MmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6G6JWflK6eBEfijlWLaKiC9dY6M
z7uM+v0zbat6v07SCxspzlZfAF2X4yNadj36F1hkYXDNTD7VYXvSaCEmSzK6W8Kd
Olmymmq3lgnMZW4bfY9lbm1bFgVjU45G3KlrLDQh8SPER61jBiPWXALiVDNa9qht
85mpH7ZaateL7hyOFm1Zko6/hcaQjSyUhmMXcsZVbVL7hUCSNeCuPwTaRCxorQR9
wkGZ7JEHB1AGDEl+pUHimwxHgJcOORtoNIiCja/WrJ29IsbIk9rGZTmVX3hAYjJ/
42H7Q+xxFUeuT3IEjC0intP2vUgbcXG9QabD/90y2ftqM8kpVeF7D1QOKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDGyyJcpK0GI2KMTsSV/14u0NIKqMB8GA1UdIwQY
MBaAFGjvzKhJj10mwSCvNNhGwCgf9imvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU9fTXFFbVBYU2JCSUs4MDJFYkFLQl8yS2E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zOTdiNWMtOGZjOC00YjU2LWI2MDMt
MzU4MTQ1ZDlhODFkLzEvTWJMSWx5a3JRWWpZb3hPeEpYX1hpN1EwZ3FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zOTdiNWMtOGZjOC00YjU2LWI2MDMtMzU4MTQ1ZDlhODFk
LzEvYU9fTXFFbVBYU2JCSUs4MDJFYkFLQl8yS2E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBsk
MA0GCSqGSIb3DQEBCwUAA4IBAQBMlCH9Sa4pBIC6KCimzU8cPZYBXD3QihAoR6mu
5TJoqN0yLRj45vFG+XKK03SO1RNxLEhowqt32CxJXTYqYOnbdhMbbqN1UnNAJh4o
MPKLFHq7DcEzffXVztxaafYDSBhHjqmVfQsfjtXtRPpSi2vYkOIph7wPQK4uWzxe
hUJJ+JDqg9A0WDMTrW/Qb0qXRyAarObMk08vy86daJUNCB1+98rBAc/WXPcGhLyL
R1ITyUconZ2bjEP/dkq4MhpmLj7tcJV/cPz/KzvQ0gxcb7PBN4LO/l9nafbwvLHI
/EMF8ik4nQ8rhwV7JnQ4QfrTUcCSW8N2TBBm52/0LQ7mhTaW
-----END CERTIFICATE-----