This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/M_Zrv0eTt-hhAHKM89cDFtPfvPI.roa
File:                     M_Zrv0eTt-hhAHKM89cDFtPfvPI.roa (raw, json)
Hash identifier:          8QhFDfLhK8OB14NksFoRCKIZ2O0CQM/pbJL/g+vvAt4=
Subject key identifier:   33:F6:6B:BF:47:93:B7:E8:61:00:72:8C:F3:D7:03:16:D3:DF:BC:F2
Certificate issuer:       /CN=76a75826e991225a429ff8a1e7ffdc80466420df
Certificate serial:       019B7E37F0BFC6348FFC66C5DC51DD1F1793
Authority key identifier: 76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/M_Zrv0eTt-hhAHKM89cDFtPfvPI.roa
Signing time:             Fri 02 Jan 2026 10:19:13 +0000
ROA not before:           Fri 02 Jan 2026 10:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     553
IP address blocks:        153.96.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 05:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:f0:bf:c6:34:8f:fc:66:c5:dc:51:dd:1f:17:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76a75826e991225a429ff8a1e7ffdc80466420df
        Validity
            Not Before: Jan  2 10:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=33f66bbf4793b7e86100728cf3d70316d3dfbcf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:01:92:b4:4d:32:c3:70:dc:b8:c0:d0:72:34:
                    7b:9e:6d:a7:ca:60:4f:b8:e1:2c:87:9a:8f:26:cb:
                    48:7a:0c:e3:68:91:e4:7f:b0:2a:70:2a:ab:ec:9a:
                    6c:93:d1:08:a0:a8:7e:3e:37:17:19:71:00:20:68:
                    30:6b:c5:ac:75:be:95:81:eb:a7:b1:4c:3e:db:d2:
                    f2:46:e0:ba:11:f1:8c:76:71:ea:3f:b0:d0:0d:50:
                    a0:bb:48:91:f9:00:ca:dc:5b:e5:99:43:e5:3d:0c:
                    bd:40:73:02:d5:a9:d7:e7:a5:47:8c:e6:5a:eb:43:
                    08:a9:b7:d7:83:0d:e1:80:a0:8e:04:f3:51:10:75:
                    cc:90:4a:27:a5:23:64:ad:ef:c0:e1:da:f7:79:9f:
                    57:40:de:c6:cd:45:d7:bf:20:10:1c:1f:bb:17:94:
                    f7:63:82:16:d2:00:fb:53:6c:89:30:fd:df:ec:a7:
                    76:30:6c:ca:b9:90:c3:eb:2c:5c:77:1a:52:be:02:
                    56:48:90:9a:63:14:09:3e:ef:6a:27:de:53:cd:94:
                    dc:a1:f3:02:ae:5a:b5:00:ed:2d:69:9f:fb:c8:f9:
                    bf:f6:90:99:6c:33:0d:23:27:d3:be:1e:34:3f:c5:
                    e3:28:9e:92:62:0a:7e:04:a7:94:fe:3c:91:4e:08:
                    3e:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:F6:6B:BF:47:93:B7:E8:61:00:72:8C:F3:D7:03:16:D3:DF:BC:F2
            X509v3 Authority Key Identifier:
                keyid:76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/M_Zrv0eTt-hhAHKM89cDFtPfvPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.96.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:1f:a9:04:08:5a:e7:d6:e9:f1:38:cd:c8:25:74:6e:3c:0f:
         6c:03:a6:8b:3e:3e:2f:8f:af:6b:85:fd:b0:e1:9e:78:40:04:
         ab:35:6c:a3:19:2e:9b:5c:5c:2c:24:8c:0d:1f:aa:ae:e4:bf:
         9c:13:f1:91:68:bd:cf:4f:d8:9f:d9:f1:9a:d4:3d:ff:ff:cf:
         d0:6d:82:60:47:5b:aa:48:35:cb:fa:fc:30:14:c6:7b:e2:c8:
         5b:6f:53:ff:bc:39:4f:0a:bf:96:ac:c7:36:e5:4e:ba:14:71:
         0e:fd:41:93:ae:a7:6a:be:27:1c:55:8c:56:ca:cd:fd:bb:a1:
         9d:dd:a5:67:3a:8c:53:a0:34:f6:d4:36:37:da:3f:7e:ef:23:
         a1:92:33:df:98:af:ff:a2:04:28:f2:bd:31:87:f7:92:36:d6:
         c9:48:ed:a6:e6:c0:3a:df:ee:84:e0:61:51:78:4d:65:82:ab:
         ca:16:29:e6:80:07:e7:ae:db:21:7e:fa:4d:7c:d8:89:09:e2:
         e1:d7:1c:a5:20:ba:87:04:53:40:ee:30:d5:4b:fd:76:af:3c:
         66:39:1a:6a:91:d9:d6:78:93:08:16:31:dd:69:52:79:4e:51:
         02:27:cf:fc:ed:07:40:03:49:95:1f:fc:00:61:d0:ec:7e:c8:
         f1:6c:6f:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N/C/xjSP/GbF3FHdHxeTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTc1ODI2ZTk5MTIyNWE0MjlmZjhhMWU3ZmZkYzgwNDY2
NDIwZGYwHhcNMjYwMTAyMTAxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2Y2NmJiZjQ3OTNiN2U4NjEwMDcyOGNmM2Q3MDMxNmQzZGZiY2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQGStE0yw3DcuMDQcjR7nm2nymBP
uOEsh5qPJstIegzjaJHkf7AqcCqr7Jpsk9EIoKh+PjcXGXEAIGgwa8Wsdb6Vgeun
sUw+29LyRuC6EfGMdnHqP7DQDVCgu0iR+QDK3FvlmUPlPQy9QHMC1anX56VHjOZa
60MIqbfXgw3hgKCOBPNREHXMkEonpSNkre/A4dr3eZ9XQN7GzUXXvyAQHB+7F5T3
Y4IW0gD7U2yJMP3f7Kd2MGzKuZDD6yxcdxpSvgJWSJCaYxQJPu9qJ95TzZTcofMC
rlq1AO0taZ/7yPm/9pCZbDMNIyfTvh40P8XjKJ6SYgp+BKeU/jyRTgg+0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDP2a79Hk7foYQByjPPXAxbT37zyMB8GA1UdIwQY
MBaAFHanWCbpkSJaQp/4oef/3IBGZCDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTct
YWQ4ZmJlYWE4ZGQ5LzEvTV9acnYwZVR0LWhoQUhLTTg5Y0RGdFBmdlBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTctYWQ4ZmJlYWE4ZGQ5
LzEvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmWBTMA0G
CSqGSIb3DQEBCwUAA4IBAQA9H6kECFrn1unxOM3IJXRuPA9sA6aLPj4vj69rhf2w
4Z54QASrNWyjGS6bXFwsJIwNH6qu5L+cE/GRaL3PT9if2fGa1D3//8/QbYJgR1uq
SDXL+vwwFMZ74shbb1P/vDlPCr+WrMc25U66FHEO/UGTrqdqviccVYxWys39u6Gd
3aVnOoxToDT21DY32j9+7yOhkjPfmK//ogQo8r0xh/eSNtbJSO2m5sA63+6E4GFR
eE1lgqvKFinmgAfnrtshfvpNfNiJCeLh1xylILqHBFNA7jDVS/12rzxmORpqkdnW
eJMIFjHdaVJ5TlECJ8/87QdAA0mVH/wAYdDsfsjxbG8C
-----END CERTIFICATE-----