This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/MBFdqFLJcxVtOw-JJT6-6DPU4C4.roa
File:                     MBFdqFLJcxVtOw-JJT6-6DPU4C4.roa (raw, json)
Hash identifier:          0y4l4Mi7xbMuhzKukzW/37uq5/WSDRhRc3TFpkmhncA=
Subject key identifier:   30:11:5D:A8:52:C9:73:15:6D:3B:0F:89:25:3E:BE:E8:33:D4:E0:2E
Certificate issuer:       /CN=57182aab5ad9efa380a6c6f06c016e158be977bc
Certificate serial:       019B7FF25EC8C580491B32E38463F6D545EB
Authority key identifier: 57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/MBFdqFLJcxVtOw-JJT6-6DPU4C4.roa
Signing time:             Fri 02 Jan 2026 18:22:29 +0000
ROA not before:           Fri 02 Jan 2026 18:22:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43193
IP address blocks:        2a02:1140:100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:5e:c8:c5:80:49:1b:32:e3:84:63:f6:d5:45:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57182aab5ad9efa380a6c6f06c016e158be977bc
        Validity
            Not Before: Jan  2 18:22:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=30115da852c973156d3b0f89253ebee833d4e02e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:a7:8d:42:b1:70:3c:86:94:4f:67:68:4a:61:
                    e1:f2:4e:cd:4c:0b:5d:8e:56:1c:dc:01:4a:4e:7a:
                    99:83:68:c0:79:e9:0f:16:b2:3b:19:ce:7c:62:03:
                    b2:fa:6f:cd:5c:b3:45:ab:e3:df:08:db:7c:33:19:
                    87:96:40:33:3d:43:10:86:04:90:e2:40:a1:55:5b:
                    6b:02:79:b9:aa:cd:6c:46:32:91:93:d3:ce:aa:ae:
                    e2:18:82:5a:d1:00:cb:7a:00:c9:79:54:48:cf:5e:
                    fe:55:5d:5b:a0:dc:9f:1a:46:6e:8e:50:3e:2e:bc:
                    d7:3e:f8:21:54:21:ad:83:89:b2:6c:78:70:2a:b0:
                    5c:44:06:5b:c0:65:77:e4:95:19:e3:4a:ac:ba:30:
                    bd:fb:3a:49:c8:4c:42:02:28:31:09:3a:17:7f:25:
                    1f:ec:4d:f1:63:bc:3c:38:32:de:71:af:68:7b:4e:
                    0c:73:31:a7:6b:78:2c:76:10:5b:87:14:1d:2f:c1:
                    8b:a8:8a:7c:53:99:34:a1:8c:d4:ee:75:15:bf:d6:
                    87:83:3b:45:98:ac:66:01:93:07:75:ba:72:79:ca:
                    0b:95:df:a1:20:0a:d5:dc:3c:39:a1:be:8a:be:c0:
                    31:be:cb:b8:fb:eb:af:3d:53:c5:77:f0:1b:59:44:
                    cd:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:11:5D:A8:52:C9:73:15:6D:3B:0F:89:25:3E:BE:E8:33:D4:E0:2E
            X509v3 Authority Key Identifier:
                keyid:57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/MBFdqFLJcxVtOw-JJT6-6DPU4C4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:1140:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         17:c4:f1:c2:11:0b:07:67:6b:89:10:2d:75:97:a6:2d:40:d7:
         49:a4:b8:3b:51:06:ba:cf:cc:b3:37:92:58:b4:cf:4b:02:b2:
         83:6d:ef:08:2e:bb:4d:fc:b1:f1:a1:cd:21:1c:a8:c0:e7:ca:
         71:c6:d2:61:28:5b:74:fc:b1:9a:17:d8:68:76:e2:74:ad:1f:
         52:06:b4:c4:54:89:2d:65:d1:91:89:5e:70:dc:40:06:27:7b:
         a9:df:5d:5f:95:76:5a:81:5c:c0:0f:0c:ff:a2:40:2d:a1:29:
         c6:6d:08:54:ce:4e:05:58:6b:d7:1a:b5:4b:7e:93:c2:67:dd:
         42:67:1c:73:df:98:43:13:43:e0:cb:b3:6c:7c:20:ef:6c:a7:
         76:f0:11:6b:8b:9e:98:95:c4:8b:fa:57:16:97:ee:96:e0:35:
         90:6d:31:ae:4b:fb:05:77:89:e7:3e:46:77:bd:6d:7b:6d:cf:
         f8:35:f8:ed:ab:ec:a7:89:fe:2d:f0:0a:a9:00:7c:09:ae:8c:
         53:78:ce:4b:4c:e7:75:a5:4d:c1:a2:1e:f9:58:5f:46:dd:81:
         7e:51:27:79:8b:52:29:45:f0:66:98:e3:47:c4:0d:5d:82:9d:
         40:c3:5b:5f:dc:3f:af:24:5b:dd:49:88:74:13:be:96:05:9f:
         fe:51:ad:3f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt/8l7IxYBJGzLjhGP21UXrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTgyYWFiNWFkOWVmYTM4MGE2YzZmMDZjMDE2ZTE1OGJl
OTc3YmMwHhcNMjYwMTAyMTgyMjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDExNWRhODUyYzk3MzE1NmQzYjBmODkyNTNlYmVlODMzZDRlMDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6KeNQrFwPIaUT2doSmHh8k7NTAtd
jlYc3AFKTnqZg2jAeekPFrI7Gc58YgOy+m/NXLNFq+PfCNt8MxmHlkAzPUMQhgSQ
4kChVVtrAnm5qs1sRjKRk9POqq7iGIJa0QDLegDJeVRIz17+VV1boNyfGkZujlA+
LrzXPvghVCGtg4mybHhwKrBcRAZbwGV35JUZ40qsujC9+zpJyExCAigxCToXfyUf
7E3xY7w8ODLeca9oe04MczGna3gsdhBbhxQdL8GLqIp8U5k0oYzU7nUVv9aHgztF
mKxmAZMHdbpyecoLld+hIArV3Dw5ob6KvsAxvsu4++uvPVPFd/AbWUTNAQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDARXahSyXMVbTsPiSU+vugz1OAuMB8GA1UdIwQY
MBaAFFcYKqta2e+jgKbG8GwBbhWL6Xe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYt
YTk2YzYyNjZhYmRiLzEvTUJGZHFGTEpjeFZ0T3ctSkpUNi02RFBVNEM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYtYTk2YzYyNjZhYmRi
LzEvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgIRQAEw
DQYJKoZIhvcNAQELBQADggEBABfE8cIRCwdna4kQLXWXpi1A10mkuDtRBrrPzLM3
kli0z0sCsoNt7wguu038sfGhzSEcqMDnynHG0mEoW3T8sZoX2Gh24nStH1IGtMRU
iS1l0ZGJXnDcQAYne6nfXV+VdlqBXMAPDP+iQC2hKcZtCFTOTgVYa9catUt+k8Jn
3UJnHHPfmEMTQ+DLs2x8IO9sp3bwEWuLnpiVxIv6VxaX7pbgNZBtMa5L+wV3iec+
Rne9bXttz/g1+O2r7KeJ/i3wCqkAfAmujFN4zktM53WlTcGiHvlYX0bdgX5RJ3mL
UilF8GaY40fEDV2CnUDDW1/cP68kW91JiHQTvpYFn/5RrT8=
-----END CERTIFICATE-----