This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/483487-2fc5-40f6-94f7-530177c02dcc/1/P_mFxEcYlCrFN3MG993zE4Mm2l4.roa
File:                     P_mFxEcYlCrFN3MG993zE4Mm2l4.roa (raw, json)
Hash identifier:          qelseO1it8WIi6uPqUIeiOJkVLkt0DoO5JMwvTxaQaY=
Subject key identifier:   3F:F9:85:C4:47:18:94:2A:C5:37:73:06:F7:DD:F3:13:83:26:DA:5E
Certificate issuer:       /CN=3e4b06abf07eeaac11b259a08fe171d66bd2830d
Certificate serial:       019B7B36364F0300455A9A51801895C7F925
Authority key identifier: 3E:4B:06:AB:F0:7E:EA:AC:11:B2:59:A0:8F:E1:71:D6:6B:D2:83:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PksGq_B-6qwRslmgj-Fx1mvSgw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/483487-2fc5-40f6-94f7-530177c02dcc/1/P_mFxEcYlCrFN3MG993zE4Mm2l4.roa
Signing time:             Thu 01 Jan 2026 20:18:28 +0000
ROA not before:           Thu 01 Jan 2026 20:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50767
IP address blocks:        176.104.176.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/483487-2fc5-40f6-94f7-530177c02dcc/1/PksGq_B-6qwRslmgj-Fx1mvSgw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/483487-2fc5-40f6-94f7-530177c02dcc/1/PksGq_B-6qwRslmgj-Fx1mvSgw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PksGq_B-6qwRslmgj-Fx1mvSgw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 11:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:36:4f:03:00:45:5a:9a:51:80:18:95:c7:f9:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e4b06abf07eeaac11b259a08fe171d66bd2830d
        Validity
            Not Before: Jan  1 20:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3ff985c44718942ac5377306f7ddf3138326da5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:19:75:32:4c:c8:3e:2e:6c:29:23:fa:af:05:
                    12:8b:58:7a:6d:34:99:ed:be:50:8f:d8:db:66:3d:
                    86:53:20:22:f4:bc:c7:dd:43:0a:41:91:34:67:7b:
                    02:0b:85:f1:f0:83:7e:65:7b:4a:94:2e:45:c6:b3:
                    3e:3e:76:d3:ec:95:66:cb:47:2e:57:c2:64:eb:19:
                    bc:6c:97:d7:0e:e1:df:c1:f4:07:f1:d5:45:49:ce:
                    89:ac:4c:04:2a:e9:b9:d7:69:bb:9f:58:83:70:2e:
                    0b:06:be:8f:13:5f:2f:ca:db:2f:30:aa:87:4b:7b:
                    1f:aa:b0:e0:4f:91:6e:43:52:43:88:fb:c0:4e:4b:
                    73:e2:c8:d9:33:b3:c1:10:9f:37:41:90:5e:05:fc:
                    10:b1:65:1d:52:d6:64:f8:36:aa:82:ae:2e:f4:08:
                    5d:eb:3b:85:af:83:0b:22:f2:1d:5e:82:f9:be:3c:
                    18:5e:e1:67:a2:d4:27:2f:e3:3c:b6:4c:b3:71:96:
                    51:17:74:0b:58:62:30:9d:fb:a4:df:b8:1c:4b:5c:
                    6d:f9:0d:27:55:33:11:fd:b9:56:ad:90:a4:fd:b3:
                    3d:44:7c:5d:0a:ee:1a:84:de:13:e2:b8:2c:b2:28:
                    83:b9:26:ae:1e:49:98:41:7e:a5:0b:2a:de:be:9a:
                    bc:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:F9:85:C4:47:18:94:2A:C5:37:73:06:F7:DD:F3:13:83:26:DA:5E
            X509v3 Authority Key Identifier:
                keyid:3E:4B:06:AB:F0:7E:EA:AC:11:B2:59:A0:8F:E1:71:D6:6B:D2:83:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PksGq_B-6qwRslmgj-Fx1mvSgw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/483487-2fc5-40f6-94f7-530177c02dcc/1/P_mFxEcYlCrFN3MG993zE4Mm2l4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/483487-2fc5-40f6-94f7-530177c02dcc/1/PksGq_B-6qwRslmgj-Fx1mvSgw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.104.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         63:28:f9:6b:b9:60:c0:ed:70:71:07:e0:79:cb:ee:56:f5:e4:
         ce:72:8b:0c:db:10:59:7f:ce:58:c3:44:bc:ab:78:a9:c4:7e:
         3e:39:2c:80:63:23:63:86:27:6b:04:18:94:6c:e2:22:9a:02:
         45:65:9c:dd:ad:6c:9c:69:40:b1:ff:cd:cc:21:b0:a3:6c:90:
         5b:6c:83:10:1e:84:b7:70:77:fa:c5:f4:b6:f9:39:58:cd:16:
         67:c6:8c:9d:0a:d2:4f:9b:90:8c:e2:6d:c1:c6:b4:2d:ff:42:
         ed:2d:5e:5c:c9:df:87:07:46:f9:b6:5f:90:53:eb:f7:99:7e:
         7e:87:90:35:33:c5:0e:ff:87:bb:60:51:91:31:62:ef:57:18:
         5d:25:04:bd:bb:e8:d5:03:3b:d0:92:f2:30:fb:38:c0:79:3a:
         cb:e3:65:bf:e5:63:cf:fd:ef:ad:bb:62:ac:f6:28:ef:88:49:
         ba:b3:b7:33:4a:a6:0e:2c:5d:aa:d4:7f:f7:e1:ac:20:b2:db:
         4b:e0:18:17:a0:94:a8:8f:fa:55:8d:fb:62:ff:cd:02:96:3a:
         12:78:10:e5:82:bf:6c:6a:cf:a6:50:a7:ef:d3:96:da:81:ab:
         26:7f:59:ae:02:a6:da:56:72:81:c6:0b:99:6b:00:5c:3f:74:
         f1:a9:a0:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NjZPAwBFWppRgBiVx/klMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNGIwNmFiZjA3ZWVhYWMxMWIyNTlhMDhmZTE3MWQ2NmJk
MjgzMGQwHhcNMjYwMTAxMjAxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmY5ODVjNDQ3MTg5NDJhYzUzNzczMDZmN2RkZjMxMzgzMjZkYTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBl1MkzIPi5sKSP6rwUSi1h6bTSZ
7b5Qj9jbZj2GUyAi9LzH3UMKQZE0Z3sCC4Xx8IN+ZXtKlC5FxrM+PnbT7JVmy0cu
V8Jk6xm8bJfXDuHfwfQH8dVFSc6JrEwEKum512m7n1iDcC4LBr6PE18vytsvMKqH
S3sfqrDgT5FuQ1JDiPvATktz4sjZM7PBEJ83QZBeBfwQsWUdUtZk+Daqgq4u9Ahd
6zuFr4MLIvIdXoL5vjwYXuFnotQnL+M8tkyzcZZRF3QLWGIwnfuk37gcS1xt+Q0n
VTMR/blWrZCk/bM9RHxdCu4ahN4T4rgssiiDuSauHkmYQX6lCyrevpq8RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/5hcRHGJQqxTdzBvfd8xODJtpeMB8GA1UdIwQY
MBaAFD5LBqvwfuqsEbJZoI/hcdZr0oMNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGtzR3FfQi02cXdSc2xtZ2otRngxbXZTZ3cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS80ODM0ODctMmZjNS00MGY2LTk0Zjct
NTMwMTc3YzAyZGNjLzEvUF9tRnhFY1lsQ3JGTjNNRzk5M3pFNE1tMmw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS80ODM0ODctMmZjNS00MGY2LTk0ZjctNTMwMTc3YzAyZGNj
LzEvUGtzR3FfQi02cXdSc2xtZ2otRngxbXZTZ3cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsGiwMA0G
CSqGSIb3DQEBCwUAA4IBAQBjKPlruWDA7XBxB+B5y+5W9eTOcosM2xBZf85Yw0S8
q3ipxH4+OSyAYyNjhidrBBiUbOIimgJFZZzdrWycaUCx/83MIbCjbJBbbIMQHoS3
cHf6xfS2+TlYzRZnxoydCtJPm5CM4m3BxrQt/0LtLV5cyd+HB0b5tl+QU+v3mX5+
h5A1M8UO/4e7YFGRMWLvVxhdJQS9u+jVAzvQkvIw+zjAeTrL42W/5WPP/e+tu2Ks
9ijviEm6s7czSqYOLF2q1H/34awgsttL4BgXoJSoj/pVjfti/80CljoSeBDlgr9s
as+mUKfv05bagasmf1muAqbaVnKBxguZawBcP3TxqaD8
-----END CERTIFICATE-----