This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/mU1v4mBwKEFqSi_t9_9HKcuE3IE.roa
File:                     mU1v4mBwKEFqSi_t9_9HKcuE3IE.roa (raw, json)
Hash identifier:          fMo9G9GiIez+YM8QxRoJZnJWOCmqv/xxLbPrgz7Etok=
Subject key identifier:   99:4D:6F:E2:60:70:28:41:6A:4A:2F:ED:F7:FF:47:29:CB:84:DC:81
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019B77C69E7E88B9FA47BFC4B99E08F5DB79
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/mU1v4mBwKEFqSi_t9_9HKcuE3IE.roa
Signing time:             Thu 01 Jan 2026 04:17:43 +0000
ROA not before:           Thu 01 Jan 2026 04:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49490
IP address blocks:        109.248.232.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:9e:7e:88:b9:fa:47:bf:c4:b9:9e:08:f5:db:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  1 04:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=994d6fe2607028416a4a2fedf7ff4729cb84dc81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:6f:4e:16:14:e3:1e:18:cb:6a:9b:e0:88:49:
                    ca:09:a4:f0:c9:51:f2:2a:62:a4:41:df:22:0e:4a:
                    a2:25:94:48:6c:36:8e:3c:a4:86:5f:5c:11:bf:4f:
                    fe:0d:04:98:4b:2b:c4:e4:c3:e5:47:1f:98:67:7f:
                    67:62:fa:de:5b:1e:8b:36:c7:e5:9d:32:49:6e:82:
                    f4:e4:4b:d1:0e:3e:fd:0f:59:37:01:ae:98:26:56:
                    0f:e7:c5:70:6c:be:66:a4:f7:a3:d4:d0:0e:e3:4f:
                    b1:b5:31:f4:bf:a3:4d:ee:03:ed:75:4d:f2:45:7d:
                    dd:81:cb:84:7b:7f:b4:31:d7:4f:2c:84:4c:55:6a:
                    d8:2d:89:a8:f9:39:a9:0e:aa:32:b7:4a:57:58:7c:
                    63:d7:01:71:ee:a5:85:ac:a3:fe:16:1c:2b:0e:5d:
                    40:3e:bc:d1:4a:f7:07:d0:21:9a:71:aa:51:91:41:
                    5f:09:cc:f3:88:03:cc:ef:73:ff:8a:25:da:08:99:
                    f3:1c:9b:a1:94:97:c0:6c:4b:39:eb:af:2b:f8:bf:
                    e8:ef:8f:6c:2e:66:95:c3:d4:5a:9e:c7:da:da:b1:
                    a9:ef:65:4f:26:17:88:0a:60:11:af:21:f8:00:8f:
                    21:0c:d1:93:db:ba:6a:1e:f1:44:af:de:0e:4c:84:
                    cb:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:4D:6F:E2:60:70:28:41:6A:4A:2F:ED:F7:FF:47:29:CB:84:DC:81
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/mU1v4mBwKEFqSi_t9_9HKcuE3IE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:da:1d:5b:be:08:ee:de:19:13:26:78:0d:33:30:a1:bb:79:
         6c:34:8a:1a:d8:11:fa:8c:9c:9a:3c:2a:a9:3e:4c:21:11:26:
         0e:0a:ed:ab:44:e4:32:e9:e4:ec:3d:b2:cf:b2:79:e1:99:67:
         4b:b6:5e:c3:ac:75:dd:2b:8c:0c:b8:8f:de:75:9b:d7:70:1f:
         f9:9b:38:52:cd:c7:58:3c:08:e0:0a:a5:61:13:89:26:78:6c:
         c2:10:e3:42:4a:c4:58:90:e8:70:27:c6:f9:1d:f0:b4:85:b0:
         9f:09:50:84:3c:6b:84:d1:20:c5:b2:fa:2c:7d:0a:bd:a2:0d:
         eb:d4:15:38:b8:a7:80:31:a4:cf:63:49:63:f3:60:38:85:45:
         47:63:54:f2:e2:4f:43:36:68:1c:bc:9c:d6:b3:3e:2c:e7:4b:
         d2:8e:e3:01:e2:1b:36:cb:05:09:f9:e2:f9:7e:1c:c7:57:2a:
         a1:4a:be:71:6e:77:a9:68:46:05:62:b4:eb:59:d3:5e:bc:c6:
         d9:8b:92:95:97:9e:cc:64:05:9c:5d:69:31:cd:63:01:a4:07:
         aa:18:2a:c7:66:0c:bd:ab:13:97:81:fb:4c:54:6d:96:67:a4:
         51:17:c3:dd:f5:8c:e9:32:3a:0d:ad:4d:1e:ac:3f:0e:46:af:
         4c:7e:f7:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xp5+iLn6R7/EuZ4I9dt5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwMTAxMDQxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTRkNmZlMjYwNzAyODQxNmE0YTJmZWRmN2ZmNDcyOWNiODRkYzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAum9OFhTjHhjLapvgiEnKCaTwyVHy
KmKkQd8iDkqiJZRIbDaOPKSGX1wRv0/+DQSYSyvE5MPlRx+YZ39nYvreWx6LNsfl
nTJJboL05EvRDj79D1k3Aa6YJlYP58VwbL5mpPej1NAO40+xtTH0v6NN7gPtdU3y
RX3dgcuEe3+0MddPLIRMVWrYLYmo+TmpDqoyt0pXWHxj1wFx7qWFrKP+FhwrDl1A
PrzRSvcH0CGacapRkUFfCczziAPM73P/iiXaCJnzHJuhlJfAbEs5668r+L/o749s
LmaVw9Ransfa2rGp72VPJheICmARryH4AI8hDNGT27pqHvFEr94OTITL+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJlNb+JgcChBakov7ff/RynLhNyBMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvbVUxdjRtQndLRUZxU2lfdDlfOUhLY3VFM0lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbfjoMA0G
CSqGSIb3DQEBCwUAA4IBAQA72h1bvgju3hkTJngNMzChu3lsNIoa2BH6jJyaPCqp
PkwhESYOCu2rROQy6eTsPbLPsnnhmWdLtl7DrHXdK4wMuI/edZvXcB/5mzhSzcdY
PAjgCqVhE4kmeGzCEONCSsRYkOhwJ8b5HfC0hbCfCVCEPGuE0SDFsvosfQq9og3r
1BU4uKeAMaTPY0lj82A4hUVHY1Ty4k9DNmgcvJzWsz4s50vSjuMB4hs2ywUJ+eL5
fhzHVyqhSr5xbnepaEYFYrTrWdNevMbZi5KVl57MZAWcXWkxzWMBpAeqGCrHZgy9
qxOXgftMVG2WZ6RRF8Pd9YzpMjoNrU0erD8ORq9MfvcB
-----END CERTIFICATE-----