This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/cf4d9e-59c9-4f9f-8f32-a348821ca1e0/1/mNCgVhtdcHk_wU97-Gy3cw-WdNw.roa
File:                     mNCgVhtdcHk_wU97-Gy3cw-WdNw.roa (raw, json)
Hash identifier:          mTADEdCwBT4z8h+n4TsVWFX5hSFlb40/mneHRKe61U0=
Subject key identifier:   98:D0:A0:56:1B:5D:70:79:3F:C1:4F:7B:F8:6C:B7:73:0F:96:74:DC
Certificate issuer:       /CN=9d08735a357d31fa8ada31e29f19586a6ffd9592
Certificate serial:       019B7DC94A1E84CF6E767ED69EF796739B52
Authority key identifier: 9D:08:73:5A:35:7D:31:FA:8A:DA:31:E2:9F:19:58:6A:6F:FD:95:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nQhzWjV9MfqK2jHinxlYam_9lZI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/cf4d9e-59c9-4f9f-8f32-a348821ca1e0/1/mNCgVhtdcHk_wU97-Gy3cw-WdNw.roa
Signing time:             Fri 02 Jan 2026 08:18:22 +0000
ROA not before:           Fri 02 Jan 2026 08:18:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215604
IP address blocks:        194.169.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/cf4d9e-59c9-4f9f-8f32-a348821ca1e0/1/nQhzWjV9MfqK2jHinxlYam_9lZI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/cf4d9e-59c9-4f9f-8f32-a348821ca1e0/1/nQhzWjV9MfqK2jHinxlYam_9lZI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nQhzWjV9MfqK2jHinxlYam_9lZI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:4a:1e:84:cf:6e:76:7e:d6:9e:f7:96:73:9b:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d08735a357d31fa8ada31e29f19586a6ffd9592
        Validity
            Not Before: Jan  2 08:18:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=98d0a0561b5d70793fc14f7bf86cb7730f9674dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:6c:9b:8f:f9:ae:c9:bd:70:b0:ba:a1:be:c6:
                    61:1d:2f:f2:a4:dc:75:f9:60:24:a9:b3:b2:9a:42:
                    52:8f:d6:f4:8d:cc:e1:cc:2f:27:ef:79:35:c6:66:
                    c1:af:46:dc:43:af:3c:d7:c7:97:97:c5:3d:35:68:
                    d5:df:93:32:3f:5c:77:2f:4d:a0:16:6c:3b:ee:88:
                    9b:34:f8:be:b3:e8:bd:2a:f6:d3:d0:74:01:be:f1:
                    be:95:8c:9f:a7:d3:3d:44:9a:ec:6c:31:29:b9:32:
                    9f:0b:29:b8:b3:50:f4:32:d7:b3:4e:d1:86:da:38:
                    9b:0d:de:64:fb:ad:d4:01:93:47:9f:74:4e:38:d8:
                    a3:b4:2f:19:42:b2:62:a1:dc:d4:c1:2c:dc:52:be:
                    c5:5f:91:7b:a7:cc:a0:94:6e:06:09:ea:59:9f:f6:
                    d8:61:ca:27:e6:e4:5f:d1:02:53:9f:b0:91:03:e2:
                    0f:93:15:32:a7:d5:53:24:63:dc:67:6e:7a:91:aa:
                    65:d7:6f:a6:9a:7b:fc:b5:2e:d7:07:a4:ec:17:cc:
                    83:b7:48:d8:4e:4b:5d:aa:e1:b3:16:a7:95:88:0d:
                    52:76:9c:c5:db:a3:16:5c:46:47:ea:5a:3f:2c:92:
                    86:66:97:46:53:42:7c:7f:8a:9d:a7:6d:9e:ac:a9:
                    9e:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:D0:A0:56:1B:5D:70:79:3F:C1:4F:7B:F8:6C:B7:73:0F:96:74:DC
            X509v3 Authority Key Identifier:
                keyid:9D:08:73:5A:35:7D:31:FA:8A:DA:31:E2:9F:19:58:6A:6F:FD:95:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nQhzWjV9MfqK2jHinxlYam_9lZI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/cf4d9e-59c9-4f9f-8f32-a348821ca1e0/1/mNCgVhtdcHk_wU97-Gy3cw-WdNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/cf4d9e-59c9-4f9f-8f32-a348821ca1e0/1/nQhzWjV9MfqK2jHinxlYam_9lZI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:37:0a:3d:f1:e9:7b:c0:c7:e2:4f:31:f0:41:d1:e0:7e:fa:
         d0:b4:87:a7:41:ea:fb:37:cb:d4:28:2d:d1:16:58:55:ab:26:
         cf:6b:19:3c:fa:eb:32:99:00:7e:e1:af:79:67:f1:74:cf:7d:
         1b:75:4b:a7:2b:cf:c9:de:61:21:40:49:82:4f:57:8c:91:ee:
         45:48:86:52:a2:a0:38:e5:c6:03:2d:0e:a5:59:71:3e:25:9c:
         44:1b:cd:50:a8:f4:bc:9c:08:dd:c8:76:44:36:d3:56:ca:a6:
         00:31:2c:81:ea:90:4b:cf:dd:bd:db:61:09:37:31:7a:3c:98:
         b1:f9:ed:b9:39:8e:50:2f:cc:ca:8d:85:80:6d:cc:ae:17:6e:
         c9:4d:71:a1:25:47:a4:aa:5a:08:38:f2:5a:79:a9:4f:4a:ce:
         5a:80:e8:fa:77:1c:35:80:1b:1a:7e:bb:6c:14:26:c8:7c:cf:
         11:66:30:b5:ef:17:02:37:75:db:62:03:fc:50:7b:0d:9c:32:
         c0:97:51:26:14:0e:23:02:25:5b:a3:25:67:0a:bf:1a:57:6d:
         b6:49:40:73:0b:d1:93:06:37:48:bf:e2:dd:de:25:b0:50:9e:
         a2:2f:8d:f9:91:89:80:63:50:86:44:c6:e4:de:17:fa:c5:11:
         cd:71:f3:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yUoehM9udn7WnveWc5tSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMDg3MzVhMzU3ZDMxZmE4YWRhMzFlMjlmMTk1ODZhNmZm
ZDk1OTIwHhcNMjYwMTAyMDgxODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGQwYTA1NjFiNWQ3MDc5M2ZjMTRmN2JmODZjYjc3MzBmOTY3NGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWybj/muyb1wsLqhvsZhHS/ypNx1
+WAkqbOymkJSj9b0jczhzC8n73k1xmbBr0bcQ68818eXl8U9NWjV35MyP1x3L02g
Fmw77oibNPi+s+i9KvbT0HQBvvG+lYyfp9M9RJrsbDEpuTKfCym4s1D0MtezTtGG
2jibDd5k+63UAZNHn3ROONijtC8ZQrJiodzUwSzcUr7FX5F7p8yglG4GCepZn/bY
Ycon5uRf0QJTn7CRA+IPkxUyp9VTJGPcZ256kapl12+mmnv8tS7XB6TsF8yDt0jY
TktdquGzFqeViA1SdpzF26MWXEZH6lo/LJKGZpdGU0J8f4qdp22erKmeCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJjQoFYbXXB5P8FPe/hst3MPlnTcMB8GA1UdIwQY
MBaAFJ0Ic1o1fTH6itox4p8ZWGpv/ZWSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblFoeldqVjlNZnFLMmpIaW54bFlhbV85bFpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9jZjRkOWUtNTljOS00ZjlmLThmMzIt
YTM0ODgyMWNhMWUwLzEvbU5DZ1ZodGRjSGtfd1U5Ny1HeTNjdy1XZE53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9jZjRkOWUtNTljOS00ZjlmLThmMzItYTM0ODgyMWNhMWUw
LzEvblFoeldqVjlNZnFLMmpIaW54bFlhbV85bFpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwql9MA0G
CSqGSIb3DQEBCwUAA4IBAQB8Nwo98el7wMfiTzHwQdHgfvrQtIenQer7N8vUKC3R
FlhVqybPaxk8+usymQB+4a95Z/F0z30bdUunK8/J3mEhQEmCT1eMke5FSIZSoqA4
5cYDLQ6lWXE+JZxEG81QqPS8nAjdyHZENtNWyqYAMSyB6pBLz92922EJNzF6PJix
+e25OY5QL8zKjYWAbcyuF27JTXGhJUekqloIOPJaealPSs5agOj6dxw1gBsafrts
FCbIfM8RZjC17xcCN3XbYgP8UHsNnDLAl1EmFA4jAiVboyVnCr8aV222SUBzC9GT
BjdIv+Ld3iWwUJ6iL435kYmAY1CGRMbk3hf6xRHNcfN8
-----END CERTIFICATE-----