This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/MzmWO7LoBcnanX-oi0jTnFog8Sk.roa
File:                     MzmWO7LoBcnanX-oi0jTnFog8Sk.roa (raw, json)
Hash identifier:          5odMEIfNAjn0z/TvPiyQ2V/cG1Zv5Ya9/4mq6vD/C1A=
Subject key identifier:   33:39:96:3B:B2:E8:05:C9:DA:9D:7F:A8:8B:48:D3:9C:5A:20:F1:29
Certificate issuer:       /CN=ecf42776be532bd0575332855d8c42c4952ed931
Certificate serial:       019B7BA3872F08F34C26FB3CEE26B73B541E
Authority key identifier: EC:F4:27:76:BE:53:2B:D0:57:53:32:85:5D:8C:42:C4:95:2E:D9:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7PQndr5TK9BXUzKFXYxCxJUu2TE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/MzmWO7LoBcnanX-oi0jTnFog8Sk.roa
Signing time:             Thu 01 Jan 2026 22:17:52 +0000
ROA not before:           Thu 01 Jan 2026 22:17:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16085
IP address blocks:        146.109.8.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/7PQndr5TK9BXUzKFXYxCxJUu2TE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/7PQndr5TK9BXUzKFXYxCxJUu2TE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7PQndr5TK9BXUzKFXYxCxJUu2TE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 22:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:87:2f:08:f3:4c:26:fb:3c:ee:26:b7:3b:54:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecf42776be532bd0575332855d8c42c4952ed931
        Validity
            Not Before: Jan  1 22:17:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3339963bb2e805c9da9d7fa88b48d39c5a20f129
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:55:47:81:24:fa:77:62:54:21:74:ce:c9:de:
                    e7:a3:bf:9f:03:cb:50:68:f8:f0:53:18:b8:e6:b1:
                    76:92:58:61:7b:8a:e7:35:63:56:74:23:a3:82:6b:
                    34:b3:d9:0d:82:2d:32:01:ef:88:0e:47:b1:0d:93:
                    03:da:ea:c6:db:b6:d1:7c:aa:a4:9b:9b:77:cf:b0:
                    26:78:50:c8:d8:e1:7b:32:f6:d2:30:76:a1:f8:7b:
                    57:35:c7:0c:e9:3a:38:2f:42:91:f7:ad:83:09:68:
                    a7:be:19:9c:e8:d1:ea:f8:ad:ed:af:8e:bf:0c:18:
                    ed:a9:9e:f8:81:75:1a:3c:80:4e:1d:ad:20:3c:81:
                    82:73:81:89:54:e7:16:21:42:1d:f3:ad:e8:28:47:
                    a2:55:a8:f4:58:a8:37:30:f7:13:da:4a:c4:56:6a:
                    56:05:c2:40:63:7e:a6:95:67:b7:63:8b:cb:50:ad:
                    07:6b:46:f4:9c:fb:cb:3b:8b:66:b2:64:4c:94:e0:
                    5d:ad:c9:7a:ac:fd:c0:25:19:8b:48:a6:07:b5:30:
                    84:9c:ca:c0:d0:8e:6f:a5:4e:28:a9:97:d0:05:7a:
                    18:bf:ea:db:b7:61:62:8e:36:07:66:31:af:b6:9b:
                    75:e3:91:db:04:39:c2:bc:eb:29:39:f8:64:29:78:
                    d1:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:39:96:3B:B2:E8:05:C9:DA:9D:7F:A8:8B:48:D3:9C:5A:20:F1:29
            X509v3 Authority Key Identifier:
                keyid:EC:F4:27:76:BE:53:2B:D0:57:53:32:85:5D:8C:42:C4:95:2E:D9:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7PQndr5TK9BXUzKFXYxCxJUu2TE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/MzmWO7LoBcnanX-oi0jTnFog8Sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/7PQndr5TK9BXUzKFXYxCxJUu2TE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.109.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0f:ae:a2:20:ee:ab:6d:1d:ef:21:9b:d8:6b:7d:3f:2b:d0:89:
         76:0c:cd:b9:7a:48:cf:5e:3a:63:ca:6c:25:fd:70:eb:7f:25:
         49:af:d4:24:67:11:3b:c3:e6:7c:1e:81:59:66:d7:72:2d:e7:
         9f:57:a0:3a:30:82:99:c9:4a:06:e9:b8:d3:87:02:43:36:4b:
         cc:76:b8:01:9c:f5:dc:ba:d0:91:5d:bd:a7:d4:b6:40:b7:b2:
         fa:4a:7f:0c:4a:4a:29:36:73:b5:28:5f:e7:91:10:40:c6:3e:
         18:fc:5d:29:f2:3a:d6:a6:55:85:c4:af:f3:aa:49:3e:c4:6d:
         f2:85:f0:97:9e:15:b6:47:c8:62:fd:e4:74:80:bb:23:20:cb:
         00:74:04:8c:23:ba:62:3a:b6:b7:13:cc:5e:1d:d0:f8:4c:c7:
         8b:46:96:89:c8:ff:6d:0f:07:bf:31:23:40:27:c1:b8:ee:a2:
         7f:9e:01:a0:e4:15:f1:2a:5f:0b:8d:1f:a1:0e:d2:20:bd:dd:
         a1:4b:a0:6d:dd:4c:25:26:89:64:14:7d:f9:1a:83:cf:76:c4:
         65:46:05:16:1b:e5:db:da:ac:fb:96:4a:e1:68:ad:6b:cb:7a:
         8f:26:10:80:36:cd:ce:ba:93:76:c0:58:a5:3a:1b:52:43:3d:
         dd:75:b4:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o4cvCPNMJvs87ia3O1QeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjZjQyNzc2YmU1MzJiZDA1NzUzMzI4NTVkOGM0MmM0OTUy
ZWQ5MzEwHhcNMjYwMTAxMjIxNzUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzM5OTYzYmIyZTgwNWM5ZGE5ZDdmYTg4YjQ4ZDM5YzVhMjBmMTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlVHgST6d2JUIXTOyd7no7+fA8tQ
aPjwUxi45rF2klhhe4rnNWNWdCOjgms0s9kNgi0yAe+IDkexDZMD2urG27bRfKqk
m5t3z7AmeFDI2OF7MvbSMHah+HtXNccM6To4L0KR962DCWinvhmc6NHq+K3tr46/
DBjtqZ74gXUaPIBOHa0gPIGCc4GJVOcWIUId863oKEeiVaj0WKg3MPcT2krEVmpW
BcJAY36mlWe3Y4vLUK0Ha0b0nPvLO4tmsmRMlOBdrcl6rP3AJRmLSKYHtTCEnMrA
0I5vpU4oqZfQBXoYv+rbt2FijjYHZjGvtpt145HbBDnCvOspOfhkKXjRuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDM5ljuy6AXJ2p1/qItI05xaIPEpMB8GA1UdIwQY
MBaAFOz0J3a+UyvQV1MyhV2MQsSVLtkxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1BRbmRyNVRLOUJYVXpLRlhZeEN4SlV1MlRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9lYmQ0OWYtZjU2OS00MTUyLWIwYjgt
NWU1M2MyM2I1NWIwLzEvTXptV083TG9CY25hblgtb2kwalRuRm9nOFNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9lYmQ0OWYtZjU2OS00MTUyLWIwYjgtNWU1M2MyM2I1NWIw
LzEvN1BRbmRyNVRLOUJYVXpLRlhZeEN4SlV1MlRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDkm0IMA0G
CSqGSIb3DQEBCwUAA4IBAQAPrqIg7qttHe8hm9hrfT8r0Il2DM25ekjPXjpjymwl
/XDrfyVJr9QkZxE7w+Z8HoFZZtdyLeefV6A6MIKZyUoG6bjThwJDNkvMdrgBnPXc
utCRXb2n1LZAt7L6Sn8MSkopNnO1KF/nkRBAxj4Y/F0p8jrWplWFxK/zqkk+xG3y
hfCXnhW2R8hi/eR0gLsjIMsAdASMI7piOra3E8xeHdD4TMeLRpaJyP9tDwe/MSNA
J8G47qJ/ngGg5BXxKl8LjR+hDtIgvd2hS6Bt3UwlJolkFH35GoPPdsRlRgUWG+Xb
2qz7lkrhaK1ry3qPJhCANs3OupN2wFilOhtSQz3ddbRX
-----END CERTIFICATE-----