This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/188fcd-d689-436d-a684-e05906cb6948/1/mwCzzvweJkXnsuKQFU_XqrjgkuY.roa
File:                     mwCzzvweJkXnsuKQFU_XqrjgkuY.roa (raw, json)
Hash identifier:          oIsIZ9PAHY73DINk0iQBEaX5PRlBNYPUighzgQGS/2Y=
Subject key identifier:   9B:00:B3:CE:FC:1E:26:45:E7:B2:E2:90:15:4F:D7:AA:B8:E0:92:E6
Certificate issuer:       /CN=d6a553612d94b091b3659b2120bc8efb260e7d30
Certificate serial:       019B79ECE55D31003B1931C0259FA8B1456F
Authority key identifier: D6:A5:53:61:2D:94:B0:91:B3:65:9B:21:20:BC:8E:FB:26:0E:7D:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qVTYS2UsJGzZZshILyO-yYOfTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/188fcd-d689-436d-a684-e05906cb6948/1/mwCzzvweJkXnsuKQFU_XqrjgkuY.roa
Signing time:             Thu 01 Jan 2026 14:18:46 +0000
ROA not before:           Thu 01 Jan 2026 14:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203796
IP address blocks:        2a14:8280::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/188fcd-d689-436d-a684-e05906cb6948/1/1qVTYS2UsJGzZZshILyO-yYOfTA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/188fcd-d689-436d-a684-e05906cb6948/1/1qVTYS2UsJGzZZshILyO-yYOfTA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qVTYS2UsJGzZZshILyO-yYOfTA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 20:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:e5:5d:31:00:3b:19:31:c0:25:9f:a8:b1:45:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6a553612d94b091b3659b2120bc8efb260e7d30
        Validity
            Not Before: Jan  1 14:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b00b3cefc1e2645e7b2e290154fd7aab8e092e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:fa:aa:86:49:22:5c:61:25:c5:9c:41:e6:a8:
                    6d:10:eb:7f:a9:3f:c0:7a:5e:f1:f3:49:df:6e:48:
                    70:5f:e6:0a:91:ca:48:76:e8:a5:bf:09:21:21:cc:
                    8e:4a:58:06:7f:13:b5:5e:5e:0b:a3:f0:a0:b9:7b:
                    72:75:ec:45:23:d2:bb:91:59:0a:63:91:e5:5f:4b:
                    ee:95:8b:8e:e4:1c:a1:23:14:46:1a:dc:d0:d8:3f:
                    3c:22:b6:4e:35:3d:6e:b4:67:b1:40:d4:a7:d3:b3:
                    b0:43:07:42:43:3e:00:e7:62:53:ec:e9:6d:a5:61:
                    0a:9e:cd:e2:91:70:ce:5d:c7:be:0f:db:ca:e5:ab:
                    c9:8d:a2:ff:61:28:52:e9:a3:9a:17:4b:17:38:0d:
                    37:77:d4:8c:83:71:fe:04:91:77:ef:ea:49:8b:89:
                    52:e4:b2:03:47:2d:f7:de:35:16:a1:85:3a:ff:b7:
                    0f:38:c0:7a:9b:a3:f0:eb:14:a1:55:73:93:a3:d6:
                    fc:74:18:9c:2d:ec:93:1b:c7:08:a2:a8:54:a6:13:
                    99:c4:6e:35:d6:d8:22:2f:e5:fa:56:8e:da:ac:ef:
                    f2:06:b5:5b:db:8c:03:23:54:17:83:b8:8d:a4:76:
                    51:81:3f:51:0e:0b:12:7d:6d:97:77:e2:02:65:e5:
                    3e:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:00:B3:CE:FC:1E:26:45:E7:B2:E2:90:15:4F:D7:AA:B8:E0:92:E6
            X509v3 Authority Key Identifier:
                keyid:D6:A5:53:61:2D:94:B0:91:B3:65:9B:21:20:BC:8E:FB:26:0E:7D:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qVTYS2UsJGzZZshILyO-yYOfTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/188fcd-d689-436d-a684-e05906cb6948/1/mwCzzvweJkXnsuKQFU_XqrjgkuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/188fcd-d689-436d-a684-e05906cb6948/1/1qVTYS2UsJGzZZshILyO-yYOfTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:8280::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:4c:a2:fc:4f:6e:08:64:66:7a:fb:4b:3e:72:88:f1:55:bb:
         05:54:ae:c0:6f:17:b8:88:6d:80:6e:6d:97:68:d0:80:be:e1:
         18:46:b6:89:8e:ef:01:43:1a:c5:33:e0:90:9b:ec:47:34:8f:
         26:a4:ab:13:3d:ef:1f:83:46:3f:65:13:c7:b6:3b:4c:cf:3b:
         12:f2:72:e7:35:88:b2:ef:9d:6d:6a:01:a5:e8:c0:ee:6c:90:
         76:c3:de:e1:42:fa:dd:e3:6b:1c:ed:4e:97:71:a3:75:da:54:
         6e:48:2f:5f:60:a2:65:08:7c:c1:ec:2b:a4:40:15:cb:f7:4d:
         22:fe:87:b3:16:c3:65:14:c5:1c:97:25:d0:70:4d:f3:3d:55:
         5f:07:ef:b4:de:a1:0d:b5:24:df:be:ee:07:ba:20:fd:b2:93:
         a0:eb:72:04:3d:c3:15:2c:59:0d:b1:33:ac:45:e2:71:51:8c:
         2c:30:7a:57:2c:42:c9:7b:80:02:cf:1d:53:46:7e:50:13:e1:
         8a:76:b5:4f:7b:8c:fb:f5:04:f9:c8:02:a0:9e:71:22:3d:8b:
         0b:75:55:dc:b6:ea:5a:72:5e:f8:6e:6b:9c:51:36:1c:2a:4d:
         18:cd:a7:ec:18:36:44:fd:36:29:ea:7e:33:81:10:2e:f4:38:
         1c:a7:98:ca
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt57OVdMQA7GTHAJZ+osUVvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YTU1MzYxMmQ5NGIwOTFiMzY1OWIyMTIwYmM4ZWZiMjYw
ZTdkMzAwHhcNMjYwMTAxMTQxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjAwYjNjZWZjMWUyNjQ1ZTdiMmUyOTAxNTRmZDdhYWI4ZTA5MmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/qqhkkiXGElxZxB5qhtEOt/qT/A
el7x80nfbkhwX+YKkcpIduilvwkhIcyOSlgGfxO1Xl4Lo/CguXtydexFI9K7kVkK
Y5HlX0vulYuO5ByhIxRGGtzQ2D88IrZONT1utGexQNSn07OwQwdCQz4A52JT7Olt
pWEKns3ikXDOXce+D9vK5avJjaL/YShS6aOaF0sXOA03d9SMg3H+BJF37+pJi4lS
5LIDRy333jUWoYU6/7cPOMB6m6Pw6xShVXOTo9b8dBicLeyTG8cIoqhUphOZxG41
1tgiL+X6Vo7arO/yBrVb24wDI1QXg7iNpHZRgT9RDgsSfW2Xd+ICZeU+4QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJsAs878HiZF57LikBVP16q44JLmMB8GA1UdIwQY
MBaAFNalU2EtlLCRs2WbISC8jvsmDn0wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFWVFlTMlVzSkd6WlpzaElMeU8teVlPZlRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi8xODhmY2QtZDY4OS00MzZkLWE2ODQt
ZTA1OTA2Y2I2OTQ4LzEvbXdDenp2d2VKa1huc3VLUUZVX1hxcmpna3VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi8xODhmY2QtZDY4OS00MzZkLWE2ODQtZTA1OTA2Y2I2OTQ4
LzEvMXFWVFlTMlVzSkd6WlpzaElMeU8teVlPZlRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhSCgDAN
BgkqhkiG9w0BAQsFAAOCAQEAFEyi/E9uCGRmevtLPnKI8VW7BVSuwG8XuIhtgG5t
l2jQgL7hGEa2iY7vAUMaxTPgkJvsRzSPJqSrEz3vH4NGP2UTx7Y7TM87EvJy5zWI
su+dbWoBpejA7myQdsPe4UL63eNrHO1Ol3GjddpUbkgvX2CiZQh8wewrpEAVy/dN
Iv6HsxbDZRTFHJcl0HBN8z1VXwfvtN6hDbUk377uB7og/bKToOtyBD3DFSxZDbEz
rEXicVGMLDB6VyxCyXuAAs8dU0Z+UBPhina1T3uM+/UE+cgCoJ5xIj2LC3VV3Lbq
WnJe+G5rnFE2HCpNGM2n7Bg2RP02Kep+M4EQLvQ4HKeYyg==
-----END CERTIFICATE-----