This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/4f9f9f-30a8-4370-94e7-38abfa4fa350/1/Ma4-s3p8OYdm49PN9wCv4RVM25E.roa
File:                     Ma4-s3p8OYdm49PN9wCv4RVM25E.roa (raw, json)
Hash identifier:          yb+AmQCW6F3wk6Dw7rJ8p1d4IUrMtPkPRMTUiBpQr9Q=
Subject key identifier:   31:AE:3E:B3:7A:7C:39:87:66:E3:D3:CD:F7:00:AF:E1:15:4C:DB:91
Certificate issuer:       /CN=9535462ebb2029a83d3eeab462ff052ecfa0e1c3
Certificate serial:       019B7CEE3AEBFC90FC987E5ABEA221EE6289
Authority key identifier: 95:35:46:2E:BB:20:29:A8:3D:3E:EA:B4:62:FF:05:2E:CF:A0:E1:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lTVGLrsgKag9Puq0Yv8FLs-g4cM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/4f9f9f-30a8-4370-94e7-38abfa4fa350/1/Ma4-s3p8OYdm49PN9wCv4RVM25E.roa
Signing time:             Fri 02 Jan 2026 04:19:06 +0000
ROA not before:           Fri 02 Jan 2026 04:19:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137
IP address blocks:        193.43.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/4f9f9f-30a8-4370-94e7-38abfa4fa350/1/lTVGLrsgKag9Puq0Yv8FLs-g4cM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/4f9f9f-30a8-4370-94e7-38abfa4fa350/1/lTVGLrsgKag9Puq0Yv8FLs-g4cM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lTVGLrsgKag9Puq0Yv8FLs-g4cM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:3a:eb:fc:90:fc:98:7e:5a:be:a2:21:ee:62:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9535462ebb2029a83d3eeab462ff052ecfa0e1c3
        Validity
            Not Before: Jan  2 04:19:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31ae3eb37a7c398766e3d3cdf700afe1154cdb91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c4:71:c6:bd:56:47:8b:24:78:80:34:9b:05:
                    bf:e8:90:2e:b3:4c:4c:3a:b7:8d:c5:3c:e0:c4:c0:
                    b3:71:3e:e6:fd:b5:f7:2e:e5:dc:82:d5:90:e5:6f:
                    66:47:67:a1:da:39:a8:fc:a2:21:b5:75:73:93:55:
                    f9:ae:3b:de:24:52:a4:be:15:5f:d1:15:7f:68:c8:
                    d5:fa:46:73:39:f3:de:ca:5a:ce:9a:69:2b:3f:ef:
                    cf:81:9a:a8:56:5b:fe:02:23:87:01:77:a4:70:be:
                    63:d8:1a:e4:7d:83:9b:1c:e7:9e:2b:d2:ac:e8:af:
                    d0:ac:d4:d9:2e:02:22:ce:00:b5:8f:6f:40:44:4c:
                    77:76:c1:ff:b6:2d:58:57:db:e7:99:9e:b3:36:51:
                    a8:51:6a:2c:a8:5d:de:ef:f8:82:ac:18:92:5b:5a:
                    34:c8:4b:88:7c:0f:6c:53:51:fd:03:a9:8d:5f:c2:
                    a9:b2:39:4b:e4:7e:8b:33:77:b0:71:05:16:fc:32:
                    f0:e9:dd:6d:f9:52:5a:fa:2e:ac:86:a6:0c:dd:d4:
                    ab:c5:bc:7d:ea:67:0f:fd:95:22:c9:dd:4e:ba:43:
                    5c:6c:9d:7e:42:9e:8c:a5:bc:23:68:b1:28:f6:76:
                    e5:4a:58:c8:a9:db:51:d2:0c:ac:9e:2b:b4:0d:23:
                    e0:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:AE:3E:B3:7A:7C:39:87:66:E3:D3:CD:F7:00:AF:E1:15:4C:DB:91
            X509v3 Authority Key Identifier:
                keyid:95:35:46:2E:BB:20:29:A8:3D:3E:EA:B4:62:FF:05:2E:CF:A0:E1:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lTVGLrsgKag9Puq0Yv8FLs-g4cM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/4f9f9f-30a8-4370-94e7-38abfa4fa350/1/Ma4-s3p8OYdm49PN9wCv4RVM25E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/4f9f9f-30a8-4370-94e7-38abfa4fa350/1/lTVGLrsgKag9Puq0Yv8FLs-g4cM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:f0:bd:70:cf:eb:5e:c5:cd:9c:9b:3d:85:9e:f9:c3:29:c6:
         e0:91:79:18:72:06:7a:39:2f:e1:19:87:e6:47:36:e5:1e:ea:
         c6:c1:89:3c:5d:a7:7d:94:13:86:22:81:f3:85:7c:05:47:9f:
         d6:e1:19:ac:77:b0:a2:61:f9:9d:d6:e1:19:fb:1b:c0:23:37:
         e6:3b:86:16:76:e6:f3:d9:74:cd:0f:8a:b7:e0:88:32:ca:a7:
         55:10:8c:af:ff:5b:30:4f:55:3e:62:2f:4d:30:66:e3:54:f0:
         89:0d:b2:ee:ca:3c:69:29:48:df:90:b5:1a:7b:60:03:cf:ba:
         7a:c0:83:ec:d8:dd:2c:51:02:6c:45:98:b1:e2:3b:3f:37:ca:
         51:78:7c:5e:bd:fb:68:59:f9:9b:e0:ef:8a:fc:8e:45:0f:4b:
         58:3f:2b:62:0e:75:28:70:43:82:ad:97:24:5d:17:26:9c:51:
         75:fb:65:8c:49:2b:ad:21:a6:79:8e:1e:3e:b7:fe:e8:06:ac:
         45:e7:8c:28:40:9a:bc:93:8e:8e:96:e8:80:fa:83:b6:2b:45:
         ef:41:09:fc:ec:a4:aa:b0:7d:77:27:42:fd:00:08:96:81:53:
         8e:3f:32:83:97:5c:10:a2:97:fb:de:af:47:35:b7:f9:67:9c:
         02:3c:08:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87jrr/JD8mH5avqIh7mKJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MzU0NjJlYmIyMDI5YTgzZDNlZWFiNDYyZmYwNTJlY2Zh
MGUxYzMwHhcNMjYwMTAyMDQxOTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWFlM2ViMzdhN2MzOTg3NjZlM2QzY2RmNzAwYWZlMTE1NGNkYjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcRxxr1WR4skeIA0mwW/6JAus0xM
OreNxTzgxMCzcT7m/bX3LuXcgtWQ5W9mR2eh2jmo/KIhtXVzk1X5rjveJFKkvhVf
0RV/aMjV+kZzOfPeylrOmmkrP+/PgZqoVlv+AiOHAXekcL5j2BrkfYObHOeeK9Ks
6K/QrNTZLgIizgC1j29AREx3dsH/ti1YV9vnmZ6zNlGoUWosqF3e7/iCrBiSW1o0
yEuIfA9sU1H9A6mNX8KpsjlL5H6LM3ewcQUW/DLw6d1t+VJa+i6shqYM3dSrxbx9
6mcP/ZUiyd1OukNcbJ1+Qp6MpbwjaLEo9nblSljIqdtR0gysniu0DSPgmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDGuPrN6fDmHZuPTzfcAr+EVTNuRMB8GA1UdIwQY
MBaAFJU1Ri67ICmoPT7qtGL/BS7PoOHDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFRWR0xyc2dLYWc5UHVxMFl2OEZMcy1nNGNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi80ZjlmOWYtMzBhOC00MzcwLTk0ZTct
MzhhYmZhNGZhMzUwLzEvTWE0LXMzcDhPWWRtNDlQTjl3Q3Y0UlZNMjVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi80ZjlmOWYtMzBhOC00MzcwLTk0ZTctMzhhYmZhNGZhMzUw
LzEvbFRWR0xyc2dLYWc5UHVxMFl2OEZMcy1nNGNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwStlMA0G
CSqGSIb3DQEBCwUAA4IBAQAs8L1wz+texc2cmz2FnvnDKcbgkXkYcgZ6OS/hGYfm
RzblHurGwYk8Xad9lBOGIoHzhXwFR5/W4Rmsd7CiYfmd1uEZ+xvAIzfmO4YWdubz
2XTND4q34IgyyqdVEIyv/1swT1U+Yi9NMGbjVPCJDbLuyjxpKUjfkLUae2ADz7p6
wIPs2N0sUQJsRZix4js/N8pReHxevftoWfmb4O+K/I5FD0tYPytiDnUocEOCrZck
XRcmnFF1+2WMSSutIaZ5jh4+t/7oBqxF54woQJq8k46OluiA+oO2K0XvQQn87KSq
sH13J0L9AAiWgVOOPzKDl1wQopf73q9HNbf5Z5wCPAiD
-----END CERTIFICATE-----