This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/608f6d-8cd1-499e-a518-5f15939e7680/1/MlQTgjgh5uSzQaXxeS49FotuS_Y.roa
File:                     MlQTgjgh5uSzQaXxeS49FotuS_Y.roa (raw, json)
Hash identifier:          0wxpEKJE8z5xrE9cQTX/pfOjLHngXIh1dDaRLCQI7cI=
Subject key identifier:   32:54:13:82:38:21:E6:E4:B3:41:A5:F1:79:2E:3D:16:8B:6E:4B:F6
Certificate issuer:       /CN=fa1de37bbc6c06420da626c0bb4d723231e93e84
Certificate serial:       019B7E3853F6E315513FB2B8A8587BC94D45
Authority key identifier: FA:1D:E3:7B:BC:6C:06:42:0D:A6:26:C0:BB:4D:72:32:31:E9:3E:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-h3je7xsBkINpibAu01yMjHpPoQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/608f6d-8cd1-499e-a518-5f15939e7680/1/MlQTgjgh5uSzQaXxeS49FotuS_Y.roa
Signing time:             Fri 02 Jan 2026 10:19:39 +0000
ROA not before:           Fri 02 Jan 2026 10:19:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203167
IP address blocks:        195.88.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/608f6d-8cd1-499e-a518-5f15939e7680/1/1-h3je7xsBkINpibAu01yMjHpPoQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/608f6d-8cd1-499e-a518-5f15939e7680/1/1-h3je7xsBkINpibAu01yMjHpPoQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-h3je7xsBkINpibAu01yMjHpPoQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:53:f6:e3:15:51:3f:b2:b8:a8:58:7b:c9:4d:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa1de37bbc6c06420da626c0bb4d723231e93e84
        Validity
            Not Before: Jan  2 10:19:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=325413823821e6e4b341a5f1792e3d168b6e4bf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:85:2f:8b:05:93:8a:f4:e7:09:5a:86:24:db:
                    c0:e6:3f:a7:b0:a6:62:b7:2a:75:ea:6a:34:60:5d:
                    90:c4:d2:77:26:57:7f:53:31:f9:92:06:39:06:db:
                    56:a6:11:ac:51:8e:f6:1e:61:53:aa:80:de:3a:4f:
                    e3:52:d6:36:a9:10:84:9e:2c:5d:c0:65:dd:96:e8:
                    d2:38:03:d1:36:6b:c1:cd:c9:f9:fc:7f:c8:e6:49:
                    e3:29:ad:57:6e:42:14:5c:92:61:da:50:63:bc:19:
                    12:55:a2:06:2e:bd:56:7b:15:e7:5c:04:c2:c1:69:
                    28:5a:de:a0:ae:99:f7:d1:2a:76:8a:c3:7c:8e:82:
                    aa:19:a3:96:5b:33:2d:d1:84:2a:60:cd:a4:e6:63:
                    85:55:28:35:04:2c:41:37:2a:87:ff:92:32:69:ec:
                    7f:46:aa:69:df:5a:a5:0f:8d:a5:4c:9f:67:73:09:
                    89:4f:61:6c:ae:24:50:c7:6f:6d:d8:78:ea:74:29:
                    74:40:58:3a:01:9a:cd:af:e7:0e:5f:82:ff:7c:db:
                    4d:9d:a4:da:9e:12:7c:44:40:43:c1:62:42:3b:7f:
                    36:7f:f4:30:50:16:4a:85:b0:93:fa:9b:f1:7b:5c:
                    f9:26:f6:2e:72:e4:35:b6:e0:fa:53:ff:82:62:9d:
                    e8:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:54:13:82:38:21:E6:E4:B3:41:A5:F1:79:2E:3D:16:8B:6E:4B:F6
            X509v3 Authority Key Identifier:
                keyid:FA:1D:E3:7B:BC:6C:06:42:0D:A6:26:C0:BB:4D:72:32:31:E9:3E:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-h3je7xsBkINpibAu01yMjHpPoQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/608f6d-8cd1-499e-a518-5f15939e7680/1/MlQTgjgh5uSzQaXxeS49FotuS_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/608f6d-8cd1-499e-a518-5f15939e7680/1/1-h3je7xsBkINpibAu01yMjHpPoQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:39:60:c0:a3:2f:8f:b5:f4:d7:cc:ff:a3:3b:4b:a7:fa:7d:
         6b:6a:ce:ed:f2:6f:48:4a:06:75:32:cf:3b:49:23:bc:d4:b7:
         01:c0:d3:a1:53:19:a2:c3:f5:77:70:38:c3:9c:a3:15:bd:c4:
         68:a1:2a:46:a1:12:a3:88:db:4e:14:46:63:24:bc:b1:97:86:
         ba:34:c2:b5:63:bb:20:87:6d:71:a8:31:81:8f:cb:da:ac:a9:
         7f:87:5c:24:9e:51:7a:f9:dd:d6:69:fb:6f:6f:9f:8b:17:f5:
         45:13:27:ac:01:05:87:88:91:2d:0f:8d:de:5e:70:e1:9b:7c:
         a8:b8:35:3e:fb:1e:d4:d7:8c:b3:8f:04:27:e3:f4:02:34:84:
         9c:cb:99:eb:7a:02:0a:43:d3:2c:a2:e1:8c:92:19:c2:1d:e1:
         2d:01:07:59:d7:22:75:87:3c:99:53:3c:c8:23:8b:f2:77:a4:
         64:cd:bc:96:e2:44:f4:c1:4a:45:cc:67:2d:0b:56:cf:45:32:
         aa:f5:88:ea:84:41:22:a3:1f:92:c3:ad:15:65:75:bf:d9:14:
         ab:53:b9:97:98:8e:28:b5:4c:31:88:29:56:95:f2:a2:15:86:
         77:16:fc:af:30:9b:bf:40:14:43:0b:ce:b5:4f:dd:1d:8a:91:
         a1:a7:01:91
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt+OFP24xVRP7K4qFh7yU1FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMWRlMzdiYmM2YzA2NDIwZGE2MjZjMGJiNGQ3MjMyMzFl
OTNlODQwHhcNMjYwMTAyMTAxOTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjU0MTM4MjM4MjFlNmU0YjM0MWE1ZjE3OTJlM2QxNjhiNmU0YmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3IUviwWTivTnCVqGJNvA5j+nsKZi
typ16mo0YF2QxNJ3Jld/UzH5kgY5BttWphGsUY72HmFTqoDeOk/jUtY2qRCEnixd
wGXdlujSOAPRNmvBzcn5/H/I5knjKa1XbkIUXJJh2lBjvBkSVaIGLr1WexXnXATC
wWkoWt6grpn30Sp2isN8joKqGaOWWzMt0YQqYM2k5mOFVSg1BCxBNyqH/5Iyaex/
Rqpp31qlD42lTJ9ncwmJT2FsriRQx29t2HjqdCl0QFg6AZrNr+cOX4L/fNtNnaTa
nhJ8REBDwWJCO382f/QwUBZKhbCT+pvxe1z5JvYucuQ1tuD6U/+CYp3oPwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDJUE4I4Iebks0Gl8XkuPRaLbkv2MB8GA1UdIwQY
MBaAFPod43u8bAZCDaYmwLtNcjIx6T6EMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1oM2plN3hzQmtJTnBpYkF1MDF5TWpIcFBvUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWMvNjA4ZjZkLThjZDEtNDk5ZS1hNTE4
LTVmMTU5MzllNzY4MC8xL01sUVRnamdoNXVTelFhWHhlUzQ5Rm90dVNfWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYWMvNjA4ZjZkLThjZDEtNDk5ZS1hNTE4LTVmMTU5MzllNzY4
MC8xLzEtaDNqZTd4c0JrSU5waWJBdTAxeU1qSHBQb1EuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDWMUw
DQYJKoZIhvcNAQELBQADggEBACg5YMCjL4+19NfM/6M7S6f6fWtqzu3yb0hKBnUy
zztJI7zUtwHA06FTGaLD9XdwOMOcoxW9xGihKkahEqOI204URmMkvLGXhro0wrVj
uyCHbXGoMYGPy9qsqX+HXCSeUXr53dZp+29vn4sX9UUTJ6wBBYeIkS0Pjd5ecOGb
fKi4NT77HtTXjLOPBCfj9AI0hJzLmet6AgpD0yyi4YySGcId4S0BB1nXInWHPJlT
PMgji/J3pGTNvJbiRPTBSkXMZy0LVs9FMqr1iOqEQSKjH5LDrRVldb/ZFKtTuZeY
jii1TDGIKVaV8qIVhncW/K8wm79AFEMLzrVP3R2KkaGnAZE=
-----END CERTIFICATE-----