This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/4643d7-37d7-4b3c-a1a5-632ce67c085a/1/Mvg3Mo5WSYjcX-Icj2bidj2_crQ.roa
File:                     Mvg3Mo5WSYjcX-Icj2bidj2_crQ.roa (raw, json)
Hash identifier:          vVq/Mz8wGpzyBjkk9cQ+W/VRqd2BvaRyhDgc817bfY4=
Subject key identifier:   32:F8:37:32:8E:56:49:88:DC:5F:E2:1C:8F:66:E2:76:3D:BF:72:B4
Certificate issuer:       /CN=daddd1b636fe3df1df3d811f644583312a651337
Certificate serial:       019B797EFDF8C31344781C57951B42BB900F
Authority key identifier: DA:DD:D1:B6:36:FE:3D:F1:DF:3D:81:1F:64:45:83:31:2A:65:13:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2t3Rtjb-PfHfPYEfZEWDMSplEzc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/4643d7-37d7-4b3c-a1a5-632ce67c085a/1/Mvg3Mo5WSYjcX-Icj2bidj2_crQ.roa
Signing time:             Thu 01 Jan 2026 12:18:44 +0000
ROA not before:           Thu 01 Jan 2026 12:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49010
IP address blocks:        193.162.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/4643d7-37d7-4b3c-a1a5-632ce67c085a/1/2t3Rtjb-PfHfPYEfZEWDMSplEzc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/4643d7-37d7-4b3c-a1a5-632ce67c085a/1/2t3Rtjb-PfHfPYEfZEWDMSplEzc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2t3Rtjb-PfHfPYEfZEWDMSplEzc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:fd:f8:c3:13:44:78:1c:57:95:1b:42:bb:90:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daddd1b636fe3df1df3d811f644583312a651337
        Validity
            Not Before: Jan  1 12:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=32f837328e564988dc5fe21c8f66e2763dbf72b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ce:56:7d:6f:1d:4d:dd:07:24:0a:ef:f0:d9:
                    fa:fd:ca:60:b8:cc:0c:6b:a7:ba:de:3e:f9:c2:dd:
                    94:19:29:0a:80:91:22:8c:6d:a6:2c:d4:39:54:d4:
                    52:5e:8a:6f:11:a6:2f:86:27:42:69:b3:6e:fe:5f:
                    1c:d2:0d:bc:02:aa:4f:5d:fd:08:ea:b5:e8:97:16:
                    16:92:07:2c:13:8e:7e:85:bf:3e:9e:02:88:b9:85:
                    27:62:bc:64:67:2d:62:76:84:18:f5:ec:c9:cc:be:
                    72:2b:ed:c0:48:71:ed:ed:66:bd:30:c8:41:f2:4f:
                    dd:8c:23:63:c0:4c:84:19:11:8a:b7:15:91:23:7f:
                    69:b8:38:f9:85:ad:0c:f3:5a:7d:e2:d8:53:e8:f9:
                    cb:f8:dc:e1:ff:48:a3:55:10:de:2f:22:24:9f:34:
                    2e:96:e2:4e:2d:cc:bf:a0:b4:56:9e:2f:7f:d0:06:
                    0f:fe:3d:01:4e:e0:0e:a9:44:34:78:2d:58:65:26:
                    e7:65:95:c7:ac:f6:f6:43:29:eb:2f:1d:8e:58:4e:
                    52:ba:c1:4d:6c:0d:2d:28:31:4d:8b:66:1b:c3:00:
                    32:b4:8e:6d:c8:e9:68:ed:e5:c9:d1:fe:04:2b:2e:
                    69:15:78:e5:10:42:d4:40:58:43:29:51:29:ba:0d:
                    9a:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:F8:37:32:8E:56:49:88:DC:5F:E2:1C:8F:66:E2:76:3D:BF:72:B4
            X509v3 Authority Key Identifier:
                keyid:DA:DD:D1:B6:36:FE:3D:F1:DF:3D:81:1F:64:45:83:31:2A:65:13:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2t3Rtjb-PfHfPYEfZEWDMSplEzc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/4643d7-37d7-4b3c-a1a5-632ce67c085a/1/Mvg3Mo5WSYjcX-Icj2bidj2_crQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/4643d7-37d7-4b3c-a1a5-632ce67c085a/1/2t3Rtjb-PfHfPYEfZEWDMSplEzc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.162.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:fe:d1:a2:59:46:aa:7c:0c:b7:b1:6a:ba:f6:b4:ed:8d:e9:
         c4:b4:5e:48:d1:63:b1:c0:e4:14:b1:e9:a6:c2:e8:74:e7:18:
         02:48:94:3b:f9:d2:b9:36:71:73:ac:67:42:11:60:3b:46:03:
         12:56:d3:1c:7b:7e:dd:11:cd:c4:d6:85:bd:11:0e:6b:4e:0d:
         9d:98:c5:bd:53:47:9e:43:9c:2d:5d:d7:85:f7:61:d4:1f:e6:
         74:d7:40:7a:63:bc:af:92:40:2f:3c:cf:0c:3f:71:f5:e0:98:
         e5:99:17:08:27:65:23:d8:8b:d6:5d:87:9c:82:89:89:c1:36:
         95:63:ca:e5:5c:b2:f4:ec:15:5a:43:3e:28:85:2d:8d:5e:e2:
         e4:3d:3e:6f:88:4b:ef:2e:53:0d:5c:a3:21:f5:08:01:7e:4e:
         ca:49:c7:bb:aa:eb:12:46:84:91:1f:84:37:6d:b3:e7:b7:c7:
         67:c4:d3:1f:4d:ec:de:f5:30:dc:29:81:59:8e:f8:f6:3d:df:
         9e:aa:7c:a3:c3:19:71:c5:b8:f8:8f:3c:a4:3b:74:2d:de:f8:
         9d:8e:df:98:71:9b:f4:c0:48:1b:d4:13:6d:d3:84:6d:62:85:
         2d:89:ae:0b:41:43:28:30:a4:33:06:27:bb:73:6f:8b:0f:b1:
         06:70:66:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fv34wxNEeBxXlRtCu5APMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhZGRkMWI2MzZmZTNkZjFkZjNkODExZjY0NDU4MzMxMmE2
NTEzMzcwHhcNMjYwMTAxMTIxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmY4MzczMjhlNTY0OTg4ZGM1ZmUyMWM4ZjY2ZTI3NjNkYmY3MmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm85WfW8dTd0HJArv8Nn6/cpguMwM
a6e63j75wt2UGSkKgJEijG2mLNQ5VNRSXopvEaYvhidCabNu/l8c0g28AqpPXf0I
6rXolxYWkgcsE45+hb8+ngKIuYUnYrxkZy1idoQY9ezJzL5yK+3ASHHt7Wa9MMhB
8k/djCNjwEyEGRGKtxWRI39puDj5ha0M81p94thT6PnL+Nzh/0ijVRDeLyIknzQu
luJOLcy/oLRWni9/0AYP/j0BTuAOqUQ0eC1YZSbnZZXHrPb2QynrLx2OWE5SusFN
bA0tKDFNi2YbwwAytI5tyOlo7eXJ0f4EKy5pFXjlEELUQFhDKVEpug2a9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDL4NzKOVkmI3F/iHI9m4nY9v3K0MB8GA1UdIwQY
MBaAFNrd0bY2/j3x3z2BH2RFgzEqZRM3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnQzUnRqYi1QZkhmUFlFZlpFV0RNU3BsRXpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi80NjQzZDctMzdkNy00YjNjLWExYTUt
NjMyY2U2N2MwODVhLzEvTXZnM01vNVdTWWpjWC1JY2oyYmlkajJfY3JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi80NjQzZDctMzdkNy00YjNjLWExYTUtNjMyY2U2N2MwODVh
LzEvMnQzUnRqYi1QZkhmUFlFZlpFV0RNU3BsRXpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaJmMA0G
CSqGSIb3DQEBCwUAA4IBAQBu/tGiWUaqfAy3sWq69rTtjenEtF5I0WOxwOQUsemm
wuh05xgCSJQ7+dK5NnFzrGdCEWA7RgMSVtMce37dEc3E1oW9EQ5rTg2dmMW9U0ee
Q5wtXdeF92HUH+Z010B6Y7yvkkAvPM8MP3H14JjlmRcIJ2Uj2IvWXYecgomJwTaV
Y8rlXLL07BVaQz4ohS2NXuLkPT5viEvvLlMNXKMh9QgBfk7KSce7qusSRoSRH4Q3
bbPnt8dnxNMfTeze9TDcKYFZjvj2Pd+eqnyjwxlxxbj4jzykO3Qt3vidjt+YcZv0
wEgb1BNt04RtYoUtia4LQUMoMKQzBie7c2+LD7EGcGad
-----END CERTIFICATE-----