This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/Mx9B9hAEqLYTXQZ61hw0ACEgjyE.roa
File:                     Mx9B9hAEqLYTXQZ61hw0ACEgjyE.roa (raw, json)
Hash identifier:          NJCE700WkOf9hTWVW5JZ/csL1Ex7RFOI14hRWLuaIz8=
Subject key identifier:   33:1F:41:F6:10:04:A8:B6:13:5D:06:7A:D6:1C:34:00:21:20:8F:21
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       019B77C74CE20559323C2FA26D7841F1B620
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/Mx9B9hAEqLYTXQZ61hw0ACEgjyE.roa
Signing time:             Thu 01 Jan 2026 04:18:28 +0000
ROA not before:           Thu 01 Jan 2026 04:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207645
IP address blocks:        94.176.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 Jan 2026 13:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:4c:e2:05:59:32:3c:2f:a2:6d:78:41:f1:b6:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Jan  1 04:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=331f41f61004a8b6135d067ad61c340021208f21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:bd:36:3e:e4:a6:00:d1:f6:a8:9c:a2:b5:5d:
                    cd:48:1c:8a:c4:b4:56:a7:c6:64:85:f8:0d:32:90:
                    c5:63:7e:ef:70:71:da:e5:da:01:0c:17:2a:df:7c:
                    e3:28:35:3a:ea:84:09:54:47:af:af:e5:99:57:e3:
                    6d:0c:99:d8:dc:1c:f4:1b:2f:a5:8a:54:c0:d6:fb:
                    db:5d:77:65:0f:cf:9b:2c:c2:89:e3:a4:c1:ef:ca:
                    5b:fc:56:5e:f7:25:82:16:63:50:11:de:5d:7b:54:
                    e4:ce:7e:73:94:db:97:3d:c9:90:be:fa:00:d1:13:
                    42:31:0f:7c:e4:d2:33:ed:38:88:8b:4e:73:1c:0b:
                    55:3b:24:09:30:74:00:cd:27:ef:e7:11:5d:5a:51:
                    f6:aa:0c:e9:b1:e7:18:32:ee:ca:22:cd:f5:93:68:
                    ca:ef:f9:b5:52:d2:42:0e:e8:e7:9f:34:86:1b:35:
                    e0:69:37:f9:a9:c0:b9:93:82:16:1e:e0:f1:ea:98:
                    c8:93:6e:c4:17:23:8c:ce:b8:a7:99:82:c9:db:99:
                    ac:2e:87:51:d5:ee:52:87:55:0d:bd:cf:fd:67:a0:
                    02:4b:57:8b:26:5c:59:af:4e:6c:1f:0f:df:32:f1:
                    d1:46:77:ab:2d:c1:55:5e:c7:93:8f:ed:f8:0a:01:
                    b8:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:1F:41:F6:10:04:A8:B6:13:5D:06:7A:D6:1C:34:00:21:20:8F:21
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/Mx9B9hAEqLYTXQZ61hw0ACEgjyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.176.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:ca:92:0e:83:61:ee:68:f1:01:de:ca:7b:86:15:88:3b:b9:
         7f:5b:54:f9:b0:37:df:2a:90:2f:06:f9:b8:c3:d9:7a:39:a3:
         47:a4:17:19:38:fd:06:a4:cf:54:92:29:23:c7:e4:c2:f4:ab:
         ad:be:00:80:9b:5a:d0:31:41:68:c5:cc:57:4a:c2:05:88:54:
         e0:ae:b2:bc:e2:a1:c7:44:17:a8:65:8c:10:fb:ba:c7:6b:7a:
         58:6a:41:50:62:3f:40:1d:32:8b:d4:bc:9e:42:17:a4:ad:cb:
         76:06:8d:71:d5:f5:cc:b6:ac:ba:08:cf:5b:e8:85:a0:d2:63:
         5f:a8:b7:31:02:d6:3e:de:bb:16:bd:5a:5e:9f:15:2a:15:90:
         21:43:94:b9:f5:5b:60:3a:e4:9e:dc:82:b2:6c:fd:88:20:78:
         94:f3:76:3a:34:4a:46:2a:ba:23:e4:0f:1a:91:f0:a9:5e:b3:
         1f:9c:33:50:ce:02:e4:8d:6b:20:28:ef:b7:05:cf:03:df:67:
         35:a1:4c:99:a1:1c:e4:37:b0:88:29:67:f6:10:38:5c:e4:ca:
         bd:49:43:97:df:9e:80:c0:7a:b7:57:df:93:a2:a7:56:3e:56:
         0f:87:24:aa:d4:e5:3c:a4:29:db:18:88:29:92:81:49:5b:fb:
         00:b8:81:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x0ziBVkyPC+ibXhB8bYgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjYwMTAxMDQxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzFmNDFmNjEwMDRhOGI2MTM1ZDA2N2FkNjFjMzQwMDIxMjA4ZjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlr02PuSmANH2qJyitV3NSByKxLRW
p8ZkhfgNMpDFY37vcHHa5doBDBcq33zjKDU66oQJVEevr+WZV+NtDJnY3Bz0Gy+l
ilTA1vvbXXdlD8+bLMKJ46TB78pb/FZe9yWCFmNQEd5de1Tkzn5zlNuXPcmQvvoA
0RNCMQ985NIz7TiIi05zHAtVOyQJMHQAzSfv5xFdWlH2qgzpsecYMu7KIs31k2jK
7/m1UtJCDujnnzSGGzXgaTf5qcC5k4IWHuDx6pjIk27EFyOMzrinmYLJ25msLodR
1e5Sh1UNvc/9Z6ACS1eLJlxZr05sHw/fMvHRRnerLcFVXseTj+34CgG4hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMfQfYQBKi2E10GetYcNAAhII8hMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvTXg5QjloQUVxTFlUWFFaNjFodzBBQ0VnanlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrBgMA0G
CSqGSIb3DQEBCwUAA4IBAQCUypIOg2HuaPEB3sp7hhWIO7l/W1T5sDffKpAvBvm4
w9l6OaNHpBcZOP0GpM9Ukikjx+TC9KutvgCAm1rQMUFoxcxXSsIFiFTgrrK84qHH
RBeoZYwQ+7rHa3pYakFQYj9AHTKL1LyeQhekrct2Bo1x1fXMtqy6CM9b6IWg0mNf
qLcxAtY+3rsWvVpenxUqFZAhQ5S59VtgOuSe3IKybP2IIHiU83Y6NEpGKroj5A8a
kfCpXrMfnDNQzgLkjWsgKO+3Bc8D32c1oUyZoRzkN7CIKWf2EDhc5Mq9SUOX356A
wHq3V9+ToqdWPlYPhySq1OU8pCnbGIgpkoFJW/sAuIGA
-----END CERTIFICATE-----