This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/d6ba8d-150e-450e-849c-f38fa0e71d99/1/MakbDClQEXZk8OV6ZS7xXDD_JFk.roa
File:                     MakbDClQEXZk8OV6ZS7xXDD_JFk.roa (raw, json)
Hash identifier:          E9x4U5TtefQsGyGS8Z3PzOncuSjQhMcU5Jvs0RK2f4M=
Subject key identifier:   31:A9:1B:0C:29:50:11:76:64:F0:E5:7A:65:2E:F1:5C:30:FF:24:59
Certificate issuer:       /CN=4e9f52fd550692be7eec192fc3ed2327f5a2f9ab
Certificate serial:       019B797E25BDBC67ED57DF88C77B99058538
Authority key identifier: 4E:9F:52:FD:55:06:92:BE:7E:EC:19:2F:C3:ED:23:27:F5:A2:F9:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tp9S_VUGkr5-7Bkvw-0jJ_Wi-as.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/d6ba8d-150e-450e-849c-f38fa0e71d99/1/MakbDClQEXZk8OV6ZS7xXDD_JFk.roa
Signing time:             Thu 01 Jan 2026 12:17:48 +0000
ROA not before:           Thu 01 Jan 2026 12:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57520
IP address blocks:        194.60.226.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/d6ba8d-150e-450e-849c-f38fa0e71d99/1/Tp9S_VUGkr5-7Bkvw-0jJ_Wi-as.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/d6ba8d-150e-450e-849c-f38fa0e71d99/1/Tp9S_VUGkr5-7Bkvw-0jJ_Wi-as.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tp9S_VUGkr5-7Bkvw-0jJ_Wi-as.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:25:bd:bc:67:ed:57:df:88:c7:7b:99:05:85:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e9f52fd550692be7eec192fc3ed2327f5a2f9ab
        Validity
            Not Before: Jan  1 12:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31a91b0c2950117664f0e57a652ef15c30ff2459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ce:96:18:6d:20:47:e1:0d:0c:70:f7:ff:24:
                    36:f6:97:f5:bd:29:6b:f4:fc:1e:7a:b2:76:f5:53:
                    95:ba:60:6e:7d:3d:70:de:fa:c2:a3:bc:3d:09:87:
                    59:35:ab:f5:23:88:fb:4f:e6:a5:dc:34:ca:de:e0:
                    01:09:98:8d:02:5a:13:6d:0e:50:32:bd:a1:e9:1f:
                    fa:94:c5:5c:63:7b:79:4a:58:a2:cb:7f:8b:10:43:
                    26:ac:f0:cc:ef:2d:a6:5d:5a:10:58:80:57:23:27:
                    72:8f:05:2f:d1:77:d3:d5:d1:93:99:00:6f:0a:79:
                    19:65:a5:7f:bd:11:5f:d0:e5:ca:86:b9:87:ad:2f:
                    27:95:6e:d9:b9:79:c7:73:19:09:67:88:83:7f:1b:
                    21:dd:93:6f:51:74:32:02:39:93:53:71:d5:57:86:
                    fe:f6:9a:92:10:f1:09:a6:bc:e3:75:d3:a3:41:8a:
                    f1:1a:33:d6:ef:bc:d9:f2:31:07:27:2d:0f:f5:8e:
                    a6:28:49:d9:9a:66:96:26:f8:d6:07:24:bb:5e:a6:
                    09:27:e2:d1:df:5f:76:e5:52:b2:10:e4:66:6b:bb:
                    02:50:79:bc:84:26:91:27:7b:cc:a8:d1:b5:f7:27:
                    63:f3:e5:7f:c3:70:c0:82:00:a6:b9:06:6f:f4:23:
                    b8:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:A9:1B:0C:29:50:11:76:64:F0:E5:7A:65:2E:F1:5C:30:FF:24:59
            X509v3 Authority Key Identifier:
                keyid:4E:9F:52:FD:55:06:92:BE:7E:EC:19:2F:C3:ED:23:27:F5:A2:F9:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tp9S_VUGkr5-7Bkvw-0jJ_Wi-as.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/d6ba8d-150e-450e-849c-f38fa0e71d99/1/MakbDClQEXZk8OV6ZS7xXDD_JFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/d6ba8d-150e-450e-849c-f38fa0e71d99/1/Tp9S_VUGkr5-7Bkvw-0jJ_Wi-as.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:f1:64:01:ea:d0:0a:dd:3b:d5:6f:f2:ad:8a:07:fe:0b:4d:
         22:84:49:2f:e7:12:21:51:b4:ca:ce:65:fe:6f:3a:87:21:73:
         d7:70:dc:b5:91:15:eb:dc:1e:f8:81:f5:40:ac:ca:e9:fa:5d:
         36:f0:94:ec:10:73:d9:32:93:d3:fa:32:98:9c:a6:26:d7:7a:
         7d:c9:a3:42:6f:76:5c:f2:59:c0:1a:36:83:20:1a:69:b1:a6:
         f7:02:ad:d6:43:74:a6:65:91:42:44:fd:6f:16:2c:a9:9a:4e:
         a2:a0:76:15:f5:cd:ee:3e:5c:ac:0d:1b:f1:6d:c3:d5:bb:33:
         66:29:a4:2f:8c:41:2c:c8:d4:14:83:50:8d:4a:9f:28:94:f1:
         ec:77:d5:a1:d9:72:a4:2d:41:9f:b1:e3:70:39:c8:b4:dd:0c:
         2f:1c:d7:6b:51:71:df:69:af:0f:97:28:07:ea:ba:05:89:b9:
         81:85:97:b3:ac:08:4f:88:33:b4:a5:e2:71:bf:20:91:01:85:
         e4:0d:d3:41:10:94:17:ee:5e:b8:03:74:b4:2e:f1:5f:aa:85:
         9a:77:8f:8e:c1:c6:d4:2e:f7:1d:d5:ae:b0:5d:64:3e:fa:12:
         9a:14:78:90:2b:17:ce:34:fc:6e:0e:cf:65:21:9a:0d:01:e0:
         d8:5e:c7:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fiW9vGftV9+Ix3uZBYU4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlOWY1MmZkNTUwNjkyYmU3ZWVjMTkyZmMzZWQyMzI3ZjVh
MmY5YWIwHhcNMjYwMTAxMTIxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWE5MWIwYzI5NTAxMTc2NjRmMGU1N2E2NTJlZjE1YzMwZmYyNDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs86WGG0gR+ENDHD3/yQ29pf1vSlr
9PweerJ29VOVumBufT1w3vrCo7w9CYdZNav1I4j7T+al3DTK3uABCZiNAloTbQ5Q
Mr2h6R/6lMVcY3t5Sliiy3+LEEMmrPDM7y2mXVoQWIBXIydyjwUv0XfT1dGTmQBv
CnkZZaV/vRFf0OXKhrmHrS8nlW7ZuXnHcxkJZ4iDfxsh3ZNvUXQyAjmTU3HVV4b+
9pqSEPEJprzjddOjQYrxGjPW77zZ8jEHJy0P9Y6mKEnZmmaWJvjWByS7XqYJJ+LR
31925VKyEORma7sCUHm8hCaRJ3vMqNG19ydj8+V/w3DAggCmuQZv9CO4zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDGpGwwpUBF2ZPDlemUu8Vww/yRZMB8GA1UdIwQY
MBaAFE6fUv1VBpK+fuwZL8PtIyf1ovmrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHA5U19WVUdrcjUtN0JrdnctMGpKX1dpLWFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9kNmJhOGQtMTUwZS00NTBlLTg0OWMt
ZjM4ZmEwZTcxZDk5LzEvTWFrYkRDbFFFWFprOE9WNlpTN3hYRERfSkZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9kNmJhOGQtMTUwZS00NTBlLTg0OWMtZjM4ZmEwZTcxZDk5
LzEvVHA5U19WVUdrcjUtN0JrdnctMGpKX1dpLWFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwjziMA0G
CSqGSIb3DQEBCwUAA4IBAQAV8WQB6tAK3TvVb/Ktigf+C00ihEkv5xIhUbTKzmX+
bzqHIXPXcNy1kRXr3B74gfVArMrp+l028JTsEHPZMpPT+jKYnKYm13p9yaNCb3Zc
8lnAGjaDIBppsab3Aq3WQ3SmZZFCRP1vFiypmk6ioHYV9c3uPlysDRvxbcPVuzNm
KaQvjEEsyNQUg1CNSp8olPHsd9Wh2XKkLUGfseNwOci03QwvHNdrUXHfaa8PlygH
6roFibmBhZezrAhPiDO0peJxvyCRAYXkDdNBEJQX7l64A3S0LvFfqoWad4+OwcbU
Lvcd1a6wXWQ++hKaFHiQKxfONPxuDs9lIZoNAeDYXscG
-----END CERTIFICATE-----