This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/MA1FZ0Kd9wdwMtmBadU0hhtttm0.roa
File:                     MA1FZ0Kd9wdwMtmBadU0hhtttm0.roa (raw, json)
Hash identifier:          QAEnbojUEEoHhXNLCPe+Qwxb4hVhw+T32YK80jDjtFM=
Subject key identifier:   30:0D:45:67:42:9D:F7:07:70:32:D9:81:69:D5:34:86:1B:6D:B6:6D
Certificate issuer:       /CN=52a165dc3aafbe2c62e265ff104327a3e675f89f
Certificate serial:       019B7B35C695CC78FF5931E5B01D45D846AD
Authority key identifier: 52:A1:65:DC:3A:AF:BE:2C:62:E2:65:FF:10:43:27:A3:E6:75:F8:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/MA1FZ0Kd9wdwMtmBadU0hhtttm0.roa
Signing time:             Thu 01 Jan 2026 20:18:00 +0000
ROA not before:           Thu 01 Jan 2026 20:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207713
IP address blocks:        185.143.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 17:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:c6:95:cc:78:ff:59:31:e5:b0:1d:45:d8:46:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52a165dc3aafbe2c62e265ff104327a3e675f89f
        Validity
            Not Before: Jan  1 20:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=300d4567429df7077032d98169d534861b6db66d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:83:bd:28:96:0b:57:c5:45:40:58:02:79:dc:
                    2b:08:38:c4:55:14:1c:10:1c:dc:fe:ba:a0:0f:3a:
                    f5:4b:5d:72:0d:07:59:5e:25:3a:07:d1:dd:92:ed:
                    8e:aa:7a:d9:a0:61:41:ee:01:13:c8:8e:4e:d2:e3:
                    a7:29:a2:b1:4e:71:78:b2:dc:d2:bd:aa:5b:f5:9c:
                    f5:79:6f:95:82:9f:f9:e9:a7:f2:98:5a:e2:b1:60:
                    dd:fa:a6:5c:f1:8c:f9:92:a8:c5:32:ce:61:9e:44:
                    ed:ac:10:04:a0:1e:26:30:78:27:5c:4e:e3:dd:ed:
                    39:9d:59:f1:43:b3:4b:89:95:47:a0:33:aa:75:ee:
                    b6:13:af:53:5c:a0:e7:34:d7:55:c9:df:e1:98:1e:
                    73:52:8a:ad:8d:ea:81:66:cb:20:ba:93:ed:23:3f:
                    2d:3d:0b:05:4e:b0:42:49:0e:e3:ba:ad:a6:27:c2:
                    19:d5:4f:36:7a:ff:f0:fd:02:e3:e4:fc:c7:37:90:
                    91:0a:24:1b:8d:54:7e:f6:05:0e:cb:4f:e8:71:20:
                    74:74:c2:3a:23:3b:2a:11:75:84:65:86:6f:70:ff:
                    66:72:1d:b7:d5:8d:3e:a7:4d:f0:e6:a7:a5:9b:59:
                    a7:00:11:55:8c:d7:16:24:1c:0f:09:34:19:a8:2d:
                    0c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:0D:45:67:42:9D:F7:07:70:32:D9:81:69:D5:34:86:1B:6D:B6:6D
            X509v3 Authority Key Identifier:
                keyid:52:A1:65:DC:3A:AF:BE:2C:62:E2:65:FF:10:43:27:A3:E6:75:F8:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/MA1FZ0Kd9wdwMtmBadU0hhtttm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:06:dc:ab:7c:a2:ad:5a:70:9e:74:aa:2d:9d:97:09:0b:8d:
         6b:b8:8f:54:ce:99:1e:35:05:32:16:bc:13:d9:11:60:3e:42:
         8d:f5:c7:04:bd:08:bc:40:3c:40:2d:61:37:2a:20:5e:82:b5:
         fb:a5:f9:76:7a:7a:38:61:ba:b0:60:d3:f8:40:29:e8:67:f2:
         87:fe:47:89:1d:db:3e:31:0a:9b:ad:56:da:1d:be:63:ce:2b:
         bc:09:43:21:77:c2:96:67:a9:a3:75:a4:71:94:b4:df:1b:03:
         97:21:bb:47:81:f5:31:19:34:c2:be:c0:3c:8c:a7:be:cd:c8:
         8d:ee:a2:39:0d:35:e4:b2:da:c8:d9:cb:e2:15:9e:ac:9f:ac:
         99:41:9f:be:3a:44:3a:f2:b9:c7:6a:e0:e8:e6:5b:4d:42:f5:
         83:c6:44:f9:d5:a0:50:9f:d1:34:02:59:db:81:35:2a:b8:32:
         b9:81:80:2d:e2:cd:74:8d:7a:4c:4e:75:0d:4e:70:5e:60:10:
         9d:fb:8f:e0:a6:aa:52:26:f8:b1:d2:26:8c:00:46:67:fd:c2:
         40:4d:73:e8:6f:81:96:0f:f7:c8:c0:12:94:9c:c0:3c:e3:38:
         a2:17:c7:b9:1b:fd:0b:29:4f:48:c5:aa:d8:2e:93:60:bc:d1:
         d1:fa:8f:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NcaVzHj/WTHlsB1F2EatMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYTE2NWRjM2FhZmJlMmM2MmUyNjVmZjEwNDMyN2EzZTY3
NWY4OWYwHhcNMjYwMTAxMjAxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDBkNDU2NzQyOWRmNzA3NzAzMmQ5ODE2OWQ1MzQ4NjFiNmRiNjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4O9KJYLV8VFQFgCedwrCDjEVRQc
EBzc/rqgDzr1S11yDQdZXiU6B9Hdku2OqnrZoGFB7gETyI5O0uOnKaKxTnF4stzS
vapb9Zz1eW+Vgp/56afymFrisWDd+qZc8Yz5kqjFMs5hnkTtrBAEoB4mMHgnXE7j
3e05nVnxQ7NLiZVHoDOqde62E69TXKDnNNdVyd/hmB5zUoqtjeqBZssgupPtIz8t
PQsFTrBCSQ7juq2mJ8IZ1U82ev/w/QLj5PzHN5CRCiQbjVR+9gUOy0/ocSB0dMI6
IzsqEXWEZYZvcP9mch231Y0+p03w5qelm1mnABFVjNcWJBwPCTQZqC0MbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDANRWdCnfcHcDLZgWnVNIYbbbZtMB8GA1UdIwQY
MBaAFFKhZdw6r74sYuJl/xBDJ6PmdfifMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXFGbDNEcXZ2aXhpNG1YX0VFTW5vLVoxLUo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy84MGFjZWItNTBlMi00MGMwLWE4NTIt
ZTI5OGI0MWI2YzgxLzEvTUExRlowS2Q5d2R3TXRtQmFkVTBoaHR0dG0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy84MGFjZWItNTBlMi00MGMwLWE4NTItZTI5OGI0MWI2Yzgx
LzEvVXFGbDNEcXZ2aXhpNG1YX0VFTW5vLVoxLUo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY/fMA0G
CSqGSIb3DQEBCwUAA4IBAQDSBtyrfKKtWnCedKotnZcJC41ruI9UzpkeNQUyFrwT
2RFgPkKN9ccEvQi8QDxALWE3KiBegrX7pfl2eno4YbqwYNP4QCnoZ/KH/keJHds+
MQqbrVbaHb5jziu8CUMhd8KWZ6mjdaRxlLTfGwOXIbtHgfUxGTTCvsA8jKe+zciN
7qI5DTXkstrI2cviFZ6sn6yZQZ++OkQ68rnHauDo5ltNQvWDxkT51aBQn9E0Alnb
gTUquDK5gYAt4s10jXpMTnUNTnBeYBCd+4/gpqpSJvix0iaMAEZn/cJATXPob4GW
D/fIwBKUnMA84ziiF8e5G/0LKU9IxarYLpNgvNHR+o9O
-----END CERTIFICATE-----