This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/a9a06e-69ac-45ce-badc-09dbd08cbe2d/1/MaHcS05o3WBeZOrNVbnsOPGuJZk.roa
File:                     MaHcS05o3WBeZOrNVbnsOPGuJZk.roa (raw, json)
Hash identifier:          hWXPAtBNsAo9ZPaQbHx34drt2IC8j3ryox2B1+pnB+E=
Subject key identifier:   31:A1:DC:4B:4E:68:DD:60:5E:64:EA:CD:55:B9:EC:38:F1:AE:25:99
Certificate issuer:       /CN=5b087d1dc98e26e4c959d09f6146d7fdf869e4fc
Certificate serial:       019B7C134BDFC3E7CE908A1B6A7331463DCA
Authority key identifier: 5B:08:7D:1D:C9:8E:26:E4:C9:59:D0:9F:61:46:D7:FD:F8:69:E4:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wwh9HcmOJuTJWdCfYUbX_fhp5Pw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/a9a06e-69ac-45ce-badc-09dbd08cbe2d/1/MaHcS05o3WBeZOrNVbnsOPGuJZk.roa
Signing time:             Fri 02 Jan 2026 00:19:57 +0000
ROA not before:           Fri 02 Jan 2026 00:19:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29684
IP address blocks:        193.203.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/a9a06e-69ac-45ce-badc-09dbd08cbe2d/1/Wwh9HcmOJuTJWdCfYUbX_fhp5Pw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/a9a06e-69ac-45ce-badc-09dbd08cbe2d/1/Wwh9HcmOJuTJWdCfYUbX_fhp5Pw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wwh9HcmOJuTJWdCfYUbX_fhp5Pw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 20:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:4b:df:c3:e7:ce:90:8a:1b:6a:73:31:46:3d:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b087d1dc98e26e4c959d09f6146d7fdf869e4fc
        Validity
            Not Before: Jan  2 00:19:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31a1dc4b4e68dd605e64eacd55b9ec38f1ae2599
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d6:54:54:f5:df:a3:06:f0:dd:99:65:3b:dc:
                    38:4e:cb:c6:c9:cd:d0:0e:13:08:37:75:ce:79:b7:
                    4b:2c:da:60:5b:a1:16:e3:77:1b:46:ff:5b:68:0b:
                    15:f0:03:18:d3:82:68:ce:e8:b5:69:da:71:45:bc:
                    81:d0:7f:5a:ab:12:08:76:c0:86:d8:72:60:8c:78:
                    84:f4:af:ea:61:67:aa:64:dd:dc:01:4b:c6:0f:c2:
                    a2:a8:ed:47:96:df:29:70:9b:25:93:7e:64:38:71:
                    f1:c2:e1:6c:f7:0c:e0:8b:44:02:c1:44:39:3f:d6:
                    26:cc:bc:05:d0:d1:17:dc:43:bf:0a:1b:34:50:ae:
                    bc:57:be:0b:ea:65:cf:cd:d4:57:8c:6d:45:cf:1b:
                    50:de:91:2a:19:4d:8a:7f:9a:e2:df:7d:f6:fb:ae:
                    48:99:1f:e0:49:cd:d4:e7:27:ae:fd:74:50:11:d5:
                    13:d5:7f:03:b6:3e:1b:5c:02:c8:c5:46:fd:c4:b4:
                    8e:84:cc:8b:e0:06:31:96:84:f5:e3:1e:3c:23:f7:
                    d9:e2:83:31:c2:9f:c6:ed:01:e1:ec:33:80:db:ec:
                    f1:85:89:66:d1:6a:e8:bf:d9:4a:44:01:ce:c5:2e:
                    8d:e1:dc:28:ce:6f:0f:60:90:b6:78:4b:47:86:9a:
                    02:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:A1:DC:4B:4E:68:DD:60:5E:64:EA:CD:55:B9:EC:38:F1:AE:25:99
            X509v3 Authority Key Identifier:
                keyid:5B:08:7D:1D:C9:8E:26:E4:C9:59:D0:9F:61:46:D7:FD:F8:69:E4:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wwh9HcmOJuTJWdCfYUbX_fhp5Pw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/a9a06e-69ac-45ce-badc-09dbd08cbe2d/1/MaHcS05o3WBeZOrNVbnsOPGuJZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/a9a06e-69ac-45ce-badc-09dbd08cbe2d/1/Wwh9HcmOJuTJWdCfYUbX_fhp5Pw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.203.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:7f:38:26:da:80:09:b1:51:b1:0a:29:31:63:e9:28:d1:89:
         ec:55:2c:d4:7b:b0:0c:99:bb:79:9f:c9:22:87:7a:cb:64:57:
         6e:fa:ae:09:c7:03:70:5e:b2:38:db:f8:b3:95:0e:af:cd:ae:
         75:ab:6d:9a:72:3f:3d:78:cf:71:10:54:87:22:1e:cc:c6:78:
         e6:57:dd:cf:40:7e:90:d3:e9:30:e5:6d:04:3e:ba:2e:ff:48:
         ac:a0:b7:1d:ab:5c:3c:39:26:54:4a:3b:d0:c4:66:9d:ad:33:
         d3:c8:3b:8d:3c:dc:f0:bb:d6:3b:23:8e:00:a1:e8:81:16:47:
         1c:57:96:c1:32:50:9f:36:c0:aa:d7:82:23:14:a3:5b:7c:0a:
         7c:3d:be:2d:5a:e5:0e:8d:a4:09:ae:de:90:e7:25:0b:50:96:
         9e:cc:6f:75:13:f6:48:9b:0f:04:a3:19:67:31:c2:a8:a9:96:
         55:e4:4b:ca:91:cf:6d:75:cc:cf:3a:5b:c2:08:47:b7:84:04:
         19:0d:d8:18:54:7a:d0:5c:77:26:0d:0b:5d:46:43:10:5d:f4:
         81:56:6b:7f:fc:10:14:10:83:ee:d1:ad:93:28:5b:fa:2e:81:
         17:a9:6a:a7:49:ab:fa:2a:4a:49:54:b3:18:52:01:ee:50:75:
         17:5f:df:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E0vfw+fOkIobanMxRj3KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViMDg3ZDFkYzk4ZTI2ZTRjOTU5ZDA5ZjYxNDZkN2ZkZjg2
OWU0ZmMwHhcNMjYwMTAyMDAxOTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWExZGM0YjRlNjhkZDYwNWU2NGVhY2Q1NWI5ZWMzOGYxYWUyNTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstZUVPXfowbw3ZllO9w4TsvGyc3Q
DhMIN3XOebdLLNpgW6EW43cbRv9baAsV8AMY04Jozui1adpxRbyB0H9aqxIIdsCG
2HJgjHiE9K/qYWeqZN3cAUvGD8KiqO1Hlt8pcJslk35kOHHxwuFs9wzgi0QCwUQ5
P9YmzLwF0NEX3EO/Chs0UK68V74L6mXPzdRXjG1FzxtQ3pEqGU2Kf5ri3332+65I
mR/gSc3U5yeu/XRQEdUT1X8Dtj4bXALIxUb9xLSOhMyL4AYxloT14x48I/fZ4oMx
wp/G7QHh7DOA2+zxhYlm0Wrov9lKRAHOxS6N4dwozm8PYJC2eEtHhpoC3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDGh3EtOaN1gXmTqzVW57DjxriWZMB8GA1UdIwQY
MBaAFFsIfR3JjibkyVnQn2FG1/34aeT8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3doOUhjbU9KdVRKV2RDZllVYlhfZmhwNVB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9hOWEwNmUtNjlhYy00NWNlLWJhZGMt
MDlkYmQwOGNiZTJkLzEvTWFIY1MwNW8zV0JlWk9yTlZibnNPUEd1SlprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9hOWEwNmUtNjlhYy00NWNlLWJhZGMtMDlkYmQwOGNiZTJk
LzEvV3doOUhjbU9KdVRKV2RDZllVYlhfZmhwNVB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwctvMA0G
CSqGSIb3DQEBCwUAA4IBAQB5fzgm2oAJsVGxCikxY+ko0YnsVSzUe7AMmbt5n8ki
h3rLZFdu+q4JxwNwXrI42/izlQ6vza51q22acj89eM9xEFSHIh7MxnjmV93PQH6Q
0+kw5W0EProu/0isoLcdq1w8OSZUSjvQxGadrTPTyDuNPNzwu9Y7I44AoeiBFkcc
V5bBMlCfNsCq14IjFKNbfAp8Pb4tWuUOjaQJrt6Q5yULUJaezG91E/ZImw8Eoxln
McKoqZZV5EvKkc9tdczPOlvCCEe3hAQZDdgYVHrQXHcmDQtdRkMQXfSBVmt//BAU
EIPu0a2TKFv6LoEXqWqnSav6KkpJVLMYUgHuUHUXX9+1
-----END CERTIFICATE-----