This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/1d0171-3307-4531-a73a-146a69b6d8e4/1/mGuGgApHSUc3pkLejONy6uxFa8I.roa
File:                     mGuGgApHSUc3pkLejONy6uxFa8I.roa (raw, json)
Hash identifier:          72owtSfE8WtU3O8vsf/pSLMkM235o/0ogXWxdafrLec=
Subject key identifier:   98:6B:86:80:0A:47:49:47:37:A6:42:DE:8C:E3:72:EA:EC:45:6B:C2
Certificate issuer:       /CN=b5a263d18eb5c540f7478825bb72efac6f28f82b
Certificate serial:       019B7A5ACEF50ACB7E361E04CF54BB0441B2
Authority key identifier: B5:A2:63:D1:8E:B5:C5:40:F7:47:88:25:BB:72:EF:AC:6F:28:F8:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/taJj0Y61xUD3R4glu3LvrG8o-Cs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/1d0171-3307-4531-a73a-146a69b6d8e4/1/mGuGgApHSUc3pkLejONy6uxFa8I.roa
Signing time:             Thu 01 Jan 2026 16:18:50 +0000
ROA not before:           Thu 01 Jan 2026 16:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12779
IP address blocks:        195.74.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/1d0171-3307-4531-a73a-146a69b6d8e4/1/taJj0Y61xUD3R4glu3LvrG8o-Cs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/1d0171-3307-4531-a73a-146a69b6d8e4/1/taJj0Y61xUD3R4glu3LvrG8o-Cs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/taJj0Y61xUD3R4glu3LvrG8o-Cs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Feb 2026 21:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:ce:f5:0a:cb:7e:36:1e:04:cf:54:bb:04:41:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5a263d18eb5c540f7478825bb72efac6f28f82b
        Validity
            Not Before: Jan  1 16:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=986b86800a47494737a642de8ce372eaec456bc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:9f:11:51:d5:d1:f9:e8:c5:2e:8d:4d:77:89:
                    f8:2f:cf:fa:be:31:8c:b8:5d:b8:1b:86:7f:6f:43:
                    e7:ee:6e:d9:ed:3e:b0:12:e0:0e:eb:e5:75:fb:a8:
                    3d:bd:c8:08:25:7e:22:1d:80:57:5d:22:48:3a:6f:
                    65:02:97:f8:48:2e:30:d4:57:25:90:70:57:a8:20:
                    04:07:94:44:17:a9:38:a4:55:2a:75:4c:9d:49:d5:
                    59:ce:0a:37:03:2e:28:c4:8c:d7:69:fd:34:29:c2:
                    be:57:37:46:20:cf:26:00:8d:0c:4d:d5:36:03:ed:
                    68:49:85:69:fb:1c:ff:64:c3:ed:27:0d:ce:88:74:
                    94:3a:1c:d6:33:81:99:3e:16:12:38:b8:08:92:f7:
                    86:23:74:16:24:b6:b0:04:7b:22:3f:50:c4:98:cf:
                    8c:34:9e:74:4b:7f:ea:5d:10:97:cf:20:32:43:ad:
                    ae:46:af:17:c7:8c:12:00:e7:c4:aa:b4:a8:c0:1d:
                    c6:cd:2c:90:eb:9b:2b:58:22:32:3c:1b:5b:3d:fb:
                    29:cd:90:42:97:6c:c8:51:0e:9c:c5:ed:49:f5:f7:
                    94:93:53:00:bf:e5:c4:e0:3d:72:06:9d:19:0e:08:
                    15:aa:01:39:ab:72:91:57:f5:75:ce:21:f4:98:4f:
                    b0:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:6B:86:80:0A:47:49:47:37:A6:42:DE:8C:E3:72:EA:EC:45:6B:C2
            X509v3 Authority Key Identifier:
                keyid:B5:A2:63:D1:8E:B5:C5:40:F7:47:88:25:BB:72:EF:AC:6F:28:F8:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/taJj0Y61xUD3R4glu3LvrG8o-Cs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1d0171-3307-4531-a73a-146a69b6d8e4/1/mGuGgApHSUc3pkLejONy6uxFa8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1d0171-3307-4531-a73a-146a69b6d8e4/1/taJj0Y61xUD3R4glu3LvrG8o-Cs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.74.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:3f:9a:63:28:29:1c:fb:85:4a:5b:51:3b:f9:41:26:1c:75:
         98:05:3b:4d:0f:39:76:5e:77:5e:dd:cf:42:3f:70:a3:e0:71:
         44:9f:8d:c9:52:b9:09:d5:ec:e3:56:28:50:0c:df:ba:50:52:
         de:78:5b:f4:3e:5e:a4:67:96:66:4e:49:d5:6d:9d:b9:c2:41:
         77:4e:dc:5b:c4:17:6f:af:5e:f7:0a:ca:37:55:68:7c:64:8c:
         89:60:ce:cd:a7:fe:fb:7e:f8:1e:72:06:85:c5:33:6e:6c:63:
         7b:35:c5:a7:61:db:1e:57:6f:61:67:43:a1:f7:42:c5:f9:63:
         c7:c9:cb:56:e7:04:3d:fe:c0:eb:6a:62:29:8b:02:02:94:86:
         9f:b1:b4:c4:89:65:91:68:7e:92:56:3b:eb:da:3a:b3:b1:a2:
         87:9d:30:10:cb:50:3e:a3:a3:a4:75:e1:73:c4:0e:89:cc:b1:
         9e:70:a0:fe:52:84:bd:47:6c:27:8b:9b:d4:ba:f2:9f:2d:df:
         b9:ec:bb:f7:2b:b2:6d:ff:18:79:8e:9e:03:57:74:0d:6d:be:
         1e:1b:2f:d0:87:d4:4c:98:32:3e:b4:b0:d4:22:40:05:c5:51:
         9a:82:2e:3e:2a:82:24:0c:f3:59:ac:6c:86:a6:98:de:20:41:
         45:be:e0:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Ws71Cst+Nh4Ez1S7BEGyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1YTI2M2QxOGViNWM1NDBmNzQ3ODgyNWJiNzJlZmFjNmYy
OGY4MmIwHhcNMjYwMTAxMTYxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODZiODY4MDBhNDc0OTQ3MzdhNjQyZGU4Y2UzNzJlYWVjNDU2YmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJ8RUdXR+ejFLo1Nd4n4L8/6vjGM
uF24G4Z/b0Pn7m7Z7T6wEuAO6+V1+6g9vcgIJX4iHYBXXSJIOm9lApf4SC4w1Fcl
kHBXqCAEB5REF6k4pFUqdUydSdVZzgo3Ay4oxIzXaf00KcK+VzdGIM8mAI0MTdU2
A+1oSYVp+xz/ZMPtJw3OiHSUOhzWM4GZPhYSOLgIkveGI3QWJLawBHsiP1DEmM+M
NJ50S3/qXRCXzyAyQ62uRq8Xx4wSAOfEqrSowB3GzSyQ65srWCIyPBtbPfspzZBC
l2zIUQ6cxe1J9feUk1MAv+XE4D1yBp0ZDggVqgE5q3KRV/V1ziH0mE+wgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJhrhoAKR0lHN6ZC3ozjcursRWvCMB8GA1UdIwQY
MBaAFLWiY9GOtcVA90eIJbty76xvKPgrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGFKajBZNjF4VUQzUjRnbHUzTHZyRzhvLUNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xZDAxNzEtMzMwNy00NTMxLWE3M2Et
MTQ2YTY5YjZkOGU0LzEvbUd1R2dBcEhTVWMzcGtMZWpPTnk2dXhGYThJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xZDAxNzEtMzMwNy00NTMxLWE3M2EtMTQ2YTY5YjZkOGU0
LzEvdGFKajBZNjF4VUQzUjRnbHUzTHZyRzhvLUNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0pRMA0G
CSqGSIb3DQEBCwUAA4IBAQDQP5pjKCkc+4VKW1E7+UEmHHWYBTtNDzl2Xnde3c9C
P3Cj4HFEn43JUrkJ1ezjVihQDN+6UFLeeFv0Pl6kZ5ZmTknVbZ25wkF3TtxbxBdv
r173Cso3VWh8ZIyJYM7Np/77fvgecgaFxTNubGN7NcWnYdseV29hZ0Oh90LF+WPH
yctW5wQ9/sDramIpiwIClIafsbTEiWWRaH6SVjvr2jqzsaKHnTAQy1A+o6OkdeFz
xA6JzLGecKD+UoS9R2wni5vUuvKfLd+57Lv3K7Jt/xh5jp4DV3QNbb4eGy/Qh9RM
mDI+tLDUIkAFxVGagi4+KoIkDPNZrGyGppjeIEFFvuC6
-----END CERTIFICATE-----