This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/4c4f66-9039-4fb1-bd49-1a4b6edb03a7/1/1MRUxxI-MJ5URuxEnbVPosa96BE.roa
File:                     1MRUxxI-MJ5URuxEnbVPosa96BE.roa (raw, json)
Hash identifier:          ybJfJTh+qledOSXFQ1Rpq1+qpwILYkG/vUQqmage5L0=
Subject key identifier:   D4:C4:54:C7:12:3E:30:9E:54:46:EC:44:9D:B5:4F:A2:C6:BD:E8:11
Certificate issuer:       /CN=5647798f253c724eb07f2e8ad8c2ed949436499c
Certificate serial:       019B78A30F4CBFB4A970C714CCBBC5F0172B
Authority key identifier: 56:47:79:8F:25:3C:72:4E:B0:7F:2E:8A:D8:C2:ED:94:94:36:49:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vkd5jyU8ck6wfy6K2MLtlJQ2SZw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/4c4f66-9039-4fb1-bd49-1a4b6edb03a7/1/1MRUxxI-MJ5URuxEnbVPosa96BE.roa
Signing time:             Thu 01 Jan 2026 08:18:30 +0000
ROA not before:           Thu 01 Jan 2026 08:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204272
IP address blocks:        109.70.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/4c4f66-9039-4fb1-bd49-1a4b6edb03a7/1/Vkd5jyU8ck6wfy6K2MLtlJQ2SZw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/4c4f66-9039-4fb1-bd49-1a4b6edb03a7/1/Vkd5jyU8ck6wfy6K2MLtlJQ2SZw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vkd5jyU8ck6wfy6K2MLtlJQ2SZw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 08:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:0f:4c:bf:b4:a9:70:c7:14:cc:bb:c5:f0:17:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5647798f253c724eb07f2e8ad8c2ed949436499c
        Validity
            Not Before: Jan  1 08:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d4c454c7123e309e5446ec449db54fa2c6bde811
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b4:6a:04:42:8b:6d:35:e3:fd:e0:0b:26:3f:
                    25:9a:dc:32:09:09:ae:b0:17:49:48:b4:d6:69:46:
                    c7:92:18:a2:73:6d:a6:e3:ea:40:d5:e1:10:cc:7a:
                    ff:38:2d:d4:af:16:ee:f2:9b:4c:75:78:ca:2c:a4:
                    3c:b4:c9:ef:bf:9f:9c:97:9d:a6:36:5a:9a:a3:56:
                    56:ef:69:f2:0b:27:df:1e:3c:6b:7d:71:cb:8a:a7:
                    57:37:b8:a8:9a:43:8f:0e:1c:e1:37:04:a7:84:02:
                    3c:f5:f8:9e:2c:f0:9f:6a:65:e8:b1:f5:43:07:09:
                    87:dc:d3:15:fd:8e:6c:00:57:cb:25:2c:7a:b1:e1:
                    b7:53:1c:72:a0:b6:fc:ff:e9:57:c0:0c:01:cb:5a:
                    31:65:65:17:b3:79:46:86:bf:cc:64:99:29:3e:ab:
                    ee:4c:af:60:8e:f4:4b:52:c9:02:98:5b:7d:42:70:
                    c4:7e:94:a4:b4:74:0b:e1:75:c3:49:29:12:69:0a:
                    89:51:d7:3e:9a:fb:04:2f:c3:99:a9:54:68:a2:07:
                    42:0f:ec:de:42:71:5f:0d:db:9e:76:28:37:f7:9b:
                    09:15:7c:c6:bd:6b:78:93:d6:c6:09:e2:41:a8:8d:
                    f1:53:46:16:da:d5:f5:8d:70:69:e4:50:c8:2b:2a:
                    e9:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:C4:54:C7:12:3E:30:9E:54:46:EC:44:9D:B5:4F:A2:C6:BD:E8:11
            X509v3 Authority Key Identifier:
                keyid:56:47:79:8F:25:3C:72:4E:B0:7F:2E:8A:D8:C2:ED:94:94:36:49:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vkd5jyU8ck6wfy6K2MLtlJQ2SZw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/4c4f66-9039-4fb1-bd49-1a4b6edb03a7/1/1MRUxxI-MJ5URuxEnbVPosa96BE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/4c4f66-9039-4fb1-bd49-1a4b6edb03a7/1/Vkd5jyU8ck6wfy6K2MLtlJQ2SZw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:b8:26:a5:48:cc:02:db:9e:d7:59:84:a2:ad:67:79:fa:8b:
         e6:81:83:2f:b8:c9:c2:a4:c8:53:54:51:72:eb:d5:96:9b:d8:
         dc:4b:33:f6:f5:f5:b8:19:26:7f:d4:86:02:44:9c:a5:1b:b5:
         1c:db:8f:66:d6:c6:d5:13:7b:95:29:8c:3d:1e:ff:91:a4:fd:
         84:5d:4d:d0:a0:b1:85:51:c6:61:1a:f0:a5:3f:c6:8d:83:7f:
         6f:b4:6b:fd:1b:da:88:d8:2a:35:05:dc:59:7e:ff:00:e4:45:
         92:c0:e6:84:07:02:06:f9:e8:58:5f:6c:91:dd:40:18:b2:c1:
         cf:af:05:cc:b8:18:bd:5f:17:7b:ee:3d:c8:b5:8a:48:25:6c:
         02:6f:6b:99:d1:67:c3:21:fc:0c:b3:50:58:06:db:51:76:00:
         45:b0:d6:47:93:e5:8a:66:34:89:3e:c2:28:c2:75:68:92:28:
         68:2e:25:a4:5a:4e:fa:a5:f9:17:92:21:e1:d2:e1:b3:b6:f5:
         b4:f1:4a:32:63:9c:90:e8:ce:bc:49:a2:d4:15:04:d7:a4:82:
         db:76:49:2d:70:0e:99:f2:45:30:c8:67:f0:f8:13:83:64:4b:
         bb:44:75:51:d9:49:b6:0d:02:d0:c9:aa:c6:da:93:b1:4d:88:
         ca:74:7f:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4ow9Mv7SpcMcUzLvF8BcrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NDc3OThmMjUzYzcyNGViMDdmMmU4YWQ4YzJlZDk0OTQz
NjQ5OWMwHhcNMjYwMTAxMDgxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGM0NTRjNzEyM2UzMDllNTQ0NmVjNDQ5ZGI1NGZhMmM2YmRlODExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7RqBEKLbTXj/eALJj8lmtwyCQmu
sBdJSLTWaUbHkhiic22m4+pA1eEQzHr/OC3Urxbu8ptMdXjKLKQ8tMnvv5+cl52m
Nlqao1ZW72nyCyffHjxrfXHLiqdXN7iomkOPDhzhNwSnhAI89fieLPCfamXosfVD
BwmH3NMV/Y5sAFfLJSx6seG3UxxyoLb8/+lXwAwBy1oxZWUXs3lGhr/MZJkpPqvu
TK9gjvRLUskCmFt9QnDEfpSktHQL4XXDSSkSaQqJUdc+mvsEL8OZqVRoogdCD+ze
QnFfDduedig395sJFXzGvWt4k9bGCeJBqI3xU0YW2tX1jXBp5FDIKyrp/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNTEVMcSPjCeVEbsRJ21T6LGvegRMB8GA1UdIwQY
MBaAFFZHeY8lPHJOsH8uitjC7ZSUNkmcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmtkNWp5VThjazZ3Znk2SzJNTHRsSlEyU1p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC80YzRmNjYtOTAzOS00ZmIxLWJkNDkt
MWE0YjZlZGIwM2E3LzEvMU1SVXh4SS1NSjVVUnV4RW5iVlBvc2E5NkJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC80YzRmNjYtOTAzOS00ZmIxLWJkNDktMWE0YjZlZGIwM2E3
LzEvVmtkNWp5VThjazZ3Znk2SzJNTHRsSlEyU1p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUZLMA0G
CSqGSIb3DQEBCwUAA4IBAQBxuCalSMwC257XWYSirWd5+ovmgYMvuMnCpMhTVFFy
69WWm9jcSzP29fW4GSZ/1IYCRJylG7Uc249m1sbVE3uVKYw9Hv+RpP2EXU3QoLGF
UcZhGvClP8aNg39vtGv9G9qI2Co1BdxZfv8A5EWSwOaEBwIG+ehYX2yR3UAYssHP
rwXMuBi9Xxd77j3ItYpIJWwCb2uZ0WfDIfwMs1BYBttRdgBFsNZHk+WKZjSJPsIo
wnVokihoLiWkWk76pfkXkiHh0uGztvW08UoyY5yQ6M68SaLUFQTXpILbdkktcA6Z
8kUwyGfw+BODZEu7RHVR2Um2DQLQyarG2pOxTYjKdH/V
-----END CERTIFICATE-----