This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/MwiX1sWT4L9Sd2jLdKK-is1cuoU.roa
File:                     MwiX1sWT4L9Sd2jLdKK-is1cuoU.roa (raw, json)
Hash identifier:          oswXbOPtoGvOkQD2v1oxYSwYp3lw3uvemjQYUy0pcbU=
Subject key identifier:   33:08:97:D6:C5:93:E0:BF:52:77:68:CB:74:A2:BE:8A:CD:5C:BA:85
Certificate issuer:       /CN=b21a3f4af94a580eb9e7b58542a0084b21c2b09b
Certificate serial:       019B7A5B2C53B7E97FF19C7C2B66E27D53F8
Authority key identifier: B2:1A:3F:4A:F9:4A:58:0E:B9:E7:B5:85:42:A0:08:4B:21:C2:B0:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sho_SvlKWA6557WFQqAISyHCsJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/MwiX1sWT4L9Sd2jLdKK-is1cuoU.roa
Signing time:             Thu 01 Jan 2026 16:19:13 +0000
ROA not before:           Thu 01 Jan 2026 16:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215984
IP address blocks:        89.150.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/sho_SvlKWA6557WFQqAISyHCsJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/sho_SvlKWA6557WFQqAISyHCsJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sho_SvlKWA6557WFQqAISyHCsJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:2c:53:b7:e9:7f:f1:9c:7c:2b:66:e2:7d:53:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b21a3f4af94a580eb9e7b58542a0084b21c2b09b
        Validity
            Not Before: Jan  1 16:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=330897d6c593e0bf527768cb74a2be8acd5cba85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f5:49:db:49:1d:e4:54:69:8c:81:22:ad:b8:
                    da:12:b0:2c:9c:e1:71:2d:5f:34:46:0f:25:54:00:
                    37:a7:14:ed:26:aa:ea:18:22:9e:46:4c:71:84:94:
                    31:8e:19:3a:04:f1:e3:30:27:67:66:29:aa:96:95:
                    69:4a:9a:4d:64:ec:9b:29:a7:4d:b4:5d:02:0f:9a:
                    a6:ef:a2:a5:c9:9d:c6:27:24:12:66:a6:41:f6:19:
                    cc:19:b4:6b:df:a0:1f:22:5d:1b:39:18:49:ac:4a:
                    82:13:26:ec:be:5b:3e:6d:4b:18:a7:b3:43:88:1e:
                    64:d2:f4:37:fe:8c:cc:58:0a:bd:7f:43:6f:9c:28:
                    ad:e4:f6:88:c9:c5:0a:df:00:0f:d0:db:86:9f:3e:
                    b2:71:e1:1f:7d:2d:8e:2c:92:b3:34:b6:ea:09:6a:
                    3f:6f:21:62:e0:d5:1d:14:08:79:5b:02:8c:8a:dd:
                    78:22:fd:3e:d5:74:36:a7:1f:6e:5c:e9:9e:05:45:
                    cf:87:da:6e:11:8a:2c:45:46:08:ba:df:a7:d5:c7:
                    c3:e4:3c:2e:d1:cb:04:a8:43:5a:ab:97:6d:df:6f:
                    ab:2b:8a:42:1d:5e:7f:f5:60:e8:31:42:7c:d0:57:
                    dd:ac:c6:8c:1b:91:9a:ee:47:22:33:ae:d8:69:dc:
                    09:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:08:97:D6:C5:93:E0:BF:52:77:68:CB:74:A2:BE:8A:CD:5C:BA:85
            X509v3 Authority Key Identifier:
                keyid:B2:1A:3F:4A:F9:4A:58:0E:B9:E7:B5:85:42:A0:08:4B:21:C2:B0:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sho_SvlKWA6557WFQqAISyHCsJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/MwiX1sWT4L9Sd2jLdKK-is1cuoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/sho_SvlKWA6557WFQqAISyHCsJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.150.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         da:ef:85:bd:63:9f:84:15:9a:6f:29:10:61:f1:81:06:81:cc:
         00:6a:e4:0d:96:7d:00:5c:49:57:b7:93:c0:d4:d4:fd:bb:72:
         f7:a0:2d:67:71:2e:6c:96:e1:de:b5:aa:77:fb:e8:bb:d9:c9:
         71:09:0b:37:06:cb:62:38:b1:a1:59:4c:db:fb:b3:79:69:7f:
         48:7b:3c:0e:61:14:c1:b1:98:42:10:2c:8b:f8:1a:28:ce:78:
         a9:80:35:4a:68:15:94:6f:d7:46:63:7d:30:bf:d3:4f:5a:31:
         46:f0:4a:d6:86:73:2a:66:5a:82:b2:78:b7:92:b6:ad:61:34:
         66:f2:19:df:a1:a1:7a:55:0b:fe:ca:f6:2e:3b:47:28:14:a7:
         15:f3:6b:f7:b6:ab:d5:a7:82:5a:ad:3c:57:6c:54:58:79:cb:
         30:6f:f3:d9:77:41:58:36:97:a1:d7:61:b9:b8:25:81:be:44:
         82:39:a2:cd:b1:24:d2:a9:53:3b:68:85:ba:e3:11:e1:d0:5d:
         d7:cc:1a:87:7a:cc:43:8b:be:5f:38:51:d1:91:f3:df:c3:74:
         11:5d:99:94:cc:5d:bb:00:17:5f:dd:07:58:47:58:f9:26:55:
         a9:a2:0c:7e:52:18:b4:31:1c:fc:22:ce:3a:09:be:71:d4:06:
         ba:36:41:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WyxTt+l/8Zx8K2bifVP4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMWEzZjRhZjk0YTU4MGViOWU3YjU4NTQyYTAwODRiMjFj
MmIwOWIwHhcNMjYwMTAxMTYxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzA4OTdkNmM1OTNlMGJmNTI3NzY4Y2I3NGEyYmU4YWNkNWNiYTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvVJ20kd5FRpjIEirbjaErAsnOFx
LV80Rg8lVAA3pxTtJqrqGCKeRkxxhJQxjhk6BPHjMCdnZimqlpVpSppNZOybKadN
tF0CD5qm76KlyZ3GJyQSZqZB9hnMGbRr36AfIl0bORhJrEqCEybsvls+bUsYp7ND
iB5k0vQ3/ozMWAq9f0NvnCit5PaIycUK3wAP0NuGnz6yceEffS2OLJKzNLbqCWo/
byFi4NUdFAh5WwKMit14Iv0+1XQ2px9uXOmeBUXPh9puEYosRUYIut+n1cfD5Dwu
0csEqENaq5dt32+rK4pCHV5/9WDoMUJ80FfdrMaMG5Ga7kciM67YadwJXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMIl9bFk+C/Undoy3SivorNXLqFMB8GA1UdIwQY
MBaAFLIaP0r5SlgOuee1hUKgCEshwrCbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2hvX1N2bEtXQTY1NTdXRlFxQUlTeUhDc0pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS85OTFmMWMtOTk5Yi00Zjc1LWIwYmYt
NTEyOTE3MmI2OTY2LzEvTXdpWDFzV1Q0TDlTZDJqTGRLSy1pczFjdW9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS85OTFmMWMtOTk5Yi00Zjc1LWIwYmYtNTEyOTE3MmI2OTY2
LzEvc2hvX1N2bEtXQTY1NTdXRlFxQUlTeUhDc0pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWZYpMA0G
CSqGSIb3DQEBCwUAA4IBAQDa74W9Y5+EFZpvKRBh8YEGgcwAauQNln0AXElXt5PA
1NT9u3L3oC1ncS5sluHetap3++i72clxCQs3BstiOLGhWUzb+7N5aX9IezwOYRTB
sZhCECyL+BooznipgDVKaBWUb9dGY30wv9NPWjFG8ErWhnMqZlqCsni3kratYTRm
8hnfoaF6VQv+yvYuO0coFKcV82v3tqvVp4JarTxXbFRYecswb/PZd0FYNpeh12G5
uCWBvkSCOaLNsSTSqVM7aIW64xHh0F3XzBqHesxDi75fOFHRkfPfw3QRXZmUzF27
ABdf3QdYR1j5JlWpogx+Uhi0MRz8Is46Cb5x1Aa6NkFu
-----END CERTIFICATE-----