This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/e5cf67-e296-46e8-919c-473a29ac3363/1/M-XgOjesPXIogjBIQr0FL2b7KV0.roa
File:                     M-XgOjesPXIogjBIQr0FL2b7KV0.roa (raw, json)
Hash identifier:          cfiY/wJuu827u4/W0gn3sJ9LCmjPRCXCxBqRyHWf5wA=
Subject key identifier:   33:E5:E0:3A:37:AC:3D:72:28:82:30:48:42:BD:05:2F:66:FB:29:5D
Certificate issuer:       /CN=fcb550b710d7f0f94b0ce432cf0e4e950cc4e1ca
Certificate serial:       019B76EB547085A61B0CD0FEF403CB3E11DD
Authority key identifier: FC:B5:50:B7:10:D7:F0:F9:4B:0C:E4:32:CF:0E:4E:95:0C:C4:E1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_LVQtxDX8PlLDOQyzw5OlQzE4co.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/e5cf67-e296-46e8-919c-473a29ac3363/1/M-XgOjesPXIogjBIQr0FL2b7KV0.roa
Signing time:             Thu 01 Jan 2026 00:18:12 +0000
ROA not before:           Thu 01 Jan 2026 00:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16347
IP address blocks:        2a04:ac40::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/e5cf67-e296-46e8-919c-473a29ac3363/1/_LVQtxDX8PlLDOQyzw5OlQzE4co.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/e5cf67-e296-46e8-919c-473a29ac3363/1/_LVQtxDX8PlLDOQyzw5OlQzE4co.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_LVQtxDX8PlLDOQyzw5OlQzE4co.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:54:70:85:a6:1b:0c:d0:fe:f4:03:cb:3e:11:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fcb550b710d7f0f94b0ce432cf0e4e950cc4e1ca
        Validity
            Not Before: Jan  1 00:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=33e5e03a37ac3d722882304842bd052f66fb295d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ac:c3:99:d5:2e:24:8c:74:0c:54:12:aa:59:
                    30:42:5d:5a:0a:73:4b:da:0b:24:f9:8d:7a:08:ad:
                    5f:ff:e3:e8:46:ed:29:be:57:eb:ce:e2:7f:53:4c:
                    ab:a4:55:0c:b4:d9:a1:13:2d:61:c1:6a:60:b1:55:
                    13:42:60:7d:20:f3:93:aa:cb:25:b6:24:c8:e8:e0:
                    72:bd:ed:54:99:7a:fd:43:6e:28:87:0c:c0:73:e2:
                    ec:e1:45:38:44:72:cf:a6:4d:f0:7f:10:ab:94:32:
                    c4:4a:44:06:d9:30:ce:13:66:e2:1f:2f:a2:de:fa:
                    34:a2:16:14:34:e0:ed:59:90:3c:38:2a:51:4d:fc:
                    ff:47:59:f3:a0:5f:ef:ed:dc:82:fe:31:f0:86:df:
                    8d:0e:4d:e6:1e:5c:7f:11:80:a9:c3:b6:55:2e:9e:
                    5e:85:a8:5c:24:d7:f4:b2:48:a8:e4:f9:f8:be:25:
                    e3:9e:07:19:25:12:92:64:8b:c9:d1:ce:7e:ed:eb:
                    12:75:b9:03:eb:27:12:99:de:e5:9f:b7:c3:20:1d:
                    c2:cc:a1:55:b9:27:97:f0:43:58:16:56:d5:4c:26:
                    8d:2d:11:ad:e6:02:61:62:3d:0e:49:5d:a9:70:d2:
                    f1:cb:27:1d:9b:52:dd:c7:f7:b4:63:80:7d:b9:a2:
                    06:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:E5:E0:3A:37:AC:3D:72:28:82:30:48:42:BD:05:2F:66:FB:29:5D
            X509v3 Authority Key Identifier:
                keyid:FC:B5:50:B7:10:D7:F0:F9:4B:0C:E4:32:CF:0E:4E:95:0C:C4:E1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_LVQtxDX8PlLDOQyzw5OlQzE4co.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/e5cf67-e296-46e8-919c-473a29ac3363/1/M-XgOjesPXIogjBIQr0FL2b7KV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/e5cf67-e296-46e8-919c-473a29ac3363/1/_LVQtxDX8PlLDOQyzw5OlQzE4co.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:ac40::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:db:24:40:0d:a8:33:eb:05:78:2d:cf:bc:d5:23:52:96:66:
         32:a9:f8:2d:14:94:33:c6:84:94:14:b3:29:86:3a:55:f1:ec:
         49:5f:a3:e1:bc:f9:e0:5f:f8:4f:32:18:f1:78:a5:3b:29:30:
         57:b8:8e:61:65:d4:79:cf:9e:95:d9:bb:08:6a:d4:96:57:1d:
         38:0d:cb:a1:87:c7:6d:b4:1b:ef:66:c8:bb:d3:76:31:37:b7:
         a4:da:2a:d8:c8:38:9d:10:fc:6e:70:78:53:21:6d:b1:62:1f:
         be:33:46:13:22:4a:94:c7:c7:9c:26:a4:20:4b:48:0a:fc:d7:
         3b:7d:6b:d2:ff:ee:73:81:67:98:65:2d:56:24:db:9a:35:02:
         f1:ca:e3:2f:b3:9e:b6:a4:f9:9e:57:ca:64:4e:97:11:88:6a:
         dd:a1:8e:11:47:ae:e6:ff:77:0a:47:b9:01:f8:09:e6:6d:f4:
         67:d1:99:25:99:76:fd:07:ec:a8:30:1f:d9:d3:55:02:8f:60:
         4e:52:ef:10:50:47:ce:fd:91:e5:73:9e:4e:b1:73:1b:25:ba:
         b3:9a:b7:0f:8e:97:71:43:98:1f:9b:71:29:14:d4:92:16:ab:
         8e:1e:86:72:3e:e3:30:06:77:21:05:4e:da:3c:e1:41:be:99:
         d6:32:19:67
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt261RwhaYbDND+9APLPhHdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYjU1MGI3MTBkN2YwZjk0YjBjZTQzMmNmMGU0ZTk1MGNj
NGUxY2EwHhcNMjYwMTAxMDAxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2U1ZTAzYTM3YWMzZDcyMjg4MjMwNDg0MmJkMDUyZjY2ZmIyOTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKzDmdUuJIx0DFQSqlkwQl1aCnNL
2gsk+Y16CK1f/+PoRu0pvlfrzuJ/U0yrpFUMtNmhEy1hwWpgsVUTQmB9IPOTqssl
tiTI6OByve1UmXr9Q24ohwzAc+Ls4UU4RHLPpk3wfxCrlDLESkQG2TDOE2biHy+i
3vo0ohYUNODtWZA8OCpRTfz/R1nzoF/v7dyC/jHwht+NDk3mHlx/EYCpw7ZVLp5e
hahcJNf0skio5Pn4viXjngcZJRKSZIvJ0c5+7esSdbkD6ycSmd7ln7fDIB3CzKFV
uSeX8ENYFlbVTCaNLRGt5gJhYj0OSV2pcNLxyycdm1Ldx/e0Y4B9uaIGyQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDPl4Do3rD1yKIIwSEK9BS9m+yldMB8GA1UdIwQY
MBaAFPy1ULcQ1/D5SwzkMs8OTpUMxOHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0xWUXR4RFg4UGxMRE9ReXp3NU9sUXpFNGNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9lNWNmNjctZTI5Ni00NmU4LTkxOWMt
NDczYTI5YWMzMzYzLzEvTS1YZ09qZXNQWElvZ2pCSVFyMEZMMmI3S1YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9lNWNmNjctZTI5Ni00NmU4LTkxOWMtNDczYTI5YWMzMzYz
LzEvX0xWUXR4RFg4UGxMRE9ReXp3NU9sUXpFNGNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgSsQDAN
BgkqhkiG9w0BAQsFAAOCAQEAeNskQA2oM+sFeC3PvNUjUpZmMqn4LRSUM8aElBSz
KYY6VfHsSV+j4bz54F/4TzIY8XilOykwV7iOYWXUec+eldm7CGrUllcdOA3LoYfH
bbQb72bIu9N2MTe3pNoq2Mg4nRD8bnB4UyFtsWIfvjNGEyJKlMfHnCakIEtICvzX
O31r0v/uc4FnmGUtViTbmjUC8crjL7OetqT5nlfKZE6XEYhq3aGOEUeu5v93Cke5
AfgJ5m30Z9GZJZl2/QfsqDAf2dNVAo9gTlLvEFBHzv2R5XOeTrFzGyW6s5q3D46X
cUOYH5txKRTUkharjh6Gcj7jMAZ3IQVO2jzhQb6Z1jIZZw==
-----END CERTIFICATE-----