This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/MB6VGwOGXL__4GDkn2ifKfMOL5o.roa
File:                     MB6VGwOGXL__4GDkn2ifKfMOL5o.roa (raw, json)
Hash identifier:          tgzruOGhqB7Wz++Uyka8T5HxSlsKFcquj+FXoKwEcRM=
Subject key identifier:   30:1E:95:1B:03:86:5C:BF:FF:E0:60:E4:9F:68:9F:29:F3:0E:2F:9A
Certificate issuer:       /CN=537f9bf84b69a09042432dae8377ee0ac8ff1c61
Certificate serial:       019B77C6E335ED6A492B1439E776DB3996E5
Authority key identifier: 53:7F:9B:F8:4B:69:A0:90:42:43:2D:AE:83:77:EE:0A:C8:FF:1C:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U3-b-EtpoJBCQy2ug3fuCsj_HGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/MB6VGwOGXL__4GDkn2ifKfMOL5o.roa
Signing time:             Thu 01 Jan 2026 04:18:01 +0000
ROA not before:           Thu 01 Jan 2026 04:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204227
IP address blocks:        2a14:44c0:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/U3-b-EtpoJBCQy2ug3fuCsj_HGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/U3-b-EtpoJBCQy2ug3fuCsj_HGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U3-b-EtpoJBCQy2ug3fuCsj_HGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:e3:35:ed:6a:49:2b:14:39:e7:76:db:39:96:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=537f9bf84b69a09042432dae8377ee0ac8ff1c61
        Validity
            Not Before: Jan  1 04:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=301e951b03865cbfffe060e49f689f29f30e2f9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c4:9b:9f:7c:a1:85:72:58:d0:93:22:e4:35:
                    fc:9b:30:9a:ba:f7:8e:5e:63:0c:e9:cb:82:25:9f:
                    95:90:0d:23:24:ef:2c:f9:3f:bb:9b:2f:36:0c:8b:
                    b9:08:58:f0:cc:4d:35:f1:3d:f9:8f:99:9e:2f:7e:
                    41:1e:45:b7:d6:84:dd:0c:f6:5b:2a:0a:02:0e:38:
                    4f:ef:6e:ce:fc:39:e3:02:a3:da:d0:c2:11:77:68:
                    57:c8:a4:4d:1e:42:cf:a4:52:8d:55:c1:ab:59:ce:
                    ca:21:95:4c:54:60:e0:c5:de:83:05:c9:3c:7a:6b:
                    3b:65:c5:1b:8e:e1:99:61:c2:99:dc:32:b4:41:6b:
                    7b:fd:86:2a:50:c0:22:d2:db:69:23:4b:9a:9e:be:
                    88:65:ee:66:24:07:1b:2e:df:4d:3e:b3:26:29:e1:
                    83:29:ab:07:41:9e:5e:da:7f:2a:ab:78:e6:04:9b:
                    15:df:47:cc:b9:a5:7a:be:59:04:1a:9c:d2:d7:bf:
                    80:91:64:11:8d:b0:57:a0:e0:30:0a:2f:5e:cb:41:
                    e0:92:c4:62:13:eb:7d:ad:49:7b:2e:de:9f:86:75:
                    20:90:25:d4:ef:ca:d7:da:b0:05:6d:31:d0:15:b3:
                    a1:fc:f6:36:b6:35:2b:c3:fc:78:fa:b5:ee:43:90:
                    34:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:1E:95:1B:03:86:5C:BF:FF:E0:60:E4:9F:68:9F:29:F3:0E:2F:9A
            X509v3 Authority Key Identifier:
                keyid:53:7F:9B:F8:4B:69:A0:90:42:43:2D:AE:83:77:EE:0A:C8:FF:1C:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U3-b-EtpoJBCQy2ug3fuCsj_HGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/MB6VGwOGXL__4GDkn2ifKfMOL5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/U3-b-EtpoJBCQy2ug3fuCsj_HGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:44c0:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:e9:fa:75:7e:ba:51:06:b2:08:bf:be:bc:8d:38:d3:54:98:
         8e:42:ab:0c:4f:72:bb:dd:77:95:36:83:3c:f1:ce:9b:4b:ce:
         8d:90:98:51:21:c8:8a:89:4d:c1:29:8b:9a:36:49:fc:2a:21:
         e6:b8:aa:48:fd:31:a3:bc:84:8f:9f:de:b2:da:76:8c:3c:18:
         e9:75:d5:a4:8b:41:be:d1:96:30:92:4c:9e:89:77:57:58:eb:
         41:9f:96:df:b7:93:13:c1:c0:35:59:16:b4:c2:2d:c4:a8:48:
         48:66:2e:a3:17:4c:4a:81:3d:16:f2:bb:0e:bf:c3:fe:2f:9b:
         65:53:04:5e:1c:db:89:cc:50:5d:be:dd:31:d1:f1:b9:0b:e5:
         cf:c7:e3:c8:36:c8:99:5d:a4:e6:b0:61:fa:b2:c2:7f:e3:a3:
         ca:6b:40:c1:6c:70:d6:01:2c:ab:56:82:3d:ef:61:49:c7:07:
         f1:cc:4e:e2:f3:1a:7d:bf:b6:aa:ee:39:66:07:21:e2:73:9f:
         e2:c0:7b:b7:d2:90:f7:b6:e4:eb:f8:cd:f5:70:a8:a4:12:b9:
         0d:16:fa:34:e9:17:9b:26:a8:ff:ed:34:03:a5:26:36:cf:9c:
         cd:4d:0a:d1:fd:2a:5c:5a:c9:ae:ce:22:5a:d8:e8:df:e1:d2:
         6d:f0:75:1f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3xuM17WpJKxQ553bbOZblMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzN2Y5YmY4NGI2OWEwOTA0MjQzMmRhZTgzNzdlZTBhYzhm
ZjFjNjEwHhcNMjYwMTAxMDQxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDFlOTUxYjAzODY1Y2JmZmZlMDYwZTQ5ZjY4OWYyOWYzMGUyZjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8Sbn3yhhXJY0JMi5DX8mzCauveO
XmMM6cuCJZ+VkA0jJO8s+T+7my82DIu5CFjwzE018T35j5meL35BHkW31oTdDPZb
KgoCDjhP727O/DnjAqPa0MIRd2hXyKRNHkLPpFKNVcGrWc7KIZVMVGDgxd6DBck8
ems7ZcUbjuGZYcKZ3DK0QWt7/YYqUMAi0ttpI0uanr6IZe5mJAcbLt9NPrMmKeGD
KasHQZ5e2n8qq3jmBJsV30fMuaV6vlkEGpzS17+AkWQRjbBXoOAwCi9ey0HgksRi
E+t9rUl7Lt6fhnUgkCXU78rX2rAFbTHQFbOh/PY2tjUrw/x4+rXuQ5A0PQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDAelRsDhly//+Bg5J9onynzDi+aMB8GA1UdIwQY
MBaAFFN/m/hLaaCQQkMtroN37grI/xxhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTMtYi1FdHBvSkJDUXkydWczZnVDc2pfSEdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jYmM3NDYtNDE2Yi00ZGE5LTkyMjUt
ODkyZWM2ZmY0NzcxLzEvTUI2Vkd3T0dYTF9fNEdEa24yaWZLZk1PTDVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jYmM3NDYtNDE2Yi00ZGE5LTkyMjUtODkyZWM2ZmY0Nzcx
LzEvVTMtYi1FdHBvSkJDUXkydWczZnVDc2pfSEdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhREwAAE
MA0GCSqGSIb3DQEBCwUAA4IBAQBr6fp1frpRBrIIv768jTjTVJiOQqsMT3K73XeV
NoM88c6bS86NkJhRIciKiU3BKYuaNkn8KiHmuKpI/TGjvISPn96y2naMPBjpddWk
i0G+0ZYwkkyeiXdXWOtBn5bft5MTwcA1WRa0wi3EqEhIZi6jF0xKgT0W8rsOv8P+
L5tlUwReHNuJzFBdvt0x0fG5C+XPx+PINsiZXaTmsGH6ssJ/46PKa0DBbHDWASyr
VoI972FJxwfxzE7i8xp9v7aq7jlmByHic5/iwHu30pD3tuTr+M31cKikErkNFvo0
6RebJqj/7TQDpSY2z5zNTQrR/SpcWsmuziJa2Ojf4dJt8HUf
-----END CERTIFICATE-----