This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/MCZurStbIsCGve9I3Ws6j_Ria0U.roa
File:                     MCZurStbIsCGve9I3Ws6j_Ria0U.roa (raw, json)
Hash identifier:          fXjizzYq5dTbEu7dR5vh3GxcWsvBaCkwW6VzQTNs5Gw=
Subject key identifier:   30:26:6E:AD:2B:5B:22:C0:86:BD:EF:48:DD:6B:3A:8F:F4:62:6B:45
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       019B7758ED8173ACA72CBEFB62411D5EA461
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/MCZurStbIsCGve9I3Ws6j_Ria0U.roa
Signing time:             Thu 01 Jan 2026 02:17:55 +0000
ROA not before:           Thu 01 Jan 2026 02:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24985
IP address blocks:        217.30.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:ed:81:73:ac:a7:2c:be:fb:62:41:1d:5e:a4:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 02:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=30266ead2b5b22c086bdef48dd6b3a8ff4626b45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:11:77:45:7f:d3:5f:ca:bd:6c:a3:17:2b:4a:
                    af:de:1d:35:99:0f:22:d9:c6:4c:cc:d4:b4:78:87:
                    77:36:31:11:84:66:de:86:ce:8e:ac:e5:b0:0f:35:
                    9d:19:16:b7:9e:1a:26:8f:ff:73:ee:7f:a4:66:2e:
                    24:8a:57:ba:c5:6f:06:73:9f:b4:bb:b5:95:f6:28:
                    1f:b4:56:01:02:c3:a5:e9:ad:1f:9c:cf:82:39:99:
                    b0:69:ad:b3:f0:42:ec:fa:b5:bb:b9:08:0c:af:a3:
                    c0:71:cf:5d:06:c2:fd:da:d7:e3:d0:3d:16:ee:c8:
                    90:23:7b:8c:c4:00:0c:1e:18:58:a9:21:5b:3b:b5:
                    e4:95:a2:9b:2e:f6:96:17:17:e8:c3:51:46:2e:47:
                    45:e2:5d:7f:a7:a7:68:11:05:a5:3a:78:5d:17:fc:
                    25:9f:3c:b3:05:42:c3:9a:c5:0a:87:e4:be:8e:ba:
                    1a:13:18:08:26:de:8b:42:1c:58:a5:dd:60:3c:89:
                    91:e1:d4:66:43:30:49:87:d4:36:ee:44:71:97:50:
                    ad:74:9e:c7:49:f0:c8:aa:26:f8:3a:75:2c:bb:b6:
                    82:eb:46:0e:58:2e:50:6f:92:49:1a:14:13:f8:58:
                    19:fd:90:6b:1c:be:7b:e6:c1:12:e4:cc:20:86:25:
                    3b:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:26:6E:AD:2B:5B:22:C0:86:BD:EF:48:DD:6B:3A:8F:F4:62:6B:45
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/MCZurStbIsCGve9I3Ws6j_Ria0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.30.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:bd:21:3b:4d:59:93:61:97:93:ec:53:42:0c:9e:ad:59:8e:
         39:dd:32:83:2d:28:46:ca:5c:e4:ed:a4:fb:bb:a4:71:7c:da:
         6f:84:57:80:7d:e7:50:8c:0f:17:94:95:22:02:9a:ab:71:cb:
         85:11:a0:0b:7e:c6:ea:4b:ac:2f:3a:b6:8d:32:ef:d1:1c:40:
         ca:ce:1d:cb:83:cd:d9:2e:39:d1:4c:90:ac:1a:4e:83:e4:bf:
         80:51:78:78:ab:54:a7:3d:06:8c:a6:1e:01:45:09:5e:33:81:
         e3:79:a2:fb:75:93:cc:80:b4:4c:2b:e2:7b:37:e9:22:66:55:
         54:97:26:46:10:f7:fa:f1:17:ff:ea:90:db:82:18:dd:0b:9d:
         08:f7:bf:66:3e:66:54:66:9e:ac:0c:c8:2b:a0:a8:d5:9b:68:
         1f:d3:76:e5:66:89:0c:80:96:3e:a7:96:7d:40:01:96:6e:b2:
         7f:4b:be:4a:30:ec:1b:8c:fd:c2:59:23:28:63:4b:17:67:d3:
         f5:ad:90:2c:3b:9f:0b:f2:a4:62:3f:82:0f:66:a1:fb:99:be:
         1e:01:ba:78:34:f9:36:dc:c6:ad:04:71:d0:a1:bc:fe:1f:4e:
         56:da:a6:3b:62:ae:0a:11:2b:06:b9:20:2b:1c:ce:41:cf:94:
         34:70:9b:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WO2Bc6ynLL77YkEdXqRhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjYwMTAxMDIxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDI2NmVhZDJiNWIyMmMwODZiZGVmNDhkZDZiM2E4ZmY0NjI2YjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRF3RX/TX8q9bKMXK0qv3h01mQ8i
2cZMzNS0eId3NjERhGbehs6OrOWwDzWdGRa3nhomj/9z7n+kZi4kile6xW8Gc5+0
u7WV9igftFYBAsOl6a0fnM+COZmwaa2z8ELs+rW7uQgMr6PAcc9dBsL92tfj0D0W
7siQI3uMxAAMHhhYqSFbO7XklaKbLvaWFxfow1FGLkdF4l1/p6doEQWlOnhdF/wl
nzyzBULDmsUKh+S+jroaExgIJt6LQhxYpd1gPImR4dRmQzBJh9Q27kRxl1CtdJ7H
SfDIqib4OnUsu7aC60YOWC5Qb5JJGhQT+FgZ/ZBrHL575sES5MwghiU7fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAmbq0rWyLAhr3vSN1rOo/0YmtFMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvTUNadXJTdGJJc0NHdmU5STNXczZqX1JpYTBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2R6fMA0G
CSqGSIb3DQEBCwUAA4IBAQCGvSE7TVmTYZeT7FNCDJ6tWY453TKDLShGylzk7aT7
u6RxfNpvhFeAfedQjA8XlJUiApqrccuFEaALfsbqS6wvOraNMu/RHEDKzh3Lg83Z
LjnRTJCsGk6D5L+AUXh4q1SnPQaMph4BRQleM4HjeaL7dZPMgLRMK+J7N+kiZlVU
lyZGEPf68Rf/6pDbghjdC50I979mPmZUZp6sDMgroKjVm2gf03blZokMgJY+p5Z9
QAGWbrJ/S75KMOwbjP3CWSMoY0sXZ9P1rZAsO58L8qRiP4IPZqH7mb4eAbp4NPk2
3MatBHHQobz+H05W2qY7Yq4KESsGuSArHM5Bz5Q0cJsh
-----END CERTIFICATE-----