This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/MLQlbC7wuHhJHajOqMOEcE0X_1c.roa
File:                     MLQlbC7wuHhJHajOqMOEcE0X_1c.roa (raw, json)
Hash identifier:          GK+D/xRGcBdbiuOOUYdtTTEuV9w8Gk6wgcBpg3nBzkA=
Subject key identifier:   30:B4:25:6C:2E:F0:B8:78:49:1D:A8:CE:A8:C3:84:70:4D:17:FF:57
Certificate issuer:       /CN=b9b87b3b09ccb69a6de20468e90ecbb18f5ecbb6
Certificate serial:       019B7F1332A1A4BBA95BAAFA8AD0B032D193
Authority key identifier: B9:B8:7B:3B:09:CC:B6:9A:6D:E2:04:68:E9:0E:CB:B1:8F:5E:CB:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/MLQlbC7wuHhJHajOqMOEcE0X_1c.roa
Signing time:             Fri 02 Jan 2026 14:18:43 +0000
ROA not before:           Fri 02 Jan 2026 14:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62047
IP address blocks:        185.48.9.0/24 maxlen: 26
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:32:a1:a4:bb:a9:5b:aa:fa:8a:d0:b0:32:d1:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9b87b3b09ccb69a6de20468e90ecbb18f5ecbb6
        Validity
            Not Before: Jan  2 14:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=30b4256c2ef0b878491da8cea8c384704d17ff57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e7:76:60:9e:b0:83:0c:44:b1:a8:17:82:bb:
                    e3:15:6d:a3:b1:74:87:fb:9b:bd:75:93:d6:18:c4:
                    0f:9d:43:42:d7:2b:a4:2d:75:6c:f2:57:cd:bd:1b:
                    60:63:70:d1:80:7a:c1:7b:6a:0d:02:07:7c:17:84:
                    20:be:04:1e:6a:1b:34:02:ea:cd:8e:fd:68:fc:7a:
                    7a:f4:1b:0f:ac:a2:b6:96:fc:1b:03:fe:4d:bd:0e:
                    e3:1b:58:c3:2a:b1:62:9f:85:08:83:17:80:ff:55:
                    42:f9:44:f1:d6:b4:a6:29:c7:35:5f:00:71:74:71:
                    67:8c:39:6e:2a:dc:41:40:52:6c:0c:7b:49:3f:34:
                    5c:e9:0d:14:ef:c2:17:d2:fe:c5:1e:24:5d:c6:73:
                    30:2c:36:6a:80:7a:68:22:c6:4a:d7:e5:01:67:9b:
                    31:de:60:43:43:62:b3:7d:75:e5:90:cc:6d:03:9d:
                    6a:cc:c5:15:87:84:d1:62:f3:4a:6a:24:46:4f:de:
                    a4:32:24:54:66:88:c4:39:ef:ee:36:f5:77:7b:bf:
                    d8:5e:cf:6d:79:bc:eb:ea:8e:37:f7:77:37:15:a7:
                    55:76:d3:0d:1f:fd:81:69:08:da:d2:34:1b:57:c4:
                    29:07:1f:f5:27:d0:27:cc:f3:fa:74:ad:6f:26:64:
                    b0:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:B4:25:6C:2E:F0:B8:78:49:1D:A8:CE:A8:C3:84:70:4D:17:FF:57
            X509v3 Authority Key Identifier:
                keyid:B9:B8:7B:3B:09:CC:B6:9A:6D:E2:04:68:E9:0E:CB:B1:8F:5E:CB:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/MLQlbC7wuHhJHajOqMOEcE0X_1c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.48.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:bd:13:fb:35:6a:25:33:71:ae:5e:ef:09:76:f5:e2:80:77:
         73:7f:53:02:fa:e4:a5:52:38:6e:d8:f2:84:da:ad:9e:96:0a:
         1f:66:4b:4b:3b:2c:c1:c7:d7:4e:3c:ef:f4:88:56:9c:4d:11:
         50:60:91:77:d6:59:e5:c7:87:9b:95:e7:7f:45:bf:d8:0c:20:
         da:8b:5b:54:dc:fd:6f:e3:d9:24:8c:cb:8c:1b:48:ff:0c:c1:
         29:4a:bf:e6:97:25:03:31:f5:a3:a7:87:42:96:f3:9c:d2:48:
         30:7b:a4:40:76:5f:22:5c:8c:e2:ee:cf:da:66:98:de:f2:0d:
         ba:c2:d6:ed:88:c0:68:6e:96:9b:9b:32:6f:4a:4a:e7:01:f2:
         30:25:59:a3:a9:12:7a:d2:9f:92:64:72:f6:b2:ed:95:a2:ad:
         09:69:21:59:4d:aa:44:ab:42:61:2a:9d:fa:ed:04:02:d6:a0:
         ec:e3:cb:d5:69:d8:a1:19:8a:89:b4:a7:25:4e:52:37:bf:14:
         70:f8:92:86:7e:2b:d3:f8:2c:0e:69:1d:61:7a:ff:2f:d9:31:
         27:bd:4c:56:62:98:ad:c4:e2:41:46:8e:6d:45:91:93:9a:74:
         6b:aa:3f:19:03:ce:86:91:09:de:03:26:b0:76:d6:96:ff:06:
         e4:59:20:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/EzKhpLupW6r6itCwMtGTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5Yjg3YjNiMDljY2I2OWE2ZGUyMDQ2OGU5MGVjYmIxOGY1
ZWNiYjYwHhcNMjYwMTAyMTQxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGI0MjU2YzJlZjBiODc4NDkxZGE4Y2VhOGMzODQ3MDRkMTdmZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOd2YJ6wgwxEsagXgrvjFW2jsXSH
+5u9dZPWGMQPnUNC1yukLXVs8lfNvRtgY3DRgHrBe2oNAgd8F4QgvgQeahs0AurN
jv1o/Hp69BsPrKK2lvwbA/5NvQ7jG1jDKrFin4UIgxeA/1VC+UTx1rSmKcc1XwBx
dHFnjDluKtxBQFJsDHtJPzRc6Q0U78IX0v7FHiRdxnMwLDZqgHpoIsZK1+UBZ5sx
3mBDQ2KzfXXlkMxtA51qzMUVh4TRYvNKaiRGT96kMiRUZojEOe/uNvV3e7/YXs9t
ebzr6o4393c3FadVdtMNH/2BaQja0jQbV8QpBx/1J9AnzPP6dK1vJmSwdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDC0JWwu8Lh4SR2ozqjDhHBNF/9XMB8GA1UdIwQY
MBaAFLm4ezsJzLaabeIEaOkOy7GPXsu2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWJoN093bk10cHB0NGdSbzZRN0xzWTlleTdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8wMGRkYWYtM2JlNS00MjBkLTkxOWYt
M2I0Y2I5NzVhOWJjLzEvTUxRbGJDN3d1SGhKSGFqT3FNT0VjRTBYXzFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8wMGRkYWYtM2JlNS00MjBkLTkxOWYtM2I0Y2I5NzVhOWJj
LzEvdWJoN093bk10cHB0NGdSbzZRN0xzWTlleTdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTAJMA0G
CSqGSIb3DQEBCwUAA4IBAQBZvRP7NWolM3GuXu8JdvXigHdzf1MC+uSlUjhu2PKE
2q2elgofZktLOyzBx9dOPO/0iFacTRFQYJF31lnlx4ebled/Rb/YDCDai1tU3P1v
49kkjMuMG0j/DMEpSr/mlyUDMfWjp4dClvOc0kgwe6RAdl8iXIzi7s/aZpje8g26
wtbtiMBobpabmzJvSkrnAfIwJVmjqRJ60p+SZHL2su2Voq0JaSFZTapEq0JhKp36
7QQC1qDs48vVadihGYqJtKclTlI3vxRw+JKGfivT+CwOaR1hev8v2TEnvUxWYpit
xOJBRo5tRZGTmnRrqj8ZA86GkQneAyawdtaW/wbkWSCk
-----END CERTIFICATE-----