This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/mNxtgGXjngdFQsHjGvyBLr88vFA.roa
File:                     mNxtgGXjngdFQsHjGvyBLr88vFA.roa (raw, json)
Hash identifier:          WJI9HFPJItF3b8hNiZFDXBjcGbFTioYgXmE8KE+LjfQ=
Subject key identifier:   98:DC:6D:80:65:E3:9E:07:45:42:C1:E3:1A:FC:81:2E:BF:3C:BC:50
Certificate issuer:       /CN=970ebd0469a5c69c1098971caab36fe032ece311
Certificate serial:       019B7A5B7D90C0F738CB3D49E4CD739A52EB
Authority key identifier: 97:0E:BD:04:69:A5:C6:9C:10:98:97:1C:AA:B3:6F:E0:32:EC:E3:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lw69BGmlxpwQmJccqrNv4DLs4xE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/mNxtgGXjngdFQsHjGvyBLr88vFA.roa
Signing time:             Thu 01 Jan 2026 16:19:34 +0000
ROA not before:           Thu 01 Jan 2026 16:19:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     786
IP address blocks:        149.157.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/lw69BGmlxpwQmJccqrNv4DLs4xE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/lw69BGmlxpwQmJccqrNv4DLs4xE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lw69BGmlxpwQmJccqrNv4DLs4xE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:7d:90:c0:f7:38:cb:3d:49:e4:cd:73:9a:52:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=970ebd0469a5c69c1098971caab36fe032ece311
        Validity
            Not Before: Jan  1 16:19:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=98dc6d8065e39e074542c1e31afc812ebf3cbc50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:0a:bf:24:c3:35:e3:ea:52:5e:31:4e:57:b8:
                    57:5b:8c:d9:a1:ac:0d:95:d1:25:8a:3b:11:07:6e:
                    b1:76:d8:37:73:9f:cf:4a:f7:ef:70:08:d7:6d:76:
                    23:a9:ea:06:a0:c3:2a:42:e2:f1:93:23:4e:a3:57:
                    5c:09:6d:4a:74:d6:8d:0c:c8:be:ee:4c:1e:ed:18:
                    20:5c:62:3b:b9:1e:e7:03:9f:45:2c:5a:8c:21:f5:
                    cd:78:a6:88:ee:1e:79:c4:fe:59:2b:2d:74:8f:bc:
                    68:92:34:e8:d2:b8:95:35:61:ab:a0:ba:ca:51:a3:
                    62:28:1d:3e:8f:de:56:53:49:31:58:32:91:a0:7e:
                    43:72:d6:27:72:ac:f1:ad:19:cb:66:fb:fd:4a:90:
                    2c:ef:48:da:72:91:f0:f6:9b:6d:70:6c:a0:54:92:
                    b0:ae:db:a6:4c:dc:a4:01:e0:c8:f1:83:71:4c:00:
                    f9:57:4f:2a:4a:d7:8e:c3:f6:fb:1a:c0:4e:a4:ca:
                    6d:8f:50:5f:00:aa:ee:f2:5f:0e:90:f1:96:54:e8:
                    c2:e4:f3:43:2d:36:14:9b:c9:1b:15:8a:30:ed:65:
                    1d:2c:2b:2e:46:20:87:25:28:e7:b8:cd:81:b3:ba:
                    84:5a:d7:a4:61:5c:0f:98:6f:2f:7e:68:2d:ff:ae:
                    51:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:DC:6D:80:65:E3:9E:07:45:42:C1:E3:1A:FC:81:2E:BF:3C:BC:50
            X509v3 Authority Key Identifier:
                keyid:97:0E:BD:04:69:A5:C6:9C:10:98:97:1C:AA:B3:6F:E0:32:EC:E3:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lw69BGmlxpwQmJccqrNv4DLs4xE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/mNxtgGXjngdFQsHjGvyBLr88vFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/62001a-a313-4e33-bb04-914b4b34f981/1/lw69BGmlxpwQmJccqrNv4DLs4xE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.157.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         21:ef:ce:d4:eb:eb:eb:98:ca:e0:e8:af:4f:cf:c3:4c:68:4f:
         99:83:84:59:a7:c1:2c:de:12:9b:b1:fc:19:52:6c:ff:52:73:
         6e:0a:03:08:47:52:8d:a1:88:5f:03:31:e6:2f:b0:96:f1:9e:
         ec:f0:1c:b9:a2:02:82:03:5b:7a:57:16:0f:90:21:dc:17:79:
         70:83:a3:9f:91:25:ec:4d:ac:cd:61:ca:43:2e:e4:c9:21:c8:
         02:8f:70:86:73:b2:8f:eb:96:bc:af:26:96:c4:b5:73:69:be:
         09:19:3f:da:92:03:49:26:f9:2d:3f:22:35:26:3e:ed:e5:9c:
         81:fd:7d:78:d4:4e:41:d5:7f:98:fa:8f:71:11:c8:c0:f6:1d:
         7c:57:ef:5a:cc:68:9e:e0:a6:21:21:c8:e5:0b:35:90:3b:d8:
         4b:82:b5:94:0b:73:49:00:7a:78:87:92:3b:7b:dd:14:96:6a:
         a1:5c:62:7e:d3:09:d0:90:11:fc:e0:ef:27:10:17:48:07:75:
         1e:48:e5:d1:80:ef:3c:91:51:1e:13:7a:ab:71:0e:bb:8d:f5:
         33:d5:ad:99:6b:86:b7:e9:8f:b0:14:93:ad:c1:f3:f4:dc:90:
         42:bf:ea:e7:15:c0:93:49:ba:ae:e0:76:49:7e:c1:5f:31:5a:
         b9:1c:86:5f
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt6W32QwPc4yz1J5M1zmlLrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MGViZDA0NjlhNWM2OWMxMDk4OTcxY2FhYjM2ZmUwMzJl
Y2UzMTEwHhcNMjYwMTAxMTYxOTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGRjNmQ4MDY1ZTM5ZTA3NDU0MmMxZTMxYWZjODEyZWJmM2NiYzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Aq/JMM14+pSXjFOV7hXW4zZoawN
ldElijsRB26xdtg3c5/PSvfvcAjXbXYjqeoGoMMqQuLxkyNOo1dcCW1KdNaNDMi+
7kwe7RggXGI7uR7nA59FLFqMIfXNeKaI7h55xP5ZKy10j7xokjTo0riVNWGroLrK
UaNiKB0+j95WU0kxWDKRoH5DctYncqzxrRnLZvv9SpAs70jacpHw9pttcGygVJKw
rtumTNykAeDI8YNxTAD5V08qSteOw/b7GsBOpMptj1BfAKru8l8OkPGWVOjC5PND
LTYUm8kbFYow7WUdLCsuRiCHJSjnuM2Bs7qEWtekYVwPmG8vfmgt/65RQwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFJjcbYBl454HRULB4xr8gS6/PLxQMB8GA1UdIwQY
MBaAFJcOvQRppcacEJiXHKqzb+Ay7OMRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHc2OUJHbWx4cHdRbUpjY3FyTnY0RExzNHhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS82MjAwMWEtYTMxMy00ZTMzLWJiMDQt
OTE0YjRiMzRmOTgxLzEvbU54dGdHWGpuZ2RGUXNIakd2eUJMcjg4dkZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS82MjAwMWEtYTMxMy00ZTMzLWJiMDQtOTE0YjRiMzRmOTgx
LzEvbHc2OUJHbWx4cHdRbUpjY3FyTnY0RExzNHhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAlZ0wDQYJ
KoZIhvcNAQELBQADggEBACHvztTr6+uYyuDor0/Pw0xoT5mDhFmnwSzeEpux/BlS
bP9Sc24KAwhHUo2hiF8DMeYvsJbxnuzwHLmiAoIDW3pXFg+QIdwXeXCDo5+RJexN
rM1hykMu5MkhyAKPcIZzso/rlryvJpbEtXNpvgkZP9qSA0km+S0/IjUmPu3lnIH9
fXjUTkHVf5j6j3ERyMD2HXxX71rMaJ7gpiEhyOULNZA72EuCtZQLc0kAeniHkjt7
3RSWaqFcYn7TCdCQEfzg7ycQF0gHdR5I5dGA7zyRUR4TeqtxDruN9TPVrZlrhrfp
j7AUk63B8/TckEK/6ucVwJNJuq7gdkl+wV8xWrkchl8=
-----END CERTIFICATE-----