This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/MgSoiC6Hu1yTUAZdbU-vK0dVtuc.roa
File:                     MgSoiC6Hu1yTUAZdbU-vK0dVtuc.roa (raw, json)
Hash identifier:          a2ZSZdWNOxousuGf0RH1BivI79B+5I59lCuIYIMOr3Y=
Subject key identifier:   32:04:A8:88:2E:87:BB:5C:93:50:06:5D:6D:4F:AF:2B:47:55:B6:E7
Certificate issuer:       /CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
Certificate serial:       019BA26C707809A13900F563E30E10D7DC2A
Authority key identifier: BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/MgSoiC6Hu1yTUAZdbU-vK0dVtuc.roa
Signing time:             Fri 09 Jan 2026 11:02:54 +0000
ROA not before:           Fri 09 Jan 2026 11:02:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215748
IP address blocks:        45.92.208.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/v4CafmyhTQoal2Zz4DGeNOlW7T0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/v4CafmyhTQoal2Zz4DGeNOlW7T0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:a2:6c:70:78:09:a1:39:00:f5:63:e3:0e:10:d7:dc:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
        Validity
            Not Before: Jan  9 11:02:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3204a8882e87bb5c9350065d6d4faf2b4755b6e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:36:f3:42:21:00:18:58:2c:e7:a9:da:61:d2:
                    69:be:f0:bc:4a:21:61:49:8f:11:7d:99:e8:fa:fa:
                    b3:f8:f7:67:11:1c:4a:1c:7d:76:a3:db:33:3f:85:
                    cd:5a:f2:e4:e8:53:e6:b7:77:69:c3:dc:cb:cd:d6:
                    eb:66:8f:2c:3c:0d:1c:64:16:8d:5d:ea:41:39:c4:
                    52:8c:23:7d:6f:e4:05:4b:ca:2b:ea:37:a7:f4:17:
                    77:8e:a4:75:3f:36:db:f0:ea:d2:01:eb:6d:a9:87:
                    d3:e7:92:ee:ec:98:78:2b:46:68:9e:85:3b:5d:be:
                    36:7d:d0:08:7c:74:5c:f8:8b:4b:50:5f:a2:8a:8f:
                    fa:9a:d4:d7:a9:2b:41:da:90:b1:e1:b0:d6:37:a8:
                    b6:7b:d3:0c:9a:72:fe:fb:20:48:07:b7:49:ec:f5:
                    d0:7b:6a:8d:a6:20:6c:90:89:64:a6:c5:7a:6b:6c:
                    10:37:97:21:6c:71:d2:db:f1:ed:ab:db:db:11:67:
                    bc:62:cd:62:29:34:b8:91:b4:4f:da:4c:d3:23:1b:
                    58:8b:21:fa:5b:10:3a:ef:9f:a1:58:f4:69:b4:71:
                    a5:bd:08:3a:c3:88:2d:10:73:79:b3:98:3c:9e:bc:
                    b2:f8:a4:bc:fc:2a:b4:f1:3b:82:b5:92:98:47:bd:
                    37:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:04:A8:88:2E:87:BB:5C:93:50:06:5D:6D:4F:AF:2B:47:55:B6:E7
            X509v3 Authority Key Identifier:
                keyid:BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/MgSoiC6Hu1yTUAZdbU-vK0dVtuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/v4CafmyhTQoal2Zz4DGeNOlW7T0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:05:9a:0b:7b:b0:7b:63:a9:0d:12:43:5d:ba:53:25:ac:7e:
         ae:6a:a5:6a:9f:87:54:32:ee:4a:85:b1:54:f4:96:2b:ac:64:
         c9:8c:74:10:0e:4a:67:d5:a4:f2:48:45:dd:2c:54:10:2e:a5:
         0a:c1:1f:49:78:d1:64:aa:55:98:95:35:e2:3e:9f:02:6b:f7:
         cb:f8:3e:9f:3d:e3:7c:f1:7c:41:8e:4b:cf:fe:49:a0:94:ae:
         1f:ea:b7:1d:b7:a3:52:92:b9:05:94:0e:97:71:62:db:95:78:
         7b:d5:7f:82:2b:c4:3a:05:eb:01:e8:21:2d:77:49:54:72:c3:
         32:58:cd:cd:02:e6:9b:86:03:d0:fe:a5:52:a7:a5:f6:fc:4f:
         8a:ee:e2:e4:92:26:04:2d:c0:81:32:e4:77:48:be:4c:28:7d:
         6c:27:42:14:97:82:14:b4:b5:b9:8e:75:1d:a7:f8:8a:9c:56:
         9a:48:3c:cd:8a:7c:bd:02:d2:ef:64:b0:22:d3:4c:62:5a:00:
         17:89:02:48:c3:76:f4:53:7b:15:11:11:cf:59:eb:d5:6b:0e:
         0d:36:72:41:d7:8b:36:bb:9c:5f:1d:c3:39:4a:b9:ab:ff:0c:
         a5:cf:18:6a:73:01:53:cb:d7:07:99:87:63:78:74:da:d2:2f:
         42:b2:72:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuibHB4CaE5APVj4w4Q19wqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODA5YTdlNmNhMTRkMGExYTk3NjY3M2UwMzE5ZTM0ZTk1
NmVkM2QwHhcNMjYwMTA5MTEwMjU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjA0YTg4ODJlODdiYjVjOTM1MDA2NWQ2ZDRmYWYyYjQ3NTViNmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTbzQiEAGFgs56naYdJpvvC8SiFh
SY8RfZno+vqz+PdnERxKHH12o9szP4XNWvLk6FPmt3dpw9zLzdbrZo8sPA0cZBaN
XepBOcRSjCN9b+QFS8or6jen9Bd3jqR1Pzbb8OrSAettqYfT55Lu7Jh4K0ZonoU7
Xb42fdAIfHRc+ItLUF+iio/6mtTXqStB2pCx4bDWN6i2e9MMmnL++yBIB7dJ7PXQ
e2qNpiBskIlkpsV6a2wQN5chbHHS2/Htq9vbEWe8Ys1iKTS4kbRP2kzTIxtYiyH6
WxA675+hWPRptHGlvQg6w4gtEHN5s5g8nryy+KS8/Cq08TuCtZKYR7038QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDIEqIguh7tck1AGXW1PrytHVbbnMB8GA1UdIwQY
MBaAFL+Amn5soU0KGpdmc+AxnjTpVu09MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAt
M2ZkZmI0MTQwZjI0LzEvTWdTb2lDNkh1MXlUVUFaZGJVLXZLMGRWdHVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAtM2ZkZmI0MTQwZjI0
LzEvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVzQMA0G
CSqGSIb3DQEBCwUAA4IBAQBiBZoLe7B7Y6kNEkNdulMlrH6uaqVqn4dUMu5KhbFU
9JYrrGTJjHQQDkpn1aTySEXdLFQQLqUKwR9JeNFkqlWYlTXiPp8Ca/fL+D6fPeN8
8XxBjkvP/kmglK4f6rcdt6NSkrkFlA6XcWLblXh71X+CK8Q6BesB6CEtd0lUcsMy
WM3NAuabhgPQ/qVSp6X2/E+K7uLkkiYELcCBMuR3SL5MKH1sJ0IUl4IUtLW5jnUd
p/iKnFaaSDzNiny9AtLvZLAi00xiWgAXiQJIw3b0U3sVERHPWevVaw4NNnJB14s2
u5xfHcM5Srmr/wylzxhqcwFTy9cHmYdjeHTa0i9CsnJI
-----END CERTIFICATE-----