This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/16339a-2603-4e8f-901c-cfe2c7ff018b/1/MimNpPF1NpFCzTvTXBO-vEirUeo.roa
File:                     MimNpPF1NpFCzTvTXBO-vEirUeo.roa (raw, json)
Hash identifier:          Cfcmv6qFXmI9g8mEJMeMD/q4hNdsyPIjy3Mzgg/Jq3k=
Subject key identifier:   32:29:8D:A4:F1:75:36:91:42:CD:3B:D3:5C:13:BE:BC:48:AB:51:EA
Certificate issuer:       /CN=be7c79e9a21db26bd6ae0750276db1b0afa7ecdb
Certificate serial:       019B7BA33D75BAAFF73754E1D15786508A37
Authority key identifier: BE:7C:79:E9:A2:1D:B2:6B:D6:AE:07:50:27:6D:B1:B0:AF:A7:EC:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vnx56aIdsmvWrgdQJ22xsK-n7Ns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/16339a-2603-4e8f-901c-cfe2c7ff018b/1/MimNpPF1NpFCzTvTXBO-vEirUeo.roa
Signing time:             Thu 01 Jan 2026 22:17:34 +0000
ROA not before:           Thu 01 Jan 2026 22:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213748
IP address blocks:        2001:67c:f70::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/16339a-2603-4e8f-901c-cfe2c7ff018b/1/vnx56aIdsmvWrgdQJ22xsK-n7Ns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/16339a-2603-4e8f-901c-cfe2c7ff018b/1/vnx56aIdsmvWrgdQJ22xsK-n7Ns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vnx56aIdsmvWrgdQJ22xsK-n7Ns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:3d:75:ba:af:f7:37:54:e1:d1:57:86:50:8a:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be7c79e9a21db26bd6ae0750276db1b0afa7ecdb
        Validity
            Not Before: Jan  1 22:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=32298da4f175369142cd3bd35c13bebc48ab51ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:39:67:c2:af:af:10:8a:c7:65:50:e1:8f:7d:
                    d5:47:83:f6:19:0a:09:54:68:a8:e6:80:c8:17:bb:
                    3f:c5:05:5a:f7:07:62:27:7b:47:aa:31:3a:d3:14:
                    db:08:48:2d:fd:56:de:a6:3c:21:30:08:9e:ae:8e:
                    34:f1:d8:8e:83:1d:b8:0b:c0:5f:2b:0b:da:7a:8d:
                    f6:2a:56:cf:9f:44:4e:5f:d6:0b:15:f6:57:15:6e:
                    a2:72:66:d2:4c:27:39:38:9c:08:db:bb:88:bf:9f:
                    23:e4:c3:38:72:3a:4f:3e:8f:4d:00:aa:17:d5:86:
                    10:34:6a:b1:b7:08:35:0c:7a:e7:fe:61:35:25:6d:
                    fc:dc:ee:a5:37:01:b6:23:46:69:4b:3c:e4:9f:0c:
                    8f:51:a1:81:65:d3:d4:e7:b6:35:22:75:94:d4:a6:
                    80:b3:b5:1d:4b:6e:de:86:5f:ce:09:95:0e:fa:65:
                    7a:fb:f1:e8:9f:12:95:aa:ed:16:1c:df:0c:12:bf:
                    9f:70:da:e6:05:3b:b1:ad:ae:42:39:e9:3f:11:ee:
                    3f:37:ee:80:15:5e:c9:3a:58:13:3a:f3:8a:e9:c3:
                    9a:00:c4:e2:e9:35:2a:f8:f5:70:32:f4:19:2c:a4:
                    7c:56:70:a1:0b:70:82:b9:e7:a1:c3:1c:77:ed:c6:
                    c4:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:29:8D:A4:F1:75:36:91:42:CD:3B:D3:5C:13:BE:BC:48:AB:51:EA
            X509v3 Authority Key Identifier:
                keyid:BE:7C:79:E9:A2:1D:B2:6B:D6:AE:07:50:27:6D:B1:B0:AF:A7:EC:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vnx56aIdsmvWrgdQJ22xsK-n7Ns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/16339a-2603-4e8f-901c-cfe2c7ff018b/1/MimNpPF1NpFCzTvTXBO-vEirUeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/16339a-2603-4e8f-901c-cfe2c7ff018b/1/vnx56aIdsmvWrgdQJ22xsK-n7Ns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:f70::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:48:c2:6b:f5:c2:28:c3:c3:52:b4:e3:b2:27:17:3f:9f:4d:
         98:a9:a8:86:40:fb:4b:49:35:da:ca:bd:2e:1d:d4:2b:c9:69:
         50:ac:c1:5a:22:35:b5:9b:7e:0b:5a:86:a9:1a:28:b6:5a:b7:
         7b:57:6e:e5:d7:fb:72:25:d8:03:c4:e3:fb:06:a3:fa:b7:e5:
         d9:ff:71:97:81:5a:4f:11:99:ca:8d:93:a2:e6:f7:b6:bd:29:
         9f:46:25:60:4f:07:c1:3d:c8:b8:e1:cc:cb:2f:b1:26:e6:a3:
         c0:a3:4e:c6:b0:ac:12:02:2f:45:99:c8:3f:e5:f6:07:2a:e2:
         53:fe:62:ca:ad:7b:46:9d:a5:72:81:59:0f:c2:21:4a:aa:cb:
         2d:00:9b:e1:a0:35:7b:4d:5c:14:24:ce:eb:06:60:95:12:60:
         b3:29:b2:db:54:4d:f1:76:b8:7a:07:e5:00:2e:ca:dd:23:dc:
         b0:11:98:a8:02:5f:e6:c8:b7:9f:b3:45:25:2c:79:c1:79:72:
         97:b4:8c:99:74:38:a0:01:57:c7:83:95:b1:9c:72:0a:51:19:
         59:63:6d:35:d6:74:cb:2a:4b:5b:e6:0a:79:d5:09:7a:02:f7:
         7d:e1:66:12:12:96:f7:bb:c8:fe:a0:51:e9:f7:1f:d9:5e:52:
         de:96:e8:19
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt7oz11uq/3N1Th0VeGUIo3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlN2M3OWU5YTIxZGIyNmJkNmFlMDc1MDI3NmRiMWIwYWZh
N2VjZGIwHhcNMjYwMTAxMjIxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjI5OGRhNGYxNzUzNjkxNDJjZDNiZDM1YzEzYmViYzQ4YWI1MWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzlnwq+vEIrHZVDhj33VR4P2GQoJ
VGio5oDIF7s/xQVa9wdiJ3tHqjE60xTbCEgt/VbepjwhMAiero408diOgx24C8Bf
Kwvaeo32KlbPn0ROX9YLFfZXFW6icmbSTCc5OJwI27uIv58j5MM4cjpPPo9NAKoX
1YYQNGqxtwg1DHrn/mE1JW383O6lNwG2I0ZpSzzknwyPUaGBZdPU57Y1InWU1KaA
s7UdS27ehl/OCZUO+mV6+/HonxKVqu0WHN8MEr+fcNrmBTuxra5COek/Ee4/N+6A
FV7JOlgTOvOK6cOaAMTi6TUq+PVwMvQZLKR8VnChC3CCueehwxx37cbExQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDIpjaTxdTaRQs0701wTvrxIq1HqMB8GA1UdIwQY
MBaAFL58eemiHbJr1q4HUCdtsbCvp+zbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdm54NTZhSWRzbXZXcmdkUUoyMnhzSy1uN05zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8xNjMzOWEtMjYwMy00ZThmLTkwMWMt
Y2ZlMmM3ZmYwMThiLzEvTWltTnBQRjFOcEZDelR2VFhCTy12RWlyVWVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8xNjMzOWEtMjYwMy00ZThmLTkwMWMtY2ZlMmM3ZmYwMThi
LzEvdm54NTZhSWRzbXZXcmdkUUoyMnhzSy1uN05zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA9w
MA0GCSqGSIb3DQEBCwUAA4IBAQB8SMJr9cIow8NStOOyJxc/n02YqaiGQPtLSTXa
yr0uHdQryWlQrMFaIjW1m34LWoapGii2Wrd7V27l1/tyJdgDxOP7BqP6t+XZ/3GX
gVpPEZnKjZOi5ve2vSmfRiVgTwfBPci44czLL7Em5qPAo07GsKwSAi9Fmcg/5fYH
KuJT/mLKrXtGnaVygVkPwiFKqsstAJvhoDV7TVwUJM7rBmCVEmCzKbLbVE3xdrh6
B+UALsrdI9ywEZioAl/myLefs0UlLHnBeXKXtIyZdDigAVfHg5WxnHIKURlZY201
1nTLKktb5gp51Ql6Avd94WYSEpb3u8j+oFHp9x/ZXlLelugZ
-----END CERTIFICATE-----