This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/b5d9e0-c6b4-46f6-b45e-c56f177709de/1/MQurPkwc9xNchlLvXHc7cyLJXYw.roa
File:                     MQurPkwc9xNchlLvXHc7cyLJXYw.roa (raw, json)
Hash identifier:          M1ZfO3jLMgMlEbBcemPRY1pNZBv7xD+CQfvS21lMERM=
Subject key identifier:   31:0B:AB:3E:4C:1C:F7:13:5C:86:52:EF:5C:77:3B:73:22:C9:5D:8C
Certificate issuer:       /CN=0952ce4dd8640276f4c1841adb3a742f544924ea
Certificate serial:       019B7834D29AA6ED6BE5F3BBD189037909F4
Authority key identifier: 09:52:CE:4D:D8:64:02:76:F4:C1:84:1A:DB:3A:74:2F:54:49:24:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CVLOTdhkAnb0wYQa2zp0L1RJJOo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/b5d9e0-c6b4-46f6-b45e-c56f177709de/1/MQurPkwc9xNchlLvXHc7cyLJXYw.roa
Signing time:             Thu 01 Jan 2026 06:18:06 +0000
ROA not before:           Thu 01 Jan 2026 06:18:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2852
IP address blocks:        160.217.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/b5d9e0-c6b4-46f6-b45e-c56f177709de/1/CVLOTdhkAnb0wYQa2zp0L1RJJOo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/b5d9e0-c6b4-46f6-b45e-c56f177709de/1/CVLOTdhkAnb0wYQa2zp0L1RJJOo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CVLOTdhkAnb0wYQa2zp0L1RJJOo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 00:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:d2:9a:a6:ed:6b:e5:f3:bb:d1:89:03:79:09:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0952ce4dd8640276f4c1841adb3a742f544924ea
        Validity
            Not Before: Jan  1 06:18:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=310bab3e4c1cf7135c8652ef5c773b7322c95d8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:df:ea:83:b5:5a:42:b8:4e:68:03:ce:42:3e:
                    59:67:4b:00:b8:74:b2:29:36:2a:84:72:e3:df:69:
                    48:a7:a0:44:cd:fc:0f:46:60:47:40:5a:84:cc:f1:
                    24:e7:09:71:a6:b9:f3:02:89:2b:d6:8f:f0:53:00:
                    39:a4:61:dd:c6:f2:ad:55:8d:08:b8:4a:5b:eb:73:
                    ce:59:23:6d:6a:4d:cf:bc:84:d3:fd:e0:78:05:14:
                    46:29:8d:10:b1:66:52:55:97:f8:eb:f0:7a:fd:dc:
                    35:94:be:fa:a9:75:d1:f9:c3:a8:ee:20:0b:17:47:
                    d6:92:ff:63:1f:61:db:42:90:c2:a3:c4:c3:c4:06:
                    48:e0:3c:7f:76:80:1a:53:b4:46:e3:60:f2:55:76:
                    e7:ed:f6:bd:07:fa:49:c3:7b:14:20:66:56:f2:6d:
                    b8:90:56:c2:d4:fb:92:47:cf:23:31:38:f3:7d:9f:
                    67:35:b1:65:70:b5:45:9c:a7:5a:14:d2:6b:c0:0f:
                    b5:ad:7d:fb:ea:6f:cc:54:4f:64:6b:62:db:28:cc:
                    9e:11:dc:1d:b0:61:9c:11:6c:ad:c4:cd:1e:fa:1b:
                    20:cf:e0:57:20:e1:8b:a2:f8:fc:19:4b:14:fc:3e:
                    a7:28:70:18:0f:81:f6:70:53:78:43:0a:bf:57:22:
                    51:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:0B:AB:3E:4C:1C:F7:13:5C:86:52:EF:5C:77:3B:73:22:C9:5D:8C
            X509v3 Authority Key Identifier:
                keyid:09:52:CE:4D:D8:64:02:76:F4:C1:84:1A:DB:3A:74:2F:54:49:24:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CVLOTdhkAnb0wYQa2zp0L1RJJOo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/b5d9e0-c6b4-46f6-b45e-c56f177709de/1/MQurPkwc9xNchlLvXHc7cyLJXYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/b5d9e0-c6b4-46f6-b45e-c56f177709de/1/CVLOTdhkAnb0wYQa2zp0L1RJJOo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.217.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         47:62:96:37:a8:83:bc:df:18:2a:e0:36:1e:92:79:d7:b2:2d:
         60:dd:54:3f:e0:57:f5:71:24:b8:00:98:a1:a7:2a:27:fb:31:
         17:5e:14:ee:6e:ba:cf:1a:11:6e:3b:65:60:f0:ba:f3:fd:98:
         b4:5b:1e:c1:ae:46:5c:5d:6e:5b:57:16:0d:f6:e2:f9:df:9f:
         21:02:6e:58:07:4e:c9:f5:34:b8:cf:7a:c0:0c:fc:4a:e4:a4:
         23:05:a0:b1:84:b8:db:f7:85:68:f6:e0:77:f8:4b:95:87:e7:
         1e:5e:91:c0:d1:20:68:86:e0:76:27:96:d0:71:35:89:9d:33:
         90:fa:5a:b6:05:16:20:ab:8e:21:33:4a:c1:44:33:23:71:9c:
         93:da:ce:29:d6:25:c1:5e:cb:cd:d5:59:fc:0c:33:0a:20:2a:
         f9:64:46:c3:19:d0:74:d2:29:42:33:16:19:f8:c3:bb:8a:8d:
         8c:29:29:e7:61:e4:da:1f:7f:0d:89:2a:2d:b6:21:db:ec:b7:
         49:60:2a:5e:9f:7a:87:7c:88:0e:0b:ed:60:47:2d:8f:b9:97:
         05:e9:67:b7:d7:f0:f5:58:14:45:48:23:39:f0:86:20:a5:9b:
         35:29:d7:e2:0f:61:47:68:19:71:46:8f:2a:9b:96:20:81:d1:
         34:f9:03:ca
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt4NNKapu1r5fO70YkDeQn0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NTJjZTRkZDg2NDAyNzZmNGMxODQxYWRiM2E3NDJmNTQ0
OTI0ZWEwHhcNMjYwMTAxMDYxODA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTBiYWIzZTRjMWNmNzEzNWM4NjUyZWY1Yzc3M2I3MzIyYzk1ZDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9/qg7VaQrhOaAPOQj5ZZ0sAuHSy
KTYqhHLj32lIp6BEzfwPRmBHQFqEzPEk5wlxprnzAokr1o/wUwA5pGHdxvKtVY0I
uEpb63POWSNtak3PvITT/eB4BRRGKY0QsWZSVZf46/B6/dw1lL76qXXR+cOo7iAL
F0fWkv9jH2HbQpDCo8TDxAZI4Dx/doAaU7RG42DyVXbn7fa9B/pJw3sUIGZW8m24
kFbC1PuSR88jMTjzfZ9nNbFlcLVFnKdaFNJrwA+1rX376m/MVE9ka2LbKMyeEdwd
sGGcEWytxM0e+hsgz+BXIOGLovj8GUsU/D6nKHAYD4H2cFN4Qwq/VyJRJQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFDELqz5MHPcTXIZS71x3O3MiyV2MMB8GA1UdIwQY
MBaAFAlSzk3YZAJ29MGEGts6dC9USSTqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ZMT1RkaGtBbmIwd1lRYTJ6cDBMMVJKSk9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iNWQ5ZTAtYzZiNC00NmY2LWI0NWUt
YzU2ZjE3NzcwOWRlLzEvTVF1clBrd2M5eE5jaGxMdlhIYzdjeUxKWFl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iNWQ5ZTAtYzZiNC00NmY2LWI0NWUtYzU2ZjE3NzcwOWRl
LzEvQ1ZMT1RkaGtBbmIwd1lRYTJ6cDBMMVJKSk9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAoNkwDQYJ
KoZIhvcNAQELBQADggEBAEdiljeog7zfGCrgNh6SedeyLWDdVD/gV/VxJLgAmKGn
Kif7MRdeFO5uus8aEW47ZWDwuvP9mLRbHsGuRlxdbltXFg324vnfnyECblgHTsn1
NLjPesAM/ErkpCMFoLGEuNv3hWj24Hf4S5WH5x5ekcDRIGiG4HYnltBxNYmdM5D6
WrYFFiCrjiEzSsFEMyNxnJPazinWJcFey83VWfwMMwogKvlkRsMZ0HTSKUIzFhn4
w7uKjYwpKedh5Noffw2JKi22Idvst0lgKl6feod8iA4L7WBHLY+5lwXpZ7fX8PVY
FEVIIznwhiClmzUp1+IPYUdoGXFGjyqbliCB0TT5A8o=
-----END CERTIFICATE-----