This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/b660f4-88cb-45f3-a71a-2639839f828d/1/MmHcaoSID19FRmGF5kFPH25PR2Q.roa
File:                     MmHcaoSID19FRmGF5kFPH25PR2Q.roa (raw, json)
Hash identifier:          Pv88TmQb3cGeVyGfPSrdF1R8Obs/Bo3T58FvtRvVnRM=
Subject key identifier:   32:61:DC:6A:84:88:0F:5F:45:46:61:85:E6:41:4F:1F:6E:4F:47:64
Certificate issuer:       /CN=af60346d081b1c5c810b394c66e10512bbf4d8c9
Certificate serial:       019B76EAB896AEBE15A442585FECD42DFAE3
Authority key identifier: AF:60:34:6D:08:1B:1C:5C:81:0B:39:4C:66:E1:05:12:BB:F4:D8:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r2A0bQgbHFyBCzlMZuEFErv02Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/b660f4-88cb-45f3-a71a-2639839f828d/1/MmHcaoSID19FRmGF5kFPH25PR2Q.roa
Signing time:             Thu 01 Jan 2026 00:17:32 +0000
ROA not before:           Thu 01 Jan 2026 00:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42525
IP address blocks:        193.27.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/b660f4-88cb-45f3-a71a-2639839f828d/1/r2A0bQgbHFyBCzlMZuEFErv02Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/b660f4-88cb-45f3-a71a-2639839f828d/1/r2A0bQgbHFyBCzlMZuEFErv02Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r2A0bQgbHFyBCzlMZuEFErv02Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:b8:96:ae:be:15:a4:42:58:5f:ec:d4:2d:fa:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af60346d081b1c5c810b394c66e10512bbf4d8c9
        Validity
            Not Before: Jan  1 00:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3261dc6a84880f5f45466185e6414f1f6e4f4764
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:82:0e:61:2c:13:1c:76:ec:24:de:e0:66:6d:
                    81:6b:57:c0:f1:44:16:0d:57:c7:9b:b0:03:a6:ce:
                    54:9b:e0:ad:0a:39:db:c5:9e:7c:e7:ec:62:5e:39:
                    47:66:96:d0:36:a1:b6:0d:00:24:37:b2:b1:1b:7d:
                    f8:8b:07:52:3d:f4:7e:c5:1d:59:a9:60:aa:49:bb:
                    bb:69:5e:3e:dd:c0:ee:28:56:62:61:fe:eb:48:4b:
                    a5:d7:ef:93:1a:51:66:1f:6d:a9:61:31:67:76:f3:
                    e0:d6:b8:81:ec:9e:35:ab:a1:aa:d0:ff:bc:b5:79:
                    7f:68:bb:07:0d:9b:81:cc:0c:f9:4f:dd:c8:8d:60:
                    a9:80:35:37:70:cb:40:25:9e:16:15:7c:b2:89:27:
                    3c:9b:8d:63:38:b3:fe:91:3a:06:0a:a1:ba:04:c9:
                    4b:ae:1f:5a:25:ca:fa:5c:29:ce:f7:3c:55:90:4c:
                    fa:92:ea:97:c7:0e:78:72:68:a4:58:f7:d4:de:53:
                    f1:25:0e:94:e4:47:20:ac:95:a6:e0:1e:cf:a0:b4:
                    8c:2c:fa:87:58:39:e2:5e:90:50:f1:4f:37:9f:94:
                    50:ca:84:bb:fb:b6:bf:4b:6d:12:df:cd:33:f0:38:
                    85:e4:18:7c:9c:ff:cc:1d:c9:84:c3:8c:8e:31:da:
                    28:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:61:DC:6A:84:88:0F:5F:45:46:61:85:E6:41:4F:1F:6E:4F:47:64
            X509v3 Authority Key Identifier:
                keyid:AF:60:34:6D:08:1B:1C:5C:81:0B:39:4C:66:E1:05:12:BB:F4:D8:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r2A0bQgbHFyBCzlMZuEFErv02Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/b660f4-88cb-45f3-a71a-2639839f828d/1/MmHcaoSID19FRmGF5kFPH25PR2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/b660f4-88cb-45f3-a71a-2639839f828d/1/r2A0bQgbHFyBCzlMZuEFErv02Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.27.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:af:01:cf:63:34:af:44:e1:8c:89:ea:27:0a:77:e0:21:58:
         33:d0:7b:77:18:4a:67:d3:ea:02:9b:9a:cd:3f:e0:70:7f:63:
         e3:ef:da:04:54:60:46:68:fa:91:61:ec:ed:bf:c0:bd:34:96:
         00:c7:7d:f7:9e:55:6e:94:f4:46:7a:b4:73:22:0f:4a:d2:54:
         71:2b:e5:05:0f:a9:81:bd:17:50:1e:03:47:b0:34:4d:e8:2b:
         cf:a2:f8:fe:3a:02:93:01:5b:2f:9c:cb:e8:67:c6:2e:4f:0e:
         ce:4e:e4:b8:0c:cc:66:93:b4:97:2e:0d:45:e3:e7:31:0b:1d:
         78:ee:83:23:ad:14:bd:ee:92:99:b2:20:66:03:38:2e:9f:61:
         00:ec:08:43:b1:93:81:7e:44:74:f8:67:b1:30:76:4b:59:80:
         07:3b:8c:e4:e7:93:3d:d1:61:a9:71:45:9b:14:ff:11:4e:c6:
         84:0f:ed:ed:09:72:9c:45:8d:ee:12:6d:9a:36:5b:a4:ce:06:
         26:4a:58:bd:c4:8d:fa:af:20:4e:96:b6:1e:4d:96:f5:ce:ee:
         cb:82:7a:94:d3:41:03:d5:ee:f7:01:05:6a:d7:39:12:c7:7f:
         9d:b5:95:56:4f:0e:1e:bb:92:08:7c:25:97:89:8d:c2:46:20:
         44:7c:e1:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26riWrr4VpEJYX+zULfrjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNjAzNDZkMDgxYjFjNWM4MTBiMzk0YzY2ZTEwNTEyYmJm
NGQ4YzkwHhcNMjYwMTAxMDAxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjYxZGM2YTg0ODgwZjVmNDU0NjYxODVlNjQxNGYxZjZlNGY0NzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkoIOYSwTHHbsJN7gZm2Ba1fA8UQW
DVfHm7ADps5Um+CtCjnbxZ585+xiXjlHZpbQNqG2DQAkN7KxG334iwdSPfR+xR1Z
qWCqSbu7aV4+3cDuKFZiYf7rSEul1++TGlFmH22pYTFndvPg1riB7J41q6Gq0P+8
tXl/aLsHDZuBzAz5T93IjWCpgDU3cMtAJZ4WFXyyiSc8m41jOLP+kToGCqG6BMlL
rh9aJcr6XCnO9zxVkEz6kuqXxw54cmikWPfU3lPxJQ6U5EcgrJWm4B7PoLSMLPqH
WDniXpBQ8U83n5RQyoS7+7a/S20S380z8DiF5Bh8nP/MHcmEw4yOMdooNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJh3GqEiA9fRUZhheZBTx9uT0dkMB8GA1UdIwQY
MBaAFK9gNG0IGxxcgQs5TGbhBRK79NjJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjJBMGJRZ2JIRnlCQ3psTVp1RUZFcnYwMk1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9iNjYwZjQtODhjYi00NWYzLWE3MWEt
MjYzOTgzOWY4MjhkLzEvTW1IY2FvU0lEMTlGUm1HRjVrRlBIMjVQUjJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9iNjYwZjQtODhjYi00NWYzLWE3MWEtMjYzOTgzOWY4Mjhk
LzEvcjJBMGJRZ2JIRnlCQ3psTVp1RUZFcnYwMk1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRsDMA0G
CSqGSIb3DQEBCwUAA4IBAQBcrwHPYzSvROGMieonCnfgIVgz0Ht3GEpn0+oCm5rN
P+Bwf2Pj79oEVGBGaPqRYeztv8C9NJYAx333nlVulPRGerRzIg9K0lRxK+UFD6mB
vRdQHgNHsDRN6CvPovj+OgKTAVsvnMvoZ8YuTw7OTuS4DMxmk7SXLg1F4+cxCx14
7oMjrRS97pKZsiBmAzgun2EA7AhDsZOBfkR0+GexMHZLWYAHO4zk55M90WGpcUWb
FP8RTsaED+3tCXKcRY3uEm2aNlukzgYmSli9xI36ryBOlrYeTZb1zu7LgnqU00ED
1e73AQVq1zkSx3+dtZVWTw4eu5IIfCWXiY3CRiBEfOF+
-----END CERTIFICATE-----