This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/MJaBHnPBPoiX26U_szdp7RvWUtQ.roa
File:                     MJaBHnPBPoiX26U_szdp7RvWUtQ.roa (raw, json)
Hash identifier:          qFctKJR4yu14bDLmMuycFB3M33Jqb8VwTlP3l9MF2n4=
Subject key identifier:   30:96:81:1E:73:C1:3E:88:97:DB:A5:3F:B3:37:69:ED:1B:D6:52:D4
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019B79108651F7C77F49695F2E4422E674F1
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/MJaBHnPBPoiX26U_szdp7RvWUtQ.roa
Signing time:             Thu 01 Jan 2026 10:18:04 +0000
ROA not before:           Thu 01 Jan 2026 10:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212521
IP address blocks:        45.131.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:86:51:f7:c7:7f:49:69:5f:2e:44:22:e6:74:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Jan  1 10:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3096811e73c13e8897dba53fb33769ed1bd652d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:0a:e7:7a:8b:99:f3:3e:fe:d0:b6:98:85:44:
                    cf:be:d5:4c:ae:34:9e:bc:ec:8c:fa:7c:71:42:0e:
                    ce:45:f6:65:af:bb:42:64:16:bd:41:d1:3f:f9:3a:
                    b9:bd:ec:94:b3:54:4d:b4:1a:d7:61:7f:9c:89:64:
                    d6:cf:c6:de:d4:17:10:19:b0:f0:76:7e:34:b2:74:
                    e0:24:e0:12:44:84:d1:7b:33:f9:f5:89:a9:47:e4:
                    21:59:0d:25:5c:c4:f5:6d:be:25:00:ca:88:40:a9:
                    ef:ca:52:4e:03:2f:7b:8f:cb:2d:2a:cb:0c:26:91:
                    85:95:1a:25:0d:cc:47:6d:ec:fa:93:40:25:ed:20:
                    1c:12:d7:98:a4:bd:4c:a3:1b:dc:93:f9:4d:43:06:
                    03:d2:29:c3:12:38:8f:78:df:6d:33:44:ed:d8:c9:
                    22:bb:f3:86:1c:75:f9:d3:8a:e8:86:6f:c4:ee:b0:
                    59:11:d7:61:b9:9c:3a:85:c4:3f:7c:66:1f:be:fe:
                    83:87:a0:3f:6d:4a:1f:ac:0c:da:e3:84:95:fe:75:
                    36:19:a0:fa:2e:f3:95:62:e7:4d:9f:be:44:a1:f1:
                    a5:d2:56:44:35:73:d6:79:25:af:e7:b7:cf:31:57:
                    0f:34:88:9e:05:24:a2:18:9b:a5:e6:02:12:3b:a8:
                    6b:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:96:81:1E:73:C1:3E:88:97:DB:A5:3F:B3:37:69:ED:1B:D6:52:D4
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/MJaBHnPBPoiX26U_szdp7RvWUtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:99:95:0f:ef:f5:85:21:c1:65:74:9f:30:4b:da:0d:12:26:
         60:ad:30:65:1e:c1:24:1c:79:0e:16:b9:79:2f:79:ca:86:56:
         a8:2c:a0:3d:c0:1d:11:9a:c9:df:dd:2d:ef:7f:dc:5d:d0:4f:
         d0:69:71:d3:16:d1:76:a3:31:31:7c:46:97:ec:74:76:b6:5b:
         6b:45:00:2a:30:ea:90:5a:40:ac:73:1e:26:ca:dd:32:5d:05:
         f6:d4:c1:13:0c:81:ec:13:48:60:a7:7a:93:9b:e5:d3:3e:ca:
         d5:f4:b9:9c:6b:0f:39:ce:74:0d:b2:93:17:6f:d1:72:15:df:
         34:3f:e8:dd:12:ec:1f:21:9b:06:07:20:ca:b9:5f:78:cc:bc:
         c5:0f:f9:d4:d4:6b:f4:00:29:06:16:e5:43:cc:23:bf:88:bc:
         c7:19:55:eb:39:1c:98:a1:a4:57:a2:06:4f:7a:1c:32:26:6d:
         77:8e:2a:13:c9:12:f1:0b:02:f2:fa:21:87:0f:50:28:89:16:
         17:19:1e:26:18:e1:5b:21:b0:d1:60:43:ca:12:47:2f:41:09:
         9f:2b:5b:03:93:c5:9b:78:70:96:e0:66:5a:36:da:00:b4:8b:
         b3:12:69:bc:f1:80:06:d1:74:f6:ae:d7:db:20:8d:ee:c9:03:
         eb:dc:e2:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EIZR98d/SWlfLkQi5nTxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjYwMTAxMTAxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDk2ODExZTczYzEzZTg4OTdkYmE1M2ZiMzM3NjllZDFiZDY1MmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwrneouZ8z7+0LaYhUTPvtVMrjSe
vOyM+nxxQg7ORfZlr7tCZBa9QdE/+Tq5veyUs1RNtBrXYX+ciWTWz8be1BcQGbDw
dn40snTgJOASRITRezP59YmpR+QhWQ0lXMT1bb4lAMqIQKnvylJOAy97j8stKssM
JpGFlRolDcxHbez6k0Al7SAcEteYpL1Moxvck/lNQwYD0inDEjiPeN9tM0Tt2Mki
u/OGHHX504rohm/E7rBZEddhuZw6hcQ/fGYfvv6Dh6A/bUofrAza44SV/nU2GaD6
LvOVYudNn75EofGl0lZENXPWeSWv57fPMVcPNIieBSSiGJul5gISO6hrLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDCWgR5zwT6Il9ulP7M3ae0b1lLUMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvTUphQkhuUEJQb2lYMjZVX3N6ZHA3UnZXVXRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYMAMA0G
CSqGSIb3DQEBCwUAA4IBAQCrmZUP7/WFIcFldJ8wS9oNEiZgrTBlHsEkHHkOFrl5
L3nKhlaoLKA9wB0Rmsnf3S3vf9xd0E/QaXHTFtF2ozExfEaX7HR2tltrRQAqMOqQ
WkCscx4myt0yXQX21METDIHsE0hgp3qTm+XTPsrV9Lmcaw85znQNspMXb9FyFd80
P+jdEuwfIZsGByDKuV94zLzFD/nU1Gv0ACkGFuVDzCO/iLzHGVXrORyYoaRXogZP
ehwyJm13jioTyRLxCwLy+iGHD1AoiRYXGR4mGOFbIbDRYEPKEkcvQQmfK1sDk8Wb
eHCW4GZaNtoAtIuzEmm88YAG0XT2rtfbII3uyQPr3OI0
-----END CERTIFICATE-----