This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/14238d-8591-471f-895b-1769d1994df6/1/MbmOe617Beb8ehTTf8MQ_smqn_o.roa
File:                     MbmOe617Beb8ehTTf8MQ_smqn_o.roa (raw, json)
Hash identifier:          1oDwnPrpmz2JYgXg/Xbn/cWn31YRvP1U3oEbkfTev+U=
Subject key identifier:   31:B9:8E:7B:AD:7B:05:E6:FC:7A:14:D3:7F:C3:10:FE:C9:AA:9F:FA
Certificate issuer:       /CN=5873b598550df5bfdbc99a7a1e396c3495bda83b
Certificate serial:       019B7910D8B08E3012C56933C0D96203653C
Authority key identifier: 58:73:B5:98:55:0D:F5:BF:DB:C9:9A:7A:1E:39:6C:34:95:BD:A8:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WHO1mFUN9b_byZp6HjlsNJW9qDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/14238d-8591-471f-895b-1769d1994df6/1/MbmOe617Beb8ehTTf8MQ_smqn_o.roa
Signing time:             Thu 01 Jan 2026 10:18:25 +0000
ROA not before:           Thu 01 Jan 2026 10:18:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     559
IP address blocks:        130.82.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/14238d-8591-471f-895b-1769d1994df6/1/WHO1mFUN9b_byZp6HjlsNJW9qDs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/14238d-8591-471f-895b-1769d1994df6/1/WHO1mFUN9b_byZp6HjlsNJW9qDs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WHO1mFUN9b_byZp6HjlsNJW9qDs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:d8:b0:8e:30:12:c5:69:33:c0:d9:62:03:65:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5873b598550df5bfdbc99a7a1e396c3495bda83b
        Validity
            Not Before: Jan  1 10:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31b98e7bad7b05e6fc7a14d37fc310fec9aa9ffa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e5:f7:17:c7:fc:61:3d:5f:c6:41:06:9e:06:
                    90:56:e2:cc:a8:c9:5a:b0:2d:78:d9:63:92:02:58:
                    56:c2:6c:62:0e:45:df:20:b0:b5:cb:13:e5:14:44:
                    ce:4d:59:a7:21:71:9d:a3:3a:1e:f2:65:1d:46:99:
                    82:90:d2:76:d6:f2:e7:75:1d:5a:43:0b:a5:a5:dc:
                    3d:18:35:02:83:e2:4d:26:90:1d:32:71:ed:c7:3c:
                    04:de:e1:34:cb:e4:74:40:c7:96:28:f7:3a:67:54:
                    39:ff:69:ed:e9:94:f5:9b:f1:60:cc:26:96:2b:da:
                    17:29:4a:1a:c4:e1:b3:1d:ee:8f:64:e5:08:a3:f9:
                    ba:75:33:0b:22:c4:5a:ff:64:ed:4e:b1:55:23:d0:
                    45:50:16:41:07:9c:d9:63:0b:a2:60:b6:53:8d:b1:
                    8c:67:b5:72:46:aa:ec:fd:a9:d7:96:24:9c:1c:96:
                    8f:6e:af:78:23:7c:7d:1f:34:36:e1:cc:30:19:a9:
                    9e:1b:91:f6:75:b6:64:7e:26:8a:8b:99:1b:66:1d:
                    e4:ba:38:16:25:6c:c9:4a:0f:e3:e3:8f:26:0c:66:
                    e3:d5:2b:60:45:b3:a5:4c:96:79:b7:8f:61:73:45:
                    02:10:b5:18:58:40:79:84:2a:3a:30:53:b0:7d:db:
                    af:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:B9:8E:7B:AD:7B:05:E6:FC:7A:14:D3:7F:C3:10:FE:C9:AA:9F:FA
            X509v3 Authority Key Identifier:
                keyid:58:73:B5:98:55:0D:F5:BF:DB:C9:9A:7A:1E:39:6C:34:95:BD:A8:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WHO1mFUN9b_byZp6HjlsNJW9qDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/14238d-8591-471f-895b-1769d1994df6/1/MbmOe617Beb8ehTTf8MQ_smqn_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/14238d-8591-471f-895b-1769d1994df6/1/WHO1mFUN9b_byZp6HjlsNJW9qDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.82.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a3:b9:12:fd:3e:91:a8:7a:d6:dd:d9:99:64:f3:13:73:07:a7:
         f2:cc:16:7f:6b:78:ef:a8:17:23:12:f5:28:ae:d8:a0:c9:4a:
         72:a4:0f:74:68:56:21:a2:91:7a:89:d0:73:27:3a:72:61:84:
         f3:ea:13:58:60:ac:5d:72:c3:59:07:03:53:a9:2d:a8:6c:e4:
         49:83:d0:8d:54:e4:2a:1d:8e:9c:db:6d:b6:cd:e1:39:38:97:
         34:1f:52:0b:5d:22:fe:86:3c:f3:4f:96:8d:77:fe:03:56:99:
         f4:4a:3a:9e:1f:97:78:ed:62:10:24:66:b1:95:e2:61:73:87:
         1f:bf:3e:1a:b1:03:d2:7a:a5:b8:f8:7a:ec:1a:09:3f:74:4d:
         c1:d2:ea:d7:0a:d5:f0:a3:e4:c8:a1:ba:31:79:37:b3:09:d2:
         df:de:51:48:bf:8b:56:86:6b:3d:d8:79:f0:dc:c3:d6:8a:c6:
         af:c1:1a:62:29:28:ec:e5:f4:d5:ce:52:89:20:84:b4:e2:70:
         94:43:ab:d2:ae:6c:26:89:71:32:47:0a:df:77:d7:0a:ed:57:
         64:6b:d3:1a:36:bf:df:88:41:1c:cd:a2:1f:76:fb:26:2c:fe:
         41:8e:22:2a:70:eb:57:de:95:02:42:48:b2:b0:ff:f2:f1:d5:
         4b:79:7a:d5
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt5ENiwjjASxWkzwNliA2U8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NzNiNTk4NTUwZGY1YmZkYmM5OWE3YTFlMzk2YzM0OTVi
ZGE4M2IwHhcNMjYwMTAxMTAxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWI5OGU3YmFkN2IwNWU2ZmM3YTE0ZDM3ZmMzMTBmZWM5YWE5ZmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuX3F8f8YT1fxkEGngaQVuLMqMla
sC142WOSAlhWwmxiDkXfILC1yxPlFETOTVmnIXGdozoe8mUdRpmCkNJ21vLndR1a
Qwulpdw9GDUCg+JNJpAdMnHtxzwE3uE0y+R0QMeWKPc6Z1Q5/2nt6ZT1m/FgzCaW
K9oXKUoaxOGzHe6PZOUIo/m6dTMLIsRa/2TtTrFVI9BFUBZBB5zZYwuiYLZTjbGM
Z7VyRqrs/anXliScHJaPbq94I3x9HzQ24cwwGameG5H2dbZkfiaKi5kbZh3kujgW
JWzJSg/j448mDGbj1StgRbOlTJZ5t49hc0UCELUYWEB5hCo6MFOwfduvAQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFDG5jnutewXm/HoU03/DEP7Jqp/6MB8GA1UdIwQY
MBaAFFhztZhVDfW/28maeh45bDSVvag7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0hPMW1GVU45Yl9ieVpwNkhqbHNOSlc5cURzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8xNDIzOGQtODU5MS00NzFmLTg5NWIt
MTc2OWQxOTk0ZGY2LzEvTWJtT2U2MTdCZWI4ZWhUVGY4TVFfc21xbl9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy8xNDIzOGQtODU5MS00NzFmLTg5NWItMTc2OWQxOTk0ZGY2
LzEvV0hPMW1GVU45Yl9ieVpwNkhqbHNOSlc5cURzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAglIwDQYJ
KoZIhvcNAQELBQADggEBAKO5Ev0+kah61t3ZmWTzE3MHp/LMFn9reO+oFyMS9Siu
2KDJSnKkD3RoViGikXqJ0HMnOnJhhPPqE1hgrF1yw1kHA1OpLahs5EmD0I1U5Cod
jpzbbbbN4Tk4lzQfUgtdIv6GPPNPlo13/gNWmfRKOp4fl3jtYhAkZrGV4mFzhx+/
PhqxA9J6pbj4euwaCT90TcHS6tcK1fCj5MihujF5N7MJ0t/eUUi/i1aGaz3YefDc
w9aKxq/BGmIpKOzl9NXOUokghLTicJRDq9KubCaJcTJHCt931wrtV2Rr0xo2v9+I
QRzNoh92+yYs/kGOIipw61felQJCSLKw//Lx1Ut5etU=
-----END CERTIFICATE-----