This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/makv0shcZ5kNgnoatV93mdzUDzA.roa
File:                     makv0shcZ5kNgnoatV93mdzUDzA.roa (raw, json)
Hash identifier:          pcme59je8U1s3r4CfES9LEZanBL2hRJGysIwX84CTmo=
Subject key identifier:   99:A9:2F:D2:C8:5C:67:99:0D:82:7A:1A:B5:5F:77:99:DC:D4:0F:30
Certificate issuer:       /CN=a566d8337776c98746bd231e69e185db2a9a5be2
Certificate serial:       019B7BA34A440B584197EAAF83B4A75C7486
Authority key identifier: A5:66:D8:33:77:76:C9:87:46:BD:23:1E:69:E1:85:DB:2A:9A:5B:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pWbYM3d2yYdGvSMeaeGF2yqaW-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/makv0shcZ5kNgnoatV93mdzUDzA.roa
Signing time:             Thu 01 Jan 2026 22:17:37 +0000
ROA not before:           Thu 01 Jan 2026 22:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208575
IP address blocks:        45.128.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/pWbYM3d2yYdGvSMeaeGF2yqaW-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/pWbYM3d2yYdGvSMeaeGF2yqaW-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pWbYM3d2yYdGvSMeaeGF2yqaW-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:4a:44:0b:58:41:97:ea:af:83:b4:a7:5c:74:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a566d8337776c98746bd231e69e185db2a9a5be2
        Validity
            Not Before: Jan  1 22:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=99a92fd2c85c67990d827a1ab55f7799dcd40f30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:51:94:ea:dd:22:02:51:8e:40:10:92:df:c4:
                    0c:1d:bc:4b:9c:3f:9c:43:db:a6:56:9d:f5:51:b5:
                    0f:bf:39:b1:ef:d1:f2:49:61:35:93:91:f2:a5:ea:
                    7b:28:56:3b:79:f2:a1:20:c8:35:ea:d0:a6:ee:35:
                    27:26:6f:b1:8f:d1:a2:95:2a:e9:ad:88:5f:fc:b1:
                    d5:b5:f3:f6:ac:43:64:ee:dd:12:5d:21:dc:e8:3c:
                    15:29:cf:e7:ac:40:5f:95:bc:e1:1d:0b:ef:d5:53:
                    bf:37:fc:a0:4e:12:24:6a:68:dc:9e:ee:a6:9c:33:
                    f9:64:25:7c:b6:03:df:fc:11:58:20:4c:b2:31:53:
                    bb:09:0c:0d:9d:d7:b8:b0:2f:0b:d0:bb:27:88:46:
                    77:08:c3:97:31:51:dd:13:e9:38:f9:88:2a:e0:d5:
                    7c:ad:31:c6:c2:84:6a:d2:d0:cb:58:c1:78:ad:14:
                    93:5a:68:be:31:67:54:58:24:c7:d0:33:60:21:35:
                    9e:b4:c5:50:ae:24:2c:4a:2a:c5:e8:16:66:4f:3a:
                    ce:97:9d:f1:51:49:ae:8a:a0:a7:be:a1:51:9a:ca:
                    25:7c:5e:dd:bc:3e:df:11:38:6a:6e:44:bc:bb:70:
                    3b:a3:bf:75:13:e0:00:b5:6b:45:b1:82:57:62:86:
                    73:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:A9:2F:D2:C8:5C:67:99:0D:82:7A:1A:B5:5F:77:99:DC:D4:0F:30
            X509v3 Authority Key Identifier:
                keyid:A5:66:D8:33:77:76:C9:87:46:BD:23:1E:69:E1:85:DB:2A:9A:5B:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pWbYM3d2yYdGvSMeaeGF2yqaW-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/makv0shcZ5kNgnoatV93mdzUDzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/0168ac-342c-4dd0-91a8-1b75867e8dff/1/pWbYM3d2yYdGvSMeaeGF2yqaW-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:fa:60:c8:55:e5:46:ff:1e:79:14:8f:43:80:55:a8:a5:cd:
         7e:02:57:38:e1:c1:61:4a:30:a3:46:ba:0c:cf:40:49:f3:b0:
         64:91:7d:eb:57:6a:3c:9f:93:85:79:e5:55:bc:43:64:13:2f:
         06:b4:59:2a:9f:85:29:ab:37:6a:9c:94:db:98:74:ad:08:e4:
         26:bd:68:e7:6a:62:d4:0a:14:6b:a4:c3:ca:f1:f1:0d:6c:4b:
         85:1e:a3:ed:b4:36:64:47:7b:1c:5e:ea:dd:5f:33:8d:60:d3:
         24:6c:d9:66:16:5f:e5:0e:0c:7c:ce:8a:43:98:b3:c6:03:a6:
         b2:7b:15:62:c2:c2:6a:66:b7:2e:2c:f0:c5:f1:a2:84:e7:e0:
         28:df:4e:03:3d:09:8e:17:ca:52:73:c9:04:a2:23:48:6a:c3:
         00:82:68:d8:8c:c4:ca:2d:71:d0:c1:da:9c:2f:47:09:18:65:
         95:3a:9e:6d:27:47:d2:80:0c:9e:ac:5a:61:cb:69:d1:04:aa:
         a2:d5:8d:f8:9a:35:35:40:ed:78:37:b0:fd:c2:d2:fb:90:4a:
         08:48:b5:42:7e:3f:3f:54:17:38:4c:8b:84:1d:73:90:04:bd:
         93:08:f8:97:08:c0:6c:aa:7e:67:a3:83:ca:22:bc:db:bf:21:
         e4:f2:e6:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o0pEC1hBl+qvg7SnXHSGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NjZkODMzNzc3NmM5ODc0NmJkMjMxZTY5ZTE4NWRiMmE5
YTViZTIwHhcNMjYwMTAxMjIxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWE5MmZkMmM4NWM2Nzk5MGQ4MjdhMWFiNTVmNzc5OWRjZDQwZjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1GU6t0iAlGOQBCS38QMHbxLnD+c
Q9umVp31UbUPvzmx79HySWE1k5Hypep7KFY7efKhIMg16tCm7jUnJm+xj9GilSrp
rYhf/LHVtfP2rENk7t0SXSHc6DwVKc/nrEBflbzhHQvv1VO/N/ygThIkamjcnu6m
nDP5ZCV8tgPf/BFYIEyyMVO7CQwNnde4sC8L0LsniEZ3CMOXMVHdE+k4+Ygq4NV8
rTHGwoRq0tDLWMF4rRSTWmi+MWdUWCTH0DNgITWetMVQriQsSirF6BZmTzrOl53x
UUmuiqCnvqFRmsolfF7dvD7fEThqbkS8u3A7o791E+AAtWtFsYJXYoZzzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJmpL9LIXGeZDYJ6GrVfd5nc1A8wMB8GA1UdIwQY
MBaAFKVm2DN3dsmHRr0jHmnhhdsqmlviMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFdiWU0zZDJ5WWRHdlNNZWFlR0YyeXFhVy1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8wMTY4YWMtMzQyYy00ZGQwLTkxYTgt
MWI3NTg2N2U4ZGZmLzEvbWFrdjBzaGNaNWtOZ25vYXRWOTNtZHpVRHpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8wMTY4YWMtMzQyYy00ZGQwLTkxYTgtMWI3NTg2N2U4ZGZm
LzEvcFdiWU0zZDJ5WWRHdlNNZWFlR0YyeXFhVy1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYARMA0G
CSqGSIb3DQEBCwUAA4IBAQB4+mDIVeVG/x55FI9DgFWopc1+Alc44cFhSjCjRroM
z0BJ87BkkX3rV2o8n5OFeeVVvENkEy8GtFkqn4UpqzdqnJTbmHStCOQmvWjnamLU
ChRrpMPK8fENbEuFHqPttDZkR3scXurdXzONYNMkbNlmFl/lDgx8zopDmLPGA6ay
exViwsJqZrcuLPDF8aKE5+Ao304DPQmOF8pSc8kEoiNIasMAgmjYjMTKLXHQwdqc
L0cJGGWVOp5tJ0fSgAyerFphy2nRBKqi1Y34mjU1QO14N7D9wtL7kEoISLVCfj8/
VBc4TIuEHXOQBL2TCPiXCMBsqn5no4PKIrzbvyHk8uYv
-----END CERTIFICATE-----