This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/c48b4c-0221-4646-bb72-05cf9db430b3/1/McifzUNxziI8WsCXgZeHNz10iWQ.roa
File:                     McifzUNxziI8WsCXgZeHNz10iWQ.roa (raw, json)
Hash identifier:          1R6rZYh+m87Flh7dOcMYHRsZeD59VMaEbBnj6Shuhfs=
Subject key identifier:   31:C8:9F:CD:43:71:CE:22:3C:5A:C0:97:81:97:87:37:3D:74:89:64
Certificate issuer:       /CN=9546465ca5b86c25a02e52ecbf04c4cfbc07654d
Certificate serial:       019B7D5D0E704395128D0C78F20300A45224
Authority key identifier: 95:46:46:5C:A5:B8:6C:25:A0:2E:52:EC:BF:04:C4:CF:BC:07:65:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lUZGXKW4bCWgLlLsvwTEz7wHZU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/c48b4c-0221-4646-bb72-05cf9db430b3/1/McifzUNxziI8WsCXgZeHNz10iWQ.roa
Signing time:             Fri 02 Jan 2026 06:20:09 +0000
ROA not before:           Fri 02 Jan 2026 06:20:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60893
IP address blocks:        109.94.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/c48b4c-0221-4646-bb72-05cf9db430b3/1/lUZGXKW4bCWgLlLsvwTEz7wHZU0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/c48b4c-0221-4646-bb72-05cf9db430b3/1/lUZGXKW4bCWgLlLsvwTEz7wHZU0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lUZGXKW4bCWgLlLsvwTEz7wHZU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 06:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:0e:70:43:95:12:8d:0c:78:f2:03:00:a4:52:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9546465ca5b86c25a02e52ecbf04c4cfbc07654d
        Validity
            Not Before: Jan  2 06:20:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31c89fcd4371ce223c5ac097819787373d748964
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:03:50:5e:2b:92:21:3f:fe:b1:55:87:39:9f:
                    b4:e0:60:ca:bd:08:e7:a3:d2:84:ce:31:d7:3f:c1:
                    01:f6:0c:fa:27:9e:de:69:f4:0e:24:95:36:a0:a5:
                    9e:e0:52:9d:df:e5:a2:a9:96:03:37:c5:56:7b:68:
                    5f:95:ba:33:fb:fb:a4:60:ae:2c:17:f9:50:7b:75:
                    f8:23:a5:16:0d:4f:15:7e:fb:d0:b9:f3:95:12:10:
                    98:ba:d5:b1:52:09:eb:38:76:e1:a9:8d:0f:1e:ac:
                    5a:c3:5b:44:60:10:59:38:bb:ac:66:f4:10:91:31:
                    19:1e:7c:e2:cd:7f:7f:4c:83:24:18:4b:fc:ee:5f:
                    c5:12:27:7e:d4:71:c8:f9:11:0f:c8:6b:b5:2a:eb:
                    9b:d7:4a:73:94:63:65:58:bd:d3:33:45:fb:87:aa:
                    7f:3b:ec:ef:6f:50:d0:5b:c1:b1:cf:36:a1:25:cb:
                    f6:9a:d0:41:fe:f7:3d:d3:ab:97:8c:3a:09:22:31:
                    8f:0d:ea:76:c8:4d:2b:bf:4f:8b:e8:42:8c:23:60:
                    e3:77:79:47:b9:70:c6:8a:c4:1d:6b:00:13:00:ac:
                    e7:40:aa:cf:d6:23:46:4c:e2:6d:84:8b:09:72:81:
                    7d:96:d7:a1:f3:fc:aa:f8:09:2b:53:da:16:73:da:
                    0e:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:C8:9F:CD:43:71:CE:22:3C:5A:C0:97:81:97:87:37:3D:74:89:64
            X509v3 Authority Key Identifier:
                keyid:95:46:46:5C:A5:B8:6C:25:A0:2E:52:EC:BF:04:C4:CF:BC:07:65:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lUZGXKW4bCWgLlLsvwTEz7wHZU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/c48b4c-0221-4646-bb72-05cf9db430b3/1/McifzUNxziI8WsCXgZeHNz10iWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/c48b4c-0221-4646-bb72-05cf9db430b3/1/lUZGXKW4bCWgLlLsvwTEz7wHZU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.94.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:8b:39:17:e1:01:79:63:98:7c:5d:1f:dc:19:6e:d8:b0:3b:
         dc:cb:68:29:b2:52:20:de:75:5d:1c:51:83:5d:fc:10:6d:af:
         ba:0a:e7:5a:c2:0c:e8:8e:74:b7:f8:c9:23:8c:03:ff:4e:55:
         95:c6:d3:bf:88:e1:99:32:98:07:f8:f8:4d:35:60:e7:9d:08:
         d3:21:2a:b1:59:a7:05:f1:bd:32:51:14:db:0f:5d:15:4c:3e:
         72:03:93:6d:3a:4d:f6:6f:1f:b3:bd:42:ee:4f:e6:d4:96:e1:
         e7:a5:20:81:b1:43:24:4e:c3:89:1d:63:ac:ca:fa:91:5d:c6:
         b7:91:76:36:55:80:8e:28:ed:7f:a8:22:1d:7c:76:0b:c4:31:
         77:ad:9a:05:58:00:ba:4f:3e:a2:1c:be:a3:50:8a:7f:33:89:
         6c:1f:01:8a:9a:45:21:42:1b:ec:d7:31:f4:f7:84:1a:1b:cf:
         ba:f7:3d:74:fd:6d:36:74:aa:0d:01:74:b4:04:66:96:1a:b3:
         fd:a4:44:98:95:6f:a5:32:20:ec:bf:64:fc:9f:10:f1:c9:77:
         48:f5:67:63:7b:20:bb:2a:c8:3e:eb:e9:70:6e:55:3b:1b:0a:
         ab:49:15:9e:db:60:4b:d7:a8:ae:bc:16:a9:ae:33:0a:a3:67:
         89:00:5e:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XQ5wQ5USjQx48gMApFIkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NDY0NjVjYTViODZjMjVhMDJlNTJlY2JmMDRjNGNmYmMw
NzY1NGQwHhcNMjYwMTAyMDYyMDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWM4OWZjZDQzNzFjZTIyM2M1YWMwOTc4MTk3ODczNzNkNzQ4OTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQNQXiuSIT/+sVWHOZ+04GDKvQjn
o9KEzjHXP8EB9gz6J57eafQOJJU2oKWe4FKd3+WiqZYDN8VWe2hflboz+/ukYK4s
F/lQe3X4I6UWDU8VfvvQufOVEhCYutWxUgnrOHbhqY0PHqxaw1tEYBBZOLusZvQQ
kTEZHnzizX9/TIMkGEv87l/FEid+1HHI+REPyGu1Kuub10pzlGNlWL3TM0X7h6p/
O+zvb1DQW8GxzzahJcv2mtBB/vc906uXjDoJIjGPDep2yE0rv0+L6EKMI2Djd3lH
uXDGisQdawATAKznQKrP1iNGTOJthIsJcoF9lteh8/yq+AkrU9oWc9oO1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHIn81Dcc4iPFrAl4GXhzc9dIlkMB8GA1UdIwQY
MBaAFJVGRlyluGwloC5S7L8ExM+8B2VNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFVaR1hLVzRiQ1dnTGxMc3Z3VEV6N3dIWlUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9jNDhiNGMtMDIyMS00NjQ2LWJiNzIt
MDVjZjlkYjQzMGIzLzEvTWNpZnpVTnh6aUk4V3NDWGdaZUhOejEwaVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9jNDhiNGMtMDIyMS00NjQ2LWJiNzItMDVjZjlkYjQzMGIz
LzEvbFVaR1hLVzRiQ1dnTGxMc3Z3VEV6N3dIWlUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbV6gMA0G
CSqGSIb3DQEBCwUAA4IBAQBeizkX4QF5Y5h8XR/cGW7YsDvcy2gpslIg3nVdHFGD
XfwQba+6CudawgzojnS3+MkjjAP/TlWVxtO/iOGZMpgH+PhNNWDnnQjTISqxWacF
8b0yURTbD10VTD5yA5NtOk32bx+zvULuT+bUluHnpSCBsUMkTsOJHWOsyvqRXca3
kXY2VYCOKO1/qCIdfHYLxDF3rZoFWAC6Tz6iHL6jUIp/M4lsHwGKmkUhQhvs1zH0
94QaG8+69z10/W02dKoNAXS0BGaWGrP9pESYlW+lMiDsv2T8nxDxyXdI9WdjeyC7
Ksg+6+lwblU7GwqrSRWe22BL16iuvBaprjMKo2eJAF7p
-----END CERTIFICATE-----