This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mW7TNNKOcx8Asff3LA5hFbwolus.roa
File:                     mW7TNNKOcx8Asff3LA5hFbwolus.roa (raw, json)
Hash identifier:          C0qSa3VXz/TpxHHnVA5yQuQAXKAh2TZvyE/riAp87yc=
Subject key identifier:   99:6E:D3:34:D2:8E:73:1F:00:B1:F7:F7:2C:0E:61:15:BC:28:96:EB
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       019B7AC7895FD202A8FB71094EDA218AFF1D
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mW7TNNKOcx8Asff3LA5hFbwolus.roa
Signing time:             Thu 01 Jan 2026 18:17:35 +0000
ROA not before:           Thu 01 Jan 2026 18:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3263
IP address blocks:        109.125.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:89:5f:d2:02:a8:fb:71:09:4e:da:21:8a:ff:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 18:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=996ed334d28e731f00b1f7f72c0e6115bc2896eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a4:f8:88:7a:eb:11:50:3e:b8:b9:a2:87:3f:
                    96:60:4e:3f:ad:b1:39:4a:02:49:24:5a:d8:ea:a0:
                    ac:8b:4e:64:36:4f:e5:94:c1:db:c1:db:0d:16:1a:
                    14:ba:aa:f6:1b:75:40:b9:98:bf:e4:82:dd:09:23:
                    d6:64:71:76:a3:f5:40:99:89:4b:ec:3a:03:8a:e6:
                    59:a5:6b:38:8d:24:99:58:1e:c5:82:63:9a:a8:a7:
                    fe:b0:f0:3a:ad:e0:d3:1d:c7:54:36:5d:ec:ab:00:
                    1e:93:4e:f9:47:db:e0:fb:d1:a1:d3:d8:23:30:fe:
                    9c:58:fe:f7:98:b4:c2:0e:45:02:52:d1:6b:ec:cf:
                    f7:a5:4d:e3:a9:0e:de:a2:4f:37:30:b0:9b:ac:e6:
                    1a:2a:2a:41:ca:bb:f0:9f:8b:9c:5d:56:f2:2b:c4:
                    f6:aa:bc:ce:d1:b0:7c:f7:8f:7d:41:7f:55:82:99:
                    e9:e6:26:95:5b:cc:90:4e:da:d6:a1:f1:1b:9b:a8:
                    e0:a5:6e:d3:6c:42:09:b2:65:11:64:3d:2e:37:2d:
                    e9:10:b7:25:8d:3a:48:10:69:93:b1:c0:ad:ab:78:
                    6d:c8:7b:72:87:07:14:0a:c3:c7:43:a5:5f:88:0d:
                    5a:f4:6c:26:84:af:c3:b1:81:e4:04:ce:b6:5f:26:
                    b4:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:6E:D3:34:D2:8E:73:1F:00:B1:F7:F7:2C:0E:61:15:BC:28:96:EB
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mW7TNNKOcx8Asff3LA5hFbwolus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.125.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:d9:72:4f:6c:33:8f:0d:cc:07:23:f3:59:69:ed:06:61:0c:
         5f:ef:c8:a3:5b:05:f0:7e:c6:e4:9a:11:47:a8:e8:6c:33:f8:
         99:20:9f:ef:c7:b3:3d:75:e8:17:a6:67:df:ba:fa:f2:d2:e9:
         0f:e8:a0:eb:dc:e1:46:4d:5e:6b:71:11:fe:40:1c:48:e8:14:
         31:90:1b:83:9b:07:e9:20:df:61:b8:c7:78:00:e5:5d:1a:fd:
         ba:0a:b2:e8:79:e6:64:8c:86:cc:3f:9e:2a:90:6e:4d:1d:19:
         7a:95:ce:94:9f:c7:1d:ec:96:da:fa:d2:bd:b0:94:28:e5:e5:
         2c:5a:6e:c5:f7:0a:a0:44:c7:d4:e3:bf:02:b4:cc:ff:1a:f8:
         b6:16:3e:ff:c5:dd:bd:7e:8b:92:51:aa:79:d1:b6:15:51:57:
         8d:9b:39:f5:a0:13:7c:a3:24:d6:93:5a:54:7e:aa:3b:a8:b4:
         b9:de:2a:81:26:32:a5:b6:39:4d:96:53:4a:c7:bc:d2:c4:cc:
         39:24:0e:f4:3c:93:5b:e1:0f:dc:2e:ee:9c:69:11:03:bd:36:
         53:d6:0f:15:26:67:a7:72:b9:7c:56:5f:5c:fb:67:6f:ab:b6:
         3f:fe:5a:9f:8d:88:37:c6:9b:8f:8b:49:4a:1f:f4:27:7d:42:
         ec:b1:5a:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x4lf0gKo+3EJTtohiv8dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjYwMTAxMTgxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTZlZDMzNGQyOGU3MzFmMDBiMWY3ZjcyYzBlNjExNWJjMjg5NmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6T4iHrrEVA+uLmihz+WYE4/rbE5
SgJJJFrY6qCsi05kNk/llMHbwdsNFhoUuqr2G3VAuZi/5ILdCSPWZHF2o/VAmYlL
7DoDiuZZpWs4jSSZWB7FgmOaqKf+sPA6reDTHcdUNl3sqwAek075R9vg+9Gh09gj
MP6cWP73mLTCDkUCUtFr7M/3pU3jqQ7eok83MLCbrOYaKipByrvwn4ucXVbyK8T2
qrzO0bB89499QX9Vgpnp5iaVW8yQTtrWofEbm6jgpW7TbEIJsmURZD0uNy3pELcl
jTpIEGmTscCtq3htyHtyhwcUCsPHQ6VfiA1a9GwmhK/DsYHkBM62Xya09wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJlu0zTSjnMfALH39ywOYRW8KJbrMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvbVc3VE5OS09jeDhBc2ZmM0xBNWhGYndvbHVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbX2/MA0G
CSqGSIb3DQEBCwUAA4IBAQC42XJPbDOPDcwHI/NZae0GYQxf78ijWwXwfsbkmhFH
qOhsM/iZIJ/vx7M9degXpmffuvry0ukP6KDr3OFGTV5rcRH+QBxI6BQxkBuDmwfp
IN9huMd4AOVdGv26CrLoeeZkjIbMP54qkG5NHRl6lc6Un8cd7Jba+tK9sJQo5eUs
Wm7F9wqgRMfU478CtMz/Gvi2Fj7/xd29fouSUap50bYVUVeNmzn1oBN8oyTWk1pU
fqo7qLS53iqBJjKltjlNllNKx7zSxMw5JA70PJNb4Q/cLu6caREDvTZT1g8VJmen
crl8Vl9c+2dvq7Y//lqfjYg3xpuPi0lKH/QnfULssVoN
-----END CERTIFICATE-----