This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/5a2ed9-8f8e-4c1d-aaf3-30c65ad83291/1/MtXK992XQ-M-hmv_KStvnyh-x5Q.roa
File:                     MtXK992XQ-M-hmv_KStvnyh-x5Q.roa (raw, json)
Hash identifier:          M8VsnjB/uw1FiI9xmVKpQrIIX0KwLuaKoIKTTuviTH8=
Subject key identifier:   32:D5:CA:F7:DD:97:43:E3:3E:86:6B:FF:29:2B:6F:9F:28:7E:C7:94
Certificate issuer:       /CN=34832317d2544434b659e5692071d8e4c4938b06
Certificate serial:       019B7834EF678C7A2FE7F636A6863F737838
Authority key identifier: 34:83:23:17:D2:54:44:34:B6:59:E5:69:20:71:D8:E4:C4:93:8B:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NIMjF9JURDS2WeVpIHHY5MSTiwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/5a2ed9-8f8e-4c1d-aaf3-30c65ad83291/1/MtXK992XQ-M-hmv_KStvnyh-x5Q.roa
Signing time:             Thu 01 Jan 2026 06:18:13 +0000
ROA not before:           Thu 01 Jan 2026 06:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6204
IP address blocks:        176.28.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/5a2ed9-8f8e-4c1d-aaf3-30c65ad83291/1/NIMjF9JURDS2WeVpIHHY5MSTiwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/5a2ed9-8f8e-4c1d-aaf3-30c65ad83291/1/NIMjF9JURDS2WeVpIHHY5MSTiwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NIMjF9JURDS2WeVpIHHY5MSTiwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 15:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:ef:67:8c:7a:2f:e7:f6:36:a6:86:3f:73:78:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34832317d2544434b659e5692071d8e4c4938b06
        Validity
            Not Before: Jan  1 06:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=32d5caf7dd9743e33e866bff292b6f9f287ec794
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f6:49:be:4d:f6:ea:8a:8f:70:ff:d8:6a:fd:
                    3c:ac:36:8e:e2:8b:dc:76:d3:5e:5f:e9:49:c9:00:
                    74:0e:f3:08:9e:67:d4:51:b9:6c:23:47:7e:f5:87:
                    3f:27:03:ec:47:e3:89:5f:1e:4e:79:04:00:36:09:
                    f0:70:a2:32:af:12:f3:7b:c5:4d:14:7e:e0:26:c3:
                    be:a1:ab:0f:47:5b:79:c3:90:aa:06:58:88:1f:a6:
                    59:d2:07:b9:e6:98:9e:a5:97:5c:66:c9:0e:e3:29:
                    8d:93:9d:d1:39:9b:6e:a3:53:39:39:dc:37:84:e6:
                    41:38:ae:46:69:69:0f:28:87:68:98:10:a8:30:51:
                    72:39:db:c9:c6:98:1e:e4:08:1e:a1:43:a5:29:9b:
                    3e:c1:0c:1b:ef:99:3c:84:95:b5:95:1a:17:d6:8d:
                    18:62:45:85:d5:c1:8f:1f:d1:56:be:cf:29:85:9b:
                    08:91:65:99:8c:46:25:0b:8b:08:85:41:db:54:d1:
                    7e:ca:92:af:70:e0:b9:c9:c4:92:94:ce:6e:e8:5c:
                    0d:de:e7:ab:c5:34:55:39:32:d1:91:91:2e:03:72:
                    60:b7:56:39:b5:9e:07:97:7f:95:de:6c:ca:dd:02:
                    36:2f:2a:62:87:04:f0:57:d5:23:68:4e:23:7f:e3:
                    82:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:D5:CA:F7:DD:97:43:E3:3E:86:6B:FF:29:2B:6F:9F:28:7E:C7:94
            X509v3 Authority Key Identifier:
                keyid:34:83:23:17:D2:54:44:34:B6:59:E5:69:20:71:D8:E4:C4:93:8B:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NIMjF9JURDS2WeVpIHHY5MSTiwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5a2ed9-8f8e-4c1d-aaf3-30c65ad83291/1/MtXK992XQ-M-hmv_KStvnyh-x5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5a2ed9-8f8e-4c1d-aaf3-30c65ad83291/1/NIMjF9JURDS2WeVpIHHY5MSTiwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.28.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:33:4a:54:e8:e2:58:a5:dc:2f:20:c6:82:55:2f:b8:f3:fa:
         a1:e3:02:d6:df:d0:e1:6f:04:bf:eb:eb:d7:01:1f:66:e9:2a:
         d5:cf:cf:fc:b5:58:65:37:dd:8c:e7:8d:25:e5:6c:20:8c:a5:
         59:e1:8f:12:ed:6a:07:a0:94:22:42:df:68:e2:ed:03:34:d8:
         11:99:3a:a6:c9:ca:99:bf:14:11:11:fa:0e:61:9a:e2:fe:c1:
         c8:f2:00:e1:87:1f:56:61:1a:40:3f:cb:ad:75:55:ae:63:34:
         e2:fb:78:44:bd:ec:90:16:80:6c:b0:a6:72:0e:3e:0f:83:14:
         74:cc:cd:ed:90:7d:cd:47:2a:0b:3f:f3:9a:5c:09:60:5d:48:
         eb:63:c5:d7:50:d7:4e:21:13:0b:fc:d0:31:e3:2b:d2:8a:52:
         f6:01:c0:d7:4b:0d:37:75:0a:18:f9:f1:0c:04:9b:8f:27:f0:
         90:ea:90:c4:a6:6e:c0:92:d0:68:3d:fc:22:6f:e8:7f:5b:ac:
         9b:f9:f8:65:b9:11:d2:8c:3d:b4:93:ea:55:f1:6f:4c:8c:55:
         51:c1:2f:c4:a0:20:73:bf:8d:72:cb:9a:f8:47:b5:8e:15:4b:
         aa:76:40:43:e5:4e:27:63:61:ef:f4:91:5c:d6:68:9f:3b:02:
         f2:ef:21:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NO9njHov5/Y2poY/c3g4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ODMyMzE3ZDI1NDQ0MzRiNjU5ZTU2OTIwNzFkOGU0YzQ5
MzhiMDYwHhcNMjYwMTAxMDYxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmQ1Y2FmN2RkOTc0M2UzM2U4NjZiZmYyOTJiNmY5ZjI4N2VjNzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfZJvk326oqPcP/Yav08rDaO4ovc
dtNeX+lJyQB0DvMInmfUUblsI0d+9Yc/JwPsR+OJXx5OeQQANgnwcKIyrxLze8VN
FH7gJsO+oasPR1t5w5CqBliIH6ZZ0ge55piepZdcZskO4ymNk53ROZtuo1M5Odw3
hOZBOK5GaWkPKIdomBCoMFFyOdvJxpge5AgeoUOlKZs+wQwb75k8hJW1lRoX1o0Y
YkWF1cGPH9FWvs8phZsIkWWZjEYlC4sIhUHbVNF+ypKvcOC5ycSSlM5u6FwN3uer
xTRVOTLRkZEuA3Jgt1Y5tZ4Hl3+V3mzK3QI2LypihwTwV9UjaE4jf+OCywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDLVyvfdl0PjPoZr/ykrb58ofseUMB8GA1UdIwQY
MBaAFDSDIxfSVEQ0tlnlaSBx2OTEk4sGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTklNakY5SlVSRFMyV2VWcElISFk1TVNUaXdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS81YTJlZDktOGY4ZS00YzFkLWFhZjMt
MzBjNjVhZDgzMjkxLzEvTXRYSzk5MlhRLU0taG12X0tTdHZueWgteDVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS81YTJlZDktOGY4ZS00YzFkLWFhZjMtMzBjNjVhZDgzMjkx
LzEvTklNakY5SlVSRFMyV2VWcElISFk1TVNUaXdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsBxMMA0G
CSqGSIb3DQEBCwUAA4IBAQDQM0pU6OJYpdwvIMaCVS+48/qh4wLW39DhbwS/6+vX
AR9m6SrVz8/8tVhlN92M540l5WwgjKVZ4Y8S7WoHoJQiQt9o4u0DNNgRmTqmycqZ
vxQREfoOYZri/sHI8gDhhx9WYRpAP8utdVWuYzTi+3hEveyQFoBssKZyDj4PgxR0
zM3tkH3NRyoLP/OaXAlgXUjrY8XXUNdOIRML/NAx4yvSilL2AcDXSw03dQoY+fEM
BJuPJ/CQ6pDEpm7AktBoPfwib+h/W6yb+fhluRHSjD20k+pV8W9MjFVRwS/EoCBz
v41yy5r4R7WOFUuqdkBD5U4nY2Hv9JFc1mifOwLy7yGo
-----END CERTIFICATE-----