This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/Mq91aHgILLYinYVbGX30JTicK2Y.roa
File:                     Mq91aHgILLYinYVbGX30JTicK2Y.roa (raw, json)
Hash identifier:          awH0fZT5nCVQDV/n2dA6uOcYfxt3myd+QXH8nt5Ehzs=
Subject key identifier:   32:AF:75:68:78:08:2C:B6:22:9D:85:5B:19:7D:F4:25:38:9C:2B:66
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       019B79107364F676B92CFD67F904A4183C37
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/Mq91aHgILLYinYVbGX30JTicK2Y.roa
Signing time:             Thu 01 Jan 2026 10:17:59 +0000
ROA not before:           Thu 01 Jan 2026 10:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     140641
IP address blocks:        5.178.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 17:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:73:64:f6:76:b9:2c:fd:67:f9:04:a4:18:3c:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jan  1 10:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=32af756878082cb6229d855b197df425389c2b66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:da:af:37:68:37:2f:53:48:df:fb:cf:b6:cc:
                    29:d8:f1:0b:16:cd:62:d8:27:ff:ff:9d:4d:e3:19:
                    e9:3a:96:82:c9:2e:cf:d8:04:bf:08:76:a9:6a:5e:
                    08:26:6a:53:ab:44:6a:56:58:c3:fd:60:c1:3f:22:
                    d8:06:c8:b8:6b:c4:04:a6:c4:66:84:6c:66:b9:a1:
                    67:b5:d8:f0:fa:f9:ca:50:9f:7d:08:65:8a:93:ff:
                    35:63:c7:77:73:18:05:2a:fa:3b:87:60:2d:ab:91:
                    67:66:a5:02:b3:91:ca:c7:c7:ef:10:14:ee:9b:7f:
                    61:f7:55:e3:22:fc:24:1b:05:97:be:2c:b1:80:ff:
                    4d:d2:8a:05:25:8c:4c:16:87:6b:94:cd:20:80:34:
                    2c:b6:51:9f:1a:26:b4:67:47:b8:86:3a:54:b8:cc:
                    a4:93:1d:c1:5a:7d:b7:c0:d8:3a:7e:e5:cc:0a:fb:
                    2e:63:b3:bc:7b:43:f7:14:44:00:1f:fb:0a:8e:e4:
                    06:58:5a:e3:6f:86:89:49:a5:61:d6:e6:77:6c:76:
                    e3:b3:dd:21:16:73:a6:7a:47:0b:8f:98:85:cb:7c:
                    75:76:c3:ca:bf:ee:fe:03:58:57:e1:e7:b8:5d:91:
                    5b:f3:23:0b:8e:07:97:fd:49:9c:a2:d6:e4:6e:74:
                    dd:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:AF:75:68:78:08:2C:B6:22:9D:85:5B:19:7D:F4:25:38:9C:2B:66
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/Mq91aHgILLYinYVbGX30JTicK2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d6:e8:97:27:21:d5:b1:31:e0:c7:0b:b0:8e:94:b6:5c:fc:cd:
         60:83:f3:e1:44:18:1f:c1:82:24:17:ce:0d:bc:7a:b8:d0:65:
         ef:36:0c:54:ae:8d:fd:48:d5:2d:9c:be:25:9d:2a:b6:51:71:
         bd:f4:23:a6:0f:44:e2:6c:cc:3f:73:b4:1b:58:21:76:72:e8:
         0a:a2:e5:b4:88:52:ba:f3:78:35:1a:fb:30:ee:bd:23:f2:c2:
         4f:dd:e4:05:18:38:39:e5:ca:4b:b0:2c:43:a7:29:b5:00:a1:
         82:b3:8f:91:2d:5d:74:59:6a:3e:5d:40:f9:07:8e:76:12:aa:
         12:d9:7d:33:8d:dd:82:ad:54:da:9b:bb:9d:9b:d7:b5:11:3a:
         41:8f:d8:bd:e2:e5:ab:31:97:b0:d5:28:47:02:bc:dc:00:39:
         88:7b:22:03:00:3d:8e:b5:3f:1e:f5:3f:83:b0:7c:41:47:25:
         3f:b2:97:80:d4:bb:a2:7f:e6:a7:07:13:e5:f7:ac:77:e3:21:
         6b:25:5b:24:98:62:9d:df:71:3a:8d:2c:1e:36:09:1e:25:3e:
         73:46:45:0e:53:19:5a:55:04:24:28:e2:0a:5c:d6:15:d7:cd:
         50:3d:2e:26:29:93:ef:6a:8f:ec:9a:42:66:a1:22:1b:9f:dc:
         68:0e:d3:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EHNk9na5LP1n+QSkGDw3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjYwMTAxMTAxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmFmNzU2ODc4MDgyY2I2MjI5ZDg1NWIxOTdkZjQyNTM4OWMyYjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdqvN2g3L1NI3/vPtswp2PELFs1i
2Cf//51N4xnpOpaCyS7P2AS/CHapal4IJmpTq0RqVljD/WDBPyLYBsi4a8QEpsRm
hGxmuaFntdjw+vnKUJ99CGWKk/81Y8d3cxgFKvo7h2Atq5FnZqUCs5HKx8fvEBTu
m39h91XjIvwkGwWXviyxgP9N0ooFJYxMFodrlM0ggDQstlGfGia0Z0e4hjpUuMyk
kx3BWn23wNg6fuXMCvsuY7O8e0P3FEQAH/sKjuQGWFrjb4aJSaVh1uZ3bHbjs90h
FnOmekcLj5iFy3x1dsPKv+7+A1hX4ee4XZFb8yMLjgeX/UmcotbkbnTdiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDKvdWh4CCy2Ip2FWxl99CU4nCtmMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvTXE5MWFIZ0lMTFlpbllWYkdYMzBKVGljSzJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbJiMA0G
CSqGSIb3DQEBCwUAA4IBAQDW6JcnIdWxMeDHC7COlLZc/M1gg/PhRBgfwYIkF84N
vHq40GXvNgxUro39SNUtnL4lnSq2UXG99COmD0TibMw/c7QbWCF2cugKouW0iFK6
83g1Gvsw7r0j8sJP3eQFGDg55cpLsCxDpym1AKGCs4+RLV10WWo+XUD5B452EqoS
2X0zjd2CrVTam7udm9e1ETpBj9i94uWrMZew1ShHArzcADmIeyIDAD2OtT8e9T+D
sHxBRyU/speA1Luif+anBxPl96x34yFrJVskmGKd33E6jSweNgkeJT5zRkUOUxla
VQQkKOIKXNYV181QPS4mKZPvao/smkJmoSIbn9xoDtMN
-----END CERTIFICATE-----