This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/dee744-0854-4cf1-af6a-f56c84943a7d/1/M2qWTH73NkMquwfzQJVxK2FVK8I.roa
File:                     M2qWTH73NkMquwfzQJVxK2FVK8I.roa (raw, json)
Hash identifier:          5PswSRa1E9ITddc7NsFeNUg4nkAmj5HsnCX0ziwfNao=
Subject key identifier:   33:6A:96:4C:7E:F7:36:43:2A:BB:07:F3:40:95:71:2B:61:55:2B:C2
Certificate issuer:       /CN=41d6451b923a07e365b2f190faa55a572dd0fafc
Certificate serial:       019B797F06FF4CFFA8636531FDB6EC46E328
Authority key identifier: 41:D6:45:1B:92:3A:07:E3:65:B2:F1:90:FA:A5:5A:57:2D:D0:FA:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QdZFG5I6B-NlsvGQ-qVaVy3Q-vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/dee744-0854-4cf1-af6a-f56c84943a7d/1/M2qWTH73NkMquwfzQJVxK2FVK8I.roa
Signing time:             Thu 01 Jan 2026 12:18:46 +0000
ROA not before:           Thu 01 Jan 2026 12:18:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197883
IP address blocks:        91.217.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/dee744-0854-4cf1-af6a-f56c84943a7d/1/QdZFG5I6B-NlsvGQ-qVaVy3Q-vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/dee744-0854-4cf1-af6a-f56c84943a7d/1/QdZFG5I6B-NlsvGQ-qVaVy3Q-vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QdZFG5I6B-NlsvGQ-qVaVy3Q-vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7f:06:ff:4c:ff:a8:63:65:31:fd:b6:ec:46:e3:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41d6451b923a07e365b2f190faa55a572dd0fafc
        Validity
            Not Before: Jan  1 12:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=336a964c7ef736432abb07f34095712b61552bc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:ba:b7:60:43:58:0d:42:38:60:e5:ba:68:d6:
                    86:fa:13:f5:21:1b:86:37:9b:89:30:c5:c1:fd:a3:
                    17:54:d5:a0:e9:81:da:9b:b8:ee:d8:20:8e:b1:e8:
                    d3:58:66:47:bd:bb:63:10:e5:14:cc:c1:f6:a4:e5:
                    75:f1:02:75:20:d6:19:27:65:7f:97:73:8a:de:ea:
                    2d:15:a4:f8:a8:e8:2d:aa:20:a5:53:5e:03:cd:a3:
                    fd:5d:7a:cd:62:de:43:e5:3d:20:3b:d3:b1:03:35:
                    39:ab:dc:17:57:51:06:3e:d4:f9:31:64:20:fc:6a:
                    09:60:1f:59:db:8a:07:0e:f1:3f:52:b5:96:d4:7a:
                    ea:c7:8c:ff:af:45:72:ba:fe:90:1e:6d:0b:73:ce:
                    33:65:62:9e:4e:e8:58:4b:8d:c0:01:e5:c4:23:95:
                    09:85:8e:66:43:3e:6c:d9:7d:49:8a:dc:d0:f6:95:
                    5d:1d:f8:d1:88:21:be:d6:c3:e8:21:b7:15:5e:82:
                    09:e2:07:48:bf:58:35:b4:93:ab:a3:b9:db:5b:75:
                    b9:7e:f1:66:cd:79:94:42:de:17:61:cc:9a:65:d9:
                    7d:8b:7a:3d:db:20:2f:59:70:1d:db:26:61:c4:f3:
                    56:83:2b:07:5a:20:70:35:9b:1d:e4:d1:0d:80:39:
                    f7:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:6A:96:4C:7E:F7:36:43:2A:BB:07:F3:40:95:71:2B:61:55:2B:C2
            X509v3 Authority Key Identifier:
                keyid:41:D6:45:1B:92:3A:07:E3:65:B2:F1:90:FA:A5:5A:57:2D:D0:FA:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QdZFG5I6B-NlsvGQ-qVaVy3Q-vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/dee744-0854-4cf1-af6a-f56c84943a7d/1/M2qWTH73NkMquwfzQJVxK2FVK8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/dee744-0854-4cf1-af6a-f56c84943a7d/1/QdZFG5I6B-NlsvGQ-qVaVy3Q-vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:58:4b:59:34:ef:37:29:ba:62:ac:77:d0:ea:d5:09:23:d6:
         72:e3:84:44:9e:cf:8b:ae:59:7c:8a:a4:65:1a:e2:a0:1c:67:
         c0:27:50:f1:37:34:28:52:e8:3f:e4:e7:1c:d9:52:89:69:83:
         1c:dd:d7:c4:fa:89:9f:1f:96:d0:73:70:35:1e:9d:1b:ae:47:
         33:b0:7d:9f:fc:a4:18:95:4a:96:93:12:74:66:65:7a:b1:56:
         df:f9:1d:12:13:b3:a7:9e:ef:b0:e6:c8:05:af:9c:d7:59:b9:
         a5:de:19:5a:6a:50:12:ce:ab:61:bd:06:22:0c:d7:91:76:00:
         08:ea:10:75:be:9d:b3:1d:63:ea:08:0c:6e:ee:43:9b:de:05:
         15:02:9e:13:54:43:ba:d3:f9:ec:e5:55:25:1d:b2:70:61:c0:
         0d:c1:f0:44:c2:bc:6d:ba:eb:85:1d:32:60:aa:e1:86:5a:0d:
         7c:51:e6:20:22:99:f9:c5:2c:7b:0e:dd:24:a3:1d:d7:c4:e9:
         a6:52:b2:66:a8:5b:8f:71:56:df:95:26:d1:ad:b3:ce:0d:4a:
         13:f9:aa:37:5a:5e:20:36:ba:b9:ce:9a:bd:7d:74:82:84:02:
         81:8e:c8:f6:9a:1e:e4:63:4b:77:44:d0:8d:a8:e7:24:2e:e6:
         98:9d:f3:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fwb/TP+oY2Ux/bbsRuMoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZDY0NTFiOTIzYTA3ZTM2NWIyZjE5MGZhYTU1YTU3MmRk
MGZhZmMwHhcNMjYwMTAxMTIxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzZhOTY0YzdlZjczNjQzMmFiYjA3ZjM0MDk1NzEyYjYxNTUyYmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7q3YENYDUI4YOW6aNaG+hP1IRuG
N5uJMMXB/aMXVNWg6YHam7ju2CCOsejTWGZHvbtjEOUUzMH2pOV18QJ1INYZJ2V/
l3OK3uotFaT4qOgtqiClU14DzaP9XXrNYt5D5T0gO9OxAzU5q9wXV1EGPtT5MWQg
/GoJYB9Z24oHDvE/UrWW1Hrqx4z/r0Vyuv6QHm0Lc84zZWKeTuhYS43AAeXEI5UJ
hY5mQz5s2X1JitzQ9pVdHfjRiCG+1sPoIbcVXoIJ4gdIv1g1tJOro7nbW3W5fvFm
zXmUQt4XYcyaZdl9i3o92yAvWXAd2yZhxPNWgysHWiBwNZsd5NENgDn3LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDNqlkx+9zZDKrsH80CVcSthVSvCMB8GA1UdIwQY
MBaAFEHWRRuSOgfjZbLxkPqlWlct0Pr8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWRaRkc1STZCLU5sc3ZHUS1xVmFWeTNRLXZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9kZWU3NDQtMDg1NC00Y2YxLWFmNmEt
ZjU2Yzg0OTQzYTdkLzEvTTJxV1RINzNOa01xdXdmelFKVnhLMkZWSzhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9kZWU3NDQtMDg1NC00Y2YxLWFmNmEtZjU2Yzg0OTQzYTdk
LzEvUWRaRkc1STZCLU5sc3ZHUS1xVmFWeTNRLXZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9l2MA0G
CSqGSIb3DQEBCwUAA4IBAQCYWEtZNO83KbpirHfQ6tUJI9Zy44REns+Lrll8iqRl
GuKgHGfAJ1DxNzQoUug/5Occ2VKJaYMc3dfE+omfH5bQc3A1Hp0brkczsH2f/KQY
lUqWkxJ0ZmV6sVbf+R0SE7Onnu+w5sgFr5zXWbml3hlaalASzqthvQYiDNeRdgAI
6hB1vp2zHWPqCAxu7kOb3gUVAp4TVEO60/ns5VUlHbJwYcANwfBEwrxtuuuFHTJg
quGGWg18UeYgIpn5xSx7Dt0kox3XxOmmUrJmqFuPcVbflSbRrbPODUoT+ao3Wl4g
Nrq5zpq9fXSChAKBjsj2mh7kY0t3RNCNqOckLuaYnfPR
-----END CERTIFICATE-----