This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/MnsbtIQz7xDmxO00yoOkhugSDno.roa
File:                     MnsbtIQz7xDmxO00yoOkhugSDno.roa (raw, json)
Hash identifier:          Xefbw5GD/L8m9ogXKzw5J8XNRLNKJd2yI/L+PusS/eE=
Subject key identifier:   32:7B:1B:B4:84:33:EF:10:E6:C4:ED:34:CA:83:A4:86:E8:12:0E:7A
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       019B7910509DD7D94B24702033FE8F75C167
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/MnsbtIQz7xDmxO00yoOkhugSDno.roa
Signing time:             Thu 01 Jan 2026 10:17:50 +0000
ROA not before:           Thu 01 Jan 2026 10:17:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47585
IP address blocks:        78.135.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:50:9d:d7:d9:4b:24:70:20:33:fe:8f:75:c1:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  1 10:17:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=327b1bb48433ef10e6c4ed34ca83a486e8120e7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:53:09:69:cd:9d:03:5f:bb:8a:88:af:1d:31:
                    60:4a:f1:4d:bf:2f:17:17:cb:96:fe:1c:9a:0f:21:
                    dd:ee:db:a1:6c:53:1a:e8:f4:6a:38:02:2a:8f:45:
                    83:c4:86:b1:f4:cc:90:a0:df:1b:b3:5a:8d:4e:a9:
                    91:aa:40:7d:cf:de:bc:77:df:ff:a5:01:df:dc:92:
                    a1:9a:13:a7:c4:97:26:30:a3:49:98:e7:75:a9:f0:
                    f0:86:78:cd:c5:9e:a9:ec:23:4d:2a:b8:14:a0:58:
                    c7:84:27:20:24:d1:6e:53:5b:2e:09:38:1e:0c:31:
                    0b:0f:2c:03:58:bb:53:97:c6:99:04:37:41:53:ba:
                    e8:ee:f9:db:0f:86:3b:70:4e:05:db:e1:90:06:a1:
                    58:90:ed:ce:2f:0d:47:29:8c:77:01:94:5e:4a:9b:
                    65:0d:73:57:4e:2a:37:8c:16:a3:32:2d:6f:f3:f4:
                    8a:db:16:05:85:3c:a8:77:50:2d:d2:0b:17:50:cb:
                    25:a6:1f:c1:f2:a9:e4:a1:fd:03:a8:39:df:4c:8d:
                    7a:32:d5:42:5d:be:8b:7d:69:f4:e0:b5:78:32:e2:
                    22:b8:75:dc:4e:2b:83:36:c6:57:5f:02:2d:d3:8e:
                    f1:3a:44:b5:4a:7d:1e:41:7a:80:88:bd:fa:8a:93:
                    5a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:7B:1B:B4:84:33:EF:10:E6:C4:ED:34:CA:83:A4:86:E8:12:0E:7A
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/MnsbtIQz7xDmxO00yoOkhugSDno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.135.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:22:f7:44:ab:5c:26:bd:6f:0c:93:33:6d:b7:fb:86:b1:73:
         25:3c:a4:4c:30:cf:b0:11:46:5e:b9:3f:b8:1c:0a:0e:76:14:
         32:31:ed:fd:83:3a:21:0e:b8:b6:5b:6e:8b:0b:da:89:f6:09:
         58:04:95:89:da:f3:49:45:5b:c3:23:74:af:ee:9b:d5:6f:4a:
         a7:ab:2f:81:ba:5a:0a:a8:7e:d8:87:f6:97:8d:0b:63:51:5c:
         54:d6:27:c6:27:3c:f9:f7:6d:81:98:ed:28:12:86:07:84:b9:
         9e:c1:17:14:6f:fe:3f:1e:d1:23:b8:b6:79:22:97:e8:9c:2a:
         ef:96:19:f5:1f:04:fb:78:dc:65:0d:83:2d:b6:74:7a:5c:9b:
         82:dc:44:61:d1:d1:ad:9c:39:52:45:bd:15:1a:c7:4f:c8:c9:
         38:55:31:65:91:02:db:5d:b8:58:2f:d7:4a:1d:88:b9:33:4f:
         b7:78:a2:cd:7e:2f:39:5d:e0:f0:21:32:2f:bb:f4:39:e0:6d:
         6d:76:72:74:d5:87:85:af:19:c4:b8:0c:a3:c7:99:57:6d:ed:
         ce:a1:16:88:31:98:a9:58:4d:9c:7e:b7:72:2f:1e:45:19:96:
         0e:ef:0d:f7:27:1f:50:37:fd:1f:a0:97:ef:fd:3d:0a:0e:e9:
         11:7b:73:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EFCd19lLJHAgM/6PdcFnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjYwMTAxMTAxNzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjdiMWJiNDg0MzNlZjEwZTZjNGVkMzRjYTgzYTQ4NmU4MTIwZTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2lMJac2dA1+7ioivHTFgSvFNvy8X
F8uW/hyaDyHd7tuhbFMa6PRqOAIqj0WDxIax9MyQoN8bs1qNTqmRqkB9z968d9//
pQHf3JKhmhOnxJcmMKNJmOd1qfDwhnjNxZ6p7CNNKrgUoFjHhCcgJNFuU1suCTge
DDELDywDWLtTl8aZBDdBU7ro7vnbD4Y7cE4F2+GQBqFYkO3OLw1HKYx3AZReSptl
DXNXTio3jBajMi1v8/SK2xYFhTyod1At0gsXUMslph/B8qnkof0DqDnfTI16MtVC
Xb6LfWn04LV4MuIiuHXcTiuDNsZXXwIt047xOkS1Sn0eQXqAiL36ipNaCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJ7G7SEM+8Q5sTtNMqDpIboEg56MB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvTW5zYnRJUXo3eERteE8wMHlvT2todWdTRG5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATodvMA0G
CSqGSIb3DQEBCwUAA4IBAQCiIvdEq1wmvW8MkzNtt/uGsXMlPKRMMM+wEUZeuT+4
HAoOdhQyMe39gzohDri2W26LC9qJ9glYBJWJ2vNJRVvDI3Sv7pvVb0qnqy+BuloK
qH7Yh/aXjQtjUVxU1ifGJzz5922BmO0oEoYHhLmewRcUb/4/HtEjuLZ5IpfonCrv
lhn1HwT7eNxlDYMttnR6XJuC3ERh0dGtnDlSRb0VGsdPyMk4VTFlkQLbXbhYL9dK
HYi5M0+3eKLNfi85XeDwITIvu/Q54G1tdnJ01YeFrxnEuAyjx5lXbe3OoRaIMZip
WE2cfrdyLx5FGZYO7w33Jx9QN/0foJfv/T0KDukRe3OG
-----END CERTIFICATE-----