This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/72bd88-a0b4-4de4-a656-28a15404453e/1/M0TOyn3Fajg4bXPrKGJxN9Hvjss.roa
File:                     M0TOyn3Fajg4bXPrKGJxN9Hvjss.roa (raw, json)
Hash identifier:          iz1xOigpd52YAYJIyKzuYKInMpgIKrWsoBQltN69+EM=
Subject key identifier:   33:44:CE:CA:7D:C5:6A:38:38:6D:73:EB:28:62:71:37:D1:EF:8E:CB
Certificate issuer:       /CN=d602a073a1abc644357a5f9738eeb676a4a93dc6
Certificate serial:       019B77C6CA2FB484F93316331FC620B6DA01
Authority key identifier: D6:02:A0:73:A1:AB:C6:44:35:7A:5F:97:38:EE:B6:76:A4:A9:3D:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gKgc6GrxkQ1el-XOO62dqSpPcY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/72bd88-a0b4-4de4-a656-28a15404453e/1/M0TOyn3Fajg4bXPrKGJxN9Hvjss.roa
Signing time:             Thu 01 Jan 2026 04:17:55 +0000
ROA not before:           Thu 01 Jan 2026 04:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210685
IP address blocks:        91.217.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/72bd88-a0b4-4de4-a656-28a15404453e/1/1gKgc6GrxkQ1el-XOO62dqSpPcY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/72bd88-a0b4-4de4-a656-28a15404453e/1/1gKgc6GrxkQ1el-XOO62dqSpPcY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1gKgc6GrxkQ1el-XOO62dqSpPcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:ca:2f:b4:84:f9:33:16:33:1f:c6:20:b6:da:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d602a073a1abc644357a5f9738eeb676a4a93dc6
        Validity
            Not Before: Jan  1 04:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3344ceca7dc56a38386d73eb28627137d1ef8ecb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:87:8c:5d:58:2a:52:e9:98:c4:38:78:bd:cb:
                    f5:bb:8a:3c:d7:8a:39:75:76:07:eb:75:87:2d:82:
                    57:fd:5d:73:d0:a4:80:6c:ba:52:36:1e:43:aa:ff:
                    2b:b1:a0:11:11:9c:46:4a:2f:42:0a:43:68:b7:d2:
                    93:30:5c:d4:e0:bc:72:98:1a:e2:03:9f:76:11:be:
                    54:ce:2f:3f:57:ac:5c:c5:49:ff:4d:6d:87:d0:f7:
                    e3:69:1d:b2:97:92:44:e5:82:79:bc:cb:45:b1:ea:
                    e0:dc:1d:07:f5:15:87:f8:bb:b9:cd:3d:c8:9a:01:
                    18:89:01:d7:29:34:6e:9d:54:98:32:37:aa:e4:f5:
                    43:e7:48:ee:05:a0:a6:5c:b2:33:50:d7:79:cc:64:
                    9a:84:15:91:bf:11:55:8c:d9:e7:38:f8:c0:c9:76:
                    3c:80:10:23:00:8c:85:8b:19:b1:10:c5:65:f4:10:
                    69:c1:5f:ce:7c:e5:21:42:19:43:7a:0f:8d:4c:87:
                    4a:e8:58:c8:3b:cc:2a:c2:71:10:3d:41:43:c1:f1:
                    8b:d3:f1:66:66:4b:f0:80:c9:d2:b0:cd:11:ab:2a:
                    00:37:0a:4d:f2:b9:6d:20:aa:88:04:ba:ff:2a:3c:
                    68:05:b5:da:c9:8f:ff:19:27:19:a5:22:d3:9e:d6:
                    be:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:44:CE:CA:7D:C5:6A:38:38:6D:73:EB:28:62:71:37:D1:EF:8E:CB
            X509v3 Authority Key Identifier:
                keyid:D6:02:A0:73:A1:AB:C6:44:35:7A:5F:97:38:EE:B6:76:A4:A9:3D:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gKgc6GrxkQ1el-XOO62dqSpPcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/72bd88-a0b4-4de4-a656-28a15404453e/1/M0TOyn3Fajg4bXPrKGJxN9Hvjss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/72bd88-a0b4-4de4-a656-28a15404453e/1/1gKgc6GrxkQ1el-XOO62dqSpPcY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:d6:b5:ef:a0:23:09:dd:69:ae:26:08:0f:9d:c0:65:ed:84:
         c4:29:60:0e:7c:67:13:b9:0a:73:9b:78:01:5c:33:16:3c:51:
         d6:f7:24:8e:22:04:07:4d:78:90:51:41:6b:ed:84:de:d7:21:
         57:cb:04:4f:6a:18:7d:9a:f8:42:08:1e:88:9f:b0:ac:72:fd:
         ad:27:40:6e:94:d0:ab:dd:81:66:3d:e8:78:2c:c9:a8:62:80:
         51:15:f8:11:8a:59:e9:2f:ea:56:ff:af:a0:10:e1:c0:75:32:
         7e:94:15:62:17:fa:2a:de:a0:72:85:f9:50:5e:24:56:55:db:
         90:24:00:40:49:41:d6:94:07:83:78:86:20:07:17:9f:b5:eb:
         1d:2b:cb:4b:54:58:c3:8e:ac:35:8f:51:21:57:28:31:d1:9f:
         76:a7:5e:fb:e6:85:23:6c:5f:72:a5:8b:43:c0:58:ec:1b:05:
         7f:0f:4a:c7:f8:41:fe:70:a8:cc:3c:a7:3b:df:75:d9:f8:e9:
         3b:ad:e9:21:67:9f:a2:4c:20:59:b2:75:51:68:e6:ab:83:45:
         d8:9e:e4:92:dd:10:04:f1:2e:50:ae:4a:ba:f3:c8:dc:1f:84:
         97:68:37:20:93:b2:49:cc:4b:11:41:dd:a3:34:63:f2:53:a2:
         74:ce:7d:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xsovtIT5MxYzH8YgttoBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDJhMDczYTFhYmM2NDQzNTdhNWY5NzM4ZWViNjc2YTRh
OTNkYzYwHhcNMjYwMTAxMDQxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzQ0Y2VjYTdkYzU2YTM4Mzg2ZDczZWIyODYyNzEzN2QxZWY4ZWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoeMXVgqUumYxDh4vcv1u4o814o5
dXYH63WHLYJX/V1z0KSAbLpSNh5Dqv8rsaAREZxGSi9CCkNot9KTMFzU4LxymBri
A592Eb5Uzi8/V6xcxUn/TW2H0PfjaR2yl5JE5YJ5vMtFserg3B0H9RWH+Lu5zT3I
mgEYiQHXKTRunVSYMjeq5PVD50juBaCmXLIzUNd5zGSahBWRvxFVjNnnOPjAyXY8
gBAjAIyFixmxEMVl9BBpwV/OfOUhQhlDeg+NTIdK6FjIO8wqwnEQPUFDwfGL0/Fm
ZkvwgMnSsM0RqyoANwpN8rltIKqIBLr/KjxoBbXayY//GScZpSLTnta+nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDNEzsp9xWo4OG1z6yhicTfR747LMB8GA1UdIwQY
MBaAFNYCoHOhq8ZENXpflzjutnakqT3GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdLZ2M2R3J4a1ExZWwtWE9PNjJkcVNwUGNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83MmJkODgtYTBiNC00ZGU0LWE2NTYt
MjhhMTU0MDQ0NTNlLzEvTTBUT3luM0Zhamc0YlhQcktHSnhOOUh2anNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83MmJkODgtYTBiNC00ZGU0LWE2NTYtMjhhMTU0MDQ0NTNl
LzEvMWdLZ2M2R3J4a1ExZWwtWE9PNjJkcVNwUGNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9mjMA0G
CSqGSIb3DQEBCwUAA4IBAQAm1rXvoCMJ3WmuJggPncBl7YTEKWAOfGcTuQpzm3gB
XDMWPFHW9ySOIgQHTXiQUUFr7YTe1yFXywRPahh9mvhCCB6In7Cscv2tJ0BulNCr
3YFmPeh4LMmoYoBRFfgRilnpL+pW/6+gEOHAdTJ+lBViF/oq3qByhflQXiRWVduQ
JABASUHWlAeDeIYgBxeftesdK8tLVFjDjqw1j1EhVygx0Z92p1775oUjbF9ypYtD
wFjsGwV/D0rH+EH+cKjMPKc733XZ+Ok7rekhZ5+iTCBZsnVRaOarg0XYnuSS3RAE
8S5Qrkq688jcH4SXaDcgk7JJzEsRQd2jNGPyU6J0zn2e
-----END CERTIFICATE-----