This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/04163e-da0a-4206-9378-e49d461c3154/1/mDQRP_41vCpTv8zEQtwrpsMlm6o.roa
File:                     mDQRP_41vCpTv8zEQtwrpsMlm6o.roa (raw, json)
Hash identifier:          wP6wE0fEKqnHP4YtC1NM+FHDVJbGLAERsWmmC8DpUK8=
Subject key identifier:   98:34:11:3F:FE:35:BC:2A:53:BF:CC:C4:42:DC:2B:A6:C3:25:9B:AA
Certificate issuer:       /CN=c997413ed74a37161e8bb3f61562541dd28905be
Certificate serial:       019B7B35FB889A827488C6F8254D0DA2F3C5
Authority key identifier: C9:97:41:3E:D7:4A:37:16:1E:8B:B3:F6:15:62:54:1D:D2:89:05:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yZdBPtdKNxYei7P2FWJUHdKJBb4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/04163e-da0a-4206-9378-e49d461c3154/1/mDQRP_41vCpTv8zEQtwrpsMlm6o.roa
Signing time:             Thu 01 Jan 2026 20:18:13 +0000
ROA not before:           Thu 01 Jan 2026 20:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        91.212.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/04163e-da0a-4206-9378-e49d461c3154/1/yZdBPtdKNxYei7P2FWJUHdKJBb4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/04163e-da0a-4206-9378-e49d461c3154/1/yZdBPtdKNxYei7P2FWJUHdKJBb4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yZdBPtdKNxYei7P2FWJUHdKJBb4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:fb:88:9a:82:74:88:c6:f8:25:4d:0d:a2:f3:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c997413ed74a37161e8bb3f61562541dd28905be
        Validity
            Not Before: Jan  1 20:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9834113ffe35bc2a53bfccc442dc2ba6c3259baa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:0d:6c:6b:46:50:8b:55:1d:97:01:41:2f:16:
                    ef:c3:93:8e:ed:46:bf:43:6c:f8:83:83:8c:39:72:
                    23:83:9b:ef:2f:cc:04:72:11:c8:e6:28:6d:e8:5c:
                    a6:b4:7c:02:a7:28:ce:ca:67:9b:b0:61:6b:55:5b:
                    14:09:31:f1:79:8a:a8:bd:5e:28:13:24:47:ee:7c:
                    2c:6e:73:16:d2:aa:00:4e:e7:ff:9e:42:3c:55:33:
                    e5:49:9b:35:16:92:0c:7e:31:e3:b9:5f:8d:a8:98:
                    75:78:b0:fa:31:92:70:e3:43:d0:da:7d:65:e1:b0:
                    9a:b1:e8:e6:db:53:e8:cb:0e:b3:3a:d5:dc:26:ad:
                    3c:5e:48:70:da:c6:02:7c:8d:3f:58:a8:86:10:01:
                    54:15:2b:31:87:c4:35:83:90:b5:dd:dc:8a:b3:fa:
                    0b:1c:db:f0:20:42:fd:34:55:b7:e4:4f:99:20:1b:
                    61:fd:bd:09:fc:f3:8f:c7:29:fa:e0:3f:6a:1d:cd:
                    0f:c7:9c:99:2e:66:09:bc:f7:7a:95:81:44:a7:80:
                    24:a7:2e:d2:e7:c0:1f:eb:1a:25:c3:30:ae:22:9d:
                    3a:68:c8:bc:c2:fb:67:80:94:51:fb:c2:1e:45:7d:
                    f9:e3:d3:3f:a8:2f:9a:b3:d5:32:5d:3b:a6:bf:f3:
                    8d:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:34:11:3F:FE:35:BC:2A:53:BF:CC:C4:42:DC:2B:A6:C3:25:9B:AA
            X509v3 Authority Key Identifier:
                keyid:C9:97:41:3E:D7:4A:37:16:1E:8B:B3:F6:15:62:54:1D:D2:89:05:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yZdBPtdKNxYei7P2FWJUHdKJBb4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/04163e-da0a-4206-9378-e49d461c3154/1/mDQRP_41vCpTv8zEQtwrpsMlm6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/04163e-da0a-4206-9378-e49d461c3154/1/yZdBPtdKNxYei7P2FWJUHdKJBb4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:ce:c0:bd:d0:c9:9d:95:99:85:6c:4d:6f:b2:58:a6:c7:83:
         15:39:3e:e5:19:7f:cd:21:56:9b:bb:b5:5f:1c:db:78:8c:02:
         7b:f5:5d:72:82:4a:f2:db:d2:f5:8a:20:43:48:6f:d8:c0:a6:
         b8:75:79:04:f2:df:1d:81:a8:c3:72:d6:a0:d9:e8:ba:e8:35:
         80:5a:39:7a:6e:62:8a:5c:57:99:fe:75:0b:24:13:e2:c6:65:
         46:9c:c0:6b:30:91:35:f0:71:b7:e1:53:99:00:57:21:ed:44:
         85:20:e9:a9:9e:01:34:f7:1c:71:9d:31:68:5b:03:ec:96:37:
         1f:d4:bb:4a:cd:60:f1:a5:aa:c7:23:4d:49:3c:51:f6:ff:2d:
         de:03:af:c1:ee:f1:ac:36:83:88:c7:27:e2:e0:13:45:85:14:
         c9:6a:27:b3:b1:b5:20:d0:08:38:a8:75:58:7a:6f:3f:69:c7:
         40:c4:82:2b:c8:50:4e:cb:19:ae:d9:21:b3:be:8b:ad:4d:73:
         47:36:ea:8f:92:84:d9:97:93:a7:b5:09:73:7d:42:4b:ba:17:
         53:5e:60:22:08:3e:aa:bf:78:cc:51:8e:8c:6e:05:04:00:cc:
         52:08:59:65:02:73:5a:c9:8a:51:d8:69:8f:e2:5f:46:fa:7c:
         91:05:f1:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NfuImoJ0iMb4JU0NovPFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5OTc0MTNlZDc0YTM3MTYxZThiYjNmNjE1NjI1NDFkZDI4
OTA1YmUwHhcNMjYwMTAxMjAxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODM0MTEzZmZlMzViYzJhNTNiZmNjYzQ0MmRjMmJhNmMzMjU5YmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApw1sa0ZQi1UdlwFBLxbvw5OO7Ua/
Q2z4g4OMOXIjg5vvL8wEchHI5iht6FymtHwCpyjOymebsGFrVVsUCTHxeYqovV4o
EyRH7nwsbnMW0qoATuf/nkI8VTPlSZs1FpIMfjHjuV+NqJh1eLD6MZJw40PQ2n1l
4bCasejm21Poyw6zOtXcJq08Xkhw2sYCfI0/WKiGEAFUFSsxh8Q1g5C13dyKs/oL
HNvwIEL9NFW35E+ZIBth/b0J/POPxyn64D9qHc0Px5yZLmYJvPd6lYFEp4Akpy7S
58Af6xolwzCuIp06aMi8wvtngJRR+8IeRX3549M/qC+as9UyXTumv/ONiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJg0ET/+NbwqU7/MxELcK6bDJZuqMB8GA1UdIwQY
MBaAFMmXQT7XSjcWHouz9hViVB3SiQW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVpkQlB0ZEtOeFllaTdQMkZXSlVIZEtKQmI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNDE2M2UtZGEwYS00MjA2LTkzNzgt
ZTQ5ZDQ2MWMzMTU0LzEvbURRUlBfNDF2Q3BUdjh6RVF0d3Jwc01sbTZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNDE2M2UtZGEwYS00MjA2LTkzNzgtZTQ5ZDQ2MWMzMTU0
LzEveVpkQlB0ZEtOeFllaTdQMkZXSlVIZEtKQmI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9QdMA0G
CSqGSIb3DQEBCwUAA4IBAQBbzsC90MmdlZmFbE1vslimx4MVOT7lGX/NIVabu7Vf
HNt4jAJ79V1ygkry29L1iiBDSG/YwKa4dXkE8t8dgajDctag2ei66DWAWjl6bmKK
XFeZ/nULJBPixmVGnMBrMJE18HG34VOZAFch7USFIOmpngE09xxxnTFoWwPsljcf
1LtKzWDxparHI01JPFH2/y3eA6/B7vGsNoOIxyfi4BNFhRTJaiezsbUg0Ag4qHVY
em8/acdAxIIryFBOyxmu2SGzvoutTXNHNuqPkoTZl5OntQlzfUJLuhdTXmAiCD6q
v3jMUY6MbgUEAMxSCFllAnNayYpR2GmP4l9G+nyRBfEa
-----END CERTIFICATE-----