This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/5f8074-01ce-4cc4-b945-024e7257335f/1/MbSMYW2z-k-tWzhRKKuMhWB5T9M.roa
File:                     MbSMYW2z-k-tWzhRKKuMhWB5T9M.roa (raw, json)
Hash identifier:          36hqUzBolWCnQ5mdsvmp0C2YtpAXKgXLS0zIpWCBrC4=
Subject key identifier:   31:B4:8C:61:6D:B3:FA:4F:AD:5B:38:51:28:AB:8C:85:60:79:4F:D3
Certificate issuer:       /CN=5ad443ad19444814122f3b27cb93a505abe50799
Certificate serial:       019B7AC87B3506B51077AF5833C1C46622A7
Authority key identifier: 5A:D4:43:AD:19:44:48:14:12:2F:3B:27:CB:93:A5:05:AB:E5:07:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WtRDrRlESBQSLzsny5OlBavlB5k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/5f8074-01ce-4cc4-b945-024e7257335f/1/MbSMYW2z-k-tWzhRKKuMhWB5T9M.roa
Signing time:             Thu 01 Jan 2026 18:18:37 +0000
ROA not before:           Thu 01 Jan 2026 18:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49788
IP address blocks:        91.242.200.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/5f8074-01ce-4cc4-b945-024e7257335f/1/WtRDrRlESBQSLzsny5OlBavlB5k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/5f8074-01ce-4cc4-b945-024e7257335f/1/WtRDrRlESBQSLzsny5OlBavlB5k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WtRDrRlESBQSLzsny5OlBavlB5k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:7b:35:06:b5:10:77:af:58:33:c1:c4:66:22:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ad443ad19444814122f3b27cb93a505abe50799
        Validity
            Not Before: Jan  1 18:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31b48c616db3fa4fad5b385128ab8c8560794fd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d2:52:b2:a7:df:fa:ae:31:ee:04:b3:29:d8:
                    8e:ba:2f:86:5c:53:1d:84:81:4e:1b:4f:61:78:7b:
                    33:d2:51:8f:5a:92:9d:f5:29:c1:f0:87:6b:7a:29:
                    95:29:d7:c7:8f:2a:86:c8:64:bf:a7:3b:69:55:00:
                    1f:b1:6a:48:00:5c:ed:fa:34:b7:3a:00:e6:14:b3:
                    7f:73:3b:ee:5f:43:4c:b2:fd:da:a9:71:39:b8:4a:
                    83:01:b9:8a:77:32:33:64:64:dd:ad:27:61:dd:3e:
                    af:ae:c4:3e:41:6d:c9:22:17:f6:6d:a4:cf:4a:50:
                    9e:d8:fa:bd:25:45:69:c7:69:6b:ae:2a:26:80:0c:
                    b7:6e:13:27:7a:81:6b:85:a8:78:f5:9e:ce:ea:10:
                    b9:ef:c2:36:43:3f:7a:8a:bb:98:43:7d:85:85:29:
                    27:34:1b:c0:a0:e7:43:51:5b:5e:53:4e:c9:6f:e6:
                    15:9a:8d:14:29:9e:f5:81:21:08:02:09:72:18:38:
                    94:8e:d1:15:f3:08:ee:11:6d:09:e7:a1:41:73:fd:
                    79:d9:bd:bf:58:3c:16:4c:a5:97:1f:42:01:84:da:
                    a5:bf:fc:37:7f:fb:cf:32:79:36:4b:eb:9f:b2:d5:
                    16:1f:15:e1:2e:1e:d9:e7:42:87:3e:d0:05:df:29:
                    31:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:B4:8C:61:6D:B3:FA:4F:AD:5B:38:51:28:AB:8C:85:60:79:4F:D3
            X509v3 Authority Key Identifier:
                keyid:5A:D4:43:AD:19:44:48:14:12:2F:3B:27:CB:93:A5:05:AB:E5:07:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WtRDrRlESBQSLzsny5OlBavlB5k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/5f8074-01ce-4cc4-b945-024e7257335f/1/MbSMYW2z-k-tWzhRKKuMhWB5T9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/5f8074-01ce-4cc4-b945-024e7257335f/1/WtRDrRlESBQSLzsny5OlBavlB5k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         97:bc:bb:5f:72:fd:0d:07:c7:02:c0:8f:31:64:c7:0a:67:c6:
         e1:36:52:fd:c0:3d:ac:02:62:0b:12:7f:99:ba:ce:2e:9f:9f:
         e4:60:50:78:af:fd:ad:b4:d5:a9:c5:91:93:2a:41:31:6a:33:
         64:2c:94:4d:5e:dd:18:4e:45:7d:65:80:95:0a:3f:8e:13:75:
         9c:06:94:7a:4a:97:39:43:46:53:7b:97:12:d8:5f:ba:be:bd:
         db:65:8a:13:7e:cf:59:cf:86:4a:86:43:25:21:20:f6:00:26:
         f1:da:ba:5d:b5:3a:b3:fb:81:bf:b1:1a:9c:f4:4d:f1:1d:84:
         6d:ff:30:0b:07:49:50:69:f9:43:3c:9d:ed:4d:20:23:ba:f6:
         40:55:95:ee:2c:38:44:b0:c8:b9:74:96:cf:f0:1f:3b:87:c3:
         bc:93:47:49:af:91:fd:18:d2:c1:60:13:13:54:26:eb:9c:11:
         3d:c2:a1:cb:fe:a6:ba:ff:8e:77:95:2f:05:9f:68:9f:07:95:
         7e:b0:7b:2e:e4:e5:dc:06:e1:39:b3:2f:02:ec:70:79:59:47:
         9e:be:5b:e3:a9:cb:15:fe:38:c4:fb:ff:63:9a:6a:60:65:95:
         b6:92:e9:39:9b:1a:a5:14:68:49:55:22:1d:ba:e8:18:c6:5f:
         57:63:70:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yHs1BrUQd69YM8HEZiKnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZDQ0M2FkMTk0NDQ4MTQxMjJmM2IyN2NiOTNhNTA1YWJl
NTA3OTkwHhcNMjYwMTAxMTgxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWI0OGM2MTZkYjNmYTRmYWQ1YjM4NTEyOGFiOGM4NTYwNzk0ZmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNJSsqff+q4x7gSzKdiOui+GXFMd
hIFOG09heHsz0lGPWpKd9SnB8IdreimVKdfHjyqGyGS/pztpVQAfsWpIAFzt+jS3
OgDmFLN/czvuX0NMsv3aqXE5uEqDAbmKdzIzZGTdrSdh3T6vrsQ+QW3JIhf2baTP
SlCe2Pq9JUVpx2lrriomgAy3bhMneoFrhah49Z7O6hC578I2Qz96iruYQ32FhSkn
NBvAoOdDUVteU07Jb+YVmo0UKZ71gSEIAglyGDiUjtEV8wjuEW0J56FBc/152b2/
WDwWTKWXH0IBhNqlv/w3f/vPMnk2S+ufstUWHxXhLh7Z50KHPtAF3ykxQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDG0jGFts/pPrVs4USirjIVgeU/TMB8GA1UdIwQY
MBaAFFrUQ60ZREgUEi87J8uTpQWr5QeZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3RSRHJSbEVTQlFTTHpzbnk1T2xCYXZsQjVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi81ZjgwNzQtMDFjZS00Y2M0LWI5NDUt
MDI0ZTcyNTczMzVmLzEvTWJTTVlXMnotay10V3poUktLdU1oV0I1VDlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi81ZjgwNzQtMDFjZS00Y2M0LWI5NDUtMDI0ZTcyNTczMzVm
LzEvV3RSRHJSbEVTQlFTTHpzbnk1T2xCYXZsQjVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW/LIMA0G
CSqGSIb3DQEBCwUAA4IBAQCXvLtfcv0NB8cCwI8xZMcKZ8bhNlL9wD2sAmILEn+Z
us4un5/kYFB4r/2ttNWpxZGTKkExajNkLJRNXt0YTkV9ZYCVCj+OE3WcBpR6Spc5
Q0ZTe5cS2F+6vr3bZYoTfs9Zz4ZKhkMlISD2ACbx2rpdtTqz+4G/sRqc9E3xHYRt
/zALB0lQaflDPJ3tTSAjuvZAVZXuLDhEsMi5dJbP8B87h8O8k0dJr5H9GNLBYBMT
VCbrnBE9wqHL/qa6/453lS8Fn2ifB5V+sHsu5OXcBuE5sy8C7HB5WUeevlvjqcsV
/jjE+/9jmmpgZZW2kuk5mxqlFGhJVSIduugYxl9XY3AC
-----END CERTIFICATE-----