This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/4a5d71-e11d-4d32-b597-019ec9d9a758/1/MCQJgOH0F61zyqort3aDkrCqcME.roa
File:                     MCQJgOH0F61zyqort3aDkrCqcME.roa (raw, json)
Hash identifier:          dFlLGTPXyNVZq9IJXBt9j7cJ/cyhu9qP1civtpo4hwY=
Subject key identifier:   30:24:09:80:E1:F4:17:AD:73:CA:AA:2B:B7:76:83:92:B0:AA:70:C1
Certificate issuer:       /CN=68e95817406095ec7cb5c7b286b11333497b9451
Certificate serial:       019B7BA52237B03AC0A3D49680B5DDA1D7F8
Authority key identifier: 68:E9:58:17:40:60:95:EC:7C:B5:C7:B2:86:B1:13:33:49:7B:94:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aOlYF0Bglex8tceyhrETM0l7lFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/4a5d71-e11d-4d32-b597-019ec9d9a758/1/MCQJgOH0F61zyqort3aDkrCqcME.roa
Signing time:             Thu 01 Jan 2026 22:19:38 +0000
ROA not before:           Thu 01 Jan 2026 22:19:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208477
IP address blocks:        91.208.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/4a5d71-e11d-4d32-b597-019ec9d9a758/1/aOlYF0Bglex8tceyhrETM0l7lFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/4a5d71-e11d-4d32-b597-019ec9d9a758/1/aOlYF0Bglex8tceyhrETM0l7lFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aOlYF0Bglex8tceyhrETM0l7lFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:22:37:b0:3a:c0:a3:d4:96:80:b5:dd:a1:d7:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68e95817406095ec7cb5c7b286b11333497b9451
        Validity
            Not Before: Jan  1 22:19:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=30240980e1f417ad73caaa2bb7768392b0aa70c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8d:6b:a2:5d:1b:34:a0:cd:fe:27:46:2d:f9:
                    5f:33:06:8e:5a:44:98:ea:ec:b0:5c:f2:31:17:6d:
                    7e:d5:7a:3f:55:d7:e5:c0:7b:10:90:97:c4:15:dd:
                    95:ed:1e:55:dd:8d:42:46:64:b3:16:6e:5e:05:c5:
                    29:11:48:cb:98:eb:c5:1f:5f:81:3f:7d:a8:c6:47:
                    5b:a3:60:6d:92:54:4b:cc:e0:ad:14:2f:d7:a1:24:
                    bb:f3:d5:73:e5:b7:6f:91:51:9b:bd:af:b9:0f:2a:
                    b2:49:56:c8:7c:5f:6e:2f:1f:51:04:e4:6a:5c:c1:
                    9d:b7:62:19:a4:f6:0e:2e:eb:6b:5a:c2:e0:61:9c:
                    c7:c3:53:c8:6c:64:ad:64:f1:53:1d:6e:9c:ac:c0:
                    ab:3e:a9:c9:c5:74:82:7c:b5:a1:b2:67:9e:4d:49:
                    30:7c:d8:fe:f7:d0:2f:6d:30:0d:31:e8:19:8d:14:
                    35:cf:00:b2:ac:d2:73:f1:6c:d2:50:1b:af:4a:00:
                    31:1e:49:c4:76:21:28:9e:e4:ad:92:d4:3d:2d:e7:
                    72:30:00:4d:57:27:27:6d:b3:ce:d9:7d:8c:72:39:
                    a6:22:62:d1:4c:6f:13:43:9c:94:d1:7e:a7:76:3f:
                    56:df:72:5b:aa:bf:26:9d:c8:60:a4:77:40:21:4e:
                    4c:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:24:09:80:E1:F4:17:AD:73:CA:AA:2B:B7:76:83:92:B0:AA:70:C1
            X509v3 Authority Key Identifier:
                keyid:68:E9:58:17:40:60:95:EC:7C:B5:C7:B2:86:B1:13:33:49:7B:94:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aOlYF0Bglex8tceyhrETM0l7lFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/4a5d71-e11d-4d32-b597-019ec9d9a758/1/MCQJgOH0F61zyqort3aDkrCqcME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/4a5d71-e11d-4d32-b597-019ec9d9a758/1/aOlYF0Bglex8tceyhrETM0l7lFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:49:cb:70:0c:8a:15:6c:75:df:bb:50:bc:df:5d:e8:58:1d:
         d3:2e:c5:e5:f1:1d:c5:8e:ec:e0:0c:43:d2:1e:b9:53:44:fc:
         57:c7:3e:04:2c:66:18:45:d6:fc:c5:b9:dd:14:c7:11:ad:f0:
         16:db:ca:a4:7c:1c:80:1c:e3:53:e1:d8:df:1c:0e:50:8d:02:
         84:07:7d:80:c1:f3:35:ed:93:88:44:04:6e:d3:20:a6:85:8a:
         af:bc:6b:73:ff:29:a7:49:22:28:4d:ce:85:a1:99:77:2b:52:
         d2:1e:0a:ce:cc:1b:17:d8:48:6f:32:1b:ad:02:30:5e:cd:07:
         b3:10:58:f6:4c:85:e5:49:6c:63:2b:19:ba:42:fa:cf:17:11:
         58:c7:93:72:3b:31:2e:bd:3f:76:4a:e8:c3:b3:16:2b:86:b7:
         c3:af:3c:55:8e:d0:2d:4c:50:fc:58:ff:a8:3a:f3:71:bf:37:
         7b:37:97:34:b6:60:1c:6a:97:30:78:63:a2:7a:a2:cf:7c:c2:
         bb:f7:7e:0b:8c:a9:b5:40:73:fe:0f:c1:e3:c5:b2:72:a9:14:
         4a:99:68:93:53:ac:2e:38:f9:4f:22:e5:c6:11:4b:87:1e:1c:
         5f:80:e1:80:19:ff:05:18:f0:2a:80:b3:62:f2:f3:a2:ba:27:
         3c:19:83:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pSI3sDrAo9SWgLXdodf4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZTk1ODE3NDA2MDk1ZWM3Y2I1YzdiMjg2YjExMzMzNDk3
Yjk0NTEwHhcNMjYwMTAxMjIxOTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDI0MDk4MGUxZjQxN2FkNzNjYWFhMmJiNzc2ODM5MmIwYWE3MGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtY1rol0bNKDN/idGLflfMwaOWkSY
6uywXPIxF21+1Xo/VdflwHsQkJfEFd2V7R5V3Y1CRmSzFm5eBcUpEUjLmOvFH1+B
P32oxkdbo2BtklRLzOCtFC/XoSS789Vz5bdvkVGbva+5DyqySVbIfF9uLx9RBORq
XMGdt2IZpPYOLutrWsLgYZzHw1PIbGStZPFTHW6crMCrPqnJxXSCfLWhsmeeTUkw
fNj+99AvbTANMegZjRQ1zwCyrNJz8WzSUBuvSgAxHknEdiEonuStktQ9LedyMABN
VycnbbPO2X2McjmmImLRTG8TQ5yU0X6ndj9W33Jbqr8mnchgpHdAIU5MPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAkCYDh9Betc8qqK7d2g5KwqnDBMB8GA1UdIwQY
MBaAFGjpWBdAYJXsfLXHsoaxEzNJe5RRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU9sWUYwQmdsZXg4dGNleWhyRVRNMGw3bEZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy80YTVkNzEtZTExZC00ZDMyLWI1OTct
MDE5ZWM5ZDlhNzU4LzEvTUNRSmdPSDBGNjF6eXFvcnQzYURrckNxY01FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy80YTVkNzEtZTExZC00ZDMyLWI1OTctMDE5ZWM5ZDlhNzU4
LzEvYU9sWUYwQmdsZXg4dGNleWhyRVRNMGw3bEZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9AfMA0G
CSqGSIb3DQEBCwUAA4IBAQBYSctwDIoVbHXfu1C8313oWB3TLsXl8R3FjuzgDEPS
HrlTRPxXxz4ELGYYRdb8xbndFMcRrfAW28qkfByAHONT4djfHA5QjQKEB32AwfM1
7ZOIRARu0yCmhYqvvGtz/ymnSSIoTc6FoZl3K1LSHgrOzBsX2EhvMhutAjBezQez
EFj2TIXlSWxjKxm6QvrPFxFYx5NyOzEuvT92SujDsxYrhrfDrzxVjtAtTFD8WP+o
OvNxvzd7N5c0tmAcapcweGOieqLPfMK7934LjKm1QHP+D8HjxbJyqRRKmWiTU6wu
OPlPIuXGEUuHHhxfgOGAGf8FGPAqgLNi8vOiuic8GYNk
-----END CERTIFICATE-----