This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/fb53d6-ada8-426d-99fb-c5cf4b3b1ca6/1/QfmQSbGn-rduzrFqyr6Sbemoe_M.roa
File:                     QfmQSbGn-rduzrFqyr6Sbemoe_M.roa (raw, json)
Hash identifier:          osfrqMp9JnWBuxKfciaGluVi+EkA7SyhrK0LWIgUKOM=
Subject key identifier:   41:F9:90:49:B1:A7:FA:B7:6E:CE:B1:6A:CA:BE:92:6D:E9:A8:7B:F3
Certificate issuer:       /CN=04f46af885d1ccbb0c09b06870785b5e691787e1
Certificate serial:       019B77587C1CD9646DE8E5DA32746053890B
Authority key identifier: 04:F4:6A:F8:85:D1:CC:BB:0C:09:B0:68:70:78:5B:5E:69:17:87:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BPRq-IXRzLsMCbBocHhbXmkXh-E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/fb53d6-ada8-426d-99fb-c5cf4b3b1ca6/1/QfmQSbGn-rduzrFqyr6Sbemoe_M.roa
Signing time:             Thu 01 Jan 2026 02:17:26 +0000
ROA not before:           Thu 01 Jan 2026 02:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        91.235.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/fb53d6-ada8-426d-99fb-c5cf4b3b1ca6/1/BPRq-IXRzLsMCbBocHhbXmkXh-E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/fb53d6-ada8-426d-99fb-c5cf4b3b1ca6/1/BPRq-IXRzLsMCbBocHhbXmkXh-E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BPRq-IXRzLsMCbBocHhbXmkXh-E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 08:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:7c:1c:d9:64:6d:e8:e5:da:32:74:60:53:89:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04f46af885d1ccbb0c09b06870785b5e691787e1
        Validity
            Not Before: Jan  1 02:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=41f99049b1a7fab76eceb16acabe926de9a87bf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0c:4c:27:70:97:38:97:57:d4:14:ce:d4:35:
                    4e:13:28:8e:7e:60:61:93:0e:d5:62:25:83:55:03:
                    bb:a7:49:1f:3b:0b:7c:3b:fc:08:18:b3:d2:02:7a:
                    0c:43:3f:f7:19:9c:e5:24:ae:99:44:d3:3f:55:99:
                    2a:e4:81:6c:0d:a0:c4:3d:d0:30:24:9d:fe:17:15:
                    5e:5a:95:6a:9a:38:ad:19:ba:8a:4c:66:f9:8c:ce:
                    c1:71:80:9c:19:7e:f4:c0:5b:33:2e:19:0b:24:64:
                    52:0b:a8:6a:98:7c:81:5e:6e:fd:36:56:08:0f:1d:
                    9e:8c:5e:c9:a5:a9:93:8a:b5:fb:c9:ed:fc:6e:e6:
                    3d:19:7e:2e:81:db:51:a0:60:86:59:fa:83:50:5f:
                    9f:55:d1:a4:66:33:f9:01:b6:0d:b0:78:b5:78:cd:
                    85:ed:16:95:2f:94:a4:50:27:94:01:0e:28:94:73:
                    3f:d8:14:28:45:db:d1:77:7a:90:24:6c:2a:e2:4f:
                    9f:01:b2:01:4c:df:c6:b8:59:49:32:77:e8:6b:dc:
                    f1:ae:44:92:9d:0b:e6:0c:6e:c9:1c:50:da:51:1b:
                    ba:d7:97:35:ec:28:06:20:b5:5e:95:0c:1c:fc:4b:
                    01:4a:11:df:6e:0b:68:b8:01:0c:b6:5a:72:32:d9:
                    18:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:F9:90:49:B1:A7:FA:B7:6E:CE:B1:6A:CA:BE:92:6D:E9:A8:7B:F3
            X509v3 Authority Key Identifier:
                keyid:04:F4:6A:F8:85:D1:CC:BB:0C:09:B0:68:70:78:5B:5E:69:17:87:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BPRq-IXRzLsMCbBocHhbXmkXh-E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/fb53d6-ada8-426d-99fb-c5cf4b3b1ca6/1/QfmQSbGn-rduzrFqyr6Sbemoe_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/fb53d6-ada8-426d-99fb-c5cf4b3b1ca6/1/BPRq-IXRzLsMCbBocHhbXmkXh-E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:42:b1:ab:fc:2a:9c:78:79:21:15:4b:55:43:01:16:89:2d:
         23:bb:7f:85:13:64:fb:cf:c1:a4:01:b4:5b:2e:40:e2:38:61:
         8c:cb:c1:3e:67:56:d6:c1:50:9e:ce:b5:d4:61:12:1c:68:e4:
         45:ab:be:32:bc:ba:f4:93:b8:94:4a:63:64:52:36:60:1a:75:
         71:e1:bc:32:d6:04:64:29:66:c9:18:0d:02:ca:36:00:6f:8c:
         32:23:62:e1:ff:79:c9:61:99:af:55:f1:96:97:31:16:98:7d:
         d4:c0:6c:3a:9d:05:94:9b:bc:e1:b1:c4:9c:dc:42:95:f5:1d:
         28:58:cf:5b:79:20:11:a7:49:23:a4:e0:85:e3:ba:71:c7:09:
         74:0b:0d:fe:3f:41:ce:b6:b3:80:7e:79:4e:df:04:98:b1:5f:
         08:7b:aa:5c:72:9a:94:36:0f:7a:76:fd:f3:3f:ad:1b:a2:f9:
         fb:5d:44:93:b3:ab:9d:fc:02:70:75:a4:12:16:68:cf:6c:81:
         20:12:2d:39:32:cd:f6:f6:64:45:09:ec:ee:39:83:05:68:da:
         0c:f7:63:dc:60:0c:77:95:93:0e:d4:d7:ec:ce:ac:cb:f7:3f:
         1d:d2:51:44:f1:cd:2d:16:db:34:cb:c9:fe:8a:d6:51:bb:64:
         47:b6:80:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WHwc2WRt6OXaMnRgU4kLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0ZjQ2YWY4ODVkMWNjYmIwYzA5YjA2ODcwNzg1YjVlNjkx
Nzg3ZTEwHhcNMjYwMTAxMDIxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWY5OTA0OWIxYTdmYWI3NmVjZWIxNmFjYWJlOTI2ZGU5YTg3YmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAxMJ3CXOJdX1BTO1DVOEyiOfmBh
kw7VYiWDVQO7p0kfOwt8O/wIGLPSAnoMQz/3GZzlJK6ZRNM/VZkq5IFsDaDEPdAw
JJ3+FxVeWpVqmjitGbqKTGb5jM7BcYCcGX70wFszLhkLJGRSC6hqmHyBXm79NlYI
Dx2ejF7JpamTirX7ye38buY9GX4ugdtRoGCGWfqDUF+fVdGkZjP5AbYNsHi1eM2F
7RaVL5SkUCeUAQ4olHM/2BQoRdvRd3qQJGwq4k+fAbIBTN/GuFlJMnfoa9zxrkSS
nQvmDG7JHFDaURu615c17CgGILVelQwc/EsBShHfbgtouAEMtlpyMtkYzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEH5kEmxp/q3bs6xasq+km3pqHvzMB8GA1UdIwQY
MBaAFAT0aviF0cy7DAmwaHB4W15pF4fhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlBScS1JWFJ6THNNQ2JCb2NIaGJYbWtYaC1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9mYjUzZDYtYWRhOC00MjZkLTk5ZmIt
YzVjZjRiM2IxY2E2LzEvUWZtUVNiR24tcmR1enJGcXlyNlNiZW1vZV9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9mYjUzZDYtYWRhOC00MjZkLTk5ZmItYzVjZjRiM2IxY2E2
LzEvQlBScS1JWFJ6THNNQ2JCb2NIaGJYbWtYaC1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+s/MA0G
CSqGSIb3DQEBCwUAA4IBAQCxQrGr/CqceHkhFUtVQwEWiS0ju3+FE2T7z8GkAbRb
LkDiOGGMy8E+Z1bWwVCezrXUYRIcaORFq74yvLr0k7iUSmNkUjZgGnVx4bwy1gRk
KWbJGA0CyjYAb4wyI2Lh/3nJYZmvVfGWlzEWmH3UwGw6nQWUm7zhscSc3EKV9R0o
WM9beSARp0kjpOCF47pxxwl0Cw3+P0HOtrOAfnlO3wSYsV8Ie6pccpqUNg96dv3z
P60bovn7XUSTs6ud/AJwdaQSFmjPbIEgEi05Ms329mRFCezuOYMFaNoM92PcYAx3
lZMO1NfszqzL9z8d0lFE8c0tFts0y8n+itZRu2RHtoC6
-----END CERTIFICATE-----