This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/Q4ARpo7c_FOTpND5OOktY5HSyqo.roa
File:                     Q4ARpo7c_FOTpND5OOktY5HSyqo.roa (raw, json)
Hash identifier:          ILsFUwZlsj6McFw7LlD/gZjYBWIJxR6ph/CcN+j5KSY=
Subject key identifier:   43:80:11:A6:8E:DC:FC:53:93:A4:D0:F9:38:E9:2D:63:91:D2:CA:AA
Certificate issuer:       /CN=31cb00d2f84401810c3200b52fa388e93651ddf3
Certificate serial:       019AA0CA201054C504B625E22F853C62FBD1
Authority key identifier: 31:CB:00:D2:F8:44:01:81:0C:32:00:B5:2F:A3:88:E9:36:51:DD:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/McsA0vhEAYEMMgC1L6OI6TZR3fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/Q4ARpo7c_FOTpND5OOktY5HSyqo.roa
Signing time:             Thu 20 Nov 2025 10:23:12 +0000
ROA not before:           Thu 20 Nov 2025 10:23:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5483
IP address blocks:        188.127.128.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/McsA0vhEAYEMMgC1L6OI6TZR3fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/McsA0vhEAYEMMgC1L6OI6TZR3fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/McsA0vhEAYEMMgC1L6OI6TZR3fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Dec 2025 07:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:a0:ca:20:10:54:c5:04:b6:25:e2:2f:85:3c:62:fb:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31cb00d2f84401810c3200b52fa388e93651ddf3
        Validity
            Not Before: Nov 20 10:23:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=438011a68edcfc5393a4d0f938e92d6391d2caaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:90:f5:6d:1d:6c:ab:db:4c:15:ac:79:6b:a3:
                    c4:3e:09:bb:b4:85:9a:7c:ff:9b:66:fd:bb:64:71:
                    13:79:d8:42:84:41:ac:9d:a8:43:e8:e1:6a:45:c6:
                    0e:df:6f:ce:d1:cf:ad:f7:cc:38:78:f8:73:c7:40:
                    b1:02:07:3f:e9:ef:9a:a2:28:4e:e2:e2:d9:ab:8c:
                    07:fd:e1:ba:26:b1:3a:d2:ce:f9:68:3a:6a:d0:2b:
                    38:28:94:d7:9e:f6:17:b1:b6:c7:f5:ae:9c:ee:c0:
                    35:e9:2e:b3:3b:4a:08:8f:2f:57:6f:89:d3:cd:ee:
                    b2:9d:96:33:98:7e:1e:ca:f3:8c:1a:48:e0:01:29:
                    88:9e:c3:41:91:6a:fe:7a:b1:c3:ae:e5:c4:fb:95:
                    d2:13:4c:10:e0:76:a8:88:16:47:3e:65:ba:59:e7:
                    77:37:8b:6b:ac:c8:fa:b9:4d:91:79:ce:30:f5:9b:
                    f4:18:94:f9:91:4e:fc:43:4e:82:dc:96:b7:a1:df:
                    10:e9:3b:31:d4:f8:68:8f:fa:e8:98:bf:b5:aa:70:
                    d9:8e:70:40:57:a8:e5:52:1e:88:59:f9:1b:52:93:
                    7b:59:14:8b:06:67:5b:d9:8c:af:d7:e2:a1:da:00:
                    a4:80:e0:b1:e0:a1:c1:95:91:38:ad:c4:f0:56:50:
                    76:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:80:11:A6:8E:DC:FC:53:93:A4:D0:F9:38:E9:2D:63:91:D2:CA:AA
            X509v3 Authority Key Identifier:
                keyid:31:CB:00:D2:F8:44:01:81:0C:32:00:B5:2F:A3:88:E9:36:51:DD:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/McsA0vhEAYEMMgC1L6OI6TZR3fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/Q4ARpo7c_FOTpND5OOktY5HSyqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/ee9519-ff61-4679-9015-80e427596b5d/1/McsA0vhEAYEMMgC1L6OI6TZR3fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.127.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         80:d2:cd:1c:85:1b:7e:3e:d0:41:3e:de:7d:47:be:36:85:13:
         d7:2f:3e:fe:8b:39:ee:b6:6f:3d:88:e4:82:26:53:de:67:92:
         8d:1c:cc:71:f3:09:66:d2:f4:e2:20:f8:08:c4:a3:53:c9:88:
         a3:fd:89:4e:d1:db:5c:89:12:04:1b:f6:33:45:99:bd:9a:1d:
         ed:1e:87:1b:70:51:9f:70:2d:32:09:93:40:d0:bd:f0:7b:f1:
         ca:9d:eb:26:af:7a:79:9e:1b:ed:ee:19:a6:0c:a1:4a:4d:a6:
         26:87:ef:53:d2:f6:24:83:ad:42:bd:95:43:9b:e8:af:3e:94:
         f0:7e:b6:20:87:81:38:31:89:49:db:71:a1:19:51:df:90:2f:
         39:09:a9:c2:0f:e3:fe:f6:69:a8:7f:0b:e4:a8:1d:0d:b8:7f:
         ef:e6:95:e6:b9:92:2d:bb:8b:ce:bf:0f:99:9b:81:66:ea:de:
         53:6c:6d:45:17:12:d9:5f:98:f8:3c:d1:26:d4:15:3f:d1:ac:
         d1:94:8a:83:49:0c:e9:a1:8a:d1:fd:66:41:99:7f:bd:fd:1f:
         dc:cd:fa:69:19:d3:fe:78:60:8a:10:99:e7:ea:c8:61:d0:59:
         fc:d1:8b:a2:9b:7c:fc:af:10:54:ef:86:a4:69:7f:80:eb:6d:
         e9:17:6d:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqgyiAQVMUEtiXiL4U8YvvRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxY2IwMGQyZjg0NDAxODEwYzMyMDBiNTJmYTM4OGU5MzY1
MWRkZjMwHhcNMjUxMTIwMTAyMzEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzgwMTFhNjhlZGNmYzUzOTNhNGQwZjkzOGU5MmQ2MzkxZDJjYWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5D1bR1sq9tMFax5a6PEPgm7tIWa
fP+bZv27ZHETedhChEGsnahD6OFqRcYO32/O0c+t98w4ePhzx0CxAgc/6e+aoihO
4uLZq4wH/eG6JrE60s75aDpq0Cs4KJTXnvYXsbbH9a6c7sA16S6zO0oIjy9Xb4nT
ze6ynZYzmH4eyvOMGkjgASmInsNBkWr+erHDruXE+5XSE0wQ4HaoiBZHPmW6Wed3
N4trrMj6uU2Rec4w9Zv0GJT5kU78Q06C3Ja3od8Q6Tsx1Phoj/romL+1qnDZjnBA
V6jlUh6IWfkbUpN7WRSLBmdb2Yyv1+Kh2gCkgOCx4KHBlZE4rcTwVlB2aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOAEaaO3PxTk6TQ+TjpLWOR0sqqMB8GA1UdIwQY
MBaAFDHLANL4RAGBDDIAtS+jiOk2Ud3zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWNzQTB2aEVBWUVNTWdDMUw2T0k2VFpSM2ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9lZTk1MTktZmY2MS00Njc5LTkwMTUt
ODBlNDI3NTk2YjVkLzEvUTRBUnBvN2NfRk9UcE5ENU9Pa3RZNUhTeXFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9lZTk1MTktZmY2MS00Njc5LTkwMTUtODBlNDI3NTk2YjVk
LzEvTWNzQTB2aEVBWUVNTWdDMUw2T0k2VFpSM2ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFvH+AMA0G
CSqGSIb3DQEBCwUAA4IBAQCA0s0chRt+PtBBPt59R742hRPXLz7+iznutm89iOSC
JlPeZ5KNHMxx8wlm0vTiIPgIxKNTyYij/YlO0dtciRIEG/YzRZm9mh3tHocbcFGf
cC0yCZNA0L3we/HKnesmr3p5nhvt7hmmDKFKTaYmh+9T0vYkg61CvZVDm+ivPpTw
frYgh4E4MYlJ23GhGVHfkC85CanCD+P+9mmofwvkqB0NuH/v5pXmuZItu4vOvw+Z
m4Fm6t5TbG1FFxLZX5j4PNEm1BU/0azRlIqDSQzpoYrR/WZBmX+9/R/czfppGdP+
eGCKEJnn6shh0Fn80Yuim3z8rxBU74akaX+A623pF22Z
-----END CERTIFICATE-----