This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/qduc2jhoP9cMdj01SAWGJl_8Vw8.roa
File:                     qduc2jhoP9cMdj01SAWGJl_8Vw8.roa (raw, json)
Hash identifier:          g0aA1ydGIL3ddT1AZvyhUkAB74q6TZK61pu3cvFNWTQ=
Subject key identifier:   A9:DB:9C:DA:38:68:3F:D7:0C:76:3D:35:48:05:86:26:5F:FC:57:0F
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019BB8E772664E99F35A499D3C372872FB11
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/qduc2jhoP9cMdj01SAWGJl_8Vw8.roa
Signing time:             Tue 13 Jan 2026 19:48:54 +0000
ROA not before:           Tue 13 Jan 2026 19:48:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401322
IP address blocks:        89.21.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:b8:e7:72:66:4e:99:f3:5a:49:9d:3c:37:28:72:fb:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan 13 19:48:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a9db9cda38683fd70c763d35480586265ffc570f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:69:50:9e:66:7d:46:d9:0c:de:a5:6f:fc:76:
                    bf:04:5e:05:a3:37:d0:e8:b7:a3:ba:70:7f:2e:36:
                    ba:71:ce:16:40:9a:21:12:98:c7:bd:ea:68:f2:cf:
                    36:ca:6a:8b:b2:f0:ed:d8:d8:5c:ff:d1:c9:08:82:
                    1c:c0:3d:b3:1e:af:66:5e:a0:81:7d:96:29:0b:d4:
                    25:77:d4:4f:27:96:69:20:aa:01:bc:a0:c3:e4:3e:
                    f8:5c:66:0e:ad:28:88:f6:3d:8e:8d:0d:1f:2b:1f:
                    ff:e9:1b:9f:2a:fe:c9:98:84:f5:2f:16:f6:d9:a9:
                    59:8e:05:50:d5:61:81:73:e3:51:40:40:44:94:02:
                    45:05:b1:ed:b2:25:8c:d9:d0:af:43:57:b6:70:59:
                    80:cb:17:d4:bd:a7:19:be:75:34:42:48:81:e4:27:
                    98:c8:b2:8b:12:dd:64:40:84:7f:42:40:6e:a9:b3:
                    02:e6:00:0c:55:17:4e:00:ab:07:7c:e0:ce:49:5f:
                    25:5e:91:56:8b:2c:b5:e7:c2:0c:9e:63:f8:18:a7:
                    9d:ac:4e:fc:ee:c9:62:ea:2b:9d:1a:f5:4c:fe:14:
                    80:ab:c0:1c:b2:a5:a7:3a:2c:bb:23:89:9a:a8:6f:
                    84:57:9d:69:54:ed:fc:19:96:61:4a:69:38:fa:d8:
                    80:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:DB:9C:DA:38:68:3F:D7:0C:76:3D:35:48:05:86:26:5F:FC:57:0F
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/qduc2jhoP9cMdj01SAWGJl_8Vw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.21.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:8c:45:ae:88:9a:d3:00:97:05:3b:0a:76:ba:c5:03:02:2f:
         41:5b:d4:24:8b:3b:75:04:63:6c:ff:42:da:05:57:5f:0f:00:
         9c:cf:45:62:25:2b:a0:5b:61:d0:1d:12:df:c0:5e:73:c1:d0:
         85:e9:7c:2b:96:a2:64:22:38:75:4d:8f:4f:74:a9:9c:93:d6:
         da:c5:93:7f:1d:b7:57:77:68:17:35:4a:5d:e1:ee:d3:9f:81:
         a7:16:40:25:b1:39:56:83:40:5a:1a:19:5d:82:aa:21:10:0f:
         8c:dc:61:c5:51:84:c4:a0:5c:1a:83:fc:1b:ff:c8:64:47:2c:
         1e:7f:d4:b9:6d:f7:5a:85:3e:b9:b9:3b:52:3d:d5:d3:45:22:
         83:b5:01:54:98:d5:d9:c4:19:33:82:c2:a0:f7:ed:0a:79:ea:
         16:82:50:e2:40:91:01:ec:ac:c5:31:33:d5:e2:b8:43:b8:aa:
         95:1f:db:d2:77:40:a7:d0:7c:66:27:b9:d6:24:f7:c4:15:18:
         d1:81:e5:ae:d9:2c:f4:8d:02:4e:bb:4f:5c:ce:2d:07:db:7d:
         c8:6c:21:6b:6f:09:8d:78:5a:ec:ba:30:08:66:62:fe:0f:45:
         ab:be:7f:d9:42:bf:45:8d:7f:a7:66:35:a2:cb:cb:d4:57:7d:
         bf:29:38:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZu453JmTpnzWkmdPDcocvsRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwMTEzMTk0ODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWRiOWNkYTM4NjgzZmQ3MGM3NjNkMzU0ODA1ODYyNjVmZmM1NzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2lQnmZ9RtkM3qVv/Ha/BF4FozfQ
6LejunB/Lja6cc4WQJohEpjHvepo8s82ymqLsvDt2Nhc/9HJCIIcwD2zHq9mXqCB
fZYpC9Qld9RPJ5ZpIKoBvKDD5D74XGYOrSiI9j2OjQ0fKx//6RufKv7JmIT1Lxb2
2alZjgVQ1WGBc+NRQEBElAJFBbHtsiWM2dCvQ1e2cFmAyxfUvacZvnU0QkiB5CeY
yLKLEt1kQIR/QkBuqbMC5gAMVRdOAKsHfODOSV8lXpFWiyy158IMnmP4GKedrE78
7sli6iudGvVM/hSAq8AcsqWnOiy7I4maqG+EV51pVO38GZZhSmk4+tiAywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKnbnNo4aD/XDHY9NUgFhiZf/FcPMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvcWR1YzJqaG9QOWNNZGowMVNBV0dKbF84Vnc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRVXMA0G
CSqGSIb3DQEBCwUAA4IBAQBHjEWuiJrTAJcFOwp2usUDAi9BW9Qkizt1BGNs/0La
BVdfDwCcz0ViJSugW2HQHRLfwF5zwdCF6XwrlqJkIjh1TY9PdKmck9baxZN/HbdX
d2gXNUpd4e7Tn4GnFkAlsTlWg0BaGhldgqohEA+M3GHFUYTEoFwag/wb/8hkRywe
f9S5bfdahT65uTtSPdXTRSKDtQFUmNXZxBkzgsKg9+0KeeoWglDiQJEB7KzFMTPV
4rhDuKqVH9vSd0Cn0HxmJ7nWJPfEFRjRgeWu2Sz0jQJOu09czi0H233IbCFrbwmN
eFrsujAIZmL+D0Wrvn/ZQr9FjX+nZjWiy8vUV32/KTgV
-----END CERTIFICATE-----