This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/h_mqNQszx2PTzGXOAdr9UOtG0oQ.roa
File:                     h_mqNQszx2PTzGXOAdr9UOtG0oQ.roa (raw, json)
Hash identifier:          235Tjy9+0qC4/SwaHaGCQ2fgI767ra+v0WFBpbZMY1A=
Subject key identifier:   87:F9:AA:35:0B:33:C7:63:D3:CC:65:CE:01:DA:FD:50:EB:46:D2:84
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019C1F367EC35FA9ECEBCD01B8BF029CAD42
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/h_mqNQszx2PTzGXOAdr9UOtG0oQ.roa
Signing time:             Mon 02 Feb 2026 16:36:30 +0000
ROA not before:           Mon 02 Feb 2026 16:36:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        89.23.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Feb 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:1f:36:7e:c3:5f:a9:ec:eb:cd:01:b8:bf:02:9c:ad:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Feb  2 16:36:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=87f9aa350b33c763d3cc65ce01dafd50eb46d284
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:6a:8a:b1:6d:5d:83:ad:02:11:f4:a5:8c:a9:
                    78:29:e1:5c:78:47:29:95:a5:f9:25:25:2e:80:38:
                    bb:95:44:7b:dc:f4:80:4b:c7:3a:13:8b:65:63:e7:
                    a4:1e:3f:08:07:7d:f4:05:7a:21:c7:c2:c6:af:58:
                    03:54:29:3f:5b:11:19:05:53:14:2d:89:bf:8b:59:
                    1a:f9:20:a0:1e:1d:5c:7c:7b:e8:04:08:ce:e4:20:
                    e8:e9:4c:1e:df:d6:a4:28:39:98:1a:25:3c:78:10:
                    58:18:21:98:ea:6f:b3:1f:05:9f:31:6f:4e:a1:f3:
                    00:c3:ee:f4:70:cb:70:22:b7:4a:0d:65:7e:69:08:
                    e4:35:09:84:af:9d:b3:c9:f0:7f:d4:5c:6a:af:a1:
                    4a:a2:61:27:7b:78:06:cb:35:66:e8:2e:e7:5e:7b:
                    84:01:e6:3b:84:cb:57:22:0e:b1:3b:cd:1b:bc:a4:
                    d1:84:d1:de:38:b5:ce:e9:19:31:71:13:c1:ab:01:
                    36:08:d1:1d:d2:46:72:78:c4:9d:a1:7b:f8:7a:e4:
                    ce:cc:19:da:3d:68:52:73:47:e6:77:96:be:11:d0:
                    ea:1e:82:12:64:ac:49:97:fb:f8:f5:4b:54:84:f9:
                    4d:38:16:6b:a5:d2:02:f6:88:db:54:c2:ad:e7:91:
                    03:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:F9:AA:35:0B:33:C7:63:D3:CC:65:CE:01:DA:FD:50:EB:46:D2:84
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/h_mqNQszx2PTzGXOAdr9UOtG0oQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:22:66:b6:c3:9a:27:35:e8:fa:b2:50:11:a9:7e:f9:5b:bd:
         b7:4a:9b:5e:c5:51:b0:d1:07:4f:22:24:eb:54:95:c9:9e:3c:
         72:cb:17:e7:21:e6:55:a8:68:34:21:1a:ec:e1:bb:ca:e1:7b:
         e0:4b:86:04:a4:85:09:e7:ac:e8:9b:f6:95:6b:9a:e6:75:29:
         fc:14:47:85:69:ce:1c:17:c4:6d:0b:c0:cd:91:63:ae:ed:1a:
         f4:3b:57:40:e8:c6:d9:64:14:e5:65:fa:c2:08:a1:d9:70:d2:
         b5:d7:10:08:3c:f0:09:90:b6:e2:c3:45:67:a3:61:98:db:45:
         bb:e3:94:91:12:9d:a0:71:99:a9:47:7c:94:f1:01:6c:a5:bb:
         96:8d:bb:18:59:de:86:fa:f9:3e:9e:d6:b9:0d:78:ee:6c:42:
         a3:84:94:1d:75:43:16:2b:73:13:41:71:22:af:d5:b4:5f:f3:
         d0:de:2c:80:ae:05:2c:8c:cd:ca:3b:3d:39:38:2d:fa:b8:5a:
         a7:64:a4:8f:46:bf:1f:c7:4f:e3:de:ca:d4:4a:1c:89:29:59:
         cd:81:91:07:11:3d:5b:f1:44:14:88:32:89:4d:86:0b:3e:5c:
         8f:62:e4:08:30:7d:c2:e5:b5:2b:6b:bd:0e:c2:dd:cd:7a:8f:
         8a:cb:bd:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwfNn7DX6ns680BuL8CnK1CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwMjAyMTYzNjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2Y5YWEzNTBiMzNjNzYzZDNjYzY1Y2UwMWRhZmQ1MGViNDZkMjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2qKsW1dg60CEfSljKl4KeFceEcp
laX5JSUugDi7lUR73PSAS8c6E4tlY+ekHj8IB330BXohx8LGr1gDVCk/WxEZBVMU
LYm/i1ka+SCgHh1cfHvoBAjO5CDo6Uwe39akKDmYGiU8eBBYGCGY6m+zHwWfMW9O
ofMAw+70cMtwIrdKDWV+aQjkNQmEr52zyfB/1Fxqr6FKomEne3gGyzVm6C7nXnuE
AeY7hMtXIg6xO80bvKTRhNHeOLXO6RkxcRPBqwE2CNEd0kZyeMSdoXv4euTOzBna
PWhSc0fmd5a+EdDqHoISZKxJl/v49UtUhPlNOBZrpdIC9ojbVMKt55EDJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIf5qjULM8dj08xlzgHa/VDrRtKEMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvaF9tcU5Rc3p4MlBUekdYT0FkcjlVT3RHMG9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdMMA0G
CSqGSIb3DQEBCwUAA4IBAQBqIma2w5onNej6slARqX75W723SptexVGw0QdPIiTr
VJXJnjxyyxfnIeZVqGg0IRrs4bvK4XvgS4YEpIUJ56zom/aVa5rmdSn8FEeFac4c
F8RtC8DNkWOu7Rr0O1dA6MbZZBTlZfrCCKHZcNK11xAIPPAJkLbiw0Vno2GY20W7
45SREp2gcZmpR3yU8QFspbuWjbsYWd6G+vk+nta5DXjubEKjhJQddUMWK3MTQXEi
r9W0X/PQ3iyArgUsjM3KOz05OC36uFqnZKSPRr8fx0/j3srUShyJKVnNgZEHET1b
8UQUiDKJTYYLPlyPYuQIMH3C5bUra70Owt3Neo+Ky71U
-----END CERTIFICATE-----