This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/q1iV5HfiWb2bDdmQsPwstYhz80U.roa
File:                     q1iV5HfiWb2bDdmQsPwstYhz80U.roa (raw, json)
Hash identifier:          BQwEoYPH+cxz0vuPMNQasnJLnY5C7gkVMF5XtFV/wE4=
Subject key identifier:   AB:58:95:E4:77:E2:59:BD:9B:0D:D9:90:B0:FC:2C:B5:88:73:F3:45
Certificate issuer:       /CN=28ab22fb2da473c5426bfcc1f880861004017087
Certificate serial:       019B77C712D204EB6CC081EE50AB1CDEB274
Authority key identifier: 28:AB:22:FB:2D:A4:73:C5:42:6B:FC:C1:F8:80:86:10:04:01:70:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KKsi-y2kc8VCa_zB-ICGEAQBcIc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/q1iV5HfiWb2bDdmQsPwstYhz80U.roa
Signing time:             Thu 01 Jan 2026 04:18:13 +0000
ROA not before:           Thu 01 Jan 2026 04:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        195.85.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/KKsi-y2kc8VCa_zB-ICGEAQBcIc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/KKsi-y2kc8VCa_zB-ICGEAQBcIc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KKsi-y2kc8VCa_zB-ICGEAQBcIc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 13:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:12:d2:04:eb:6c:c0:81:ee:50:ab:1c:de:b2:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28ab22fb2da473c5426bfcc1f880861004017087
        Validity
            Not Before: Jan  1 04:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab5895e477e259bd9b0dd990b0fc2cb58873f345
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:04:f1:42:04:f1:b4:f0:ae:a6:25:01:60:51:
                    be:6f:92:37:ba:3e:03:2f:ab:82:16:d6:b1:d7:9f:
                    d5:d6:fa:33:ef:bd:c1:75:b0:58:f6:fb:41:47:19:
                    69:47:de:0b:91:2f:c4:04:94:4d:25:d7:6c:00:33:
                    14:fd:78:f3:b5:85:78:89:25:3a:0b:b8:d4:6b:2b:
                    78:56:5b:c7:2d:e4:47:3c:0d:b0:7d:2b:f0:9f:70:
                    81:28:92:93:30:03:21:0a:26:0b:7b:37:a9:e2:a3:
                    4b:9f:0f:a5:8a:db:99:fc:4d:05:d8:b0:0f:ea:c0:
                    57:cf:81:b7:21:7d:89:39:3d:fa:b9:90:03:e4:32:
                    c1:90:26:08:ff:83:25:b7:45:7d:37:e6:69:a5:4f:
                    5e:51:44:26:de:af:5c:1b:07:a8:0a:aa:cf:97:d9:
                    0b:5b:5c:85:ef:8e:a3:0b:32:b7:b8:2e:81:21:36:
                    97:ad:f4:09:56:94:b4:ae:46:50:5a:7a:a5:b7:61:
                    c1:fa:7e:39:45:e4:f1:72:8e:88:c1:21:d6:46:8e:
                    e4:80:7b:16:77:c1:34:2d:f0:56:9d:ac:36:16:ce:
                    c3:5c:5f:a2:22:77:8d:bf:14:68:53:cd:08:b8:36:
                    70:7d:b4:b4:b0:11:44:e3:06:b5:2e:ba:ed:62:97:
                    00:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:58:95:E4:77:E2:59:BD:9B:0D:D9:90:B0:FC:2C:B5:88:73:F3:45
            X509v3 Authority Key Identifier:
                keyid:28:AB:22:FB:2D:A4:73:C5:42:6B:FC:C1:F8:80:86:10:04:01:70:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KKsi-y2kc8VCa_zB-ICGEAQBcIc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/q1iV5HfiWb2bDdmQsPwstYhz80U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f53da4-02e8-48f4-80b3-3a1595fc86ef/1/KKsi-y2kc8VCa_zB-ICGEAQBcIc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:1e:82:f0:56:bb:a5:db:00:6a:27:27:02:98:10:d5:43:c8:
         6a:39:0c:47:42:32:83:cb:dc:4b:99:39:e2:2e:23:07:86:57:
         1b:51:b5:5e:a0:60:0d:df:ab:9d:ec:37:d9:20:dd:2e:4e:85:
         f6:0c:d5:65:f3:19:4a:b8:49:81:0c:26:74:5a:5f:f8:33:3d:
         86:0d:2f:7e:f2:cd:a2:62:8f:16:32:58:22:c1:ca:82:f1:04:
         b4:c1:4f:b5:79:9f:bb:56:8c:d4:64:56:55:59:9b:d9:eb:24:
         a3:b9:4d:05:e8:b5:85:63:5b:15:d7:48:cd:66:3f:cb:3b:a0:
         1a:10:a0:f6:16:2d:09:22:62:f4:0f:7e:18:11:59:55:a7:b3:
         c9:07:2d:f0:31:d5:54:07:0d:31:eb:16:dd:85:6e:4a:42:5b:
         d2:29:2a:71:92:cc:e0:05:d4:36:31:c7:cc:de:37:1a:c3:99:
         1e:35:47:e5:c2:75:56:ec:23:e4:cf:5f:a5:96:bf:2e:fd:5d:
         eb:02:6a:97:f8:21:dc:c1:53:ac:6e:09:a1:ff:a4:49:33:c4:
         f7:71:16:52:0a:d0:d8:00:94:ca:60:08:0d:59:26:d6:35:eb:
         db:f2:1c:f1:6a:95:c4:34:0e:3b:d0:08:a8:6e:62:f8:db:b1:
         5a:64:0b:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xxLSBOtswIHuUKsc3rJ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YWIyMmZiMmRhNDczYzU0MjZiZmNjMWY4ODA4NjEwMDQw
MTcwODcwHhcNMjYwMTAxMDQxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjU4OTVlNDc3ZTI1OWJkOWIwZGQ5OTBiMGZjMmNiNTg4NzNmMzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgTxQgTxtPCupiUBYFG+b5I3uj4D
L6uCFtax15/V1voz773BdbBY9vtBRxlpR94LkS/EBJRNJddsADMU/XjztYV4iSU6
C7jUayt4VlvHLeRHPA2wfSvwn3CBKJKTMAMhCiYLezep4qNLnw+lituZ/E0F2LAP
6sBXz4G3IX2JOT36uZAD5DLBkCYI/4Mlt0V9N+ZppU9eUUQm3q9cGweoCqrPl9kL
W1yF746jCzK3uC6BITaXrfQJVpS0rkZQWnqlt2HB+n45ReTxco6IwSHWRo7kgHsW
d8E0LfBWnaw2Fs7DXF+iIneNvxRoU80IuDZwfbS0sBFE4wa1LrrtYpcAlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtYleR34lm9mw3ZkLD8LLWIc/NFMB8GA1UdIwQY
MBaAFCirIvstpHPFQmv8wfiAhhAEAXCHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0tzaS15MmtjOFZDYV96Qi1JQ0dFQVFCY0ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mNTNkYTQtMDJlOC00OGY0LTgwYjMt
M2ExNTk1ZmM4NmVmLzEvcTFpVjVIZmlXYjJiRGRtUXNQd3N0WWh6ODBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mNTNkYTQtMDJlOC00OGY0LTgwYjMtM2ExNTk1ZmM4NmVm
LzEvS0tzaS15MmtjOFZDYV96Qi1JQ0dFQVFCY0ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1UMMA0G
CSqGSIb3DQEBCwUAA4IBAQB7HoLwVrul2wBqJycCmBDVQ8hqOQxHQjKDy9xLmTni
LiMHhlcbUbVeoGAN36ud7DfZIN0uToX2DNVl8xlKuEmBDCZ0Wl/4Mz2GDS9+8s2i
Yo8WMlgiwcqC8QS0wU+1eZ+7VozUZFZVWZvZ6ySjuU0F6LWFY1sV10jNZj/LO6Aa
EKD2Fi0JImL0D34YEVlVp7PJBy3wMdVUBw0x6xbdhW5KQlvSKSpxkszgBdQ2McfM
3jcaw5keNUflwnVW7CPkz1+llr8u/V3rAmqX+CHcwVOsbgmh/6RJM8T3cRZSCtDY
AJTKYAgNWSbWNevb8hzxapXENA470AiobmL427FaZAsH
-----END CERTIFICATE-----