This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/qLiHjVxYeZRae0LxUh9U97xjqYo.roa
File:                     qLiHjVxYeZRae0LxUh9U97xjqYo.roa (raw, json)
Hash identifier:          acLOx505/1So/mUgTmHWSlZDnFWbe0eT/WNUby9EFuo=
Subject key identifier:   A8:B8:87:8D:5C:58:79:94:5A:7B:42:F1:52:1F:54:F7:BC:63:A9:8A
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       019B7C13058F62C3DFFCB1573BABAF90F05C
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/qLiHjVxYeZRae0LxUh9U97xjqYo.roa
Signing time:             Fri 02 Jan 2026 00:19:39 +0000
ROA not before:           Fri 02 Jan 2026 00:19:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206794
IP address blocks:        195.65.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:05:8f:62:c3:df:fc:b1:57:3b:ab:af:90:f0:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  2 00:19:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a8b8878d5c5879945a7b42f1521f54f7bc63a98a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:4b:9f:37:de:25:72:ba:71:86:46:6d:a7:bd:
                    88:a8:b5:90:9a:b3:c6:cd:6b:dd:fe:3c:19:3b:ad:
                    82:05:d4:0e:cf:90:d3:db:fe:19:62:ed:84:51:ac:
                    d1:f0:41:f4:b1:85:3c:55:9e:59:2b:2b:24:9a:d4:
                    81:08:cd:cd:87:9b:dd:09:e9:57:dc:e7:9c:5f:70:
                    cd:3d:2c:2b:be:70:76:7e:65:8b:67:27:82:73:01:
                    03:ec:bc:d1:2b:72:7c:76:f0:a2:89:ae:f6:bd:b1:
                    7a:86:b0:68:00:de:36:10:86:e2:d7:a9:af:cd:ac:
                    ca:ec:1f:86:94:de:9c:9f:88:35:3d:78:f4:6d:eb:
                    d8:59:fc:c3:3d:f4:f8:c6:0a:4b:f9:20:6d:4a:fc:
                    a9:fc:43:44:dc:26:57:0c:b9:0e:6a:b2:4d:fa:05:
                    60:76:94:b8:03:5b:41:14:8d:92:db:a7:fb:2f:0f:
                    e8:ef:19:05:ce:a6:2d:17:fc:c9:72:51:97:76:2e:
                    b8:66:e6:3e:2e:21:c8:72:95:2a:c3:95:14:02:fc:
                    58:9c:72:e4:31:b8:2e:b8:92:c6:0e:c8:4a:07:d6:
                    6d:45:d1:f2:24:18:6c:87:f2:1d:e4:8e:0d:5d:38:
                    6d:45:6c:43:19:d8:08:e4:dc:e2:66:ea:00:f9:48:
                    2f:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:B8:87:8D:5C:58:79:94:5A:7B:42:F1:52:1F:54:F7:BC:63:A9:8A
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/qLiHjVxYeZRae0LxUh9U97xjqYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.65.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:02:34:43:03:c7:a4:a5:fe:76:b5:da:16:8a:dc:aa:13:c4:
         7a:ae:b0:f3:af:c3:11:49:85:9d:27:d9:d1:84:af:0b:73:2c:
         95:8c:f4:ff:6b:d2:6d:bc:30:3b:40:e6:18:cf:69:c6:5f:b7:
         5d:93:c7:a6:c8:be:dd:a6:20:cf:ab:6c:09:f5:17:6e:3c:4b:
         6b:58:1a:7b:0a:11:71:58:26:ff:7b:39:b6:ad:ca:62:65:0e:
         14:67:1d:a0:10:b1:44:70:66:29:c2:90:d2:21:de:f8:b5:c2:
         91:f0:89:fb:56:af:94:6d:fb:e7:67:bd:d8:6a:86:66:53:7c:
         13:c9:1a:91:f8:8c:ec:14:1b:7c:c8:2e:53:9f:1f:8b:f9:77:
         d6:9a:0d:27:f9:06:7d:9d:3a:ee:48:97:41:0a:92:b1:30:8e:
         e1:1f:6d:d1:59:68:69:1f:34:65:20:97:04:ef:28:47:a4:90:
         fc:9b:b3:8a:c4:a2:c2:31:b9:1e:e6:d7:77:ec:8d:83:f7:f0:
         1d:54:54:e4:27:df:d8:e6:7c:53:77:bf:88:0c:34:09:1a:f7:
         bb:95:57:6c:34:80:fc:17:63:e3:26:37:05:a7:21:d3:ee:1f:
         3b:d7:2a:31:85:08:34:0b:51:ab:a4:1e:c5:11:1b:73:a5:ca:
         7f:a4:f2:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EwWPYsPf/LFXO6uvkPBcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjYwMTAyMDAxOTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGI4ODc4ZDVjNTg3OTk0NWE3YjQyZjE1MjFmNTRmN2JjNjNhOThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUufN94lcrpxhkZtp72IqLWQmrPG
zWvd/jwZO62CBdQOz5DT2/4ZYu2EUazR8EH0sYU8VZ5ZKyskmtSBCM3Nh5vdCelX
3OecX3DNPSwrvnB2fmWLZyeCcwED7LzRK3J8dvCiia72vbF6hrBoAN42EIbi16mv
zazK7B+GlN6cn4g1PXj0bevYWfzDPfT4xgpL+SBtSvyp/ENE3CZXDLkOarJN+gVg
dpS4A1tBFI2S26f7Lw/o7xkFzqYtF/zJclGXdi64ZuY+LiHIcpUqw5UUAvxYnHLk
MbguuJLGDshKB9ZtRdHyJBhsh/Id5I4NXThtRWxDGdgI5NziZuoA+UgvPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKi4h41cWHmUWntC8VIfVPe8Y6mKMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvcUxpSGpWeFllWlJhZTBMeFVoOVU5N3hqcVlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0FWMA0G
CSqGSIb3DQEBCwUAA4IBAQCDAjRDA8ekpf52tdoWityqE8R6rrDzr8MRSYWdJ9nR
hK8LcyyVjPT/a9JtvDA7QOYYz2nGX7ddk8emyL7dpiDPq2wJ9RduPEtrWBp7ChFx
WCb/ezm2rcpiZQ4UZx2gELFEcGYpwpDSId74tcKR8In7Vq+UbfvnZ73YaoZmU3wT
yRqR+IzsFBt8yC5Tnx+L+XfWmg0n+QZ9nTruSJdBCpKxMI7hH23RWWhpHzRlIJcE
7yhHpJD8m7OKxKLCMbke5td37I2D9/AdVFTkJ9/Y5nxTd7+IDDQJGve7lVdsNID8
F2PjJjcFpyHT7h871yoxhQg0C1GrpB7FERtzpcp/pPKt
-----END CERTIFICATE-----