This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/qWbEXMINqoKUyiATzLEBHjD1a0s.roa
File:                     qWbEXMINqoKUyiATzLEBHjD1a0s.roa (raw, json)
Hash identifier:          NOL+wdKX7imFnhEKuPl9DS3QZ7jbUIqZZx4+g6n89ws=
Subject key identifier:   A9:66:C4:5C:C2:0D:AA:82:94:CA:20:13:CC:B1:01:1E:30:F5:6B:4B
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       019B7C130BC8645EA962DC305759D87F79CD
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/qWbEXMINqoKUyiATzLEBHjD1a0s.roa
Signing time:             Fri 02 Jan 2026 00:19:41 +0000
ROA not before:           Fri 02 Jan 2026 00:19:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214756
IP address blocks:        194.209.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:0b:c8:64:5e:a9:62:dc:30:57:59:d8:7f:79:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  2 00:19:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a966c45cc20daa8294ca2013ccb1011e30f56b4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:4a:50:d9:06:ee:65:a4:9a:c2:88:34:2c:2f:
                    24:1c:c7:89:e4:71:42:90:f9:d4:ae:ab:b7:64:e1:
                    55:f1:b0:f2:e3:cf:e9:fd:27:f0:40:4a:7d:e8:26:
                    40:4e:61:dd:2d:9b:64:fc:67:27:4d:05:ef:95:06:
                    ce:8f:50:22:74:2b:39:26:c6:6d:83:a1:21:5f:bf:
                    bd:b1:aa:4c:29:02:ad:12:62:6d:a0:c4:1c:69:fa:
                    3b:77:42:14:0c:c6:ad:da:53:d9:d3:c2:2d:d0:e2:
                    cd:11:49:86:21:d8:8a:8e:fc:98:2b:5b:f9:48:b3:
                    44:02:dc:a8:38:e1:75:86:00:f3:4e:a7:10:52:ac:
                    63:2f:69:02:bc:30:7f:52:55:41:6b:6a:3d:d9:07:
                    c5:0d:c8:b9:48:b6:99:09:1c:f1:16:69:81:a8:8c:
                    df:65:84:60:f9:5d:5d:73:2a:bc:d9:21:10:1e:c2:
                    c9:67:db:2d:da:7f:0b:35:9a:78:97:1d:5a:4a:42:
                    1b:b8:b1:90:01:f9:fd:9a:13:17:0e:34:3f:6c:85:
                    67:28:f1:7a:c4:7c:10:13:56:60:86:62:2a:b3:1a:
                    a0:af:5c:a6:dc:07:90:2c:ed:dc:3d:63:64:92:34:
                    6e:8f:0b:36:9b:ae:31:a8:f8:7c:46:fe:fd:b0:36:
                    30:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:66:C4:5C:C2:0D:AA:82:94:CA:20:13:CC:B1:01:1E:30:F5:6B:4B
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/qWbEXMINqoKUyiATzLEBHjD1a0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:a0:f8:de:cf:cf:31:b2:f0:c4:1f:4b:b7:db:03:5c:24:fa:
         b0:e5:38:77:e6:47:b7:cf:f3:db:ef:43:7e:3b:7f:26:ea:62:
         f7:ee:41:38:47:3d:75:02:5a:ce:12:01:b1:30:20:c3:f3:ee:
         c5:27:fa:75:ea:14:e2:af:38:51:27:a8:68:a4:8e:79:e6:4e:
         73:01:c1:63:36:97:27:38:b6:d2:69:3a:24:6e:70:f0:35:8e:
         dc:c4:7b:61:6e:69:f0:50:8e:b3:8e:e0:d0:74:4b:69:e9:5e:
         ca:93:ff:87:83:89:24:e6:12:f5:3c:e8:fa:00:67:ee:27:65:
         37:23:56:4f:36:34:d0:1e:5d:92:fb:3d:c6:cb:f3:6b:de:06:
         aa:7f:fa:3e:e4:4a:8f:68:9a:40:46:ee:52:64:25:a8:e8:c1:
         74:28:66:81:dc:95:f0:29:92:ec:0f:4e:28:e1:dc:42:97:c6:
         dc:7f:23:7a:74:5e:29:dd:b1:d2:07:96:48:1c:11:58:67:8a:
         5a:5d:ec:86:03:d6:8e:0d:4e:6a:7d:72:87:03:0d:4c:49:12:
         4b:e9:95:5f:bc:7c:e0:45:21:44:b9:fe:76:1d:da:b3:74:23:
         7d:d0:95:49:7d:43:23:e6:94:23:95:ab:0e:bc:f5:ff:75:e7:
         ce:92:67:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EwvIZF6pYtwwV1nYf3nNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjYwMTAyMDAxOTQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTY2YzQ1Y2MyMGRhYTgyOTRjYTIwMTNjY2IxMDExZTMwZjU2YjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEpQ2QbuZaSawog0LC8kHMeJ5HFC
kPnUrqu3ZOFV8bDy48/p/SfwQEp96CZATmHdLZtk/GcnTQXvlQbOj1AidCs5JsZt
g6EhX7+9sapMKQKtEmJtoMQcafo7d0IUDMat2lPZ08It0OLNEUmGIdiKjvyYK1v5
SLNEAtyoOOF1hgDzTqcQUqxjL2kCvDB/UlVBa2o92QfFDci5SLaZCRzxFmmBqIzf
ZYRg+V1dcyq82SEQHsLJZ9st2n8LNZp4lx1aSkIbuLGQAfn9mhMXDjQ/bIVnKPF6
xHwQE1ZghmIqsxqgr1ym3AeQLO3cPWNkkjRujws2m64xqPh8Rv79sDYwdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKlmxFzCDaqClMogE8yxAR4w9WtLMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvcVdiRVhNSU5xb0tVeWlBVHpMRUJIakQxYTBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtEoMA0G
CSqGSIb3DQEBCwUAA4IBAQAwoPjez88xsvDEH0u32wNcJPqw5Th35ke3z/Pb70N+
O38m6mL37kE4Rz11AlrOEgGxMCDD8+7FJ/p16hTirzhRJ6hopI555k5zAcFjNpcn
OLbSaTokbnDwNY7cxHthbmnwUI6zjuDQdEtp6V7Kk/+Hg4kk5hL1POj6AGfuJ2U3
I1ZPNjTQHl2S+z3Gy/Nr3gaqf/o+5EqPaJpARu5SZCWo6MF0KGaB3JXwKZLsD04o
4dxCl8bcfyN6dF4p3bHSB5ZIHBFYZ4paXeyGA9aODU5qfXKHAw1MSRJL6ZVfvHzg
RSFEuf52HdqzdCN90JVJfUMj5pQjlasOvPX/defOkmcA
-----END CERTIFICATE-----