This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/QJ1xM-I48uzO02IgPeNQyuOaUqA.roa
File:                     QJ1xM-I48uzO02IgPeNQyuOaUqA.roa (raw, json)
Hash identifier:          6rMIGe2ob2Y14JHRw4XfL4QGb3VCibvSBGXwMtcGqqg=
Subject key identifier:   40:9D:71:33:E2:38:F2:EC:CE:D3:62:20:3D:E3:50:CA:E3:9A:52:A0
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019B797EF6FA65302EA6C82CD541AB53FC8C
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/QJ1xM-I48uzO02IgPeNQyuOaUqA.roa
Signing time:             Thu 01 Jan 2026 12:18:42 +0000
ROA not before:           Thu 01 Jan 2026 12:18:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212384
IP address blocks:        89.249.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 06:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:f6:fa:65:30:2e:a6:c8:2c:d5:41:ab:53:fc:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jan  1 12:18:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=409d7133e238f2ecced362203de350cae39a52a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:5d:db:6e:f0:60:a4:da:9e:5f:62:5f:81:be:
                    58:60:91:93:28:aa:bc:0d:6d:01:0a:53:15:9e:e1:
                    57:38:7c:4b:a2:69:da:e1:0c:2d:70:f0:cc:a0:25:
                    d2:31:99:17:e6:69:4f:49:bf:8c:2b:2a:85:48:c2:
                    37:91:f0:6a:86:7e:ed:a5:ab:c1:41:48:6c:23:9f:
                    ae:93:33:be:af:0b:61:c4:05:af:6a:ef:ee:09:d3:
                    f7:2b:63:31:ec:c0:1d:98:97:de:3b:90:c9:0c:c1:
                    21:78:fb:bb:23:4d:e2:8c:b8:72:7d:fd:2c:e7:e6:
                    ef:0d:40:8d:c6:6b:6a:0e:4e:c0:75:a9:32:8b:18:
                    62:e1:98:48:94:be:a8:42:7c:c9:ba:f5:6d:a5:3b:
                    44:0f:73:b0:4f:ed:79:41:08:11:41:34:74:6c:4d:
                    a3:eb:3f:f3:b4:f5:d4:8f:21:1f:0f:94:90:05:f4:
                    87:d2:55:b2:92:69:17:36:09:b8:19:79:41:64:81:
                    d5:40:c9:ef:c4:46:cc:dc:3e:28:49:4c:6e:fc:ce:
                    f5:3d:53:d6:75:3f:18:9f:47:e7:63:c7:6e:fb:77:
                    99:c8:fb:5c:ee:31:f4:15:70:be:4f:b1:72:dc:8d:
                    85:09:d1:76:92:6e:d3:aa:3b:65:95:de:82:a0:68:
                    1c:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:9D:71:33:E2:38:F2:EC:CE:D3:62:20:3D:E3:50:CA:E3:9A:52:A0
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/QJ1xM-I48uzO02IgPeNQyuOaUqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:a3:17:c4:09:01:01:4f:f9:36:eb:38:43:97:01:ef:78:8b:
         b8:82:0e:ed:e1:4f:f8:1b:1f:1f:13:db:35:c9:ae:3d:0a:28:
         dd:cd:20:d8:b2:60:18:af:91:47:f1:6d:9e:99:08:d2:a6:cb:
         c7:5f:61:1f:04:e5:02:76:21:85:8d:90:f4:a1:00:a7:ef:68:
         32:88:a2:be:62:f5:5d:fa:06:16:ea:45:ed:77:1d:66:a7:f6:
         c0:20:45:9d:fc:8d:15:8f:bf:16:15:7a:5e:54:5e:b1:9f:ec:
         af:4a:87:88:97:a5:7c:5e:fc:fe:70:66:e4:de:5c:82:a7:fe:
         50:1b:a2:72:ac:0c:bf:97:c0:e2:82:ed:7a:44:dd:56:77:6f:
         32:dd:16:84:4d:a1:6f:b9:66:5f:18:da:30:45:65:68:8d:0e:
         f7:78:7a:11:1b:e9:a2:39:f5:f2:f2:88:dc:6b:65:b8:23:3d:
         0f:19:64:48:2e:ed:0f:bf:ed:b6:f5:89:b8:25:b3:c2:c5:77:
         10:ef:bd:a8:06:08:21:2b:c4:33:cf:00:07:04:16:34:3a:9a:
         c8:6e:41:aa:6d:bc:ec:fd:f4:67:a7:ce:fb:15:9c:22:97:a8:
         8f:d0:89:93:8d:ac:4f:31:c9:84:9f:db:c3:d7:e9:49:30:fd:
         af:40:7d:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fvb6ZTAupsgs1UGrU/yMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjYwMTAxMTIxODQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDlkNzEzM2UyMzhmMmVjY2VkMzYyMjAzZGUzNTBjYWUzOWE1MmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg13bbvBgpNqeX2Jfgb5YYJGTKKq8
DW0BClMVnuFXOHxLomna4QwtcPDMoCXSMZkX5mlPSb+MKyqFSMI3kfBqhn7tpavB
QUhsI5+ukzO+rwthxAWvau/uCdP3K2Mx7MAdmJfeO5DJDMEhePu7I03ijLhyff0s
5+bvDUCNxmtqDk7Adakyixhi4ZhIlL6oQnzJuvVtpTtED3OwT+15QQgRQTR0bE2j
6z/ztPXUjyEfD5SQBfSH0lWykmkXNgm4GXlBZIHVQMnvxEbM3D4oSUxu/M71PVPW
dT8Yn0fnY8du+3eZyPtc7jH0FXC+T7Fy3I2FCdF2km7Tqjtlld6CoGgcvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECdcTPiOPLsztNiID3jUMrjmlKgMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvUUoxeE0tSTQ4dXpPMDJJZ1BlTlF5dU9hVXFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfnMMA0G
CSqGSIb3DQEBCwUAA4IBAQBOoxfECQEBT/k26zhDlwHveIu4gg7t4U/4Gx8fE9s1
ya49CijdzSDYsmAYr5FH8W2emQjSpsvHX2EfBOUCdiGFjZD0oQCn72gyiKK+YvVd
+gYW6kXtdx1mp/bAIEWd/I0Vj78WFXpeVF6xn+yvSoeIl6V8Xvz+cGbk3lyCp/5Q
G6JyrAy/l8Digu16RN1Wd28y3RaETaFvuWZfGNowRWVojQ73eHoRG+miOfXy8ojc
a2W4Iz0PGWRILu0Pv+229Ym4JbPCxXcQ772oBgghK8QzzwAHBBY0OprIbkGqbbzs
/fRnp877FZwil6iP0ImTjaxPMcmEn9vD1+lJMP2vQH1j
-----END CERTIFICATE-----