This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/QbcObifmgQvoHvjYXDoCpGy6n-A.roa
File:                     QbcObifmgQvoHvjYXDoCpGy6n-A.roa (raw, json)
Hash identifier:          8DOm2x0RIv5o7TYt34KJdIWsmq7WtOfrOD4Zkk/68v0=
Subject key identifier:   41:B7:0E:6E:27:E6:81:0B:E8:1E:F8:D8:5C:3A:02:A4:6C:BA:9F:E0
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019B7B35FE8AABD54A56A67A81D9D2F4764C
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/QbcObifmgQvoHvjYXDoCpGy6n-A.roa
Signing time:             Thu 01 Jan 2026 20:18:14 +0000
ROA not before:           Thu 01 Jan 2026 20:18:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44893
IP address blocks:        45.142.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:fe:8a:ab:d5:4a:56:a6:7a:81:d9:d2:f4:76:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan  1 20:18:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=41b70e6e27e6810be81ef8d85c3a02a46cba9fe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f9:b6:a4:b4:60:f7:6e:34:42:f0:03:8c:92:
                    23:1d:67:5f:68:7e:9b:88:7c:b9:dc:a4:5e:2f:5f:
                    4c:61:94:c1:c3:82:68:1b:d0:2d:4a:23:7a:62:c7:
                    3d:b7:40:be:78:fa:ad:81:f4:ea:05:e5:b9:2e:18:
                    0d:d9:33:e4:97:85:da:42:9c:c0:53:bb:d1:bf:c7:
                    71:ba:13:54:65:d5:1b:98:3f:cd:16:db:9a:29:fd:
                    75:73:e1:eb:ea:08:49:da:ca:26:86:42:3c:43:be:
                    b6:e7:6e:52:c0:46:2d:63:89:49:d4:31:fa:8e:9f:
                    d0:a7:d5:ea:64:02:35:fa:c2:7e:c4:92:93:ae:7e:
                    d3:5a:80:17:d5:a1:aa:d3:86:20:74:92:0e:a4:1d:
                    f8:eb:48:3a:c2:27:a3:48:b6:d0:f3:ba:3a:d1:6c:
                    6a:8b:16:b6:87:73:d8:11:06:ee:e5:9f:cc:22:0d:
                    b9:11:eb:5a:b4:ec:c5:66:5f:9d:fe:2f:6d:9f:e6:
                    ea:b8:e5:8a:f1:c1:35:76:d8:5a:c3:0b:1b:5b:ec:
                    34:41:19:6b:cc:a7:07:bd:57:83:1c:98:02:cb:4d:
                    b2:99:76:7e:b7:77:c2:3a:03:c2:e8:4d:10:7f:43:
                    45:85:0e:b3:39:c3:0c:7b:5b:ab:9f:0d:64:e2:d3:
                    e0:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:B7:0E:6E:27:E6:81:0B:E8:1E:F8:D8:5C:3A:02:A4:6C:BA:9F:E0
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/QbcObifmgQvoHvjYXDoCpGy6n-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:c5:b2:4d:24:3d:13:ff:e0:48:8c:24:00:4d:33:cf:83:5e:
         a0:c7:65:f0:7a:c3:eb:1f:7c:ff:03:e1:d8:75:ae:73:78:c0:
         00:4b:be:63:51:cd:b1:fc:93:19:73:dc:41:9a:19:de:c8:b3:
         c7:fb:9f:0a:b1:4b:a4:ec:7c:5d:3c:c1:e0:22:66:12:3d:c7:
         6d:06:c1:04:66:26:d0:48:6d:21:b3:48:46:08:f9:2d:c4:76:
         fa:d2:fd:7c:af:4c:85:20:ab:cc:18:48:15:c7:41:98:22:d8:
         a4:a0:56:18:0a:09:e5:96:19:e0:21:12:74:12:47:e1:ea:f6:
         44:a8:63:56:85:b6:88:ed:e9:dc:3a:97:34:82:54:a8:90:84:
         d0:31:af:aa:ab:c5:26:8f:0b:c8:29:57:5f:09:09:00:69:b7:
         63:b3:33:76:73:9e:c5:a1:39:43:9c:6a:ef:bf:db:48:80:4a:
         de:ce:06:79:a4:82:11:aa:c9:a9:36:cf:2b:a4:31:e3:82:e2:
         db:06:f5:6f:3e:d6:7e:8f:d5:79:8c:be:a1:41:0d:01:9b:79:
         94:af:5c:7f:e4:91:4c:46:49:82:82:83:59:99:4a:47:a7:ea:
         66:fd:69:ef:94:79:d1:96:43:67:89:c6:a5:29:7c:d4:18:24:
         6b:48:46:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Nf6Kq9VKVqZ6gdnS9HZMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjYwMTAxMjAxODE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWI3MGU2ZTI3ZTY4MTBiZTgxZWY4ZDg1YzNhMDJhNDZjYmE5ZmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPm2pLRg9240QvADjJIjHWdfaH6b
iHy53KReL19MYZTBw4JoG9AtSiN6Ysc9t0C+ePqtgfTqBeW5LhgN2TPkl4XaQpzA
U7vRv8dxuhNUZdUbmD/NFtuaKf11c+Hr6ghJ2somhkI8Q762525SwEYtY4lJ1DH6
jp/Qp9XqZAI1+sJ+xJKTrn7TWoAX1aGq04YgdJIOpB3460g6wiejSLbQ87o60Wxq
ixa2h3PYEQbu5Z/MIg25EetatOzFZl+d/i9tn+bquOWK8cE1dthawwsbW+w0QRlr
zKcHvVeDHJgCy02ymXZ+t3fCOgPC6E0Qf0NFhQ6zOcMMe1urnw1k4tPgCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEG3Dm4n5oEL6B742Fw6AqRsup/gMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvUWJjT2JpZm1nUXZvSHZqWVhEb0NwR3k2bi1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY4mMA0G
CSqGSIb3DQEBCwUAA4IBAQB4xbJNJD0T/+BIjCQATTPPg16gx2XwesPrH3z/A+HY
da5zeMAAS75jUc2x/JMZc9xBmhneyLPH+58KsUuk7HxdPMHgImYSPcdtBsEEZibQ
SG0hs0hGCPktxHb60v18r0yFIKvMGEgVx0GYItikoFYYCgnllhngIRJ0Ekfh6vZE
qGNWhbaI7encOpc0glSokITQMa+qq8UmjwvIKVdfCQkAabdjszN2c57FoTlDnGrv
v9tIgErezgZ5pIIRqsmpNs8rpDHjguLbBvVvPtZ+j9V5jL6hQQ0Bm3mUr1x/5JFM
RkmCgoNZmUpHp+pm/WnvlHnRlkNnicalKXzUGCRrSEY8
-----END CERTIFICATE-----