This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/5d3f1c-cff5-4b2b-9e46-67847c76cb76/1/rQtAzEA3IuNuehdcnThK_xXRMt4.roa
File:                     rQtAzEA3IuNuehdcnThK_xXRMt4.roa (raw, json)
Hash identifier:          cRYFONZaNIX4ZtEkAVHlLM1U8vITX1Zqs8J2LZhQlqs=
Subject key identifier:   AD:0B:40:CC:40:37:22:E3:6E:7A:17:5C:9D:38:4A:FF:15:D1:32:DE
Certificate issuer:       /CN=eb41956d12dcb982bed47a9fac4a7e48e7787c79
Certificate serial:       019B7AC7B72D1F6913EC7676407129A625C7
Authority key identifier: EB:41:95:6D:12:DC:B9:82:BE:D4:7A:9F:AC:4A:7E:48:E7:78:7C:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/60GVbRLcuYK-1HqfrEp-SOd4fHk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/5d3f1c-cff5-4b2b-9e46-67847c76cb76/1/rQtAzEA3IuNuehdcnThK_xXRMt4.roa
Signing time:             Thu 01 Jan 2026 18:17:47 +0000
ROA not before:           Thu 01 Jan 2026 18:17:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198423
IP address blocks:        192.41.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/5d3f1c-cff5-4b2b-9e46-67847c76cb76/1/60GVbRLcuYK-1HqfrEp-SOd4fHk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/5d3f1c-cff5-4b2b-9e46-67847c76cb76/1/60GVbRLcuYK-1HqfrEp-SOd4fHk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/60GVbRLcuYK-1HqfrEp-SOd4fHk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:b7:2d:1f:69:13:ec:76:76:40:71:29:a6:25:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb41956d12dcb982bed47a9fac4a7e48e7787c79
        Validity
            Not Before: Jan  1 18:17:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ad0b40cc403722e36e7a175c9d384aff15d132de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:2e:78:b4:97:1d:bd:22:4c:3d:0b:5a:0f:d9:
                    87:88:4a:67:bb:b9:a5:69:34:0b:73:7c:cc:b1:e7:
                    f5:c0:d4:ac:db:54:61:50:b6:27:d1:9c:66:48:3c:
                    16:95:15:f2:69:85:12:96:b9:b3:f9:7f:22:c0:41:
                    5c:d1:8f:05:e9:dc:79:77:66:60:4b:2a:bc:c8:b8:
                    be:3c:c8:b9:10:fe:6f:1d:72:c1:48:bd:48:6c:e0:
                    0e:77:f5:51:37:66:fc:fa:da:16:d6:ef:90:d5:2a:
                    75:64:ff:a0:2d:01:a8:5b:e8:ed:d3:89:f8:14:55:
                    ff:e7:75:7f:b5:14:f1:f1:08:e2:43:fe:2f:7c:cc:
                    3b:fe:ba:a0:99:1b:41:06:4e:e8:23:97:99:1e:3d:
                    1d:8d:5b:fd:f0:91:7c:91:0e:57:00:c3:8c:33:9d:
                    9a:55:2a:93:e0:f1:cd:7a:c7:96:93:b9:3f:b2:2d:
                    a6:d8:d1:31:68:1b:73:51:14:8c:42:c3:ee:31:a2:
                    d3:51:28:fb:b4:a4:15:75:24:d4:b4:74:b7:14:2e:
                    b0:06:ac:bb:1e:42:fa:59:81:4a:89:0a:0a:db:22:
                    3e:fc:ca:74:67:9c:fe:14:32:c5:0a:fd:96:3d:7f:
                    36:d1:5b:fd:fa:c2:f8:22:df:75:be:cb:0d:34:60:
                    4b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:0B:40:CC:40:37:22:E3:6E:7A:17:5C:9D:38:4A:FF:15:D1:32:DE
            X509v3 Authority Key Identifier:
                keyid:EB:41:95:6D:12:DC:B9:82:BE:D4:7A:9F:AC:4A:7E:48:E7:78:7C:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/60GVbRLcuYK-1HqfrEp-SOd4fHk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/5d3f1c-cff5-4b2b-9e46-67847c76cb76/1/rQtAzEA3IuNuehdcnThK_xXRMt4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/5d3f1c-cff5-4b2b-9e46-67847c76cb76/1/60GVbRLcuYK-1HqfrEp-SOd4fHk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.41.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:0d:dd:36:4f:80:2f:bb:5c:61:92:a1:bc:37:0a:1f:ef:4c:
         60:90:34:bb:c8:b1:8a:b9:45:20:91:a8:71:1c:47:41:14:09:
         04:80:1b:03:da:f5:6c:29:e2:64:5e:91:f6:4d:48:90:07:a5:
         42:39:f5:b1:72:04:30:63:2a:a1:56:ff:f6:c6:cb:7a:50:4d:
         a7:b5:c6:91:2f:86:49:e8:4c:ac:55:c2:4b:72:5a:c1:7f:78:
         91:cb:62:40:ca:ed:2d:95:a1:bd:72:67:07:4e:bf:80:c4:f7:
         a5:07:d0:45:e0:ab:dc:c5:ed:28:9d:cd:4a:87:46:b1:ca:fd:
         cf:2b:49:4e:e8:03:a1:4a:5c:11:d2:29:e2:70:52:78:b6:3b:
         b7:fd:de:b9:65:23:c4:fa:8b:4e:eb:52:83:0d:88:1d:c0:7c:
         3f:31:c7:2e:9a:4e:69:ac:6e:0d:39:58:52:ae:4f:23:d6:c0:
         ee:9e:60:80:7f:90:5f:3d:38:06:e7:5f:58:26:9d:e4:72:b5:
         ca:1e:c7:5d:a6:41:39:1d:ef:96:76:b3:5f:04:df:5f:9f:56:
         cf:fa:07:37:ac:64:34:6d:fd:10:e8:9d:77:26:f2:7f:0c:c0:
         86:7e:a6:b5:da:9a:53:ab:c4:51:8b:24:31:e6:db:ad:50:65:
         43:27:40:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x7ctH2kT7HZ2QHEppiXHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViNDE5NTZkMTJkY2I5ODJiZWQ0N2E5ZmFjNGE3ZTQ4ZTc3
ODdjNzkwHhcNMjYwMTAxMTgxNzQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDBiNDBjYzQwMzcyMmUzNmU3YTE3NWM5ZDM4NGFmZjE1ZDEzMmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmi54tJcdvSJMPQtaD9mHiEpnu7ml
aTQLc3zMsef1wNSs21RhULYn0ZxmSDwWlRXyaYUSlrmz+X8iwEFc0Y8F6dx5d2Zg
Syq8yLi+PMi5EP5vHXLBSL1IbOAOd/VRN2b8+toW1u+Q1Sp1ZP+gLQGoW+jt04n4
FFX/53V/tRTx8QjiQ/4vfMw7/rqgmRtBBk7oI5eZHj0djVv98JF8kQ5XAMOMM52a
VSqT4PHNeseWk7k/si2m2NExaBtzURSMQsPuMaLTUSj7tKQVdSTUtHS3FC6wBqy7
HkL6WYFKiQoK2yI+/Mp0Z5z+FDLFCv2WPX820Vv9+sL4It91vssNNGBLvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK0LQMxANyLjbnoXXJ04Sv8V0TLeMB8GA1UdIwQY
MBaAFOtBlW0S3LmCvtR6n6xKfkjneHx5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjBHVmJSTGN1WUstMUhxZnJFcC1TT2Q0ZkhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC81ZDNmMWMtY2ZmNS00YjJiLTllNDYt
Njc4NDdjNzZjYjc2LzEvclF0QXpFQTNJdU51ZWhkY25UaEtfeFhSTXQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC81ZDNmMWMtY2ZmNS00YjJiLTllNDYtNjc4NDdjNzZjYjc2
LzEvNjBHVmJSTGN1WUstMUhxZnJFcC1TT2Q0ZkhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwCnYMA0G
CSqGSIb3DQEBCwUAA4IBAQCNDd02T4Avu1xhkqG8Nwof70xgkDS7yLGKuUUgkahx
HEdBFAkEgBsD2vVsKeJkXpH2TUiQB6VCOfWxcgQwYyqhVv/2xst6UE2ntcaRL4ZJ
6EysVcJLclrBf3iRy2JAyu0tlaG9cmcHTr+AxPelB9BF4Kvcxe0onc1Kh0axyv3P
K0lO6AOhSlwR0inicFJ4tju3/d65ZSPE+otO61KDDYgdwHw/Mccumk5prG4NOVhS
rk8j1sDunmCAf5BfPTgG519YJp3kcrXKHsddpkE5He+WdrNfBN9fn1bP+gc3rGQ0
bf0Q6J13JvJ/DMCGfqa12ppTq8RRiyQx5tutUGVDJ0C0
-----END CERTIFICATE-----