This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/1qXgqeRwym7VByCjt4dnmoVzCYA.roa
File:                     1qXgqeRwym7VByCjt4dnmoVzCYA.roa (raw, json)
Hash identifier:          2+inDA791AGBpU1a4CaMfg8jPit5Dw+MtJ4r3DaAdkE=
Subject key identifier:   D6:A5:E0:A9:E4:70:CA:6E:D5:07:20:A3:B7:87:67:9A:85:73:09:80
Certificate issuer:       /CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Certificate serial:       019B78A22E78AA9C397FDABD2BC4629E0C3E
Authority key identifier: 29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/1qXgqeRwym7VByCjt4dnmoVzCYA.roa
Signing time:             Thu 01 Jan 2026 08:17:33 +0000
ROA not before:           Thu 01 Jan 2026 08:17:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     53356
IP address blocks:        185.23.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 14:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:2e:78:aa:9c:39:7f:da:bd:2b:c4:62:9e:0c:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
        Validity
            Not Before: Jan  1 08:17:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d6a5e0a9e470ca6ed50720a3b787679a85730980
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:0e:ed:e0:79:d7:da:b3:f4:a2:75:ca:dc:72:
                    b5:93:18:d3:78:30:06:ba:3f:6a:9b:bd:12:9c:02:
                    94:ca:2f:89:d4:c8:0f:7e:ca:8b:08:c5:c1:c2:6e:
                    2d:01:ca:f7:04:81:3e:33:a8:a8:21:3e:41:a0:7e:
                    8d:4d:b2:3c:b5:d7:7f:91:a9:fe:42:b8:de:7e:64:
                    ef:ab:b7:5f:83:48:44:ed:ac:d5:4d:ed:25:5d:2f:
                    81:1f:84:1e:93:81:6d:ee:d8:9a:38:09:e1:10:a4:
                    cf:94:a0:bb:71:74:94:b0:89:ad:26:e2:77:4a:7f:
                    34:a0:fe:44:e9:0f:9c:17:a5:c4:e7:ee:6d:e9:98:
                    1e:6c:88:98:55:ee:fc:1f:db:60:53:c5:57:9c:e5:
                    e2:03:a8:e1:1c:34:af:2c:34:2b:18:af:9a:9a:64:
                    7e:dd:42:a6:20:aa:4f:5a:74:56:ca:95:eb:d3:35:
                    24:af:91:ca:8a:84:fc:e2:f4:73:fe:d1:80:f9:64:
                    da:d2:f5:86:31:25:d5:8b:6e:60:c5:e0:f4:e5:f4:
                    44:f9:7b:26:fd:57:a8:b9:b1:a1:ea:c0:af:d8:31:
                    61:11:3f:d7:8b:b7:56:06:d9:11:b5:16:55:aa:0d:
                    d4:d4:ef:01:d2:a2:38:4b:b8:e9:23:a1:3e:d9:ba:
                    d8:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:A5:E0:A9:E4:70:CA:6E:D5:07:20:A3:B7:87:67:9A:85:73:09:80
            X509v3 Authority Key Identifier:
                keyid:29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/1qXgqeRwym7VByCjt4dnmoVzCYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:a4:36:da:d0:58:94:ed:2f:78:c3:2a:d2:94:81:31:d3:b3:
         e7:00:6a:b7:44:89:37:ae:6e:41:9e:03:3d:ca:4d:7c:e0:08:
         37:7f:f0:08:8d:97:a0:ef:72:6f:2d:40:fb:74:f0:2d:1e:03:
         5d:6e:17:52:f1:02:fc:3c:cd:be:a9:d7:d4:8a:02:5d:f5:16:
         2c:53:48:97:55:27:3c:ff:0a:6a:8d:c1:a9:c3:8e:60:08:29:
         6b:f2:45:5c:79:48:bb:c2:09:6e:a2:c2:71:68:7d:79:8a:25:
         13:9d:8a:86:75:a7:a2:e3:1f:71:01:87:5f:80:47:95:9f:42:
         28:3a:93:f0:d2:00:1b:13:cb:f5:fd:18:75:88:81:6c:a6:52:
         8f:9f:55:bf:8e:50:d8:31:d9:73:82:a1:3a:16:86:11:58:97:
         5f:c3:19:50:2e:d8:90:ea:57:ce:bf:d1:e9:06:bb:45:f8:66:
         75:02:9b:39:1b:45:6a:c8:c3:d9:92:28:ae:18:1d:37:aa:54:
         ec:4e:3c:a0:9c:c3:86:2a:71:9f:b8:ca:19:7b:d7:8b:2e:5a:
         5f:c5:22:9d:d9:cf:22:d0:47:f8:5c:0e:83:a2:41:d8:cd:88:
         ba:37:9c:6e:49:b2:8f:00:33:4a:71:35:54:8e:a1:42:57:55:
         c8:37:be:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4oi54qpw5f9q9K8Ringw+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2VmOWJlZmQxYTdlMjRjMGNjOTcyOTk4N2ZjMDY1ZDZi
NzEzMmYwHhcNMjYwMTAxMDgxNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmE1ZTBhOWU0NzBjYTZlZDUwNzIwYTNiNzg3Njc5YTg1NzMwOTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjA7t4HnX2rP0onXK3HK1kxjTeDAG
uj9qm70SnAKUyi+J1MgPfsqLCMXBwm4tAcr3BIE+M6ioIT5BoH6NTbI8tdd/kan+
QrjefmTvq7dfg0hE7azVTe0lXS+BH4Qek4Ft7tiaOAnhEKTPlKC7cXSUsImtJuJ3
Sn80oP5E6Q+cF6XE5+5t6ZgebIiYVe78H9tgU8VXnOXiA6jhHDSvLDQrGK+ammR+
3UKmIKpPWnRWypXr0zUkr5HKioT84vRz/tGA+WTa0vWGMSXVi25gxeD05fRE+Xsm
/VeoubGh6sCv2DFhET/Xi7dWBtkRtRZVqg3U1O8B0qI4S7jpI6E+2brYlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNal4KnkcMpu1Qcgo7eHZ5qFcwmAMB8GA1UdIwQY
MBaAFCl++b79Gn4kwMyXKZh/wGXWtxMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWIt
ZGVlNzY4NjAwMTNkLzEvMXFYZ3FlUnd5bTdWQnlDanQ0ZG5tb1Z6Q1lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWItZGVlNzY4NjAwMTNk
LzEvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRfuMA0G
CSqGSIb3DQEBCwUAA4IBAQCHpDba0FiU7S94wyrSlIEx07PnAGq3RIk3rm5BngM9
yk184Ag3f/AIjZeg73JvLUD7dPAtHgNdbhdS8QL8PM2+qdfUigJd9RYsU0iXVSc8
/wpqjcGpw45gCClr8kVceUi7wgluosJxaH15iiUTnYqGdaei4x9xAYdfgEeVn0Io
OpPw0gAbE8v1/Rh1iIFsplKPn1W/jlDYMdlzgqE6FoYRWJdfwxlQLtiQ6lfOv9Hp
BrtF+GZ1Aps5G0VqyMPZkiiuGB03qlTsTjygnMOGKnGfuMoZe9eLLlpfxSKd2c8i
0Ef4XA6DokHYzYi6N5xuSbKPADNKcTVUjqFCV1XIN772
-----END CERTIFICATE-----