This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/PQdW3fTMZ13TWSUvk8S2hfNtwRQ.roa
File:                     PQdW3fTMZ13TWSUvk8S2hfNtwRQ.roa (raw, json)
Hash identifier:          XMlY7t5WFdS3QblU6+ZYwPDb6Jh7eDJdJacxYqHmJQo=
Subject key identifier:   3D:07:56:DD:F4:CC:67:5D:D3:59:25:2F:93:C4:B6:85:F3:6D:C1:14
Certificate issuer:       /CN=aa6745519323d8c2d93c1b107bf85f61933c71ca
Certificate serial:       019B77593C2A650C2AD803BB902A34BE6E29
Authority key identifier: AA:67:45:51:93:23:D8:C2:D9:3C:1B:10:7B:F8:5F:61:93:3C:71:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qmdFUZMj2MLZPBsQe_hfYZM8cco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/PQdW3fTMZ13TWSUvk8S2hfNtwRQ.roa
Signing time:             Thu 01 Jan 2026 02:18:15 +0000
ROA not before:           Thu 01 Jan 2026 02:18:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2914
IP address blocks:        195.95.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/qmdFUZMj2MLZPBsQe_hfYZM8cco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/qmdFUZMj2MLZPBsQe_hfYZM8cco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qmdFUZMj2MLZPBsQe_hfYZM8cco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:3c:2a:65:0c:2a:d8:03:bb:90:2a:34:be:6e:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa6745519323d8c2d93c1b107bf85f61933c71ca
        Validity
            Not Before: Jan  1 02:18:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3d0756ddf4cc675dd359252f93c4b685f36dc114
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:bf:9e:2d:62:04:32:10:2f:4b:e5:0c:d7:29:
                    f1:14:d5:6c:7d:7e:18:44:95:18:3f:f6:03:4e:1a:
                    5a:b4:73:15:5e:ca:77:0d:b2:15:44:7b:d3:f2:bf:
                    21:48:41:31:98:e8:70:77:da:c8:2a:90:98:b0:9a:
                    72:ca:45:e1:39:e8:b5:e7:b2:6d:46:31:6d:87:72:
                    06:28:bc:c2:03:7a:e8:f3:50:83:9e:b8:68:b1:b3:
                    a0:70:c3:11:3b:38:0b:9a:e9:04:12:a3:1e:ba:54:
                    c5:4a:60:1d:85:99:40:7e:25:bb:f1:ef:b3:4a:61:
                    e5:b2:a9:90:7b:68:a6:3a:58:19:26:a4:5b:55:03:
                    0d:0a:37:00:43:58:9a:03:e6:5b:3d:3c:2f:d5:c6:
                    84:e3:3e:3c:7f:05:87:83:de:0c:21:1b:d7:b8:6e:
                    66:fd:35:01:52:94:8a:85:4d:d4:0e:4c:19:6d:90:
                    32:c4:b7:7b:b7:bf:d9:de:52:60:4d:1a:c2:4c:c2:
                    05:bf:40:0b:d2:ee:ea:5f:9e:e3:5e:1a:0d:31:30:
                    22:5a:57:4d:b4:69:dc:1f:d8:c4:ce:9a:f1:d7:0e:
                    0a:5b:28:dc:df:51:cc:f2:98:03:87:76:4f:b0:aa:
                    5c:9c:97:8d:18:f8:ad:95:0a:b1:59:a0:bd:b7:8d:
                    48:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:07:56:DD:F4:CC:67:5D:D3:59:25:2F:93:C4:B6:85:F3:6D:C1:14
            X509v3 Authority Key Identifier:
                keyid:AA:67:45:51:93:23:D8:C2:D9:3C:1B:10:7B:F8:5F:61:93:3C:71:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qmdFUZMj2MLZPBsQe_hfYZM8cco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/PQdW3fTMZ13TWSUvk8S2hfNtwRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/af18c4-c044-4485-8ef0-d7812a338183/1/qmdFUZMj2MLZPBsQe_hfYZM8cco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:17:3a:8a:e0:7f:e7:25:d0:26:74:4f:b9:fd:38:69:44:2a:
         13:94:28:30:9f:52:bb:6b:5f:3b:f5:ff:f3:62:25:41:ed:83:
         9f:8c:db:87:a4:2a:90:ed:10:1e:cf:88:a0:87:4f:55:5a:e6:
         fa:81:bd:d5:ac:94:36:99:d1:d3:c9:fb:3c:b7:33:0a:e7:b3:
         76:9d:33:fb:b4:9a:72:e3:eb:43:00:15:26:9d:d6:52:6b:3c:
         9f:11:99:a8:e3:81:51:19:7a:dd:ba:ad:f7:da:04:f9:88:6d:
         94:27:30:b4:ef:0a:10:e0:38:b2:ee:dd:88:3b:4e:a3:1c:bc:
         cc:e7:41:2d:61:dc:63:5f:32:9c:3f:bd:c1:15:3f:99:6a:56:
         e9:42:ea:12:53:e4:52:2c:c1:04:7e:f1:b0:ce:b0:fc:08:79:
         0f:e2:45:4b:a0:22:5b:6e:03:e0:df:e9:63:2e:34:e4:a6:30:
         02:0a:70:ea:cd:69:cf:2e:fa:bb:50:ff:7d:95:3a:91:05:f1:
         6e:e1:fc:d1:fd:fd:d6:34:d3:c6:31:3b:26:35:b0:e8:83:8b:
         b2:0e:3a:7d:59:db:12:d8:b1:41:6e:b1:56:e0:5a:a3:8f:ef:
         33:dd:68:75:d2:7b:36:b7:a9:2a:4d:73:c2:7e:7c:cd:b3:d8:
         6a:0c:a5:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WTwqZQwq2AO7kCo0vm4pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNjc0NTUxOTMyM2Q4YzJkOTNjMWIxMDdiZjg1ZjYxOTMz
YzcxY2EwHhcNMjYwMTAxMDIxODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDA3NTZkZGY0Y2M2NzVkZDM1OTI1MmY5M2M0YjY4NWYzNmRjMTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17+eLWIEMhAvS+UM1ynxFNVsfX4Y
RJUYP/YDThpatHMVXsp3DbIVRHvT8r8hSEExmOhwd9rIKpCYsJpyykXhOei157Jt
RjFth3IGKLzCA3ro81CDnrhosbOgcMMROzgLmukEEqMeulTFSmAdhZlAfiW78e+z
SmHlsqmQe2imOlgZJqRbVQMNCjcAQ1iaA+ZbPTwv1caE4z48fwWHg94MIRvXuG5m
/TUBUpSKhU3UDkwZbZAyxLd7t7/Z3lJgTRrCTMIFv0AL0u7qX57jXhoNMTAiWldN
tGncH9jEzprx1w4KWyjc31HM8pgDh3ZPsKpcnJeNGPitlQqxWaC9t41IJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD0HVt30zGdd01klL5PEtoXzbcEUMB8GA1UdIwQY
MBaAFKpnRVGTI9jC2TwbEHv4X2GTPHHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW1kRlVaTWoyTUxaUEJzUWVfaGZZWk04Y2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9hZjE4YzQtYzA0NC00NDg1LThlZjAt
ZDc4MTJhMzM4MTgzLzEvUFFkVzNmVE1aMTNUV1NVdms4UzJoZk50d1JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9hZjE4YzQtYzA0NC00NDg1LThlZjAtZDc4MTJhMzM4MTgz
LzEvcW1kRlVaTWoyTUxaUEJzUWVfaGZZWk04Y2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw1+QMA0G
CSqGSIb3DQEBCwUAA4IBAQAFFzqK4H/nJdAmdE+5/ThpRCoTlCgwn1K7a1879f/z
YiVB7YOfjNuHpCqQ7RAez4igh09VWub6gb3VrJQ2mdHTyfs8tzMK57N2nTP7tJpy
4+tDABUmndZSazyfEZmo44FRGXrduq332gT5iG2UJzC07woQ4Diy7t2IO06jHLzM
50EtYdxjXzKcP73BFT+ZalbpQuoSU+RSLMEEfvGwzrD8CHkP4kVLoCJbbgPg3+lj
LjTkpjACCnDqzWnPLvq7UP99lTqRBfFu4fzR/f3WNNPGMTsmNbDog4uyDjp9WdsS
2LFBbrFW4Fqjj+8z3Wh10ns2t6kqTXPCfnzNs9hqDKVE
-----END CERTIFICATE-----