This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/faabbc-81ba-4977-8923-cc93b1050de7/1/qMXiFIKgh3-IBGkLPjbuJwBXoRA.roa
File:                     qMXiFIKgh3-IBGkLPjbuJwBXoRA.roa (raw, json)
Hash identifier:          wOqBqI9F5yYnAseCjLS45C8nyhKzFjGdRi4crVjtjK0=
Subject key identifier:   A8:C5:E2:14:82:A0:87:7F:88:04:69:0B:3E:36:EE:27:00:57:A1:10
Certificate issuer:       /CN=9b2e80a141c974f6da8f40274338fdacee42a770
Certificate serial:       019B7D5B157EE0D8D9BFB7672D85F0C6E9A9
Authority key identifier: 9B:2E:80:A1:41:C9:74:F6:DA:8F:40:27:43:38:FD:AC:EE:42:A7:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/my6AoUHJdPbaj0AnQzj9rO5Cp3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/faabbc-81ba-4977-8923-cc93b1050de7/1/qMXiFIKgh3-IBGkLPjbuJwBXoRA.roa
Signing time:             Fri 02 Jan 2026 06:17:59 +0000
ROA not before:           Fri 02 Jan 2026 06:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31543
IP address blocks:        195.60.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/faabbc-81ba-4977-8923-cc93b1050de7/1/my6AoUHJdPbaj0AnQzj9rO5Cp3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/faabbc-81ba-4977-8923-cc93b1050de7/1/my6AoUHJdPbaj0AnQzj9rO5Cp3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/my6AoUHJdPbaj0AnQzj9rO5Cp3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:15:7e:e0:d8:d9:bf:b7:67:2d:85:f0:c6:e9:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b2e80a141c974f6da8f40274338fdacee42a770
        Validity
            Not Before: Jan  2 06:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a8c5e21482a0877f8804690b3e36ee270057a110
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:02:3c:83:57:de:37:ea:84:d1:ca:6f:33:c5:
                    48:fd:71:a3:a0:81:cc:89:65:9d:e9:74:b7:97:fb:
                    d8:1c:0d:52:0f:d3:e8:0b:82:7f:f0:ec:3b:3d:d6:
                    98:5e:71:0d:01:05:02:de:59:2f:c7:d8:0f:93:fb:
                    d1:7b:0e:20:be:fd:6f:1e:25:1c:bf:06:da:1d:56:
                    8d:a8:35:f0:5d:d7:f1:c1:66:a1:28:0d:1d:3a:74:
                    eb:e4:84:c9:4d:10:01:18:3d:0b:82:db:78:82:b2:
                    9a:d9:cd:05:5e:f6:55:c0:73:95:dc:5f:54:7f:2d:
                    37:b6:55:6d:3b:7d:1a:0e:8f:67:aa:09:7a:18:59:
                    60:03:f0:c9:08:24:b5:57:3b:81:3d:05:af:94:16:
                    bc:30:ba:3f:85:60:96:14:c4:05:03:a1:0f:aa:82:
                    49:bb:53:72:14:f2:d7:38:26:cd:d9:1d:ac:9b:e4:
                    ed:4b:5a:47:fa:97:01:94:50:18:81:dc:ea:3d:b8:
                    9b:a7:ca:64:da:54:8a:51:d2:b0:0c:d3:fa:0f:ee:
                    ab:78:51:13:81:5e:56:fc:62:0d:cc:08:14:06:03:
                    29:51:5b:23:b3:1c:f5:f2:94:e4:e5:66:98:f9:96:
                    68:82:de:b5:c2:94:10:f8:2c:42:ac:b3:fc:ec:2a:
                    00:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:C5:E2:14:82:A0:87:7F:88:04:69:0B:3E:36:EE:27:00:57:A1:10
            X509v3 Authority Key Identifier:
                keyid:9B:2E:80:A1:41:C9:74:F6:DA:8F:40:27:43:38:FD:AC:EE:42:A7:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/my6AoUHJdPbaj0AnQzj9rO5Cp3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/faabbc-81ba-4977-8923-cc93b1050de7/1/qMXiFIKgh3-IBGkLPjbuJwBXoRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/faabbc-81ba-4977-8923-cc93b1050de7/1/my6AoUHJdPbaj0AnQzj9rO5Cp3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:c5:b2:2a:d7:ec:07:14:7e:c0:b2:44:9b:8a:42:7a:ac:94:
         b0:b5:c8:33:e5:86:90:ac:20:89:87:9a:d9:3f:4a:84:a2:9a:
         b1:6a:7a:19:9b:89:79:64:34:15:55:37:dd:70:ec:8e:fa:2e:
         c7:96:5f:2d:7a:1c:2f:0e:be:73:fe:64:d3:33:8b:e9:82:6c:
         f9:10:75:b5:23:cf:35:72:10:c4:7c:4e:ab:1b:6a:44:41:ac:
         93:3b:be:0f:b2:aa:77:07:bd:60:ee:7c:6d:fc:74:1e:fe:46:
         26:d0:04:7d:bd:71:b0:dc:48:47:02:18:b2:27:e0:29:68:41:
         7b:65:f4:e3:c8:b6:22:5d:63:6b:40:6b:1d:5c:09:ec:57:92:
         72:14:7f:1a:d0:05:22:b1:18:5f:bd:85:f6:dc:8e:0f:46:17:
         f5:e0:9a:8a:0c:d6:fa:51:30:7e:fe:30:7b:b6:4f:96:50:03:
         51:4f:7d:3e:46:92:ca:85:c4:bb:9a:b6:2e:fc:2d:18:c9:37:
         2a:54:38:ee:34:e2:ab:42:6d:02:1f:41:5b:7b:88:09:18:e7:
         51:b4:df:ed:cf:2b:fc:70:a0:93:5f:56:c3:a2:4e:7e:2d:66:
         04:97:56:a5:58:7b:1b:85:42:3b:23:0a:e1:a1:51:a7:57:dd:
         cb:89:c1:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9WxV+4NjZv7dnLYXwxumpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMmU4MGExNDFjOTc0ZjZkYThmNDAyNzQzMzhmZGFjZWU0
MmE3NzAwHhcNMjYwMTAyMDYxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGM1ZTIxNDgyYTA4NzdmODgwNDY5MGIzZTM2ZWUyNzAwNTdhMTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAI8g1feN+qE0cpvM8VI/XGjoIHM
iWWd6XS3l/vYHA1SD9PoC4J/8Ow7PdaYXnENAQUC3lkvx9gPk/vRew4gvv1vHiUc
vwbaHVaNqDXwXdfxwWahKA0dOnTr5ITJTRABGD0Lgtt4grKa2c0FXvZVwHOV3F9U
fy03tlVtO30aDo9nqgl6GFlgA/DJCCS1VzuBPQWvlBa8MLo/hWCWFMQFA6EPqoJJ
u1NyFPLXOCbN2R2sm+TtS1pH+pcBlFAYgdzqPbibp8pk2lSKUdKwDNP6D+6reFET
gV5W/GINzAgUBgMpUVsjsxz18pTk5WaY+ZZogt61wpQQ+CxCrLP87CoArwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKjF4hSCoId/iARpCz427icAV6EQMB8GA1UdIwQY
MBaAFJsugKFByXT22o9AJ0M4/azuQqdwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXk2QW9VSEpkUGJhajBBblF6ajlyTzVDcDNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9mYWFiYmMtODFiYS00OTc3LTg5MjMt
Y2M5M2IxMDUwZGU3LzEvcU1YaUZJS2doMy1JQkdrTFBqYnVKd0JYb1JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9mYWFiYmMtODFiYS00OTc3LTg5MjMtY2M5M2IxMDUwZGU3
LzEvbXk2QW9VSEpkUGJhajBBblF6ajlyTzVDcDNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzxCMA0G
CSqGSIb3DQEBCwUAA4IBAQAzxbIq1+wHFH7AskSbikJ6rJSwtcgz5YaQrCCJh5rZ
P0qEopqxanoZm4l5ZDQVVTfdcOyO+i7Hll8tehwvDr5z/mTTM4vpgmz5EHW1I881
chDEfE6rG2pEQayTO74Psqp3B71g7nxt/HQe/kYm0AR9vXGw3EhHAhiyJ+ApaEF7
ZfTjyLYiXWNrQGsdXAnsV5JyFH8a0AUisRhfvYX23I4PRhf14JqKDNb6UTB+/jB7
tk+WUANRT30+RpLKhcS7mrYu/C0YyTcqVDjuNOKrQm0CH0Fbe4gJGOdRtN/tzyv8
cKCTX1bDok5+LWYEl1alWHsbhUI7IwrhoVGnV93LicEG
-----END CERTIFICATE-----