This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/QVPA9s4tMBXLDCjD1TGmG3LpMQ0.roa
File:                     QVPA9s4tMBXLDCjD1TGmG3LpMQ0.roa (raw, json)
Hash identifier:          cGmcjeeQyG7f4OMZt/MKW/jCa9uPzECH8kzxaZlj2k4=
Subject key identifier:   41:53:C0:F6:CE:2D:30:15:CB:0C:28:C3:D5:31:A6:1B:72:E9:31:0D
Certificate issuer:       /CN=bc635876af1c7ef82411b404a70d88b7916509f6
Certificate serial:       019B79104F10F8984A12811C44DA4A2BAE44
Authority key identifier: BC:63:58:76:AF:1C:7E:F8:24:11:B4:04:A7:0D:88:B7:91:65:09:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vGNYdq8cfvgkEbQEpw2It5FlCfY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/QVPA9s4tMBXLDCjD1TGmG3LpMQ0.roa
Signing time:             Thu 01 Jan 2026 10:17:50 +0000
ROA not before:           Thu 01 Jan 2026 10:17:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207388
IP address blocks:        91.237.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/vGNYdq8cfvgkEbQEpw2It5FlCfY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/vGNYdq8cfvgkEbQEpw2It5FlCfY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vGNYdq8cfvgkEbQEpw2It5FlCfY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:4f:10:f8:98:4a:12:81:1c:44:da:4a:2b:ae:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc635876af1c7ef82411b404a70d88b7916509f6
        Validity
            Not Before: Jan  1 10:17:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4153c0f6ce2d3015cb0c28c3d531a61b72e9310d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:69:0b:35:a6:44:38:bf:1b:d4:a4:bd:80:ce:
                    9b:98:68:92:2c:9f:b1:e8:9c:b1:b1:2b:a3:fe:b1:
                    51:1e:fa:45:78:1a:7c:8a:b3:24:4f:c1:b0:67:95:
                    98:6b:2e:de:41:04:62:03:15:4b:b8:c6:59:ca:9a:
                    d0:f1:c9:9d:b4:5d:dc:d2:c2:ee:de:b8:45:0b:1d:
                    47:7b:c6:f6:22:96:03:2e:be:20:a1:f5:b1:37:61:
                    2f:3c:9c:d3:c8:82:6b:49:ba:a9:ef:d3:3a:db:61:
                    d5:fb:fa:8b:db:ba:30:29:bb:07:66:b1:8f:90:5e:
                    f7:ab:e4:49:02:8e:2f:63:39:ac:81:53:16:a9:7a:
                    7d:5d:bd:da:59:29:5a:ee:86:b2:b7:8b:d4:dd:52:
                    f2:e0:ca:e4:6a:36:26:47:9a:28:2c:38:b9:e7:f2:
                    b5:94:d2:53:d7:78:62:ea:38:dd:c3:37:8e:03:7c:
                    61:df:a9:c2:f1:0f:37:d4:41:b5:1e:eb:62:65:0a:
                    16:4b:78:d2:32:e4:08:17:21:87:93:4c:41:8a:89:
                    b2:7d:22:19:2b:44:fc:8c:fb:e3:aa:77:f7:4c:15:
                    5e:c3:48:6d:fd:54:31:7a:c7:86:59:0b:95:b5:d1:
                    ca:4f:77:d5:7c:68:fd:95:00:cd:86:9f:e9:fe:25:
                    06:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:53:C0:F6:CE:2D:30:15:CB:0C:28:C3:D5:31:A6:1B:72:E9:31:0D
            X509v3 Authority Key Identifier:
                keyid:BC:63:58:76:AF:1C:7E:F8:24:11:B4:04:A7:0D:88:B7:91:65:09:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vGNYdq8cfvgkEbQEpw2It5FlCfY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/QVPA9s4tMBXLDCjD1TGmG3LpMQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/3ad43e-a4db-4465-82b5-ffae20700e93/1/vGNYdq8cfvgkEbQEpw2It5FlCfY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:d7:0e:fc:de:72:3d:c8:90:1f:f2:73:31:df:f4:88:28:02:
         ad:d0:1c:2f:89:fa:37:ab:ae:55:36:cb:d6:65:a8:f6:23:47:
         86:3b:63:0d:c5:95:cf:d8:71:b1:19:01:77:e7:d0:b3:ff:cd:
         cb:b5:25:e9:c2:82:ea:8f:1e:32:ad:a3:9b:9b:41:72:4d:8a:
         08:53:15:7a:01:a0:e3:30:c8:f2:5b:6b:1c:1a:82:c1:a9:11:
         21:1e:de:d8:00:30:f3:e0:84:51:aa:8b:dc:d8:b9:b8:02:6f:
         95:50:e8:6a:00:a9:a0:9a:90:7e:20:45:85:51:5e:bd:53:59:
         2a:e5:b0:85:a1:10:8a:3d:ef:67:0d:95:99:a5:0d:00:db:94:
         76:60:94:65:14:b3:81:64:36:a2:47:c5:70:86:a2:d9:d5:72:
         97:13:31:68:85:38:4d:e6:15:51:47:0c:a6:a4:ed:a5:c5:ab:
         d8:d7:5a:7a:4b:eb:c7:68:58:5d:9c:1a:9e:58:e3:5f:2a:dd:
         71:e8:91:78:6d:46:fe:c2:10:96:92:7f:47:b7:23:d9:84:a0:
         3e:e5:00:b4:c7:b7:91:a0:e0:16:50:82:72:34:ba:96:b6:e7:
         fa:60:86:aa:27:f0:68:26:5b:91:4b:b4:e6:38:20:a1:04:43:
         21:63:3c:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EE8Q+JhKEoEcRNpKK65EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNjM1ODc2YWYxYzdlZjgyNDExYjQwNGE3MGQ4OGI3OTE2
NTA5ZjYwHhcNMjYwMTAxMTAxNzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTUzYzBmNmNlMmQzMDE1Y2IwYzI4YzNkNTMxYTYxYjcyZTkzMTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+GkLNaZEOL8b1KS9gM6bmGiSLJ+x
6JyxsSuj/rFRHvpFeBp8irMkT8GwZ5WYay7eQQRiAxVLuMZZyprQ8cmdtF3c0sLu
3rhFCx1He8b2IpYDLr4gofWxN2EvPJzTyIJrSbqp79M622HV+/qL27owKbsHZrGP
kF73q+RJAo4vYzmsgVMWqXp9Xb3aWSla7oayt4vU3VLy4MrkajYmR5ooLDi55/K1
lNJT13hi6jjdwzeOA3xh36nC8Q831EG1HutiZQoWS3jSMuQIFyGHk0xBiomyfSIZ
K0T8jPvjqnf3TBVew0ht/VQxeseGWQuVtdHKT3fVfGj9lQDNhp/p/iUGQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFTwPbOLTAVywwow9Uxphty6TENMB8GA1UdIwQY
MBaAFLxjWHavHH74JBG0BKcNiLeRZQn2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkdOWWRxOGNmdmdrRWJRRXB3Mkl0NUZsQ2ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8zYWQ0M2UtYTRkYi00NDY1LTgyYjUt
ZmZhZTIwNzAwZTkzLzEvUVZQQTlzNHRNQlhMRENqRDFUR21HM0xwTVEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8zYWQ0M2UtYTRkYi00NDY1LTgyYjUtZmZhZTIwNzAwZTkz
LzEvdkdOWWRxOGNmdmdrRWJRRXB3Mkl0NUZsQ2ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+2PMA0G
CSqGSIb3DQEBCwUAA4IBAQA+1w783nI9yJAf8nMx3/SIKAKt0Bwvifo3q65VNsvW
Zaj2I0eGO2MNxZXP2HGxGQF359Cz/83LtSXpwoLqjx4yraObm0FyTYoIUxV6AaDj
MMjyW2scGoLBqREhHt7YADDz4IRRqovc2Lm4Am+VUOhqAKmgmpB+IEWFUV69U1kq
5bCFoRCKPe9nDZWZpQ0A25R2YJRlFLOBZDaiR8VwhqLZ1XKXEzFohThN5hVRRwym
pO2lxavY11p6S+vHaFhdnBqeWONfKt1x6JF4bUb+whCWkn9HtyPZhKA+5QC0x7eR
oOAWUIJyNLqWtuf6YIaqJ/BoJluRS7TmOCChBEMhYzxe
-----END CERTIFICATE-----