This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/Q5hBIAC80rWhtA_8CzVtBAVulvY.roa
File:                     Q5hBIAC80rWhtA_8CzVtBAVulvY.roa (raw, json)
Hash identifier:          CAIgKWFu2/XhZrnBAAEGA0tyO1uyykaD5mMmMcJeUU0=
Subject key identifier:   43:98:41:20:00:BC:D2:B5:A1:B4:0F:FC:0B:35:6D:04:05:6E:96:F6
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       019B79102C126DF19BD5B561848D4B3FC3D3
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/Q5hBIAC80rWhtA_8CzVtBAVulvY.roa
Signing time:             Thu 01 Jan 2026 10:17:41 +0000
ROA not before:           Thu 01 Jan 2026 10:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        80.246.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 18 Jan 2026 23:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:2c:12:6d:f1:9b:d5:b5:61:84:8d:4b:3f:c3:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Jan  1 10:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4398412000bcd2b5a1b40ffc0b356d04056e96f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:0a:4d:97:4c:59:2d:52:72:37:06:a8:7d:63:
                    f3:06:ce:84:d9:a6:35:ea:d6:be:7d:79:2d:db:64:
                    59:dc:88:b0:38:92:44:83:03:91:ad:b5:93:12:ff:
                    4f:4e:ab:f6:f8:10:a3:df:74:9a:14:99:e4:f4:b6:
                    b1:ed:d3:0f:dc:00:46:3d:82:3d:ca:9b:c0:b6:94:
                    64:94:d0:3f:23:5a:cb:ab:a3:b6:ae:25:f4:5d:9b:
                    06:fb:54:1b:2a:49:97:48:20:f7:72:79:42:6c:db:
                    cf:10:d6:16:a4:74:45:61:0d:00:b9:e2:00:f5:82:
                    0c:38:ba:98:7f:9b:10:df:8b:d4:92:9f:c7:02:63:
                    a4:3c:e3:84:fe:7c:53:fd:52:62:9d:e6:77:fd:eb:
                    a7:7f:f6:8d:9d:0a:50:fa:d0:d0:dc:53:c3:5b:84:
                    2e:f0:6f:b9:7c:c5:0d:80:70:0e:67:bb:b5:29:60:
                    2c:73:b3:b1:62:08:cb:de:7a:24:46:de:66:9f:cc:
                    43:e9:8f:10:49:45:90:72:89:0c:bc:2f:26:51:58:
                    ee:0e:36:64:f5:30:a3:99:07:1a:09:be:6c:36:b0:
                    50:f6:d9:34:9c:a4:89:a3:42:ef:30:4f:1b:24:8a:
                    bb:88:ac:78:67:40:4d:ba:f2:92:c7:61:80:ba:b4:
                    a1:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:98:41:20:00:BC:D2:B5:A1:B4:0F:FC:0B:35:6D:04:05:6E:96:F6
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/Q5hBIAC80rWhtA_8CzVtBAVulvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:a2:e7:22:db:4e:b0:2b:15:65:4f:09:28:8a:d6:46:cf:b6:
         9f:7b:41:b3:80:b2:e7:a3:d8:cd:84:0e:4b:6c:58:09:e5:b9:
         85:08:6c:43:3a:0a:08:12:22:cb:ad:34:44:29:08:b5:17:8c:
         d9:e0:7a:b9:53:d0:3b:c8:4e:fa:d2:22:7f:09:8b:50:cd:ae:
         5e:27:83:12:6e:04:86:e1:e8:b7:65:51:2c:7a:a2:1a:bc:f6:
         96:30:ec:63:97:7d:a6:20:e8:18:9f:b6:19:d6:a5:45:7a:6f:
         84:84:9d:8e:da:06:b5:db:58:b7:9e:fe:a4:ff:90:b4:74:16:
         6a:0a:3f:db:8e:c8:d8:fe:c5:d4:7f:2b:93:06:a9:e3:89:fb:
         18:16:e5:db:19:1d:c1:ba:7b:29:7a:4b:de:d7:af:91:4b:34:
         81:a6:68:bb:dc:6c:25:b6:cf:a3:c3:e9:23:14:63:5a:f9:fb:
         f0:29:f1:c4:b0:99:67:73:db:86:5b:3e:c1:96:06:34:81:2e:
         14:51:da:60:0b:06:a8:30:e1:2e:f2:e3:42:5c:20:38:f3:87:
         8c:36:3b:1f:16:21:14:bd:b4:e1:8f:df:fa:de:6b:46:9e:d9:
         a0:45:fa:b2:89:db:5b:75:de:e1:8a:c0:90:7b:9b:81:1d:3f:
         00:38:34:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ECwSbfGb1bVhhI1LP8PTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjYwMTAxMTAxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mzk4NDEyMDAwYmNkMmI1YTFiNDBmZmMwYjM1NmQwNDA1NmU5NmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwpNl0xZLVJyNwaofWPzBs6E2aY1
6ta+fXkt22RZ3IiwOJJEgwORrbWTEv9PTqv2+BCj33SaFJnk9Lax7dMP3ABGPYI9
ypvAtpRklNA/I1rLq6O2riX0XZsG+1QbKkmXSCD3cnlCbNvPENYWpHRFYQ0AueIA
9YIMOLqYf5sQ34vUkp/HAmOkPOOE/nxT/VJineZ3/eunf/aNnQpQ+tDQ3FPDW4Qu
8G+5fMUNgHAOZ7u1KWAsc7OxYgjL3nokRt5mn8xD6Y8QSUWQcokMvC8mUVjuDjZk
9TCjmQcaCb5sNrBQ9tk0nKSJo0LvME8bJIq7iKx4Z0BNuvKSx2GAurShbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOYQSAAvNK1obQP/As1bQQFbpb2MB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvUTVoQklBQzgwcldodEFfOEN6VnRCQVZ1bHZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPbnMA0G
CSqGSIb3DQEBCwUAA4IBAQB9ouci206wKxVlTwkoitZGz7afe0GzgLLno9jNhA5L
bFgJ5bmFCGxDOgoIEiLLrTREKQi1F4zZ4Hq5U9A7yE760iJ/CYtQza5eJ4MSbgSG
4ei3ZVEseqIavPaWMOxjl32mIOgYn7YZ1qVFem+EhJ2O2ga121i3nv6k/5C0dBZq
Cj/bjsjY/sXUfyuTBqnjifsYFuXbGR3Bunspekve16+RSzSBpmi73Gwlts+jw+kj
FGNa+fvwKfHEsJlnc9uGWz7BlgY0gS4UUdpgCwaoMOEu8uNCXCA484eMNjsfFiEU
vbThj9/63mtGntmgRfqyidtbdd7hisCQe5uBHT8AODSr
-----END CERTIFICATE-----