This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/QFky0ZeRVz1mIK93EdnGv80eb8w.roa
File:                     QFky0ZeRVz1mIK93EdnGv80eb8w.roa (raw, json)
Hash identifier:          ttSqeRg0Oh760M9mFoCd2c3NjrYnEPnzUvBCNEnAqoY=
Subject key identifier:   40:59:32:D1:97:91:57:3D:66:20:AF:77:11:D9:C6:BF:CD:1E:6F:CC
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019B7C136BBA0D532977859B901CC3E0E94E
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/QFky0ZeRVz1mIK93EdnGv80eb8w.roa
Signing time:             Fri 02 Jan 2026 00:20:06 +0000
ROA not before:           Fri 02 Jan 2026 00:20:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40676
IP address blocks:        185.230.54.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 19:40:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:6b:ba:0d:53:29:77:85:9b:90:1c:c3:e0:e9:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 00:20:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=405932d19791573d6620af7711d9c6bfcd1e6fcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:6f:e0:2a:28:85:3b:ee:8e:c4:32:f1:6e:91:
                    68:42:a7:c8:0a:77:86:e8:50:b4:05:32:08:43:a1:
                    da:61:b0:f8:d3:8d:e8:ed:33:58:fc:83:fa:08:ba:
                    00:fe:f4:b5:60:f5:df:ca:6c:5f:e7:75:1e:f2:9c:
                    e0:8c:1f:b8:9a:69:99:47:98:61:cf:dd:fe:a3:32:
                    ba:56:e6:e8:05:2f:aa:e8:67:04:ec:42:95:78:31:
                    6a:ed:aa:23:d8:1f:76:7f:b4:fb:55:f1:b7:df:f1:
                    bd:fa:77:51:80:e7:30:30:27:73:49:84:3c:1b:a9:
                    22:16:f8:04:28:dc:19:2e:e6:eb:54:d1:a0:9a:d0:
                    f8:e5:03:c8:7d:54:d3:6a:34:0c:3b:99:79:e4:b0:
                    bc:73:cf:23:9e:20:6c:5b:7a:97:ca:1b:ad:a8:75:
                    82:6e:ca:41:d7:c3:e8:90:a9:bd:1e:b6:7f:44:ad:
                    9e:7b:4d:b0:15:08:d2:1a:54:5d:05:dd:22:a5:68:
                    dd:a7:62:d6:9c:00:03:24:f0:3b:42:64:29:40:ff:
                    80:31:03:6e:c2:44:c2:30:f5:e3:23:86:9d:fb:e2:
                    66:88:dd:16:f2:c0:47:49:dd:b6:10:ac:31:97:2d:
                    c2:f8:3b:86:27:e6:6b:24:0e:18:08:1b:a0:d4:ef:
                    61:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:59:32:D1:97:91:57:3D:66:20:AF:77:11:D9:C6:BF:CD:1E:6F:CC
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/QFky0ZeRVz1mIK93EdnGv80eb8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:78:0f:2d:00:06:e7:16:53:e5:8a:3d:04:62:ab:1c:71:b8:
         71:ab:a7:e6:37:0a:30:f0:96:be:d1:3f:b0:16:dc:7c:95:51:
         98:45:85:53:85:e5:97:5c:c5:8b:4b:a6:21:df:48:e4:ca:2f:
         25:30:d2:65:58:2d:cd:5b:11:15:12:b9:2b:5f:02:6c:7a:98:
         92:ba:48:ae:9e:77:54:ef:7e:5f:ea:a9:60:44:16:e3:f7:59:
         7c:64:af:ed:67:ed:7e:ff:6e:ba:de:0e:8c:dc:cf:73:ee:1d:
         69:8b:71:49:2e:27:4b:a6:8d:cd:15:f0:ee:77:45:c6:45:54:
         6b:7b:f1:58:da:55:7a:be:ad:6e:47:04:0a:6d:6e:6f:7e:cb:
         9c:0f:72:1d:78:7c:6e:03:34:bd:46:cd:91:48:4d:ea:5a:94:
         93:52:4b:41:5e:ee:d8:de:db:b5:03:5a:37:26:af:d4:62:d8:
         d2:84:9a:3d:c9:18:df:5b:6b:ed:a1:b3:81:cb:d3:ce:2a:3c:
         79:aa:70:e6:f2:41:e0:41:77:a8:5f:4b:db:64:6f:c7:97:29:
         de:ed:52:bc:ab:e8:9b:33:ef:2f:32:9d:12:98:98:e5:78:79:
         17:25:99:9d:ce:9f:cf:9d:63:2a:cd:de:f3:91:15:b4:f8:74:
         d5:1c:58:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8E2u6DVMpd4WbkBzD4OlOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjYwMTAyMDAyMDA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDU5MzJkMTk3OTE1NzNkNjYyMGFmNzcxMWQ5YzZiZmNkMWU2ZmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsm/gKiiFO+6OxDLxbpFoQqfICneG
6FC0BTIIQ6HaYbD4043o7TNY/IP6CLoA/vS1YPXfymxf53Ue8pzgjB+4mmmZR5hh
z93+ozK6VuboBS+q6GcE7EKVeDFq7aoj2B92f7T7VfG33/G9+ndRgOcwMCdzSYQ8
G6kiFvgEKNwZLubrVNGgmtD45QPIfVTTajQMO5l55LC8c88jniBsW3qXyhutqHWC
bspB18PokKm9HrZ/RK2ee02wFQjSGlRdBd0ipWjdp2LWnAADJPA7QmQpQP+AMQNu
wkTCMPXjI4ad++JmiN0W8sBHSd22EKwxly3C+DuGJ+ZrJA4YCBug1O9hCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEBZMtGXkVc9ZiCvdxHZxr/NHm/MMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvUUZreTBaZVJWejFtSUs5M0Vkbkd2ODBlYjh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBueY2MA0G
CSqGSIb3DQEBCwUAA4IBAQA/eA8tAAbnFlPlij0EYqsccbhxq6fmNwow8Ja+0T+w
Ftx8lVGYRYVTheWXXMWLS6Yh30jkyi8lMNJlWC3NWxEVErkrXwJsepiSukiunndU
735f6qlgRBbj91l8ZK/tZ+1+/2663g6M3M9z7h1pi3FJLidLpo3NFfDud0XGRVRr
e/FY2lV6vq1uRwQKbW5vfsucD3IdeHxuAzS9Rs2RSE3qWpSTUktBXu7Y3tu1A1o3
Jq/UYtjShJo9yRjfW2vtobOBy9POKjx5qnDm8kHgQXeoX0vbZG/Hlyne7VK8q+ib
M+8vMp0SmJjleHkXJZmdzp/PnWMqzd7zkRW0+HTVHFjW
-----END CERTIFICATE-----