This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/Qfk4KZDN_NVec0Fh5jidYk7fEsM.roa
File:                     Qfk4KZDN_NVec0Fh5jidYk7fEsM.roa (raw, json)
Hash identifier:          WIiLwWhQcJYVRWRpVwBUqqxiCRvroZi4xvJ2AYsOSJo=
Subject key identifier:   41:F9:38:29:90:CD:FC:D5:5E:73:41:61:E6:38:9D:62:4E:DF:12:C3
Certificate issuer:       /CN=e58024b729d99f05133ec6d14390c73eb36db99e
Certificate serial:       019B7EA6A5B8C67754D014D5288C4C90ABFC
Authority key identifier: E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/Qfk4KZDN_NVec0Fh5jidYk7fEsM.roa
Signing time:             Fri 02 Jan 2026 12:20:09 +0000
ROA not before:           Fri 02 Jan 2026 12:20:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44066
IP address blocks:        80.91.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:a5:b8:c6:77:54:d0:14:d5:28:8c:4c:90:ab:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e58024b729d99f05133ec6d14390c73eb36db99e
        Validity
            Not Before: Jan  2 12:20:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=41f9382990cdfcd55e734161e6389d624edf12c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:56:92:59:fc:c8:21:eb:b5:99:84:ca:ab:14:
                    a6:ff:7b:b4:bc:3a:4a:9e:ea:d2:44:bc:66:04:dd:
                    c0:27:ed:6e:2c:09:ff:82:bd:8c:d9:9b:46:25:71:
                    41:48:5c:ea:99:68:38:d8:92:0d:de:1f:55:a3:7d:
                    71:c9:8f:31:96:16:25:b2:3d:cd:54:db:96:72:c0:
                    51:f7:2d:b7:de:9f:16:79:86:b1:6a:e0:50:27:eb:
                    8e:16:88:b3:6c:1d:1d:78:7f:bc:60:79:8e:36:95:
                    8b:3a:53:77:26:e3:29:98:9b:0e:d8:1c:45:e1:67:
                    ee:fe:a3:ac:43:b2:d5:22:a2:80:3e:17:79:ac:3d:
                    62:a5:5d:1e:f0:55:82:f6:5b:f4:97:07:46:bf:77:
                    7d:65:60:f7:26:d3:0e:65:b3:d0:1d:27:bc:b2:a9:
                    6d:18:44:2b:2a:bc:bd:df:dc:c9:3f:25:11:b6:80:
                    b4:ff:de:b5:92:ca:fd:d4:a8:4b:39:63:d3:36:a0:
                    5d:e2:bb:a0:e3:97:c4:20:1f:4e:8f:18:08:1b:f7:
                    38:d4:1a:42:39:2e:8f:54:84:ce:4d:ca:40:c3:39:
                    bf:36:1a:7e:62:ca:91:9d:fe:d9:bb:a4:09:9c:6e:
                    98:f4:60:fd:fe:e7:f8:0a:27:58:05:39:e5:32:fc:
                    81:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:F9:38:29:90:CD:FC:D5:5E:73:41:61:E6:38:9D:62:4E:DF:12:C3
            X509v3 Authority Key Identifier:
                keyid:E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/Qfk4KZDN_NVec0Fh5jidYk7fEsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.91.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:28:b0:ec:cd:1e:6d:ff:70:d3:68:1a:3a:7a:04:d3:0d:83:
         30:7a:86:4c:91:64:06:bb:c3:b1:b6:a7:06:27:d6:fa:8c:ac:
         8b:1f:59:2e:f4:67:8e:5c:a2:45:42:64:06:da:95:b8:bd:17:
         5b:5f:60:ea:2e:5d:68:e9:49:e4:fb:88:ab:38:da:bf:50:64:
         cf:32:8a:ab:b9:9b:44:a0:fd:b3:21:4f:07:9e:2e:ec:73:37:
         1d:5e:00:22:d7:7c:79:fd:94:64:9d:62:7c:38:54:01:bb:68:
         7a:5a:95:b0:f1:8d:86:7e:bb:a0:f8:31:c3:c1:ee:bd:32:ee:
         36:ea:d0:56:41:fe:53:c3:94:72:e5:76:4c:55:28:f5:5c:3e:
         b9:66:36:ec:43:cb:90:8f:4c:8a:8e:bd:60:0f:93:ce:5d:ab:
         ad:91:7a:ff:d4:e3:f7:de:47:b5:02:ac:2d:04:2c:f3:5d:74:
         75:3a:08:38:b9:57:91:1a:0e:38:18:ce:4c:6e:c3:0d:5b:2b:
         31:2e:c1:50:94:d2:c8:a3:c8:e3:22:0d:de:d1:e7:39:8a:c1:
         93:70:f3:58:81:33:11:86:ed:ef:d7:6a:c9:5d:97:84:db:e0:
         74:5e:1b:32:5c:a1:25:ad:e4:ae:8a:b1:54:3f:21:0e:e6:a2:
         93:ec:1c:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pqW4xndU0BTVKIxMkKv8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODAyNGI3MjlkOTlmMDUxMzNlYzZkMTQzOTBjNzNlYjM2
ZGI5OWUwHhcNMjYwMTAyMTIyMDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWY5MzgyOTkwY2RmY2Q1NWU3MzQxNjFlNjM4OWQ2MjRlZGYxMmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1aSWfzIIeu1mYTKqxSm/3u0vDpK
nurSRLxmBN3AJ+1uLAn/gr2M2ZtGJXFBSFzqmWg42JIN3h9Vo31xyY8xlhYlsj3N
VNuWcsBR9y233p8WeYaxauBQJ+uOFoizbB0deH+8YHmONpWLOlN3JuMpmJsO2BxF
4Wfu/qOsQ7LVIqKAPhd5rD1ipV0e8FWC9lv0lwdGv3d9ZWD3JtMOZbPQHSe8sqlt
GEQrKry939zJPyURtoC0/961ksr91KhLOWPTNqBd4rug45fEIB9OjxgIG/c41BpC
OS6PVITOTcpAwzm/Nhp+YsqRnf7Zu6QJnG6Y9GD9/uf4CidYBTnlMvyBPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEH5OCmQzfzVXnNBYeY4nWJO3xLDMB8GA1UdIwQY
MBaAFOWAJLcp2Z8FEz7G0UOQxz6zbbmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQt
OTU2ZjZiNWM2MTcwLzEvUWZrNEtaRE5fTlZlYzBGaDVqaWRZazdmRXNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQtOTU2ZjZiNWM2MTcw
LzEvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFtPMA0G
CSqGSIb3DQEBCwUAA4IBAQAEKLDszR5t/3DTaBo6egTTDYMweoZMkWQGu8OxtqcG
J9b6jKyLH1ku9GeOXKJFQmQG2pW4vRdbX2DqLl1o6Unk+4irONq/UGTPMoqruZtE
oP2zIU8Hni7sczcdXgAi13x5/ZRknWJ8OFQBu2h6WpWw8Y2Gfrug+DHDwe69Mu42
6tBWQf5Tw5Ry5XZMVSj1XD65ZjbsQ8uQj0yKjr1gD5POXautkXr/1OP33ke1Aqwt
BCzzXXR1Ogg4uVeRGg44GM5MbsMNWysxLsFQlNLIo8jjIg3e0ec5isGTcPNYgTMR
hu3v12rJXZeE2+B0XhsyXKElreSuirFUPyEO5qKT7BwF
-----END CERTIFICATE-----