This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/1df764-2b83-4343-9102-47a9f96ca586/1/QlZ3EwceRly-CQVyh76fsical88.roa
File:                     QlZ3EwceRly-CQVyh76fsical88.roa (raw, json)
Hash identifier:          GhqviNkjdeBBcrA1tzvOBRebTTX9kM0EqFFhCTAnsnQ=
Subject key identifier:   42:56:77:13:07:1E:46:5C:BE:09:05:72:87:BE:9F:B2:27:1A:97:CF
Certificate issuer:       /CN=5d656b2013e851516b942fa90706c72090dcddef
Certificate serial:       019B7EA500F0DCEB1697B16F4B588EDDC9E0
Authority key identifier: 5D:65:6B:20:13:E8:51:51:6B:94:2F:A9:07:06:C7:20:90:DC:DD:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XWVrIBPoUVFrlC-pBwbHIJDc3e8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/1df764-2b83-4343-9102-47a9f96ca586/1/QlZ3EwceRly-CQVyh76fsical88.roa
Signing time:             Fri 02 Jan 2026 12:18:21 +0000
ROA not before:           Fri 02 Jan 2026 12:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206347
IP address blocks:        194.49.12.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/1df764-2b83-4343-9102-47a9f96ca586/1/XWVrIBPoUVFrlC-pBwbHIJDc3e8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/1df764-2b83-4343-9102-47a9f96ca586/1/XWVrIBPoUVFrlC-pBwbHIJDc3e8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XWVrIBPoUVFrlC-pBwbHIJDc3e8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:00:f0:dc:eb:16:97:b1:6f:4b:58:8e:dd:c9:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d656b2013e851516b942fa90706c72090dcddef
        Validity
            Not Before: Jan  2 12:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=42567713071e465cbe09057287be9fb2271a97cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:8a:f5:37:50:9a:b3:d9:3d:df:bf:1d:d5:21:
                    6e:93:b5:0b:e8:48:d2:64:d4:61:7a:54:b0:8c:5f:
                    5c:82:a0:d8:f8:c7:f5:48:dd:33:fe:a1:87:f7:e5:
                    fb:38:62:f4:be:39:90:b7:53:43:ea:18:19:07:b9:
                    2e:74:47:e7:83:82:8c:27:4a:ad:1b:cc:42:19:cd:
                    94:47:f2:bb:9d:dc:00:99:3b:2b:e6:eb:be:4d:62:
                    80:ae:a9:28:c2:79:92:a1:5a:39:71:d8:c6:33:b3:
                    58:3f:ae:47:f1:ca:a1:05:3b:af:13:db:a4:ee:e8:
                    f0:c2:3c:a8:36:32:ff:d1:28:39:e0:dd:24:74:f6:
                    fc:2d:f5:18:37:08:80:ec:d3:0f:46:58:e4:a4:8f:
                    2c:c3:26:9d:c3:4b:b4:07:12:bc:69:15:b6:cb:95:
                    62:a7:22:01:0c:ed:3b:78:56:a0:9a:e6:da:36:af:
                    26:d1:a5:e1:1d:93:4f:c5:3f:f5:da:e0:31:0d:10:
                    25:f0:53:c5:43:51:f3:f9:cb:d2:c8:ad:17:75:1a:
                    7d:8f:10:e7:ab:2f:3b:c0:af:32:e3:e3:a2:0f:06:
                    8b:9d:09:f6:7b:10:f3:d4:6c:e7:f7:d5:20:f0:61:
                    a8:19:f4:e2:1f:2f:02:5d:8f:41:ab:9d:09:aa:64:
                    c2:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:56:77:13:07:1E:46:5C:BE:09:05:72:87:BE:9F:B2:27:1A:97:CF
            X509v3 Authority Key Identifier:
                keyid:5D:65:6B:20:13:E8:51:51:6B:94:2F:A9:07:06:C7:20:90:DC:DD:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XWVrIBPoUVFrlC-pBwbHIJDc3e8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/1df764-2b83-4343-9102-47a9f96ca586/1/QlZ3EwceRly-CQVyh76fsical88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/1df764-2b83-4343-9102-47a9f96ca586/1/XWVrIBPoUVFrlC-pBwbHIJDc3e8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.49.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:4c:bc:b7:33:05:52:09:94:f2:e2:70:a8:75:f1:f0:ec:18:
         6d:61:af:f0:d6:b9:25:7d:05:32:e0:9f:16:80:35:7a:e9:53:
         21:1f:a6:24:19:b3:34:eb:fd:04:a3:10:a1:3c:13:c8:54:0c:
         94:c2:a1:b9:c1:6d:cc:2c:58:2a:e8:bc:de:c3:d7:dc:05:ea:
         ad:b9:40:da:df:a4:35:74:48:8a:26:d0:25:ff:dc:f0:7d:07:
         c7:b1:a1:3c:cb:0a:a8:c2:fd:ed:a6:c5:73:97:d4:a2:e5:66:
         7e:de:44:86:a6:6d:27:35:29:73:f5:00:53:e0:9d:c2:21:2a:
         aa:e9:6c:97:b3:bd:9e:ae:cb:5b:94:1f:8b:a7:63:55:85:ec:
         41:cb:66:a0:61:55:91:2d:68:76:fb:0d:5e:29:21:fe:60:4a:
         66:a6:eb:65:eb:84:bd:ea:30:55:32:ac:b6:0f:ea:8f:60:35:
         7b:9f:66:fd:a2:71:d7:77:a0:5f:37:3e:93:8e:b5:f0:fe:c4:
         e9:9b:e0:a5:56:22:6d:ea:3a:b2:e5:6a:90:b1:f5:44:8f:b9:
         d1:f5:f4:ea:90:68:7c:4a:7d:36:c0:aa:34:b2:d0:42:af:f1:
         41:e4:8c:83:4f:5e:2d:d0:04:47:38:aa:b0:c4:06:ef:03:41:
         97:00:2b:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pQDw3OsWl7FvS1iO3cngMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkNjU2YjIwMTNlODUxNTE2Yjk0MmZhOTA3MDZjNzIwOTBk
Y2RkZWYwHhcNMjYwMTAyMTIxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjU2NzcxMzA3MWU0NjVjYmUwOTA1NzI4N2JlOWZiMjI3MWE5N2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyor1N1Cas9k9378d1SFuk7UL6EjS
ZNRhelSwjF9cgqDY+Mf1SN0z/qGH9+X7OGL0vjmQt1ND6hgZB7kudEfng4KMJ0qt
G8xCGc2UR/K7ndwAmTsr5uu+TWKArqkownmSoVo5cdjGM7NYP65H8cqhBTuvE9uk
7ujwwjyoNjL/0Sg54N0kdPb8LfUYNwiA7NMPRljkpI8swyadw0u0BxK8aRW2y5Vi
pyIBDO07eFagmubaNq8m0aXhHZNPxT/12uAxDRAl8FPFQ1Hz+cvSyK0XdRp9jxDn
qy87wK8y4+OiDwaLnQn2exDz1Gzn99Ug8GGoGfTiHy8CXY9Bq50JqmTCfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEJWdxMHHkZcvgkFcoe+n7InGpfPMB8GA1UdIwQY
MBaAFF1layAT6FFRa5QvqQcGxyCQ3N3vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFdWcklCUG9VVkZybEMtcEJ3YkhJSkRjM2U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8xZGY3NjQtMmI4My00MzQzLTkxMDIt
NDdhOWY5NmNhNTg2LzEvUWxaM0V3Y2VSbHktQ1FWeWg3NmZzaWNhbDg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8xZGY3NjQtMmI4My00MzQzLTkxMDItNDdhOWY5NmNhNTg2
LzEvWFdWcklCUG9VVkZybEMtcEJ3YkhJSkRjM2U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjEMMA0G
CSqGSIb3DQEBCwUAA4IBAQAqTLy3MwVSCZTy4nCodfHw7BhtYa/w1rklfQUy4J8W
gDV66VMhH6YkGbM06/0EoxChPBPIVAyUwqG5wW3MLFgq6Lzew9fcBeqtuUDa36Q1
dEiKJtAl/9zwfQfHsaE8ywqowv3tpsVzl9Si5WZ+3kSGpm0nNSlz9QBT4J3CISqq
6WyXs72erstblB+Lp2NVhexBy2agYVWRLWh2+w1eKSH+YEpmputl64S96jBVMqy2
D+qPYDV7n2b9onHXd6BfNz6TjrXw/sTpm+ClViJt6jqy5WqQsfVEj7nR9fTqkGh8
Sn02wKo0stBCr/FB5IyDT14t0ARHOKqwxAbvA0GXACvX
-----END CERTIFICATE-----