This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/3f9ad1-6be5-4fa4-9e56-d701dc69863f/1/QcGVhryX4x7bfWIgC0U3JlcZMH0.roa
File:                     QcGVhryX4x7bfWIgC0U3JlcZMH0.roa (raw, json)
Hash identifier:          Bat9oEb0UFv1zJKscTa1DuwM+XuSb3SLfJDIXRZHQRs=
Subject key identifier:   41:C1:95:86:BC:97:E3:1E:DB:7D:62:20:0B:45:37:26:57:19:30:7D
Certificate issuer:       /CN=80fe5698a127964cc0e4ce8e3fdc985e2a25a663
Certificate serial:       019B7D5BFA40DCE034DEBFC1042564AC84BA
Authority key identifier: 80:FE:56:98:A1:27:96:4C:C0:E4:CE:8E:3F:DC:98:5E:2A:25:A6:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gP5WmKEnlkzA5M6OP9yYXiolpmM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/3f9ad1-6be5-4fa4-9e56-d701dc69863f/1/QcGVhryX4x7bfWIgC0U3JlcZMH0.roa
Signing time:             Fri 02 Jan 2026 06:18:58 +0000
ROA not before:           Fri 02 Jan 2026 06:18:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210986
IP address blocks:        88.151.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/3f9ad1-6be5-4fa4-9e56-d701dc69863f/1/gP5WmKEnlkzA5M6OP9yYXiolpmM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/3f9ad1-6be5-4fa4-9e56-d701dc69863f/1/gP5WmKEnlkzA5M6OP9yYXiolpmM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gP5WmKEnlkzA5M6OP9yYXiolpmM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:fa:40:dc:e0:34:de:bf:c1:04:25:64:ac:84:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80fe5698a127964cc0e4ce8e3fdc985e2a25a663
        Validity
            Not Before: Jan  2 06:18:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=41c19586bc97e31edb7d62200b4537265719307d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a2:c0:fb:76:5b:27:da:5b:82:a6:5e:c3:71:
                    5c:93:5f:94:37:a0:7c:38:80:b7:6b:96:71:bf:73:
                    dc:09:a0:e5:20:0a:24:9d:ed:8b:67:d1:07:db:44:
                    f3:60:91:e5:4e:87:b0:a9:e0:5d:cb:33:01:c5:0e:
                    9a:35:a3:d5:e8:21:cc:bc:1b:b4:f7:f5:3e:32:6c:
                    85:72:f0:83:1c:36:14:0f:c3:c8:d0:9d:1d:be:83:
                    e0:04:c0:3f:e9:40:84:b2:9e:c3:5f:bf:d8:ec:ad:
                    8e:39:13:76:a8:fe:ec:6b:c4:86:8d:bd:33:fb:9c:
                    d5:b8:c4:68:de:4b:b3:20:72:b8:e7:b4:ce:cd:bf:
                    55:0d:a4:d6:63:11:35:26:37:22:76:14:2b:34:9e:
                    9c:0e:c6:63:b8:76:69:3b:a3:d7:49:97:48:b2:ea:
                    0f:a9:01:a6:3e:5c:24:61:31:0c:0a:75:62:0f:a1:
                    f3:ae:a3:22:ce:84:1f:c4:b6:89:82:10:4f:ab:97:
                    8d:f2:7c:61:56:6a:34:c7:07:37:31:f6:7b:4a:2b:
                    5e:fb:f6:02:e5:43:ad:07:af:cd:34:06:1f:c7:53:
                    73:e0:d1:bf:08:f2:0c:24:5a:e0:ff:2e:36:88:2c:
                    88:20:90:99:0a:70:b8:c1:71:ce:cc:0e:4e:02:63:
                    c6:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:C1:95:86:BC:97:E3:1E:DB:7D:62:20:0B:45:37:26:57:19:30:7D
            X509v3 Authority Key Identifier:
                keyid:80:FE:56:98:A1:27:96:4C:C0:E4:CE:8E:3F:DC:98:5E:2A:25:A6:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gP5WmKEnlkzA5M6OP9yYXiolpmM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/3f9ad1-6be5-4fa4-9e56-d701dc69863f/1/QcGVhryX4x7bfWIgC0U3JlcZMH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/3f9ad1-6be5-4fa4-9e56-d701dc69863f/1/gP5WmKEnlkzA5M6OP9yYXiolpmM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:5f:6f:02:07:69:c1:1f:e4:a3:48:1d:95:82:82:02:97:ce:
         e3:52:6d:46:d8:fd:ab:72:b8:2d:43:58:30:28:9a:17:41:77:
         e5:9a:b4:83:f1:a6:81:73:c8:37:13:1a:f9:2e:1d:81:8f:6c:
         9f:23:65:da:33:15:79:06:b6:f6:9c:36:39:06:f4:1c:23:a6:
         39:9d:12:1b:f6:7b:67:ae:06:7d:99:d6:40:3d:29:ea:c5:ff:
         77:32:4f:8d:67:59:ac:3f:b8:e8:51:a7:f2:f0:1e:cb:0f:9e:
         b8:3c:2c:ec:83:05:85:46:96:ff:5a:39:47:48:f7:53:f5:25:
         fb:dc:12:1c:ff:77:2a:20:1f:3e:1c:46:2a:ee:51:d5:4b:51:
         80:a4:5d:7e:d0:16:af:90:42:1a:c0:3c:9c:da:f4:4a:f2:97:
         9e:82:dc:7f:b1:e2:52:b2:7d:0a:ad:3a:9d:ea:9c:57:0a:31:
         fb:8c:db:1d:f7:bd:43:d7:b4:fc:87:2a:b1:55:2c:d6:d1:6e:
         a6:b9:57:bb:3a:13:3a:9f:0a:09:7a:4a:3d:8d:04:7b:1c:fb:
         a4:e5:a6:5c:55:8e:37:2b:a5:d9:7d:92:c2:b0:dc:88:63:65:
         d0:14:55:85:c9:2d:2f:2b:fd:a9:e6:55:77:21:8f:8b:51:1c:
         8e:f6:e4:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9W/pA3OA03r/BBCVkrIS6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZmU1Njk4YTEyNzk2NGNjMGU0Y2U4ZTNmZGM5ODVlMmEy
NWE2NjMwHhcNMjYwMTAyMDYxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWMxOTU4NmJjOTdlMzFlZGI3ZDYyMjAwYjQ1MzcyNjU3MTkzMDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKLA+3ZbJ9pbgqZew3Fck1+UN6B8
OIC3a5Zxv3PcCaDlIAokne2LZ9EH20TzYJHlToewqeBdyzMBxQ6aNaPV6CHMvBu0
9/U+MmyFcvCDHDYUD8PI0J0dvoPgBMA/6UCEsp7DX7/Y7K2OORN2qP7sa8SGjb0z
+5zVuMRo3kuzIHK457TOzb9VDaTWYxE1JjcidhQrNJ6cDsZjuHZpO6PXSZdIsuoP
qQGmPlwkYTEMCnViD6HzrqMizoQfxLaJghBPq5eN8nxhVmo0xwc3MfZ7Site+/YC
5UOtB6/NNAYfx1Nz4NG/CPIMJFrg/y42iCyIIJCZCnC4wXHOzA5OAmPGTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHBlYa8l+Me231iIAtFNyZXGTB9MB8GA1UdIwQY
MBaAFID+VpihJ5ZMwOTOjj/cmF4qJaZjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1A1V21LRW5sa3pBNU02T1A5eVlYaW9scG1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8zZjlhZDEtNmJlNS00ZmE0LTllNTYt
ZDcwMWRjNjk4NjNmLzEvUWNHVmhyeVg0eDdiZldJZ0MwVTNKbGNaTUgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8zZjlhZDEtNmJlNS00ZmE0LTllNTYtZDcwMWRjNjk4NjNm
LzEvZ1A1V21LRW5sa3pBNU02T1A5eVlYaW9scG1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJdxMA0G
CSqGSIb3DQEBCwUAA4IBAQBtX28CB2nBH+SjSB2VgoICl87jUm1G2P2rcrgtQ1gw
KJoXQXflmrSD8aaBc8g3Exr5Lh2Bj2yfI2XaMxV5Brb2nDY5BvQcI6Y5nRIb9ntn
rgZ9mdZAPSnqxf93Mk+NZ1msP7joUafy8B7LD564PCzsgwWFRpb/WjlHSPdT9SX7
3BIc/3cqIB8+HEYq7lHVS1GApF1+0BavkEIawDyc2vRK8peegtx/seJSsn0KrTqd
6pxXCjH7jNsd971D17T8hyqxVSzW0W6muVe7OhM6nwoJeko9jQR7HPuk5aZcVY43
K6XZfZLCsNyIY2XQFFWFyS0vK/2p5lV3IY+LURyO9uTR
-----END CERTIFICATE-----