This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/kQDx-eK5WbQMkN8cHcShxaTuo2M.roa
File:                     kQDx-eK5WbQMkN8cHcShxaTuo2M.roa (raw, json)
Hash identifier:          cuMTti6JIHRC15iWf0B02SBRQ6Yt8AF6qpRUsuDogMM=
Subject key identifier:   91:00:F1:F9:E2:B9:59:B4:0C:90:DF:1C:1D:C4:A1:C5:A4:EE:A3:63
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       019B9CE99DDDB865E5F3F98C3E2A06CB187B
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/kQDx-eK5WbQMkN8cHcShxaTuo2M.roa
Signing time:             Thu 08 Jan 2026 09:21:54 +0000
ROA not before:           Thu 08 Jan 2026 09:21:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        95.173.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:9c:e9:9d:dd:b8:65:e5:f3:f9:8c:3e:2a:06:cb:18:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Jan  8 09:21:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9100f1f9e2b959b40c90df1c1dc4a1c5a4eea363
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:2b:8d:bf:b9:c1:1b:af:05:76:89:34:ff:58:
                    2f:00:da:44:fb:86:24:f1:4f:05:33:ac:e1:a0:b7:
                    1b:84:0d:5a:26:06:7a:96:f9:59:01:ea:d8:b2:54:
                    5b:16:4f:4f:15:31:a3:77:a3:0b:bc:48:b7:70:44:
                    06:7f:01:d8:93:ed:99:59:d4:e6:33:c3:87:37:e4:
                    f2:f5:7f:77:e2:03:86:f8:d9:dd:0e:c3:b0:ef:9c:
                    5e:9f:5c:90:36:fe:b5:ac:c4:83:6f:9f:cd:e9:56:
                    f7:46:18:b3:81:2b:02:16:f0:bc:14:d3:63:10:29:
                    9c:1a:f0:df:46:99:39:af:ec:d2:31:97:e1:74:fe:
                    38:c2:2e:f1:08:6b:5d:4b:e2:f1:3c:2c:38:31:d6:
                    db:9c:8b:aa:98:19:93:60:7b:16:c0:c3:bc:19:8a:
                    11:23:5a:9a:4f:fb:6f:ee:07:b5:5e:78:1d:a1:90:
                    99:d1:ca:2b:77:38:ce:2a:e5:65:b1:eb:e8:6f:34:
                    f2:d9:2b:b9:ed:e4:66:7f:c7:c3:26:60:77:09:36:
                    f1:2a:70:e8:00:49:31:61:7e:2e:5f:ab:bc:6a:f1:
                    59:a5:92:83:bb:a6:0d:73:46:1f:fd:77:f4:6f:74:
                    e7:55:cb:97:c5:0e:93:2d:e7:48:fe:de:2e:09:ba:
                    5c:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:00:F1:F9:E2:B9:59:B4:0C:90:DF:1C:1D:C4:A1:C5:A4:EE:A3:63
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/kQDx-eK5WbQMkN8cHcShxaTuo2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.173.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:a8:4b:98:e4:65:c5:a1:a9:59:91:11:e2:5b:40:9c:11:3b:
         91:e5:f8:a3:be:66:10:9d:e7:c6:4f:98:17:69:60:5e:34:be:
         ca:65:6a:0a:8c:cb:6d:f2:37:7a:a3:d3:ff:c1:e5:79:59:2e:
         16:6e:e8:22:48:cb:d4:61:23:5f:51:2e:de:7b:05:79:52:6b:
         ed:e8:93:83:62:9d:ac:af:c6:03:5a:0d:0b:5d:9b:60:9e:ed:
         3f:9c:45:60:e6:1b:31:df:ff:d4:96:a5:38:43:d0:ce:47:fd:
         5a:aa:79:e4:8d:f7:f0:8c:10:49:f1:05:32:d8:9f:a1:66:cd:
         bf:0e:9c:d2:7a:84:3c:a6:7d:4f:15:a1:3a:47:77:1a:dd:60:
         b6:62:f2:d3:46:39:23:cf:92:36:c0:6f:69:1d:1f:b5:94:7f:
         3f:8b:02:dd:e0:81:c4:83:2c:2c:ac:d6:5a:40:48:d9:83:68:
         13:46:85:4d:36:7d:d2:99:92:7f:48:d9:a4:5a:34:79:92:a4:
         2f:8c:b6:85:85:76:f3:0d:29:f2:95:5f:81:f3:53:e8:d8:34:
         d1:92:9f:f3:54:29:6d:7c:a0:ca:6d:b5:81:48:40:47:60:76:
         fe:10:88:ff:b6:35:c7:e1:57:7b:2c:49:57:cb:f5:a5:d2:93:
         44:64:06:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuc6Z3duGXl8/mMPioGyxh7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjYwMTA4MDkyMTU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTAwZjFmOWUyYjk1OWI0MGM5MGRmMWMxZGM0YTFjNWE0ZWVhMzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCuNv7nBG68Fdok0/1gvANpE+4Yk
8U8FM6zhoLcbhA1aJgZ6lvlZAerYslRbFk9PFTGjd6MLvEi3cEQGfwHYk+2ZWdTm
M8OHN+Ty9X934gOG+NndDsOw75xen1yQNv61rMSDb5/N6Vb3RhizgSsCFvC8FNNj
ECmcGvDfRpk5r+zSMZfhdP44wi7xCGtdS+LxPCw4MdbbnIuqmBmTYHsWwMO8GYoR
I1qaT/tv7ge1XngdoZCZ0cordzjOKuVlsevobzTy2Su57eRmf8fDJmB3CTbxKnDo
AEkxYX4uX6u8avFZpZKDu6YNc0Yf/Xf0b3TnVcuXxQ6TLedI/t4uCbpcVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJEA8fniuVm0DJDfHB3EocWk7qNjMB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEva1FEeC1lSzVXYlFNa044Y0hjU2h4YVR1bzJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX60xMA0G
CSqGSIb3DQEBCwUAA4IBAQBdqEuY5GXFoalZkRHiW0CcETuR5fijvmYQnefGT5gX
aWBeNL7KZWoKjMtt8jd6o9P/weV5WS4WbugiSMvUYSNfUS7eewV5Umvt6JODYp2s
r8YDWg0LXZtgnu0/nEVg5hsx3//UlqU4Q9DOR/1aqnnkjffwjBBJ8QUy2J+hZs2/
DpzSeoQ8pn1PFaE6R3ca3WC2YvLTRjkjz5I2wG9pHR+1lH8/iwLd4IHEgywsrNZa
QEjZg2gTRoVNNn3SmZJ/SNmkWjR5kqQvjLaFhXbzDSnylV+B81Po2DTRkp/zVClt
fKDKbbWBSEBHYHb+EIj/tjXH4Vd7LElXy/Wl0pNEZAbz
-----END CERTIFICATE-----