This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/q1MdFgrztAHRD55dweODJfa4RK4.roa
File:                     q1MdFgrztAHRD55dweODJfa4RK4.roa (raw, json)
Hash identifier:          aZ5l1yMm02BT+qNFooS+z/TzrtnqLkZdfbJDBupopYk=
Subject key identifier:   AB:53:1D:16:0A:F3:B4:01:D1:0F:9E:5D:C1:E3:83:25:F6:B8:44:AE
Certificate issuer:       /CN=3fda29a48c257758c8e518ee5c8b03ccda0247c9
Certificate serial:       019B7AC919B5037C2C360AED35432D55273D
Authority key identifier: 3F:DA:29:A4:8C:25:77:58:C8:E5:18:EE:5C:8B:03:CC:DA:02:47:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9oppIwld1jI5RjuXIsDzNoCR8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/q1MdFgrztAHRD55dweODJfa4RK4.roa
Signing time:             Thu 01 Jan 2026 18:19:18 +0000
ROA not before:           Thu 01 Jan 2026 18:19:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39320
IP address blocks:        195.250.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/P9oppIwld1jI5RjuXIsDzNoCR8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/P9oppIwld1jI5RjuXIsDzNoCR8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9oppIwld1jI5RjuXIsDzNoCR8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 18:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:19:b5:03:7c:2c:36:0a:ed:35:43:2d:55:27:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fda29a48c257758c8e518ee5c8b03ccda0247c9
        Validity
            Not Before: Jan  1 18:19:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab531d160af3b401d10f9e5dc1e38325f6b844ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:50:85:3f:7b:c9:a9:55:31:1d:63:24:e9:02:
                    16:33:37:db:84:80:bc:17:74:49:e3:a8:f7:e6:2e:
                    41:11:b8:50:04:96:69:7e:83:bd:7a:2e:b9:4f:17:
                    1d:94:21:1a:0b:e1:e2:47:2f:92:a6:cc:bd:6a:99:
                    12:f8:75:e3:3e:f4:96:9b:18:ce:87:0d:1b:e5:9b:
                    14:7b:1a:6d:0d:f2:b0:e4:89:08:6b:d9:ca:4e:ac:
                    64:93:21:4b:4f:71:c6:c5:3a:cc:39:b3:c8:14:ab:
                    d1:5b:77:f0:16:21:ff:54:31:34:95:0c:10:24:88:
                    6e:94:7e:4e:82:6e:e8:ad:fa:db:ad:89:e4:36:80:
                    81:57:07:67:ab:ae:f1:ca:c6:fb:2d:d2:53:f5:c6:
                    00:b6:84:37:3e:97:54:53:a0:de:af:66:7d:be:0f:
                    c6:ec:4c:13:94:e9:f8:cf:d9:29:21:5b:a3:bd:16:
                    39:9f:ee:86:b4:b0:b8:aa:cc:db:4c:4e:7c:f8:bf:
                    6a:3c:a3:58:24:87:1a:79:e7:04:13:d8:6b:92:be:
                    56:5b:2a:38:08:4c:6e:8f:86:11:29:1c:bc:85:a4:
                    b5:fc:d0:bd:1b:7e:30:fb:c1:08:3e:a3:ae:3d:a5:
                    37:9c:0c:07:9f:31:9f:1c:f0:a2:90:7e:9f:ce:b3:
                    31:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:53:1D:16:0A:F3:B4:01:D1:0F:9E:5D:C1:E3:83:25:F6:B8:44:AE
            X509v3 Authority Key Identifier:
                keyid:3F:DA:29:A4:8C:25:77:58:C8:E5:18:EE:5C:8B:03:CC:DA:02:47:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9oppIwld1jI5RjuXIsDzNoCR8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/q1MdFgrztAHRD55dweODJfa4RK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/P9oppIwld1jI5RjuXIsDzNoCR8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.250.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:ff:e6:db:ad:c9:cd:85:5a:95:12:88:2c:03:f9:ae:f2:db:
         35:11:e0:d8:67:a9:ce:5d:eb:68:55:a2:b6:f2:9e:a1:ab:3a:
         c3:13:79:73:51:2c:21:58:c2:26:ac:bd:43:c1:22:45:10:d1:
         0e:64:d0:89:8d:b7:c1:6c:e4:48:b1:2b:15:ae:50:75:53:cf:
         96:8b:0a:81:e6:ee:bc:7b:20:33:47:b1:53:36:27:71:5d:65:
         21:65:87:13:bb:dc:00:39:f9:cd:17:99:b0:b9:9d:12:de:45:
         4e:dc:eb:48:10:ae:e8:e7:dd:fa:df:ae:85:41:16:8c:b1:2c:
         bf:4a:87:7c:2a:22:f8:ae:2d:f2:cd:da:22:49:3d:cb:d4:9d:
         7d:70:6b:63:77:8c:be:ec:ec:a5:1c:06:ce:6d:59:84:5f:e2:
         f2:ea:f0:ff:bc:74:be:dc:78:3d:f3:ed:83:a7:30:1a:e7:f4:
         a5:81:e7:d7:59:28:37:6c:a6:0d:88:d8:e9:35:49:10:17:66:
         ee:f6:44:fd:8a:aa:94:9e:f3:70:c2:52:ef:87:7e:99:d5:da:
         8f:57:1c:a7:ed:2f:59:67:81:f7:13:fb:92:2a:b0:f1:0a:07:
         7e:11:35:43:17:20:d5:5b:b8:b5:8d:12:65:e0:e8:53:71:e1:
         7e:33:3f:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yRm1A3wsNgrtNUMtVSc9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZGEyOWE0OGMyNTc3NThjOGU1MThlZTVjOGIwM2NjZGEw
MjQ3YzkwHhcNMjYwMTAxMTgxOTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjUzMWQxNjBhZjNiNDAxZDEwZjllNWRjMWUzODMyNWY2Yjg0NGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1lCFP3vJqVUxHWMk6QIWMzfbhIC8
F3RJ46j35i5BEbhQBJZpfoO9ei65TxcdlCEaC+HiRy+Spsy9apkS+HXjPvSWmxjO
hw0b5ZsUexptDfKw5IkIa9nKTqxkkyFLT3HGxTrMObPIFKvRW3fwFiH/VDE0lQwQ
JIhulH5Ogm7orfrbrYnkNoCBVwdnq67xysb7LdJT9cYAtoQ3PpdUU6Der2Z9vg/G
7EwTlOn4z9kpIVujvRY5n+6GtLC4qszbTE58+L9qPKNYJIcaeecEE9hrkr5WWyo4
CExuj4YRKRy8haS1/NC9G34w+8EIPqOuPaU3nAwHnzGfHPCikH6fzrMxlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtTHRYK87QB0Q+eXcHjgyX2uESuMB8GA1UdIwQY
MBaAFD/aKaSMJXdYyOUY7lyLA8zaAkfJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlvcHBJd2xkMWpJNVJqdVhJc0R6Tm9DUjhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9jMWMwNjMtOWU0OS00MzUzLWI4YmQt
OTM3NGYyMWU2NDg4LzEvcTFNZEZncnp0QUhSRDU1ZHdlT0RKZmE0Uks0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9jMWMwNjMtOWU0OS00MzUzLWI4YmQtOTM3NGYyMWU2NDg4
LzEvUDlvcHBJd2xkMWpJNVJqdVhJc0R6Tm9DUjhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/o6MA0G
CSqGSIb3DQEBCwUAA4IBAQA9/+bbrcnNhVqVEogsA/mu8ts1EeDYZ6nOXetoVaK2
8p6hqzrDE3lzUSwhWMImrL1DwSJFENEOZNCJjbfBbORIsSsVrlB1U8+WiwqB5u68
eyAzR7FTNidxXWUhZYcTu9wAOfnNF5mwuZ0S3kVO3OtIEK7o5936366FQRaMsSy/
Sod8KiL4ri3yzdoiST3L1J19cGtjd4y+7OylHAbObVmEX+Ly6vD/vHS+3Hg98+2D
pzAa5/SlgefXWSg3bKYNiNjpNUkQF2bu9kT9iqqUnvNwwlLvh36Z1dqPVxyn7S9Z
Z4H3E/uSKrDxCgd+ETVDFyDVW7i1jRJl4OhTceF+Mz/D
-----END CERTIFICATE-----