This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/q_YJm9uusZ1gdH6rfgf8d1zvcNE.roa
File:                     q_YJm9uusZ1gdH6rfgf8d1zvcNE.roa (raw, json)
Hash identifier:          7dAiJ/6GQJnXgS5Q7uLwSzG/j868J9jWgDmOCQtKyWM=
Subject key identifier:   AB:F6:09:9B:DB:AE:B1:9D:60:74:7E:AB:7E:07:FC:77:5C:EF:70:D1
Certificate issuer:       /CN=b9b0d33432eca77c054e8fa8707248da4e47db0b
Certificate serial:       019B7AC7C4C668A1DB340D9C32E973BE9240
Authority key identifier: B9:B0:D3:34:32:EC:A7:7C:05:4E:8F:A8:70:72:48:DA:4E:47:DB:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ubDTNDLsp3wFTo-ocHJI2k5H2ws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/q_YJm9uusZ1gdH6rfgf8d1zvcNE.roa
Signing time:             Thu 01 Jan 2026 18:17:50 +0000
ROA not before:           Thu 01 Jan 2026 18:17:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211439
IP address blocks:        45.85.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/ubDTNDLsp3wFTo-ocHJI2k5H2ws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/ubDTNDLsp3wFTo-ocHJI2k5H2ws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ubDTNDLsp3wFTo-ocHJI2k5H2ws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:c4:c6:68:a1:db:34:0d:9c:32:e9:73:be:92:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9b0d33432eca77c054e8fa8707248da4e47db0b
        Validity
            Not Before: Jan  1 18:17:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=abf6099bdbaeb19d60747eab7e07fc775cef70d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:03:6e:0e:5e:da:91:82:c0:d5:71:94:e3:17:
                    a3:30:08:c4:4d:b9:28:15:f1:77:2e:67:4f:17:33:
                    91:07:a0:da:95:4e:7b:f8:39:80:72:81:8a:eb:43:
                    13:aa:bd:ee:df:0e:4f:e6:4a:6a:c2:6b:cc:1b:f2:
                    45:f1:26:b6:e8:61:d9:4f:8f:e5:49:a3:cd:f5:08:
                    54:bf:4c:63:ad:47:47:50:51:58:99:84:75:fe:ca:
                    c3:93:48:e7:e8:81:9b:0b:1a:3f:5a:a3:28:ce:e0:
                    a9:63:bd:8d:c5:3b:6e:dc:54:e8:04:82:14:97:91:
                    46:3c:5f:05:9b:74:b4:2f:7f:4a:71:7b:86:e1:e7:
                    f4:b5:8d:b4:0f:c1:0b:2e:a2:a2:df:69:45:44:31:
                    ad:b8:db:70:2a:c0:b0:14:e4:7f:56:02:f6:fe:cc:
                    6b:6b:fd:83:c0:62:c2:d9:8a:25:aa:3b:0c:ab:df:
                    c8:1c:5d:af:11:15:94:02:51:76:f8:65:34:97:57:
                    40:7d:fe:90:bb:8c:32:ea:2c:1c:dc:ae:61:44:d8:
                    6d:2f:c5:cb:d8:d3:a4:91:26:24:cb:53:71:6a:65:
                    06:3c:f2:e8:95:90:26:3b:f5:e2:17:87:54:2d:5c:
                    a3:d7:aa:20:a9:9d:73:6d:e4:7c:c0:57:6a:7f:4f:
                    26:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:F6:09:9B:DB:AE:B1:9D:60:74:7E:AB:7E:07:FC:77:5C:EF:70:D1
            X509v3 Authority Key Identifier:
                keyid:B9:B0:D3:34:32:EC:A7:7C:05:4E:8F:A8:70:72:48:DA:4E:47:DB:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ubDTNDLsp3wFTo-ocHJI2k5H2ws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/q_YJm9uusZ1gdH6rfgf8d1zvcNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/ubDTNDLsp3wFTo-ocHJI2k5H2ws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:aa:83:68:68:f8:6a:dc:28:c7:62:40:38:31:d5:33:4e:ed:
         97:d1:3e:91:cd:43:d1:ea:59:07:fa:53:59:be:8d:b6:e7:57:
         93:b1:0c:20:f0:1c:08:5f:32:a6:d6:30:1a:58:36:4a:85:ff:
         96:af:ce:a7:36:e3:c0:bc:96:be:3a:9c:5f:71:63:2e:ba:62:
         61:3f:13:d5:c7:44:dc:65:5e:85:7a:5d:95:d7:81:d3:d8:bf:
         b4:54:f6:c7:1b:8c:8a:79:fc:73:79:ce:a3:4b:c2:b4:bf:e9:
         9b:3e:bf:48:3e:aa:c7:73:62:f3:2a:ee:90:44:b4:35:10:7d:
         6c:17:25:81:5f:9e:c5:f5:6f:b1:25:62:10:68:ff:83:27:90:
         8b:33:53:50:f5:06:09:b6:d1:d6:24:c1:b2:74:cb:b1:c8:d5:
         c3:39:d0:4a:ad:bc:b2:74:e0:5d:2e:96:d4:e3:25:7c:17:01:
         1d:6f:7c:ce:e3:68:76:55:74:01:70:40:ee:9f:5f:d2:fb:92:
         ef:f4:79:26:36:36:42:c5:e7:9d:f8:55:a6:f8:c5:24:c4:a3:
         f0:06:1a:69:20:cb:7e:69:30:09:7c:0b:ca:1e:14:ac:cc:9e:
         1e:35:37:95:d8:bd:15:e1:6d:ab:ec:aa:64:f6:97:98:56:3c:
         a4:41:02:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x8TGaKHbNA2cMulzvpJAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5YjBkMzM0MzJlY2E3N2MwNTRlOGZhODcwNzI0OGRhNGU0
N2RiMGIwHhcNMjYwMTAxMTgxNzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmY2MDk5YmRiYWViMTlkNjA3NDdlYWI3ZTA3ZmM3NzVjZWY3MGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwNuDl7akYLA1XGU4xejMAjETbko
FfF3LmdPFzORB6DalU57+DmAcoGK60MTqr3u3w5P5kpqwmvMG/JF8Sa26GHZT4/l
SaPN9QhUv0xjrUdHUFFYmYR1/srDk0jn6IGbCxo/WqMozuCpY72NxTtu3FToBIIU
l5FGPF8Fm3S0L39KcXuG4ef0tY20D8ELLqKi32lFRDGtuNtwKsCwFOR/VgL2/sxr
a/2DwGLC2YolqjsMq9/IHF2vERWUAlF2+GU0l1dAff6Qu4wy6iwc3K5hRNhtL8XL
2NOkkSYky1NxamUGPPLolZAmO/XiF4dULVyj16ogqZ1zbeR8wFdqf08msQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKv2CZvbrrGdYHR+q34H/Hdc73DRMB8GA1UdIwQY
MBaAFLmw0zQy7Kd8BU6PqHBySNpOR9sLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWJEVE5ETHNwM3dGVG8tb2NISkkyazVIMndzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9iNDMxY2EtNTI3NS00MmI1LThkNTQt
ZDE5NmY5MjkxNzMyLzEvcV9ZSm05dXVzWjFnZEg2cmZnZjhkMXp2Y05FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9iNDMxY2EtNTI3NS00MmI1LThkNTQtZDE5NmY5MjkxNzMy
LzEvdWJEVE5ETHNwM3dGVG8tb2NISkkyazVIMndzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVVcMA0G
CSqGSIb3DQEBCwUAA4IBAQCQqoNoaPhq3CjHYkA4MdUzTu2X0T6RzUPR6lkH+lNZ
vo2251eTsQwg8BwIXzKm1jAaWDZKhf+Wr86nNuPAvJa+OpxfcWMuumJhPxPVx0Tc
ZV6Fel2V14HT2L+0VPbHG4yKefxzec6jS8K0v+mbPr9IPqrHc2LzKu6QRLQ1EH1s
FyWBX57F9W+xJWIQaP+DJ5CLM1NQ9QYJttHWJMGydMuxyNXDOdBKrbyydOBdLpbU
4yV8FwEdb3zO42h2VXQBcEDun1/S+5Lv9HkmNjZCxeed+FWm+MUkxKPwBhppIMt+
aTAJfAvKHhSszJ4eNTeV2L0V4W2r7Kpk9peYVjykQQK1
-----END CERTIFICATE-----