This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/qmF9fRcumk7X2oJN5OkS-C8FSYI.roa
File:                     qmF9fRcumk7X2oJN5OkS-C8FSYI.roa (raw, json)
Hash identifier:          kNN2YWGRgsIQUTPdz3mbK/nIsN9Wk7Pw3UUk2fdqFdo=
Subject key identifier:   AA:61:7D:7D:17:2E:9A:4E:D7:DA:82:4D:E4:E9:12:F8:2F:05:49:82
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019BF9728596D82FA8A09C473CBAF59CA0BE
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/qmF9fRcumk7X2oJN5OkS-C8FSYI.roa
Signing time:             Mon 26 Jan 2026 08:36:30 +0000
ROA not before:           Mon 26 Jan 2026 08:36:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198584
IP address blocks:        85.133.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:f9:72:85:96:d8:2f:a8:a0:9c:47:3c:ba:f5:9c:a0:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Jan 26 08:36:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aa617d7d172e9a4ed7da824de4e912f82f054982
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b7:e2:fb:4a:3c:0c:94:b4:0c:39:c2:58:7a:
                    c1:cd:c4:57:c7:59:8b:4d:ff:2b:0e:93:f9:b1:5b:
                    9a:8f:78:5e:3c:d0:a6:0c:23:14:77:c3:4a:51:33:
                    dc:12:1d:9e:9a:91:29:b7:56:05:91:80:14:09:80:
                    eb:91:84:41:c4:de:b2:e9:85:1d:3f:be:36:ac:07:
                    d8:e0:2a:b8:6e:0e:02:cc:cc:5b:bf:dc:ba:e5:75:
                    0a:3e:84:e7:12:2f:a9:3b:da:6c:01:93:f5:4d:37:
                    6c:a1:0d:48:c8:e1:4e:e7:fd:51:37:67:a3:ce:9f:
                    db:35:de:1f:3d:7a:99:0e:3a:13:b5:cd:91:ea:8f:
                    1a:93:0d:33:5b:90:8a:6e:23:a6:f9:93:a1:f8:7d:
                    e8:e4:6c:8c:70:b3:7a:ae:42:7e:06:9f:d0:04:ba:
                    28:81:94:03:49:46:7c:fc:aa:2a:62:f3:0d:6c:67:
                    49:9a:06:12:db:5b:4b:5f:19:4a:e5:71:25:34:83:
                    b5:b3:dd:df:72:03:33:65:a0:05:4d:d7:f0:52:d7:
                    b0:26:c1:ad:3f:1a:9d:9c:e5:84:93:2a:fc:2f:4e:
                    65:f3:3b:1a:88:2d:d2:26:74:a3:4b:10:6d:df:a4:
                    ed:62:47:ed:05:0b:09:74:b7:a4:e7:13:4b:28:bc:
                    75:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:61:7D:7D:17:2E:9A:4E:D7:DA:82:4D:E4:E9:12:F8:2F:05:49:82
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/qmF9fRcumk7X2oJN5OkS-C8FSYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:08:86:01:e4:7a:97:4f:0d:d0:7f:52:61:35:c5:58:87:31:
         c2:da:75:27:ac:d1:d4:d5:8e:83:1a:45:6e:26:41:55:2c:a6:
         b2:cd:b0:79:73:40:db:5e:c1:8a:5c:dc:1e:18:ef:56:8b:f7:
         81:37:e7:67:8d:87:c6:be:3e:15:41:50:2b:f9:fe:d3:1a:c8:
         bc:55:59:79:89:ea:05:1e:72:13:10:44:e9:90:e0:07:58:d7:
         9a:3f:66:4c:14:06:ac:2b:15:40:1d:aa:75:ce:77:ff:b8:9e:
         89:39:4d:4f:3e:e0:58:99:5c:89:66:16:fe:50:57:eb:eb:e4:
         f8:b8:16:ff:4b:16:7e:0b:8b:65:10:9d:7f:59:9d:ce:52:49:
         fc:70:51:8c:06:4d:1c:35:82:6d:3a:46:9a:b0:85:41:4b:a0:
         db:45:ec:4d:74:3f:15:d0:84:ab:88:68:43:79:f4:3f:67:63:
         58:95:28:d6:ad:44:ef:3b:f0:72:76:53:07:e0:2e:66:23:d8:
         83:b0:d7:90:7c:44:51:fb:e9:12:22:75:43:42:a8:65:19:bb:
         31:e3:92:30:7b:a0:c9:cd:4e:a0:65:72:69:ad:af:59:9e:7f:
         1b:2a:2b:25:4f:a8:bf:99:33:e9:95:1b:f9:21:c1:50:fc:5c:
         91:c2:c6:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZv5coWW2C+ooJxHPLr1nKC+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjYwMTI2MDgzNjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTYxN2Q3ZDE3MmU5YTRlZDdkYTgyNGRlNGU5MTJmODJmMDU0OTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7fi+0o8DJS0DDnCWHrBzcRXx1mL
Tf8rDpP5sVuaj3hePNCmDCMUd8NKUTPcEh2empEpt1YFkYAUCYDrkYRBxN6y6YUd
P742rAfY4Cq4bg4CzMxbv9y65XUKPoTnEi+pO9psAZP1TTdsoQ1IyOFO5/1RN2ej
zp/bNd4fPXqZDjoTtc2R6o8akw0zW5CKbiOm+ZOh+H3o5GyMcLN6rkJ+Bp/QBLoo
gZQDSUZ8/KoqYvMNbGdJmgYS21tLXxlK5XElNIO1s93fcgMzZaAFTdfwUtewJsGt
PxqdnOWEkyr8L05l8zsaiC3SJnSjSxBt36TtYkftBQsJdLek5xNLKLx1AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKphfX0XLppO19qCTeTpEvgvBUmCMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvcW1GOWZSY3VtazdYMm9KTjVPa1MtQzhGU1lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYXCMA0G
CSqGSIb3DQEBCwUAA4IBAQArCIYB5HqXTw3Qf1JhNcVYhzHC2nUnrNHU1Y6DGkVu
JkFVLKayzbB5c0DbXsGKXNweGO9Wi/eBN+dnjYfGvj4VQVAr+f7TGsi8VVl5ieoF
HnITEETpkOAHWNeaP2ZMFAasKxVAHap1znf/uJ6JOU1PPuBYmVyJZhb+UFfr6+T4
uBb/SxZ+C4tlEJ1/WZ3OUkn8cFGMBk0cNYJtOkaasIVBS6DbRexNdD8V0ISriGhD
efQ/Z2NYlSjWrUTvO/BydlMH4C5mI9iDsNeQfERR++kSInVDQqhlGbsx45Iwe6DJ
zU6gZXJpra9Znn8bKislT6i/mTPplRv5IcFQ/FyRwsZF
-----END CERTIFICATE-----