This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/QbspjSgom0qmdSedksWxw1y_dkI.roa
File:                     QbspjSgom0qmdSedksWxw1y_dkI.roa (raw, json)
Hash identifier:          eJ1YS4oVCoR1VNmiqp1NCkjDzMJ9GIvRJ3pjx5vZ9ic=
Subject key identifier:   41:BB:29:8D:28:28:9B:4A:A6:75:27:9D:92:C5:B1:C3:5C:BF:76:42
Certificate issuer:       /CN=49216f5c165b827a7fd73d8107aebd2f63c63e24
Certificate serial:       019B7BA3D96DCBC7869D687CEEFD47FFD23D
Authority key identifier: 49:21:6F:5C:16:5B:82:7A:7F:D7:3D:81:07:AE:BD:2F:63:C6:3E:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/QbspjSgom0qmdSedksWxw1y_dkI.roa
Signing time:             Thu 01 Jan 2026 22:18:14 +0000
ROA not before:           Thu 01 Jan 2026 22:18:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        81.90.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:d9:6d:cb:c7:86:9d:68:7c:ee:fd:47:ff:d2:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49216f5c165b827a7fd73d8107aebd2f63c63e24
        Validity
            Not Before: Jan  1 22:18:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=41bb298d28289b4aa675279d92c5b1c35cbf7642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:96:68:1f:19:8e:49:17:7b:b1:93:f4:74:66:
                    34:0c:34:a8:9e:b5:36:51:b9:51:c7:9d:40:2c:46:
                    bb:2c:38:b2:27:34:ad:6b:d1:73:84:34:7c:69:99:
                    0e:82:83:2f:e1:6d:7e:4a:07:6e:2b:08:b7:7c:06:
                    a8:7a:d9:5f:4f:38:11:bf:31:4f:3f:8e:9b:54:d6:
                    b1:99:0b:95:01:ad:5c:26:f1:1b:b6:85:a6:71:da:
                    69:d1:5c:a7:85:e6:92:cb:af:ba:3c:7b:87:4f:1e:
                    59:54:cb:3d:75:28:91:dc:03:61:9c:60:8b:0e:78:
                    c3:46:3b:85:a2:39:0e:2a:09:b5:0c:4b:63:bf:0e:
                    eb:cf:52:85:20:86:b4:5d:12:9b:5a:b6:70:24:aa:
                    77:86:e2:56:af:51:d8:f9:9c:07:85:85:22:40:b0:
                    d5:55:83:04:cb:f7:8b:ed:57:30:24:9d:9f:5b:58:
                    53:df:08:fd:ac:a4:34:c8:76:aa:6f:2a:8f:59:f7:
                    f6:f8:18:b9:10:f3:ed:03:ac:7a:0a:9f:92:cc:31:
                    b8:00:35:c6:1f:13:dc:9f:84:30:e7:f3:ec:15:eb:
                    33:08:c3:ac:fb:1f:fc:d9:75:2d:64:00:07:ba:70:
                    cf:09:0a:0b:26:b1:0e:31:06:ab:a7:b7:35:fd:f4:
                    e1:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:BB:29:8D:28:28:9B:4A:A6:75:27:9D:92:C5:B1:C3:5C:BF:76:42
            X509v3 Authority Key Identifier:
                keyid:49:21:6F:5C:16:5B:82:7A:7F:D7:3D:81:07:AE:BD:2F:63:C6:3E:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SSFvXBZbgnp_1z2BB669L2PGPiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/QbspjSgom0qmdSedksWxw1y_dkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/4842a9-9fcd-4bb6-bb04-0dbbc249e657/1/SSFvXBZbgnp_1z2BB669L2PGPiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.90.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:83:c8:a5:85:41:e2:a1:4a:12:ae:3c:dd:74:a0:36:6f:d0:
         1c:1a:5a:dc:a8:6a:75:33:df:5d:35:78:f2:ec:76:53:64:2d:
         e1:1f:35:c0:12:f2:a4:e9:40:65:67:3b:ee:bd:74:cc:0f:6d:
         6a:f7:1a:bb:f2:ca:ff:af:ef:80:ad:1e:09:5d:a6:e3:4d:93:
         bb:3a:fb:71:2e:94:b8:89:37:40:5c:d0:40:d9:93:da:5d:c5:
         11:fa:6d:62:0b:30:b3:01:89:33:22:38:b2:6a:91:58:93:43:
         5c:e7:d0:f0:1a:64:58:51:5a:c8:dd:ac:bb:29:39:d5:57:d3:
         51:a4:97:36:0e:30:c5:c7:91:c5:f8:3a:c9:f6:0a:58:40:78:
         e2:58:6c:ac:d3:5d:82:25:c8:b2:33:91:bb:b1:1e:14:db:ca:
         3e:99:b5:27:aa:a4:e3:d5:97:93:00:2e:0e:2e:8c:7c:d7:34:
         0f:0b:12:14:f3:90:2a:44:99:d1:ec:08:e0:aa:08:8a:f6:4b:
         63:44:3c:2e:50:e0:67:d1:3f:f1:6e:c0:68:3c:2c:82:14:d0:
         f5:dc:18:59:a4:e6:04:a4:e6:e0:a8:41:0f:df:74:4c:d5:0c:
         db:21:8b:2f:e6:9c:3a:05:89:77:b0:3a:b0:ef:72:75:c4:ba:
         79:6c:00:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o9lty8eGnWh87v1H/9I9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MjE2ZjVjMTY1YjgyN2E3ZmQ3M2Q4MTA3YWViZDJmNjNj
NjNlMjQwHhcNMjYwMTAxMjIxODE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWJiMjk4ZDI4Mjg5YjRhYTY3NTI3OWQ5MmM1YjFjMzVjYmY3NjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA05ZoHxmOSRd7sZP0dGY0DDSonrU2
UblRx51ALEa7LDiyJzSta9FzhDR8aZkOgoMv4W1+SgduKwi3fAaoetlfTzgRvzFP
P46bVNaxmQuVAa1cJvEbtoWmcdpp0VynheaSy6+6PHuHTx5ZVMs9dSiR3ANhnGCL
DnjDRjuFojkOKgm1DEtjvw7rz1KFIIa0XRKbWrZwJKp3huJWr1HY+ZwHhYUiQLDV
VYMEy/eL7VcwJJ2fW1hT3wj9rKQ0yHaqbyqPWff2+Bi5EPPtA6x6Cp+SzDG4ADXG
HxPcn4Qw5/PsFeszCMOs+x/82XUtZAAHunDPCQoLJrEOMQarp7c1/fThKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEG7KY0oKJtKpnUnnZLFscNcv3ZCMB8GA1UdIwQY
MBaAFEkhb1wWW4J6f9c9gQeuvS9jxj4kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1NGdlhCWmJnbnBfMXoyQkI2NjlMMlBHUGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi80ODQyYTktOWZjZC00YmI2LWJiMDQt
MGRiYmMyNDllNjU3LzEvUWJzcGpTZ29tMHFtZFNlZGtzV3h3MXlfZGtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi80ODQyYTktOWZjZC00YmI2LWJiMDQtMGRiYmMyNDllNjU3
LzEvU1NGdlhCWmJnbnBfMXoyQkI2NjlMMlBHUGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUVoZMA0G
CSqGSIb3DQEBCwUAA4IBAQBug8ilhUHioUoSrjzddKA2b9AcGlrcqGp1M99dNXjy
7HZTZC3hHzXAEvKk6UBlZzvuvXTMD21q9xq78sr/r++ArR4JXabjTZO7OvtxLpS4
iTdAXNBA2ZPaXcUR+m1iCzCzAYkzIjiyapFYk0Nc59DwGmRYUVrI3ay7KTnVV9NR
pJc2DjDFx5HF+DrJ9gpYQHjiWGys012CJciyM5G7sR4U28o+mbUnqqTj1ZeTAC4O
Lox81zQPCxIU85AqRJnR7AjgqgiK9ktjRDwuUOBn0T/xbsBoPCyCFND13BhZpOYE
pObgqEEP33RM1QzbIYsv5pw6BYl3sDqw73J1xLp5bADZ
-----END CERTIFICATE-----