This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/9bd122-d6a9-4a40-860b-b0efc01d4f9c/1/CqH1FECBpIHfp2xhFgzsj89DsXQ.roa
File:                     CqH1FECBpIHfp2xhFgzsj89DsXQ.roa (raw, json)
Hash identifier:          FwLSU2137U6zawDtXqOxsfLW/s4zSGCVB1UE9CXia1Y=
Subject key identifier:   0A:A1:F5:14:40:81:A4:81:DF:A7:6C:61:16:0C:EC:8F:CF:43:B1:74
Certificate issuer:       /CN=322d91b4aa96cc5732576d42335fddd0e5d6294f
Certificate serial:       019B7B3654DB14CABA2CB992AD4A2BE54B84
Authority key identifier: 32:2D:91:B4:AA:96:CC:57:32:57:6D:42:33:5F:DD:D0:E5:D6:29:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mi2RtKqWzFcyV21CM1_d0OXWKU8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/9bd122-d6a9-4a40-860b-b0efc01d4f9c/1/CqH1FECBpIHfp2xhFgzsj89DsXQ.roa
Signing time:             Thu 01 Jan 2026 20:18:36 +0000
ROA not before:           Thu 01 Jan 2026 20:18:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215644
IP address blocks:        81.89.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/9bd122-d6a9-4a40-860b-b0efc01d4f9c/1/Mi2RtKqWzFcyV21CM1_d0OXWKU8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/9bd122-d6a9-4a40-860b-b0efc01d4f9c/1/Mi2RtKqWzFcyV21CM1_d0OXWKU8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mi2RtKqWzFcyV21CM1_d0OXWKU8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:54:db:14:ca:ba:2c:b9:92:ad:4a:2b:e5:4b:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=322d91b4aa96cc5732576d42335fddd0e5d6294f
        Validity
            Not Before: Jan  1 20:18:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0aa1f5144081a481dfa76c61160cec8fcf43b174
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:f9:9e:4c:2a:df:b2:65:94:25:71:0d:de:22:
                    da:46:84:87:40:4a:7b:e6:31:0f:4a:00:cf:c1:4f:
                    5d:b2:b0:b1:65:a2:f5:7b:be:19:a9:8e:df:d5:52:
                    af:14:45:62:e9:9a:88:47:df:da:5f:07:28:b5:66:
                    0a:8d:3f:73:55:aa:20:d6:c8:a9:e9:7e:13:33:61:
                    69:04:8f:0d:a3:b9:b6:d1:75:53:2e:70:3d:d6:cc:
                    f6:08:d3:98:38:79:8c:07:3d:ee:98:19:0f:63:dc:
                    3b:73:97:00:9c:70:cd:b1:ad:7d:81:b9:e6:c6:d4:
                    f1:6e:42:af:16:7b:b2:44:7b:96:f4:42:58:f3:de:
                    d9:85:20:d5:f0:20:de:9a:c8:b6:8f:87:9e:84:db:
                    24:b3:43:f9:e2:69:33:ee:f2:65:03:a1:e0:96:00:
                    c4:79:9b:5a:e5:71:25:14:e4:a3:ec:16:df:87:ec:
                    89:2a:ac:2a:0e:c5:bc:89:ab:19:7f:fd:4d:32:7d:
                    cc:54:30:ee:47:23:9b:34:cc:94:9c:b6:32:4f:8c:
                    2b:12:0f:56:eb:19:41:44:27:ce:9e:47:39:3b:2e:
                    23:02:53:f1:49:b9:48:fe:e1:a2:54:be:a0:8d:5a:
                    c0:46:07:ce:dd:98:c5:19:1c:a8:17:23:b7:70:ba:
                    ad:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:A1:F5:14:40:81:A4:81:DF:A7:6C:61:16:0C:EC:8F:CF:43:B1:74
            X509v3 Authority Key Identifier:
                keyid:32:2D:91:B4:AA:96:CC:57:32:57:6D:42:33:5F:DD:D0:E5:D6:29:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mi2RtKqWzFcyV21CM1_d0OXWKU8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/9bd122-d6a9-4a40-860b-b0efc01d4f9c/1/CqH1FECBpIHfp2xhFgzsj89DsXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/9bd122-d6a9-4a40-860b-b0efc01d4f9c/1/Mi2RtKqWzFcyV21CM1_d0OXWKU8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.89.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:c4:ae:ab:38:1f:7c:7f:d7:a0:b4:d0:13:18:cd:9e:5f:b0:
         08:dc:3a:87:7a:b8:44:46:17:c1:d5:6a:4f:28:d9:73:af:bb:
         a0:2b:9d:54:d5:95:25:e2:37:e0:90:31:dc:ec:f5:c9:fd:6e:
         ff:23:9f:16:10:15:54:db:62:1e:d1:22:a2:1b:bf:75:17:7d:
         7e:15:2a:70:b5:1e:2f:24:15:d1:b3:ae:b5:88:18:7c:c8:ec:
         b6:68:a4:b0:0d:2c:f4:c3:99:40:ff:81:c7:42:1d:97:bb:a3:
         37:f6:45:cd:41:bd:91:78:12:99:89:ac:59:ae:f7:b6:ef:86:
         ed:23:b9:b3:b7:63:be:af:ff:d9:0d:c1:bd:69:3e:88:a1:62:
         c7:72:37:b3:7e:1f:28:31:91:81:8e:db:54:cb:1d:f8:4a:b4:
         a0:f0:60:58:94:73:55:c2:9f:3a:2a:4f:b7:6e:e7:ff:60:29:
         fd:1f:70:77:32:5a:25:65:ca:03:56:d7:bb:0d:91:b0:6c:09:
         b3:48:ae:68:80:45:fd:ae:02:43:c0:ce:b9:6a:6c:cd:7c:80:
         44:9d:75:03:8e:1e:26:97:bb:ee:51:f5:14:96:ad:88:fd:c2:
         ee:58:18:17:f5:c6:23:c3:3c:8d:a2:41:97:4e:36:51:37:55:
         c9:39:57:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NlTbFMq6LLmSrUor5UuEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMmQ5MWI0YWE5NmNjNTczMjU3NmQ0MjMzNWZkZGQwZTVk
NjI5NGYwHhcNMjYwMTAxMjAxODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWExZjUxNDQwODFhNDgxZGZhNzZjNjExNjBjZWM4ZmNmNDNiMTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3fmeTCrfsmWUJXEN3iLaRoSHQEp7
5jEPSgDPwU9dsrCxZaL1e74ZqY7f1VKvFEVi6ZqIR9/aXwcotWYKjT9zVaog1sip
6X4TM2FpBI8No7m20XVTLnA91sz2CNOYOHmMBz3umBkPY9w7c5cAnHDNsa19gbnm
xtTxbkKvFnuyRHuW9EJY897ZhSDV8CDemsi2j4eehNsks0P54mkz7vJlA6HglgDE
eZta5XElFOSj7Bbfh+yJKqwqDsW8iasZf/1NMn3MVDDuRyObNMyUnLYyT4wrEg9W
6xlBRCfOnkc5Oy4jAlPxSblI/uGiVL6gjVrARgfO3ZjFGRyoFyO3cLqtuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqh9RRAgaSB36dsYRYM7I/PQ7F0MB8GA1UdIwQY
MBaAFDItkbSqlsxXMldtQjNf3dDl1ilPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWkyUnRLcVd6RmN5VjIxQ00xX2QwT1hXS1U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi85YmQxMjItZDZhOS00YTQwLTg2MGIt
YjBlZmMwMWQ0ZjljLzEvQ3FIMUZFQ0JwSUhmcDJ4aEZnenNqODlEc1hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi85YmQxMjItZDZhOS00YTQwLTg2MGItYjBlZmMwMWQ0Zjlj
LzEvTWkyUnRLcVd6RmN5VjIxQ00xX2QwT1hXS1U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUVndMA0G
CSqGSIb3DQEBCwUAA4IBAQA3xK6rOB98f9egtNATGM2eX7AI3DqHerhERhfB1WpP
KNlzr7ugK51U1ZUl4jfgkDHc7PXJ/W7/I58WEBVU22Ie0SKiG791F31+FSpwtR4v
JBXRs661iBh8yOy2aKSwDSz0w5lA/4HHQh2Xu6M39kXNQb2ReBKZiaxZrve274bt
I7mzt2O+r//ZDcG9aT6IoWLHcjezfh8oMZGBjttUyx34SrSg8GBYlHNVwp86Kk+3
buf/YCn9H3B3MlolZcoDVte7DZGwbAmzSK5ogEX9rgJDwM65amzNfIBEnXUDjh4m
l7vuUfUUlq2I/cLuWBgX9cYjwzyNokGXTjZRN1XJOVe/
-----END CERTIFICATE-----