This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/qhe8MyZcsm7s8bUc-1QLuxrlgmc.roa
File:                     qhe8MyZcsm7s8bUc-1QLuxrlgmc.roa (raw, json)
Hash identifier:          ch37dlscCrrj/Zah686777uUvKZ5V0l/gR0k7sundNU=
Subject key identifier:   AA:17:BC:33:26:5C:B2:6E:EC:F1:B5:1C:FB:54:0B:BB:1A:E5:82:67
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       019B79108A18801DF3B2929461848BED786B
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/qhe8MyZcsm7s8bUc-1QLuxrlgmc.roa
Signing time:             Thu 01 Jan 2026 10:18:05 +0000
ROA not before:           Thu 01 Jan 2026 10:18:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     394808
IP address blocks:        83.231.150.192/27 maxlen: 27
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 14:14:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:8a:18:80:1d:f3:b2:92:94:61:84:8b:ed:78:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  1 10:18:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aa17bc33265cb26eecf1b51cfb540bbb1ae58267
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:dd:ef:28:10:c6:1b:ab:ec:e5:c4:e8:b4:f2:
                    73:35:c9:70:93:44:bb:8e:1e:b5:9a:c6:7f:56:d9:
                    eb:8e:85:25:2e:27:78:58:6b:90:79:b9:ce:88:e8:
                    e6:24:f4:31:f7:7f:52:ae:c4:36:a6:bd:05:c4:96:
                    bc:a5:33:e9:af:e3:89:aa:ba:bc:7f:da:d7:03:6a:
                    39:24:3d:48:f1:62:55:95:79:a6:01:7b:85:66:e4:
                    c0:34:cf:84:b0:d3:14:6c:d8:29:58:c5:2c:4d:1e:
                    ef:c9:db:53:c0:92:24:79:2b:ce:57:c7:d2:b8:76:
                    16:fa:41:31:e3:b7:65:6a:fa:9b:2d:0e:14:e1:c8:
                    6a:60:b6:31:c9:30:c7:9d:4d:e0:3d:82:57:85:db:
                    db:72:d0:14:bf:4d:2b:b1:bc:71:c0:69:ab:28:55:
                    16:36:a9:7a:2e:b0:5e:4a:e0:d7:f4:10:8c:1e:08:
                    62:79:36:23:f8:2b:2f:f4:ef:d9:fa:8f:79:b9:29:
                    65:d9:e4:86:e3:7d:95:25:30:17:e1:66:13:da:32:
                    15:78:00:8f:b2:26:86:6b:89:c3:5a:90:4c:38:08:
                    02:60:85:9e:3e:5d:72:16:cd:52:63:f2:21:28:86:
                    97:ec:85:32:9d:94:d7:9a:81:b4:51:46:11:4e:d8:
                    8a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:17:BC:33:26:5C:B2:6E:EC:F1:B5:1C:FB:54:0B:BB:1A:E5:82:67
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/qhe8MyZcsm7s8bUc-1QLuxrlgmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.231.150.192/27

    Signature Algorithm: sha256WithRSAEncryption
         0c:f5:3f:8c:ff:42:e5:0a:63:71:5b:6d:12:e1:2d:3e:8d:20:
         6f:18:f1:f3:2f:7b:60:2b:e6:a6:72:df:e8:84:2f:62:c2:60:
         53:27:2c:aa:9e:91:fc:62:5b:5a:58:8f:07:84:b2:cb:97:6f:
         be:5c:62:e5:e5:04:e7:be:99:09:91:93:96:82:85:b9:2e:c0:
         59:ca:13:86:26:30:b1:4e:a1:24:e7:f3:19:d0:11:71:fb:b4:
         11:6d:fd:f1:b7:a1:8c:c2:09:29:ee:4b:10:ff:78:81:26:0a:
         07:1f:8f:7f:1d:39:78:64:da:38:0d:1a:34:32:56:20:46:8a:
         9e:cd:d5:bd:2a:c0:27:c9:a0:19:a1:c7:de:46:c5:e0:6a:18:
         bd:bd:b3:bd:c5:ed:08:c6:f3:e8:36:91:7a:dd:5e:6f:57:62:
         9b:86:9d:4c:d3:06:40:70:a4:24:73:98:7e:97:95:2b:6c:bb:
         5f:f7:56:8c:b4:a2:b4:57:00:44:19:05:72:16:25:6d:b3:ae:
         fc:1b:d6:4f:ba:e6:fa:3c:c9:75:b6:2a:53:58:77:4e:0a:5f:
         11:b7:20:17:e9:2b:76:0b:6e:8d:22:b8:b2:63:7e:03:57:70:
         43:54:30:a2:e5:ad:3d:54:68:69:c4:00:d5:f1:26:4c:c0:c8:
         8f:e2:a0:04
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt5EIoYgB3zspKUYYSL7XhrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjYwMTAxMTAxODA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTE3YmMzMzI2NWNiMjZlZWNmMWI1MWNmYjU0MGJiYjFhZTU4MjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArt3vKBDGG6vs5cTotPJzNclwk0S7
jh61msZ/VtnrjoUlLid4WGuQebnOiOjmJPQx939SrsQ2pr0FxJa8pTPpr+OJqrq8
f9rXA2o5JD1I8WJVlXmmAXuFZuTANM+EsNMUbNgpWMUsTR7vydtTwJIkeSvOV8fS
uHYW+kEx47dlavqbLQ4U4chqYLYxyTDHnU3gPYJXhdvbctAUv00rsbxxwGmrKFUW
Nql6LrBeSuDX9BCMHghieTYj+Csv9O/Z+o95uSll2eSG432VJTAX4WYT2jIVeACP
siaGa4nDWpBMOAgCYIWePl1yFs1SY/IhKIaX7IUynZTXmoG0UUYRTtiKcQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKoXvDMmXLJu7PG1HPtUC7sa5YJnMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvcWhlOE15WmNzbTdzOGJVYy0xUUx1eHJsZ21jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUFU+eWwDAN
BgkqhkiG9w0BAQsFAAOCAQEADPU/jP9C5QpjcVttEuEtPo0gbxjx8y97YCvmpnLf
6IQvYsJgUycsqp6R/GJbWliPB4Syy5dvvlxi5eUE576ZCZGTloKFuS7AWcoThiYw
sU6hJOfzGdARcfu0EW398behjMIJKe5LEP94gSYKBx+Pfx05eGTaOA0aNDJWIEaK
ns3VvSrAJ8mgGaHH3kbF4GoYvb2zvcXtCMbz6DaRet1eb1dim4adTNMGQHCkJHOY
fpeVK2y7X/dWjLSitFcARBkFchYlbbOu/BvWT7rm+jzJdbYqU1h3TgpfEbcgF+kr
dgtujSK4smN+A1dwQ1QwouWtPVRoacQA1fEmTMDIj+KgBA==
-----END CERTIFICATE-----