This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/q5pHLTWdvnY-1jav97XFEJNjLmo.roa
File:                     q5pHLTWdvnY-1jav97XFEJNjLmo.roa (raw, json)
Hash identifier:          iZDvg2qRkAEczSZvA4krAnmxw1QT6DR2jzJl8NbGIpQ=
Subject key identifier:   AB:9A:47:2D:35:9D:BE:76:3E:D6:36:AF:F7:B5:C5:10:93:63:2E:6A
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       019B797EBEB0EEDDD9380C6941BE36E8D30B
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/q5pHLTWdvnY-1jav97XFEJNjLmo.roa
Signing time:             Thu 01 Jan 2026 12:18:28 +0000
ROA not before:           Thu 01 Jan 2026 12:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47453
IP address blocks:        85.118.94.0/24 maxlen: 24
                          85.118.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:be:b0:ee:dd:d9:38:0c:69:41:be:36:e8:d3:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 12:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab9a472d359dbe763ed636aff7b5c51093632e6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:c0:40:ff:f5:2e:98:2d:f7:a7:ed:e9:39:3c:
                    fa:68:07:8c:5b:2b:7e:ac:d6:9b:92:33:c8:d8:ed:
                    d3:1b:27:ef:1f:50:39:36:03:4b:02:25:0e:69:17:
                    a2:be:35:ee:5a:1f:8e:e2:50:e9:0c:b5:0f:07:52:
                    0f:26:0e:a9:f2:62:af:16:99:9e:ed:b0:e2:96:c6:
                    af:d2:4e:9e:6e:b5:91:f9:23:33:ce:c6:14:8c:c9:
                    2b:39:c4:7f:03:e8:94:ef:14:e1:b5:22:ba:a6:81:
                    55:e5:09:b4:75:15:80:f8:2f:5c:1e:aa:12:cf:04:
                    8f:df:24:d6:69:18:eb:23:1c:66:53:be:88:fc:08:
                    d8:a5:62:d6:c7:5b:22:2d:b2:81:01:8e:ac:79:e2:
                    04:41:d0:c8:5f:bb:4f:a7:70:c5:7d:44:7d:e1:15:
                    4e:ff:95:8a:a4:49:ce:74:d3:f5:c9:0a:42:dd:a3:
                    a7:bb:5a:d8:87:7a:d7:cf:6a:03:ff:af:ba:a5:4a:
                    8d:14:3e:2c:13:b9:82:58:44:d1:9f:43:60:5e:3a:
                    de:89:3b:7a:b2:e7:8f:99:8e:0a:0f:e0:04:8f:bd:
                    67:2b:eb:25:2a:81:30:d2:b5:01:c6:04:b9:5b:65:
                    88:14:3c:94:2d:89:c4:1a:16:0b:bf:f6:a0:8c:04:
                    71:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:9A:47:2D:35:9D:BE:76:3E:D6:36:AF:F7:B5:C5:10:93:63:2E:6A
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/q5pHLTWdvnY-1jav97XFEJNjLmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.118.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:e0:6c:99:dd:f2:0d:c8:b0:cf:5f:5a:17:24:01:a4:b3:36:
         dd:64:ce:17:a3:2e:68:ff:b1:00:3e:96:cf:6d:7e:34:5a:9b:
         e4:07:81:9a:80:6b:df:fa:f3:e3:32:85:3c:ef:5a:13:3f:7b:
         36:d0:da:ff:0e:d5:34:b1:9c:88:62:e6:69:aa:69:46:44:0d:
         8a:81:30:cc:cb:7f:fa:55:d0:19:eb:81:29:09:29:b6:4f:b0:
         ab:fa:85:08:75:a8:a0:9d:bb:2b:3b:af:57:a7:4c:8c:71:f2:
         27:b4:f3:ba:47:9c:54:23:b3:a1:0a:31:3c:35:08:1c:34:6f:
         61:50:f7:da:1d:86:66:a7:a9:c7:aa:a7:40:21:c2:02:7a:ea:
         a5:07:4e:94:37:7b:b0:4c:92:ec:33:5f:8a:45:2c:32:16:a5:
         83:7f:37:bb:3a:51:4c:c9:99:fa:d0:8b:4f:0c:8a:6f:ee:44:
         fb:49:f4:65:e9:54:37:26:77:82:69:32:aa:02:bf:fc:c9:3b:
         69:4a:f9:08:ce:ea:3e:35:2a:00:34:f4:3f:9f:85:39:67:b8:
         25:96:8b:e8:10:7f:1c:26:d9:82:ae:1b:e5:91:84:fe:23:a1:
         a3:87:62:36:aa:0f:b4:ba:93:c5:25:6d:ee:32:b3:28:51:a5:
         1f:63:0b:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fr6w7t3ZOAxpQb426NMLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjYwMTAxMTIxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjlhNDcyZDM1OWRiZTc2M2VkNjM2YWZmN2I1YzUxMDkzNjMyZTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5cBA//UumC33p+3pOTz6aAeMWyt+
rNabkjPI2O3TGyfvH1A5NgNLAiUOaReivjXuWh+O4lDpDLUPB1IPJg6p8mKvFpme
7bDilsav0k6ebrWR+SMzzsYUjMkrOcR/A+iU7xThtSK6poFV5Qm0dRWA+C9cHqoS
zwSP3yTWaRjrIxxmU76I/AjYpWLWx1siLbKBAY6seeIEQdDIX7tPp3DFfUR94RVO
/5WKpEnOdNP1yQpC3aOnu1rYh3rXz2oD/6+6pUqNFD4sE7mCWETRn0NgXjreiTt6
suePmY4KD+AEj71nK+slKoEw0rUBxgS5W2WIFDyULYnEGhYLv/agjARxIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKuaRy01nb52PtY2r/e1xRCTYy5qMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvcTVwSExUV2R2blktMWphdjk3WEZFSk5qTG1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVXZeMA0G
CSqGSIb3DQEBCwUAA4IBAQAR4GyZ3fINyLDPX1oXJAGkszbdZM4Xoy5o/7EAPpbP
bX40WpvkB4GagGvf+vPjMoU871oTP3s20Nr/DtU0sZyIYuZpqmlGRA2KgTDMy3/6
VdAZ64EpCSm2T7Cr+oUIdaignbsrO69Xp0yMcfIntPO6R5xUI7OhCjE8NQgcNG9h
UPfaHYZmp6nHqqdAIcICeuqlB06UN3uwTJLsM1+KRSwyFqWDfze7OlFMyZn60ItP
DIpv7kT7SfRl6VQ3JneCaTKqAr/8yTtpSvkIzuo+NSoANPQ/n4U5Z7gllovoEH8c
JtmCrhvlkYT+I6Gjh2I2qg+0upPFJW3uMrMoUaUfYwso
-----END CERTIFICATE-----