This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/ef76a6-c4e1-427f-973b-2c1c29014548/1/WQ_j-qqDR5HktP06sg7xONRh0BE.roa
File:                     WQ_j-qqDR5HktP06sg7xONRh0BE.roa (raw, json)
Hash identifier:          IEt/v53hTQ/BgADum+kvHIi5QkAMcCA3KyS/Nvrh4FM=
Subject key identifier:   59:0F:E3:FA:AA:83:47:91:E4:B4:FD:3A:B2:0E:F1:38:D4:61:D0:11
Certificate issuer:       /CN=3de9be3c47afb9e0a5fc303bf2d84a73f2082fac
Certificate serial:       019B76EB40B8DE5908F186F71FE667220448
Authority key identifier: 3D:E9:BE:3C:47:AF:B9:E0:A5:FC:30:3B:F2:D8:4A:73:F2:08:2F:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pem-PEevueCl_DA78thKc_IIL6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/ef76a6-c4e1-427f-973b-2c1c29014548/1/WQ_j-qqDR5HktP06sg7xONRh0BE.roa
Signing time:             Thu 01 Jan 2026 00:18:07 +0000
ROA not before:           Thu 01 Jan 2026 00:18:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21013
IP address blocks:        91.220.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/ef76a6-c4e1-427f-973b-2c1c29014548/1/Pem-PEevueCl_DA78thKc_IIL6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/ef76a6-c4e1-427f-973b-2c1c29014548/1/Pem-PEevueCl_DA78thKc_IIL6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pem-PEevueCl_DA78thKc_IIL6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:40:b8:de:59:08:f1:86:f7:1f:e6:67:22:04:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3de9be3c47afb9e0a5fc303bf2d84a73f2082fac
        Validity
            Not Before: Jan  1 00:18:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=590fe3faaa834791e4b4fd3ab20ef138d461d011
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:04:e3:7f:34:c0:eb:8b:4a:ec:dc:08:f5:1a:
                    1e:9f:8c:14:8e:78:e5:bd:73:ad:dd:59:b0:ed:fd:
                    c4:e4:f6:83:70:98:d3:80:50:8c:5c:33:dd:63:7b:
                    6a:9f:e4:3d:f0:b3:76:ff:c1:4e:88:33:fc:a4:bc:
                    7c:b1:88:f4:84:26:51:e0:2e:dc:4b:41:1f:2f:d8:
                    c3:2c:ef:6c:21:1b:77:ca:66:7f:fc:ae:57:6b:a8:
                    cd:4b:3c:b4:b9:b1:a5:b1:6e:6a:68:b3:c1:c5:98:
                    88:53:9d:17:e9:bf:51:f7:61:b9:53:ce:83:cb:71:
                    1f:d0:90:6b:10:fc:41:77:c3:d2:5f:03:71:87:35:
                    02:9b:62:ad:9b:cc:fc:9f:00:2e:f0:f6:cf:19:79:
                    84:64:29:2f:b8:81:45:1d:83:21:cb:44:f2:65:1d:
                    dd:d2:a7:5d:fd:ce:2b:25:13:80:06:ec:d9:36:cc:
                    54:c6:ba:d4:7b:f2:42:a8:5e:f7:54:99:a9:c6:03:
                    b4:61:15:ee:46:b3:2d:28:db:d5:67:47:92:ac:65:
                    0c:42:23:d4:dc:90:e3:65:dc:34:78:ff:7c:c0:30:
                    0c:88:94:c8:8d:e6:19:13:60:56:7a:51:bc:e4:ba:
                    72:8e:b5:2f:0b:d6:79:8b:93:e6:e4:db:af:fd:2a:
                    d4:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:0F:E3:FA:AA:83:47:91:E4:B4:FD:3A:B2:0E:F1:38:D4:61:D0:11
            X509v3 Authority Key Identifier:
                keyid:3D:E9:BE:3C:47:AF:B9:E0:A5:FC:30:3B:F2:D8:4A:73:F2:08:2F:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pem-PEevueCl_DA78thKc_IIL6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/ef76a6-c4e1-427f-973b-2c1c29014548/1/WQ_j-qqDR5HktP06sg7xONRh0BE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/ef76a6-c4e1-427f-973b-2c1c29014548/1/Pem-PEevueCl_DA78thKc_IIL6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:d0:72:c8:f9:60:7a:18:8d:f7:f3:6c:d4:3d:83:29:49:98:
         c7:dd:a7:3d:f8:3c:60:a5:ad:28:78:3c:c0:24:9f:ca:48:99:
         05:c2:32:15:69:b1:93:41:a9:5d:84:26:8f:83:dd:9b:7b:bf:
         6c:c7:ef:ab:12:1c:70:ac:81:0c:5f:cd:7d:74:0c:a8:ed:a9:
         7a:23:21:f3:87:9c:ee:c1:63:ca:59:e3:bf:a8:41:c7:89:a0:
         01:72:7f:5e:ab:8f:60:14:56:e2:f4:97:cc:92:37:c3:66:ff:
         8e:e6:25:c3:49:cf:59:69:89:f1:44:d5:04:f9:5e:db:4b:fa:
         5d:6e:bc:99:7d:b6:b5:19:ef:f6:0c:e9:46:c2:99:37:e5:17:
         a3:5c:66:25:b6:b7:33:80:dd:1b:1b:c3:3d:6e:ca:34:46:df:
         cf:eb:19:61:9c:c3:0a:87:fd:fe:7b:8b:c8:5e:69:01:78:59:
         a8:80:a4:b7:af:6f:15:80:85:2d:2b:84:64:2b:fe:6f:2a:5a:
         91:a1:0a:81:42:5a:b6:5c:5a:c4:3a:08:cd:83:42:91:db:ff:
         5e:6a:93:83:ca:18:53:59:03:90:b2:d9:3f:94:41:3c:08:a7:
         59:73:80:8a:7b:fa:0d:b6:63:dd:e9:7e:e2:de:a8:2c:ea:cc:
         49:6d:26:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt260C43lkI8Yb3H+ZnIgRIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZTliZTNjNDdhZmI5ZTBhNWZjMzAzYmYyZDg0YTczZjIw
ODJmYWMwHhcNMjYwMTAxMDAxODA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTBmZTNmYWFhODM0NzkxZTRiNGZkM2FiMjBlZjEzOGQ0NjFkMDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0QTjfzTA64tK7NwI9Roen4wUjnjl
vXOt3Vmw7f3E5PaDcJjTgFCMXDPdY3tqn+Q98LN2/8FOiDP8pLx8sYj0hCZR4C7c
S0EfL9jDLO9sIRt3ymZ//K5Xa6jNSzy0ubGlsW5qaLPBxZiIU50X6b9R92G5U86D
y3Ef0JBrEPxBd8PSXwNxhzUCm2Ktm8z8nwAu8PbPGXmEZCkvuIFFHYMhy0TyZR3d
0qdd/c4rJROABuzZNsxUxrrUe/JCqF73VJmpxgO0YRXuRrMtKNvVZ0eSrGUMQiPU
3JDjZdw0eP98wDAMiJTIjeYZE2BWelG85LpyjrUvC9Z5i5Pm5Nuv/SrUBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFkP4/qqg0eR5LT9OrIO8TjUYdARMB8GA1UdIwQY
MBaAFD3pvjxHr7ngpfwwO/LYSnPyCC+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGVtLVBFZXZ1ZUNsX0RBNzh0aEtjX0lJTDZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9lZjc2YTYtYzRlMS00MjdmLTk3M2It
MmMxYzI5MDE0NTQ4LzEvV1Ffai1xcURSNUhrdFAwNnNnN3hPTlJoMEJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9lZjc2YTYtYzRlMS00MjdmLTk3M2ItMmMxYzI5MDE0NTQ4
LzEvUGVtLVBFZXZ1ZUNsX0RBNzh0aEtjX0lJTDZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9yzMA0G
CSqGSIb3DQEBCwUAA4IBAQAe0HLI+WB6GI3382zUPYMpSZjH3ac9+Dxgpa0oeDzA
JJ/KSJkFwjIVabGTQaldhCaPg92be79sx++rEhxwrIEMX819dAyo7al6IyHzh5zu
wWPKWeO/qEHHiaABcn9eq49gFFbi9JfMkjfDZv+O5iXDSc9ZaYnxRNUE+V7bS/pd
bryZfba1Ge/2DOlGwpk35RejXGYltrczgN0bG8M9bso0Rt/P6xlhnMMKh/3+e4vI
XmkBeFmogKS3r28VgIUtK4RkK/5vKlqRoQqBQlq2XFrEOgjNg0KR2/9eapODyhhT
WQOQstk/lEE8CKdZc4CKe/oNtmPd6X7i3qgs6sxJbSai
-----END CERTIFICATE-----