This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/QMhXPeEiGbtOYJL0N3f4IXIT6ng.roa
File:                     QMhXPeEiGbtOYJL0N3f4IXIT6ng.roa (raw, json)
Hash identifier:          0HWPj54I4hc1a9Dl1XhfG4dlUuFqco3Us2UXObXNoFY=
Subject key identifier:   40:C8:57:3D:E1:22:19:BB:4E:60:92:F4:37:77:F8:21:72:13:EA:78
Certificate issuer:       /CN=4c7844abef711c232c84f83c807a420af3804728
Certificate serial:       019B76EB81DFD764F562FE4F805CD738C416
Authority key identifier: 4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/QMhXPeEiGbtOYJL0N3f4IXIT6ng.roa
Signing time:             Thu 01 Jan 2026 00:18:24 +0000
ROA not before:           Thu 01 Jan 2026 00:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203610
IP address blocks:        185.129.64.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:81:df:d7:64:f5:62:fe:4f:80:5c:d7:38:c4:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c7844abef711c232c84f83c807a420af3804728
        Validity
            Not Before: Jan  1 00:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=40c8573de12219bb4e6092f43777f8217213ea78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f3:19:d6:e3:10:8b:a1:68:ce:49:df:71:7f:
                    31:fb:5a:cc:28:f2:88:6b:51:b9:9b:0d:07:1f:53:
                    98:a6:9b:98:2c:a7:e7:b9:69:3c:dc:42:9c:b5:5e:
                    14:8b:5e:8d:aa:a4:68:95:3a:0c:f7:2a:7f:11:61:
                    73:ef:ec:e9:96:9a:84:a3:92:f8:b3:64:71:6b:8f:
                    c5:e7:21:64:a6:bd:7b:c2:f6:a7:e6:55:bc:8c:59:
                    4e:b7:12:37:1e:e2:5a:9b:8b:52:f0:26:90:19:b0:
                    e2:a2:be:d8:e5:40:f0:4b:e5:30:23:0f:10:89:47:
                    f9:e6:ad:a4:e6:47:96:c1:28:3a:85:4f:c1:4c:2e:
                    be:1d:6f:e2:a4:8c:88:44:1e:16:bb:84:c0:dd:b2:
                    1e:0e:ec:e3:de:41:b5:be:ca:33:b1:6d:be:8d:72:
                    2a:26:a7:a4:11:07:b4:e1:e4:ee:ca:0f:cb:f4:1d:
                    7a:ea:cb:74:ce:ae:11:18:09:73:a4:5e:0e:5a:a5:
                    dc:71:3e:d8:fc:43:c7:66:49:e2:f6:6e:97:c1:dc:
                    16:e3:a1:7f:56:e0:d6:b4:22:9a:c4:0a:0e:bf:56:
                    ac:97:1c:c1:d5:63:bf:bb:19:13:46:62:ce:c7:30:
                    a6:a9:2d:4c:18:07:f8:d6:b1:b8:80:45:18:ff:55:
                    b5:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:C8:57:3D:E1:22:19:BB:4E:60:92:F4:37:77:F8:21:72:13:EA:78
            X509v3 Authority Key Identifier:
                keyid:4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/QMhXPeEiGbtOYJL0N3f4IXIT6ng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:3f:1c:94:52:c9:be:4c:cf:90:1e:a9:12:43:b3:49:0b:de:
         5a:55:f9:4f:a8:89:fa:65:ae:43:c7:b4:54:4d:fc:b2:f0:9a:
         1d:8a:c4:04:97:d3:85:46:8b:2b:ae:f8:c1:a3:8e:f0:3f:9b:
         f4:7b:91:95:26:cd:38:3a:13:39:4f:f0:92:25:c9:6e:74:95:
         2a:52:44:f5:ff:be:b2:8f:4d:12:c7:c8:7f:11:69:47:80:99:
         c0:1d:ca:1e:23:96:a7:35:2c:57:1d:8f:c4:81:dc:39:bc:01:
         fd:35:66:fa:c6:4a:4b:d4:32:17:f3:fe:88:ae:bb:83:8f:7b:
         74:58:e6:66:98:1a:ba:5b:17:1b:f1:51:a7:c4:d7:dd:f1:4b:
         4a:b2:ae:6b:9c:83:25:1e:04:f0:5d:c2:e0:87:8c:06:a2:23:
         5c:90:43:af:db:e7:88:45:3d:d3:17:c6:65:a4:83:9e:ce:48:
         cd:07:62:07:96:fd:04:fb:d4:7a:e8:22:c8:cf:72:93:16:d2:
         34:06:c8:65:4b:ac:36:c7:d6:a8:2d:08:1d:fc:c8:91:95:86:
         29:25:81:f3:20:c1:e6:68:21:be:ff:e6:bc:1b:e6:d6:41:96:
         81:a4:75:5c:49:1c:bf:ae:83:7b:4e:f0:7d:bf:1b:2a:0b:f6:
         9a:36:00:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt264Hf12T1Yv5PgFzXOMQWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNzg0NGFiZWY3MTFjMjMyYzg0ZjgzYzgwN2E0MjBhZjM4
MDQ3MjgwHhcNMjYwMTAxMDAxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGM4NTczZGUxMjIxOWJiNGU2MDkyZjQzNzc3ZjgyMTcyMTNlYTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPMZ1uMQi6FozknfcX8x+1rMKPKI
a1G5mw0HH1OYppuYLKfnuWk83EKctV4Ui16NqqRolToM9yp/EWFz7+zplpqEo5L4
s2Rxa4/F5yFkpr17wvan5lW8jFlOtxI3HuJam4tS8CaQGbDior7Y5UDwS+UwIw8Q
iUf55q2k5keWwSg6hU/BTC6+HW/ipIyIRB4Wu4TA3bIeDuzj3kG1vsozsW2+jXIq
JqekEQe04eTuyg/L9B166st0zq4RGAlzpF4OWqXccT7Y/EPHZkni9m6XwdwW46F/
VuDWtCKaxAoOv1aslxzB1WO/uxkTRmLOxzCmqS1MGAf41rG4gEUY/1W1sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEDIVz3hIhm7TmCS9Dd3+CFyE+p4MB8GA1UdIwQY
MBaAFEx4RKvvcRwjLIT4PIB6QgrzgEcoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgt
ZGFiNmI4M2NmN2VjLzEvUU1oWFBlRWlHYnRPWUpMME4zZjRJWElUNm5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgtZGFiNmI4M2NmN2Vj
LzEvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYFAMA0G
CSqGSIb3DQEBCwUAA4IBAQAaPxyUUsm+TM+QHqkSQ7NJC95aVflPqIn6Za5Dx7RU
Tfyy8JodisQEl9OFRosrrvjBo47wP5v0e5GVJs04OhM5T/CSJcludJUqUkT1/76y
j00Sx8h/EWlHgJnAHcoeI5anNSxXHY/Egdw5vAH9NWb6xkpL1DIX8/6IrruDj3t0
WOZmmBq6Wxcb8VGnxNfd8UtKsq5rnIMlHgTwXcLgh4wGoiNckEOv2+eIRT3TF8Zl
pIOezkjNB2IHlv0E+9R66CLIz3KTFtI0BshlS6w2x9aoLQgd/MiRlYYpJYHzIMHm
aCG+/+a8G+bWQZaBpHVcSRy/roN7TvB9vxsqC/aaNgCr
-----END CERTIFICATE-----