This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/db4e88-e58d-4345-80c7-093eb9a9aa8b/1/1-hqgVSQBF_UvAinXCtYpxtppbVY.roa
File:                     1-hqgVSQBF_UvAinXCtYpxtppbVY.roa (raw, json)
Hash identifier:          MeKegUTuGCWzFw8KT6nzeyZf5iVq1ADUyVCv+0PDLZ0=
Subject key identifier:   FA:1A:A0:55:24:01:17:F5:2F:02:29:D7:0A:D6:29:C6:DA:69:6D:56
Certificate issuer:       /CN=ba838f1ca8bdcd81c04b6b678e79be614e51b111
Certificate serial:       019B7C80BF8FA0E563DB4BD70A7F76C49313
Authority key identifier: BA:83:8F:1C:A8:BD:CD:81:C0:4B:6B:67:8E:79:BE:61:4E:51:B1:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uoOPHKi9zYHAS2tnjnm-YU5RsRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/db4e88-e58d-4345-80c7-093eb9a9aa8b/1/1-hqgVSQBF_UvAinXCtYpxtppbVY.roa
Signing time:             Fri 02 Jan 2026 02:19:31 +0000
ROA not before:           Fri 02 Jan 2026 02:19:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3303
IP address blocks:        91.230.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/db4e88-e58d-4345-80c7-093eb9a9aa8b/1/uoOPHKi9zYHAS2tnjnm-YU5RsRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/db4e88-e58d-4345-80c7-093eb9a9aa8b/1/uoOPHKi9zYHAS2tnjnm-YU5RsRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uoOPHKi9zYHAS2tnjnm-YU5RsRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:bf:8f:a0:e5:63:db:4b:d7:0a:7f:76:c4:93:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba838f1ca8bdcd81c04b6b678e79be614e51b111
        Validity
            Not Before: Jan  2 02:19:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fa1aa055240117f52f0229d70ad629c6da696d56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:14:d5:0d:49:25:14:08:b1:9f:36:ff:dd:69:
                    ea:c3:ab:23:db:d5:0a:f6:55:8b:9d:d7:c3:16:b0:
                    27:a4:ef:8f:e0:a7:37:1c:20:88:27:8e:cf:ba:dc:
                    fd:ed:32:e5:82:22:08:ee:38:53:9f:ca:f3:50:0c:
                    fd:0c:f5:54:dd:b0:c8:e8:bf:79:83:51:da:6b:52:
                    d7:cc:f2:22:68:61:38:3d:32:21:13:f8:3e:49:ea:
                    91:06:49:d0:1b:75:2c:d8:3c:69:93:ff:a9:48:bf:
                    83:7c:ad:8a:29:56:6c:87:38:98:d0:a5:2d:e2:0e:
                    45:a8:cd:6c:8d:e4:ab:d8:2e:69:7b:a3:9f:8a:d1:
                    af:db:d7:ea:f6:6f:66:51:f4:c5:ed:c7:6a:15:0b:
                    83:17:3d:76:86:5e:a9:91:74:d7:97:23:c8:8b:6b:
                    84:7a:58:d6:f9:12:dd:d6:41:2b:d9:ba:bf:f9:3b:
                    42:67:f1:7f:e7:09:a5:bf:95:ab:b6:8f:1a:e2:7a:
                    a9:80:08:71:27:2c:47:4b:95:61:4a:0f:5b:40:d7:
                    5d:5e:ce:68:25:20:59:0d:c4:b1:c0:df:70:5e:97:
                    b5:d5:57:06:a1:9a:a6:33:7a:2f:5f:2e:62:dd:9f:
                    ee:24:22:43:9d:6d:e1:2b:57:f6:c1:62:35:ee:fe:
                    dd:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:1A:A0:55:24:01:17:F5:2F:02:29:D7:0A:D6:29:C6:DA:69:6D:56
            X509v3 Authority Key Identifier:
                keyid:BA:83:8F:1C:A8:BD:CD:81:C0:4B:6B:67:8E:79:BE:61:4E:51:B1:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uoOPHKi9zYHAS2tnjnm-YU5RsRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/db4e88-e58d-4345-80c7-093eb9a9aa8b/1/1-hqgVSQBF_UvAinXCtYpxtppbVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/db4e88-e58d-4345-80c7-093eb9a9aa8b/1/uoOPHKi9zYHAS2tnjnm-YU5RsRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:81:a3:c4:54:77:d8:fa:41:90:43:7e:bd:9d:78:ac:7f:ba:
         f8:fc:cd:c8:85:1e:fe:8d:70:1c:fd:c1:c0:83:d6:36:74:33:
         40:f9:56:96:ea:25:86:e5:75:6c:0f:ae:e7:91:08:e3:dc:cb:
         5c:54:f8:a0:a0:5b:c6:19:0c:e3:0a:80:1e:70:1b:f0:96:81:
         f5:c0:16:dc:52:37:ad:50:37:7e:0a:45:d6:45:97:f4:cf:09:
         60:d4:10:13:5e:5c:2d:ef:94:35:36:d3:67:92:d5:f8:ca:59:
         69:67:fc:5e:2b:b5:2f:82:a0:a8:b1:ae:d4:17:ce:b7:66:e6:
         17:57:42:c5:ab:17:49:46:20:aa:7e:7a:2d:3d:c6:81:80:98:
         b9:74:4d:20:60:b7:b7:36:52:24:0c:73:30:b1:80:41:cd:4c:
         d6:33:07:d8:95:18:dd:77:d2:4b:46:5a:30:49:02:a1:66:a1:
         66:d1:34:e3:ec:a1:cf:e3:8d:11:07:36:07:60:a0:ed:f2:5e:
         89:10:6e:af:3c:13:39:64:ca:b7:49:ee:d0:a6:94:80:57:00:
         c3:5e:09:8f:34:a6:ff:6d:05:11:82:28:38:19:e6:70:0b:2b:
         f9:21:db:9c:ea:9b:7d:a3:75:c1:17:7a:27:11:00:f7:35:de:
         b7:6e:df:80
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt8gL+PoOVj20vXCn92xJMTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhODM4ZjFjYThiZGNkODFjMDRiNmI2NzhlNzliZTYxNGU1
MWIxMTEwHhcNMjYwMTAyMDIxOTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTFhYTA1NTI0MDExN2Y1MmYwMjI5ZDcwYWQ2MjljNmRhNjk2ZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRTVDUklFAixnzb/3Wnqw6sj29UK
9lWLndfDFrAnpO+P4Kc3HCCIJ47Putz97TLlgiII7jhTn8rzUAz9DPVU3bDI6L95
g1Haa1LXzPIiaGE4PTIhE/g+SeqRBknQG3Us2Dxpk/+pSL+DfK2KKVZshziY0KUt
4g5FqM1sjeSr2C5pe6OfitGv29fq9m9mUfTF7cdqFQuDFz12hl6pkXTXlyPIi2uE
eljW+RLd1kEr2bq/+TtCZ/F/5wmlv5Wrto8a4nqpgAhxJyxHS5VhSg9bQNddXs5o
JSBZDcSxwN9wXpe11VcGoZqmM3ovXy5i3Z/uJCJDnW3hK1f2wWI17v7doQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPoaoFUkARf1LwIp1wrWKcbaaW1WMB8GA1UdIwQY
MBaAFLqDjxyovc2BwEtrZ455vmFOUbERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW9PUEhLaTl6WUhBUzJ0bmpubS1ZVTVSc1JFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9kYjRlODgtZTU4ZC00MzQ1LTgwYzct
MDkzZWI5YTlhYThiLzEvMS1ocWdWU1FCRl9VdkFpblhDdFlweHRwcGJWWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzgvZGI0ZTg4LWU1OGQtNDM0NS04MGM3LTA5M2ViOWE5YWE4
Yi8xL3VvT1BIS2k5ellIQVMydG5qbm0tWVU1UnNSRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvm+TAN
BgkqhkiG9w0BAQsFAAOCAQEANIGjxFR32PpBkEN+vZ14rH+6+PzNyIUe/o1wHP3B
wIPWNnQzQPlWluolhuV1bA+u55EI49zLXFT4oKBbxhkM4wqAHnAb8JaB9cAW3FI3
rVA3fgpF1kWX9M8JYNQQE15cLe+UNTbTZ5LV+MpZaWf8Xiu1L4KgqLGu1BfOt2bm
F1dCxasXSUYgqn56LT3GgYCYuXRNIGC3tzZSJAxzMLGAQc1M1jMH2JUY3XfSS0Za
MEkCoWahZtE04+yhz+ONEQc2B2Cg7fJeiRBurzwTOWTKt0nu0KaUgFcAw14JjzSm
/20FEYIoOBnmcAsr+SHbnOqbfaN1wRd6JxEA9zXet27fgA==
-----END CERTIFICATE-----