This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/216802-e8f9-4cbc-9d65-b9252cf2cc47/1/QS3mViuWefpzRVuut9BCujNEHBk.roa
File:                     QS3mViuWefpzRVuut9BCujNEHBk.roa (raw, json)
Hash identifier:          pncFDsfj5PoDws+gFKzvHR1BHzgW/TNAwcyb1+Rx/Pc=
Subject key identifier:   41:2D:E6:56:2B:96:79:FA:73:45:5B:AE:B7:D0:42:BA:33:44:1C:19
Certificate issuer:       /CN=e46e9ab47ca91fa132565860bcdd9a107ba032e4
Certificate serial:       019B7E37501DEEB4B7104810C460C1406253
Authority key identifier: E4:6E:9A:B4:7C:A9:1F:A1:32:56:58:60:BC:DD:9A:10:7B:A0:32:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5G6atHypH6EyVlhgvN2aEHugMuQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/216802-e8f9-4cbc-9d65-b9252cf2cc47/1/QS3mViuWefpzRVuut9BCujNEHBk.roa
Signing time:             Fri 02 Jan 2026 10:18:32 +0000
ROA not before:           Fri 02 Jan 2026 10:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6730
IP address blocks:        194.145.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/216802-e8f9-4cbc-9d65-b9252cf2cc47/1/5G6atHypH6EyVlhgvN2aEHugMuQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/216802-e8f9-4cbc-9d65-b9252cf2cc47/1/5G6atHypH6EyVlhgvN2aEHugMuQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5G6atHypH6EyVlhgvN2aEHugMuQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:50:1d:ee:b4:b7:10:48:10:c4:60:c1:40:62:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e46e9ab47ca91fa132565860bcdd9a107ba032e4
        Validity
            Not Before: Jan  2 10:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=412de6562b9679fa73455baeb7d042ba33441c19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:82:dd:36:c7:94:c2:c9:f4:85:55:09:e1:ca:
                    dc:b1:7b:62:aa:85:8d:15:5c:8a:b2:32:0b:9f:a6:
                    48:b6:1a:f0:59:d6:04:3d:6b:d3:c0:2a:5a:13:27:
                    ec:0f:57:d5:fc:85:0a:d9:2e:49:16:86:41:c8:c2:
                    c3:14:d1:c1:0e:57:c2:ef:07:66:b7:69:9b:b1:6c:
                    b7:77:66:14:91:d5:e2:24:a7:52:03:73:0e:b1:df:
                    e4:33:dd:b3:f8:6b:65:1e:4a:fd:93:af:f1:ae:b8:
                    7b:d4:ed:08:25:e8:9a:9a:37:c6:85:10:0f:a2:80:
                    44:bf:b4:1a:29:b8:08:54:a0:13:4e:15:9f:45:0d:
                    37:2a:31:46:f8:78:c9:43:33:77:60:f2:60:8a:f1:
                    17:e6:dc:b6:4b:7a:6e:8a:dd:fc:bc:04:08:df:d9:
                    95:d5:5d:71:b3:ae:b7:77:3c:46:df:c3:d1:fb:c2:
                    c8:63:1b:00:6a:4f:26:d1:f2:a6:32:d6:bd:70:1c:
                    a4:ae:b0:21:58:1c:34:9a:61:a4:b3:63:35:a8:bf:
                    1c:80:de:ed:82:02:51:9f:ed:c9:23:ee:94:a0:17:
                    38:79:48:0a:2c:a3:42:55:b5:36:e7:4b:39:30:48:
                    73:3a:1f:11:38:e1:68:cb:c6:16:7e:1e:b5:bc:fa:
                    5c:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:2D:E6:56:2B:96:79:FA:73:45:5B:AE:B7:D0:42:BA:33:44:1C:19
            X509v3 Authority Key Identifier:
                keyid:E4:6E:9A:B4:7C:A9:1F:A1:32:56:58:60:BC:DD:9A:10:7B:A0:32:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5G6atHypH6EyVlhgvN2aEHugMuQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/216802-e8f9-4cbc-9d65-b9252cf2cc47/1/QS3mViuWefpzRVuut9BCujNEHBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/216802-e8f9-4cbc-9d65-b9252cf2cc47/1/5G6atHypH6EyVlhgvN2aEHugMuQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.145.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:3b:b4:b9:27:f8:ff:8e:bb:b4:27:43:00:e7:21:7b:2e:1c:
         75:72:07:65:12:11:4e:e1:be:5a:da:0c:78:bb:a1:b6:e7:e5:
         c0:97:3e:e0:c7:38:ae:5b:0b:21:60:03:9e:cb:d4:4d:b3:ed:
         d9:76:1f:a2:f1:52:18:39:54:77:9b:30:f6:13:a9:62:5b:96:
         38:0a:6d:b5:32:ee:4a:33:48:e8:1e:f1:5e:8d:2e:ca:71:f2:
         e7:7b:ca:b3:10:22:16:62:73:f5:ca:d0:12:58:74:bc:b2:a6:
         89:5d:b2:7d:61:27:fe:ad:c5:c9:72:01:d1:16:94:da:53:90:
         85:5f:43:99:24:4b:63:34:ab:30:c9:6f:8b:b9:e5:93:e7:43:
         f4:8b:ba:a8:5d:b3:5c:bc:4c:95:84:98:6c:6e:d8:6b:f9:ff:
         11:e2:a3:93:74:6c:a6:fe:3d:ed:a1:a5:a8:9a:59:1f:ae:07:
         1b:5a:41:38:22:9f:96:59:f7:cf:9e:11:ac:6d:e2:59:fa:95:
         e3:71:06:89:72:07:ad:15:df:db:85:dc:39:21:a4:a0:11:ce:
         7a:9f:58:db:7b:a2:75:6e:56:8d:fa:96:9c:13:8a:2a:4f:78:
         05:ea:1a:84:19:a8:d9:1d:c4:66:2e:d2:55:3e:0c:f1:36:29:
         5b:fb:df:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N1Ad7rS3EEgQxGDBQGJTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0NmU5YWI0N2NhOTFmYTEzMjU2NTg2MGJjZGQ5YTEwN2Jh
MDMyZTQwHhcNMjYwMTAyMTAxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTJkZTY1NjJiOTY3OWZhNzM0NTViYWViN2QwNDJiYTMzNDQxYzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAroLdNseUwsn0hVUJ4crcsXtiqoWN
FVyKsjILn6ZIthrwWdYEPWvTwCpaEyfsD1fV/IUK2S5JFoZByMLDFNHBDlfC7wdm
t2mbsWy3d2YUkdXiJKdSA3MOsd/kM92z+GtlHkr9k6/xrrh71O0IJeiamjfGhRAP
ooBEv7QaKbgIVKATThWfRQ03KjFG+HjJQzN3YPJgivEX5ty2S3puit38vAQI39mV
1V1xs663dzxG38PR+8LIYxsAak8m0fKmMta9cBykrrAhWBw0mmGks2M1qL8cgN7t
ggJRn+3JI+6UoBc4eUgKLKNCVbU250s5MEhzOh8ROOFoy8YWfh61vPpcPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEEt5lYrlnn6c0VbrrfQQrozRBwZMB8GA1UdIwQY
MBaAFORumrR8qR+hMlZYYLzdmhB7oDLkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUc2YXRIeXBINkV5VmxoZ3ZOMmFFSHVnTXVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8yMTY4MDItZThmOS00Y2JjLTlkNjUt
YjkyNTJjZjJjYzQ3LzEvUVMzbVZpdVdlZnB6UlZ1dXQ5QkN1ak5FSEJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8yMTY4MDItZThmOS00Y2JjLTlkNjUtYjkyNTJjZjJjYzQ3
LzEvNUc2YXRIeXBINkV5VmxoZ3ZOMmFFSHVnTXVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpGdMA0G
CSqGSIb3DQEBCwUAA4IBAQCYO7S5J/j/jru0J0MA5yF7Lhx1cgdlEhFO4b5a2gx4
u6G25+XAlz7gxziuWwshYAOey9RNs+3Zdh+i8VIYOVR3mzD2E6liW5Y4Cm21Mu5K
M0joHvFejS7KcfLne8qzECIWYnP1ytASWHS8sqaJXbJ9YSf+rcXJcgHRFpTaU5CF
X0OZJEtjNKswyW+LueWT50P0i7qoXbNcvEyVhJhsbthr+f8R4qOTdGym/j3toaWo
mlkfrgcbWkE4Ip+WWffPnhGsbeJZ+pXjcQaJcgetFd/bhdw5IaSgEc56n1jbe6J1
blaN+pacE4oqT3gF6hqEGajZHcRmLtJVPgzxNilb+9/B
-----END CERTIFICATE-----