This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/qnaI3dSUo6JkKXowYAsIMeMpnOc.roa
File:                     qnaI3dSUo6JkKXowYAsIMeMpnOc.roa (raw, json)
Hash identifier:          dUT0p+f2BUwnddx9s697e9AmQEvx5OAEb+TGVaVGOZI=
Subject key identifier:   AA:76:88:DD:D4:94:A3:A2:64:29:7A:30:60:0B:08:31:E3:29:9C:E7
Certificate issuer:       /CN=926587a7c42c261fa254b0b82e7bc0719cc64812
Certificate serial:       019B7CED0B8BF5AF9CA319C2E7A508F443DC
Authority key identifier: 92:65:87:A7:C4:2C:26:1F:A2:54:B0:B8:2E:7B:C0:71:9C:C6:48:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kmWHp8QsJh-iVLC4LnvAcZzGSBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/qnaI3dSUo6JkKXowYAsIMeMpnOc.roa
Signing time:             Fri 02 Jan 2026 04:17:48 +0000
ROA not before:           Fri 02 Jan 2026 04:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20724
IP address blocks:        91.239.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/kmWHp8QsJh-iVLC4LnvAcZzGSBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/kmWHp8QsJh-iVLC4LnvAcZzGSBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kmWHp8QsJh-iVLC4LnvAcZzGSBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:0b:8b:f5:af:9c:a3:19:c2:e7:a5:08:f4:43:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=926587a7c42c261fa254b0b82e7bc0719cc64812
        Validity
            Not Before: Jan  2 04:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aa7688ddd494a3a264297a30600b0831e3299ce7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:79:67:b2:8c:ae:da:62:8b:ec:93:8e:7a:7d:
                    23:07:27:b1:77:83:41:f4:f1:1a:d7:8a:d8:76:25:
                    92:b8:f3:53:aa:69:1a:1b:5c:ff:36:55:4a:25:b1:
                    9e:27:df:79:80:3d:e6:41:00:38:90:61:cd:aa:c5:
                    3d:db:b1:2d:52:30:19:6f:5d:9c:bc:9a:f7:77:56:
                    b1:4b:ed:55:7b:32:60:53:d1:aa:4d:35:c7:d2:f9:
                    5a:58:f0:85:6a:76:4f:19:6f:3c:8d:99:50:d5:d2:
                    ed:22:49:3d:b2:38:20:6d:f5:fe:c4:2b:3a:42:5c:
                    5f:97:d5:72:8a:cc:a1:e6:4d:b8:bc:12:f2:72:f0:
                    0e:17:6a:e3:b3:dd:52:dc:11:ae:63:35:4e:d1:29:
                    81:d7:82:b4:0d:c9:68:d6:d8:f8:53:af:01:b0:f7:
                    ea:79:30:2d:ee:01:b2:2f:3c:5b:43:7d:60:e3:f2:
                    cf:33:d6:36:03:60:f4:84:84:5a:16:0f:58:0e:ff:
                    02:cf:2e:72:82:61:93:2f:d0:8a:f4:14:ee:b9:a0:
                    93:6e:49:f2:39:f1:6c:bf:04:83:72:ac:82:5a:f5:
                    41:00:a9:b4:cf:b0:da:69:a0:18:a5:65:e8:06:27:
                    50:a0:a8:ec:1b:24:98:4d:c7:9f:48:18:23:cf:9e:
                    c4:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:76:88:DD:D4:94:A3:A2:64:29:7A:30:60:0B:08:31:E3:29:9C:E7
            X509v3 Authority Key Identifier:
                keyid:92:65:87:A7:C4:2C:26:1F:A2:54:B0:B8:2E:7B:C0:71:9C:C6:48:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kmWHp8QsJh-iVLC4LnvAcZzGSBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/qnaI3dSUo6JkKXowYAsIMeMpnOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/kmWHp8QsJh-iVLC4LnvAcZzGSBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:b2:a1:35:98:27:42:d4:e0:14:f4:3a:e2:be:a2:58:09:a8:
         96:00:70:af:5d:20:c9:89:2e:55:14:66:5a:c0:99:82:69:4c:
         29:b2:cc:31:84:08:80:9a:d4:b5:49:4a:7c:d6:1f:51:a3:8c:
         63:40:a7:88:07:72:9e:11:fb:d7:d4:87:92:3d:03:02:4f:6c:
         76:29:fd:c2:7c:67:02:80:53:fa:22:24:a7:d1:b5:b2:cd:04:
         37:a3:20:d6:11:b8:4c:71:1f:f1:cc:11:6d:c3:b5:f2:ad:bb:
         20:e7:84:02:c5:69:b2:f7:4c:20:de:85:cb:70:12:a5:7c:12:
         15:d7:01:0a:b7:e5:ce:5c:72:f2:aa:4f:7b:51:8e:a4:76:6c:
         5a:77:4f:85:6f:dd:0d:c6:b1:e5:b1:34:66:ed:a2:35:fe:d4:
         05:d2:23:e7:6c:2a:b3:a9:89:71:7f:f9:e1:46:ba:4a:e6:53:
         62:56:a6:05:1e:f5:a7:a1:d3:b4:74:57:60:76:3b:c6:63:c6:
         2c:8e:b5:ca:a7:b4:c3:bf:de:bb:c6:4d:db:51:26:a9:11:97:
         cc:9e:64:b5:5c:b8:25:19:67:f6:2d:7f:3d:20:d6:9c:b0:d1:
         92:12:9c:89:ff:c3:c1:44:27:45:2f:33:1c:bc:ac:4f:2f:10:
         33:39:a6:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87QuL9a+coxnC56UI9EPcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNjU4N2E3YzQyYzI2MWZhMjU0YjBiODJlN2JjMDcxOWNj
NjQ4MTIwHhcNMjYwMTAyMDQxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTc2ODhkZGQ0OTRhM2EyNjQyOTdhMzA2MDBiMDgzMWUzMjk5Y2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA53lnsoyu2mKL7JOOen0jByexd4NB
9PEa14rYdiWSuPNTqmkaG1z/NlVKJbGeJ995gD3mQQA4kGHNqsU927EtUjAZb12c
vJr3d1axS+1VezJgU9GqTTXH0vlaWPCFanZPGW88jZlQ1dLtIkk9sjggbfX+xCs6
Qlxfl9Vyisyh5k24vBLycvAOF2rjs91S3BGuYzVO0SmB14K0Dclo1tj4U68BsPfq
eTAt7gGyLzxbQ31g4/LPM9Y2A2D0hIRaFg9YDv8Czy5ygmGTL9CK9BTuuaCTbkny
OfFsvwSDcqyCWvVBAKm0z7DaaaAYpWXoBidQoKjsGySYTcefSBgjz57EEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKp2iN3UlKOiZCl6MGALCDHjKZznMB8GA1UdIwQY
MBaAFJJlh6fELCYfolSwuC57wHGcxkgSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva21XSHA4UXNKaC1pVkxDNExudkFjWnpHU0JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9iZDIwMDUtZmI3Yi00MDUyLWIzZjIt
ODhmYTNiNmViMDA2LzEvcW5hSTNkU1VvNkprS1hvd1lBc0lNZU1wbk9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9iZDIwMDUtZmI3Yi00MDUyLWIzZjItODhmYTNiNmViMDA2
LzEva21XSHA4UXNKaC1pVkxDNExudkFjWnpHU0JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+/YMA0G
CSqGSIb3DQEBCwUAA4IBAQCLsqE1mCdC1OAU9DrivqJYCaiWAHCvXSDJiS5VFGZa
wJmCaUwpsswxhAiAmtS1SUp81h9Ro4xjQKeIB3KeEfvX1IeSPQMCT2x2Kf3CfGcC
gFP6IiSn0bWyzQQ3oyDWEbhMcR/xzBFtw7Xyrbsg54QCxWmy90wg3oXLcBKlfBIV
1wEKt+XOXHLyqk97UY6kdmxad0+Fb90NxrHlsTRm7aI1/tQF0iPnbCqzqYlxf/nh
RrpK5lNiVqYFHvWnodO0dFdgdjvGY8YsjrXKp7TDv967xk3bUSapEZfMnmS1XLgl
GWf2LX89INacsNGSEpyJ/8PBRCdFLzMcvKxPLxAzOaaN
-----END CERTIFICATE-----